apiVersion: apps/v1 kind: Deployment metadata: name: inventory namespace: hackerspace spec: replicas: 1 revisionHistoryLimit: 0 selector: matchLabels: app.kubernetes.io/name: inventory template: metadata: labels: app.kubernetes.io/name: inventory spec: containers: - image: harbor.k-space.ee/k-space/inventory-app:latest imagePullPolicy: Always env: - name: ENVIRONMENT_TYPE value: PROD - name: PYTHONUNBUFFERED value: "1" - name: MEMBERS_HOST value: https://members.k-space.ee - name: INVENTORY_ASSETS_BASE_URL value: https://minio-cluster-shared.k-space.ee/inventory-5b342be1-60a1-4290-8061-e0b8fc17d40d/ - name: OIDC_USERS_NAMESPACE value: oidc-gateway - name: MONGO_URI valueFrom: secretKeyRef: key: connectionString.standard name: inventory-mongodb-application-readwrite - name: SECRET_KEY valueFrom: secretKeyRef: key: SECRET_KEY name: inventory-secrets - name: INVENTORY_API_KEY valueFrom: secretKeyRef: key: INVENTORY_API_KEY name: inventory-api-key - name: SLACK_DOORLOG_CALLBACK valueFrom: secretKeyRef: key: SLACK_DOORLOG_CALLBACK name: slack-secrets - name: SLACK_VERIFICATION_TOKEN valueFrom: secretKeyRef: key: SLACK_VERIFICATION_TOKEN name: slack-secrets envFrom: - secretRef: name: miniobucket-inventory-owner-secrets - secretRef: name: oidc-client-inventory-app-owner-secrets name: inventory ports: - containerPort: 5000 name: http protocol: TCP resources: limits: cpu: "1" memory: 500Mi requests: cpu: 100m memory: 200Mi securityContext: readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /tmp name: tmp dnsPolicy: ClusterFirst restartPolicy: Always schedulerName: default-scheduler serviceAccount: inventory serviceAccountName: inventory terminationGracePeriodSeconds: 30 volumes: - name: tmp --- apiVersion: codemowers.cloud/v1beta1 kind: SecretClaim metadata: name: inventory-mongodb-readwrite-password spec: size: 32 mapping: - key: password value: "%(plaintext)s" --- apiVersion: mongodbcommunity.mongodb.com/v1 kind: MongoDBCommunity metadata: name: inventory-mongodb spec: agent: logLevel: ERROR maxLogFileDurationHours: 1 additionalMongodConfig: systemLog: quiet: true members: 3 type: ReplicaSet version: "6.0.3" security: authentication: modes: ["SCRAM"] users: - name: readwrite db: application passwordSecretRef: name: inventory-mongodb-readwrite-password roles: - name: readWrite db: application scramCredentialsSecretName: inventory-mongodb-readwrite statefulSet: spec: logLevel: WARN template: spec: containers: - name: mongod resources: requests: cpu: 100m memory: 1Gi limits: cpu: 4000m memory: 1Gi volumeMounts: - name: journal-volume mountPath: /data/journal - name: mongodb-agent resources: requests: cpu: 1m memory: 100Mi limits: {} affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: app operator: In values: - inventory-mongodb-svc topologyKey: kubernetes.io/hostname nodeSelector: dedicated: monitoring tolerations: - key: dedicated operator: Equal value: monitoring effect: NoSchedule volumeClaimTemplates: - metadata: name: logs-volume labels: usecase: logs spec: storageClassName: mongo accessModes: - ReadWriteOnce resources: requests: storage: 100Mi - metadata: name: journal-volume labels: usecase: journal spec: storageClassName: mongo accessModes: - ReadWriteOnce resources: requests: storage: 512Mi - metadata: name: data-volume labels: usecase: data spec: storageClassName: mongo accessModes: - ReadWriteOnce resources: requests: storage: 10Gi