--- apiVersion: apps/v1 kind: Deployment metadata: name: discourse namespace: discourse spec: replicas: 1 selector: matchLabels: component: web strategy: type: Recreate template: metadata: labels: component: web spec: automountServiceAccountToken: false serviceAccountName: discourse securityContext: fsGroup: 0 fsGroupChangePolicy: Always containers: - name: discourse image: tiredofit/discourse:latest imagePullPolicy: "IfNotPresent" securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL add: - CHOWN - DAC_OVERRIDE - FOWNER - SETGID - SETUID privileged: false readOnlyRootFilesystem: false runAsNonRoot: false runAsUser: 0 seccompProfile: type: RuntimeDefault env: # Admin configuration - name: ADMIN_USER value: {{ .adminUsername }} - name: ADMIN_EMAIL value: {{ .adminEmail }} - name: ADMIN_PASS valueFrom: secretKeyRef: name: discourse-secrets key: adminPassword # Site configuration - name: SITE_TITLE value: {{ .siteName }} - name: HOSTNAME value: {{ .domain }} # Database configuration - name: DB_HOST value: {{ .dbHostname }} - name: DB_PORT value: "{{ .dbPort }}" - name: DB_NAME value: {{ .dbName }} - name: DB_USER value: {{ .dbUsername }} - name: DB_PASS valueFrom: secretKeyRef: name: discourse-secrets key: dbPassword # Redis configuration - name: REDIS_HOST value: {{ .redisHostname }} - name: REDIS_PASS valueFrom: secretKeyRef: name: discourse-secrets key: redis.password # SMTP configuration - name: SMTP_ENABLED value: "{{ .smtp.enabled }}" - name: SMTP_HOST value: {{ .smtp.host }} - name: SMTP_PORT value: "{{ .smtp.port }}" - name: SMTP_USER value: {{ .smtp.user }} - name: SMTP_PASS valueFrom: secretKeyRef: name: discourse-secrets key: smtpPassword - name: SMTP_TLS value: "{{ .smtp.tls }}" # Container timezone - name: TZ value: {{ .timezone }} ports: - name: http containerPort: 3000 protocol: TCP livenessProbe: httpGet: path: / port: http initialDelaySeconds: 420 periodSeconds: 30 timeoutSeconds: 10 successThreshold: 1 failureThreshold: 6 readinessProbe: httpGet: path: / port: http initialDelaySeconds: 360 periodSeconds: 30 timeoutSeconds: 10 successThreshold: 1 failureThreshold: 6 resources: limits: cpu: 2000m ephemeral-storage: 10Gi memory: 4Gi requests: cpu: 500m ephemeral-storage: 50Mi memory: 1Gi volumeMounts: - name: discourse-logs mountPath: /data/logs - name: discourse-uploads mountPath: /data/uploads - name: discourse-backups mountPath: /data/backups volumes: - name: discourse-logs persistentVolumeClaim: claimName: discourse-logs - name: discourse-uploads persistentVolumeClaim: claimName: discourse-uploads - name: discourse-backups persistentVolumeClaim: claimName: discourse-backups