apiVersion: apps/v1 kind: Deployment metadata: name: lemmy-backend namespace: {{ .namespace }} spec: replicas: {{ .backendReplicas }} selector: matchLabels: component: backend template: metadata: labels: component: backend spec: securityContext: runAsNonRoot: true runAsUser: 1000 runAsGroup: 1000 fsGroup: 1000 seccompProfile: type: RuntimeDefault initContainers: - name: config-prep image: busybox:stable securityContext: allowPrivilegeEscalation: false capabilities: drop: [ALL] readOnlyRootFilesystem: true command: - sh - -c - | cp /config-template/lemmy.hjson /config/lemmy.hjson sed -i "s|DBPASSWORD|${DB_PASSWORD}|g" /config/lemmy.hjson sed -i "s|PICTRS_API_KEY|${PICTRS_API_KEY}|g" /config/lemmy.hjson sed -i "s|SMTP_PASSWORD|${SMTP_PASSWORD}|g" /config/lemmy.hjson sed -i "s|ADMIN_PASSWORD|${ADMIN_PASSWORD}|g" /config/lemmy.hjson env: - name: DB_PASSWORD valueFrom: secretKeyRef: name: lemmy-secrets key: dbPassword - name: PICTRS_API_KEY valueFrom: secretKeyRef: name: lemmy-secrets key: jwtSecret - name: SMTP_PASSWORD valueFrom: secretKeyRef: name: lemmy-secrets key: smtpPassword - name: ADMIN_PASSWORD valueFrom: secretKeyRef: name: lemmy-secrets key: adminPassword volumeMounts: - name: config-template mountPath: /config-template - name: config mountPath: /config containers: - name: backend image: {{ .backendImage }} securityContext: allowPrivilegeEscalation: false capabilities: drop: [ALL] readOnlyRootFilesystem: false env: - name: LEMMY_CONFIG_LOCATION value: /config/lemmy.hjson - name: TZ value: "{{ .timezone }}" ports: - containerPort: {{ .backendPort }} name: http volumeMounts: - name: config mountPath: /config livenessProbe: httpGet: path: /api/v3/site port: {{ .backendPort }} initialDelaySeconds: 30 periodSeconds: 10 readinessProbe: httpGet: path: /api/v3/site port: {{ .backendPort }} initialDelaySeconds: 10 periodSeconds: 5 volumes: - name: config-template configMap: name: lemmy-config - name: config emptyDir: {}