apiVersion: apps/v1 kind: Deployment metadata: name: foobar labels: {} # Make sure keel.sh pulls updates for this deployment annotations: keel.sh/policy: force keel.sh/trigger: poll spec: replicas: 1 # Make sure we do not congest the network during rollout strategy: type: RollingUpdate rollingUpdate: maxSurge: 0 maxUnavailable: 1 selector: matchLabels: app: foobar template: metadata: annotations: prometheus.io/scrape: 'true' prometheus.io/port: '5000' labels: app: foobar component: camdetect spec: containers: - name: camdetect image: harbor.k-space.ee/k-space/camera-motion-detect:latest readinessProbe: httpGet: path: /readyz port: 5000 initialDelaySeconds: 10 periodSeconds: 180 timeoutSeconds: 60 ports: - containerPort: 5000 name: "http" resources: requests: memory: "64Mi" cpu: "200m" limits: memory: "128Mi" cpu: "1" securityContext: readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 command: - /app/camdetect.py env: - name: SOURCE_NAME value: foobar - name: S3_BUCKET_NAME value: application - name: S3_ENDPOINT_URL value: http://minio - name: MJPEGSTREAMER_CREDENTIALS valueFrom: secretKeyRef: name: application-secrets key: MJPEGSTREAMER_CREDENTIALS - name: MONGO_URI valueFrom: secretKeyRef: name: mongodb-application-readwrite key: connectionString.standard - name: AWS_SECRET_ACCESS_KEY valueFrom: secretKeyRef: name: minio-secret key: secretkey - name: AWS_ACCESS_KEY_ID valueFrom: secretKeyRef: name: minio-secret key: accesskey # Make sure 2+ pods of same camera are scheduled on different hosts affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: app operator: In values: - foobar topologyKey: kubernetes.io/hostname # Make sure camera deployments are spread over workers topologySpreadConstraints: - maxSkew: 1 topologyKey: kubernetes.io/hostname whenUnsatisfiable: DoNotSchedule labelSelector: matchLabels: app: foobar component: camdetect