apiVersion: apps/v1 kind: Deployment metadata: name: mastodon-streaming namespace: {{ .namespace }} spec: replicas: 1 selector: matchLabels: component: streaming template: metadata: labels: component: streaming spec: securityContext: runAsNonRoot: true runAsUser: 991 runAsGroup: 991 fsGroup: 991 seccompProfile: type: RuntimeDefault containers: - name: streaming image: ghcr.io/mastodon/mastodon-streaming:v4.5.3 securityContext: allowPrivilegeEscalation: false capabilities: drop: [ALL] readOnlyRootFilesystem: false ports: - name: streaming containerPort: 4000 protocol: TCP env: - name: NODE_ENV value: production - name: PORT value: "4000" - name: STREAMING_CLUSTER_NUM value: "1" - name: DB_HOST value: "{{ .db.host }}" - name: DB_PORT value: "{{ .db.port }}" - name: DB_NAME value: "{{ .db.name }}" - name: DB_USER value: "{{ .db.user }}" - name: DB_PASS valueFrom: secretKeyRef: name: mastodon-secrets key: dbPassword - name: REDIS_HOST value: "{{ .redis.host }}" - name: REDIS_PORT value: "{{ .redis.port }}" - name: REDIS_PASSWORD valueFrom: secretKeyRef: name: mastodon-secrets key: redis.password resources: requests: cpu: 250m memory: 128Mi limits: memory: 512Mi livenessProbe: httpGet: path: /api/v1/streaming/health port: streaming initialDelaySeconds: 30 periodSeconds: 10 timeoutSeconds: 5 readinessProbe: httpGet: path: /api/v1/streaming/health port: streaming initialDelaySeconds: 20 periodSeconds: 5 timeoutSeconds: 3