rpi5/teslamate/deployment.yaml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113

apiVersion: apps/v1
kind: Deployment
metadata:
  name: teslamate
  namespace: teslamate
  labels:
    app: teslamate
  annotations:
    ignore-check.kube-linter.io/no-read-only-root-fs: "app writes to log files in container"
spec:
  replicas: 1
  selector:
    matchLabels:
      app: teslamate
  template:
    metadata:
      name: teslamate
      labels:
        app: teslamate
    spec:
      initContainers:
        - name: wait-for-postgres
          image: postgres:17.6@sha256:29574e213ffaf433ca9c9441a5919868b85ec04e7a32377f48edd3d3f972103d
          command:
            - sh
            - -c
            - |
              until pg_isready -h $DATABASE_HOST -U $DATABASE_USER;
                do echo "Waiting for Postgres...";
                sleep 5;
              done;
              echo "Postgres is up and running!"
          env:
            - name: DATABASE_HOST
              valueFrom:
                secretKeyRef:
                  key: host
                  name: database-secrets
            - name: DATABASE_USER
              valueFrom:
                secretKeyRef:
                  key: username
                  name: database-secrets
          securityContext:
            runAsUser: 10001
            runAsNonRoot: true
            readOnlyRootFilesystem: true
            capabilities:
              drop:
                - ALL
          resources:
            requests:
              cpu: 5m
            limits:
              memory: 16Mi
      containers:
        - name: teslamate
          image: teslamate/teslamate:2.1.1@sha256:5b03b1a76a043799e3aeaf234d0a02761ee85cf5a662c5ade028218ecf9f0ccc
          imagePullPolicy: IfNotPresent
          ports:
            - containerPort: 4000
              protocol: TCP
              name: http
          envFrom:
            - secretRef:
                name: secrets
          env:
            - name: DATABASE_USER
              valueFrom:
                secretKeyRef:
                  key: username
                  name: database-secrets
            - name: DATABASE_PASS
              valueFrom:
                secretKeyRef:
                  key: password
                  name: database-secrets
            - name: DATABASE_NAME
              value: teslamate
            - name: DATABASE_HOST
              valueFrom:
                secretKeyRef:
                  key: host
                  name: database-secrets
            - name: DATABASE_SSL
              value: "true"
            - name: DATABASE_SSL_CA_CERT_FILE
              value: /etc/ssl/certs/ca-certificates.crt
            - name: DISABLE_MQTT
              value: "true"
          securityContext:
            privileged: false
            allowPrivilegeEscalation: false
            runAsUser: 10001
            runAsGroup: 10001
            capabilities:
              drop:
                - ALL
          resources:
            requests:
              cpu: 10m
              memory: 256Mi
            limits:
              memory: 512Mi
          volumeMounts:
            - mountPath: /etc/ssl/certs/ca-certificates.crt
              name: certs
              subPath: ca.crt
      restartPolicy: Always
      volumes:
        - name: certs
          configMap:
            name: anshulg-ca