apiVersion: apps/v1 kind: Deployment metadata: name: mastodon-sidekiq namespace: {{ .namespace }} spec: replicas: {{ .sidekiq.replicas }} selector: matchLabels: component: sidekiq template: metadata: labels: component: sidekiq spec: securityContext: runAsNonRoot: true runAsUser: 991 runAsGroup: 991 fsGroup: 991 seccompProfile: type: RuntimeDefault containers: - name: sidekiq image: {{ .image }} securityContext: allowPrivilegeEscalation: false capabilities: drop: [ALL] readOnlyRootFilesystem: false command: - bundle - exec - sidekiq - -c - "{{ .sidekiq.concurrency }}" - -q - default,8 - -q - push,6 - -q - ingress,4 - -q - mailers,2 - -q - pull - -q - scheduler env: - name: LOCAL_DOMAIN value: "{{ .domain }}" - name: RAILS_ENV value: production - name: RAILS_LOG_LEVEL value: info - name: DEFAULT_LOCALE value: "{{ .locale }}" - name: SECRET_KEY_BASE valueFrom: secretKeyRef: name: mastodon-secrets key: secretKeyBase - name: OTP_SECRET valueFrom: secretKeyRef: name: mastodon-secrets key: otpSecret - name: VAPID_PRIVATE_KEY valueFrom: secretKeyRef: name: mastodon-secrets key: vapidPrivateKey - name: VAPID_PUBLIC_KEY valueFrom: secretKeyRef: name: mastodon-secrets key: vapidPublicKey - name: ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY valueFrom: secretKeyRef: name: mastodon-secrets key: activeRecordPrimaryKey - name: ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY valueFrom: secretKeyRef: name: mastodon-secrets key: activeRecordDeterministicKey - name: ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT valueFrom: secretKeyRef: name: mastodon-secrets key: activeRecordKeyDerivationSalt - name: DB_HOST value: "{{ .dbHostname }}" - name: DB_PORT value: "{{ .dbPort }}" - name: DB_NAME value: "{{ .dbName }}" - name: DB_USER value: "{{ .dbUsername }}" - name: DB_PASS valueFrom: secretKeyRef: name: mastodon-secrets key: dbPassword - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: name: mastodon-secrets key: postgres.password - name: REDIS_HOST value: "{{ .redisHostname }}" - name: REDIS_PORT value: "{{ .redisPort }}" - name: REDIS_PASSWORD valueFrom: secretKeyRef: name: mastodon-secrets key: redis.password - name: SMTP_SERVER value: "{{ .smtp.server }}" - name: SMTP_PORT value: "{{ .smtp.port }}" - name: SMTP_LOGIN value: "{{ .smtp.user }}" - name: SMTP_PASSWORD valueFrom: secretKeyRef: name: mastodon-secrets key: smtpPassword - name: SMTP_FROM_ADDRESS value: "{{ .smtp.from }}" - name: SMTP_AUTH_METHOD value: "{{ .smtp.authMethod }}" - name: SMTP_ENABLE_STARTTLS value: "{{ .smtp.enableStarttls }}" - name: SMTP_TLS value: "{{ .smtp.tls }}" volumeMounts: - name: assets mountPath: /opt/mastodon/public/assets - name: system mountPath: /opt/mastodon/public/system resources: requests: cpu: 250m memory: 512Mi limits: memory: 768Mi volumes: - name: assets persistentVolumeClaim: claimName: mastodon-assets - name: system persistentVolumeClaim: claimName: mastodon-system