k8s-and-chill/rendered/envs/production/ocis/deployment-storageusers.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  annotations:
    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app.kubernetes.io/instance: ocis
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: ocis
    app.kubernetes.io/version: 7.1.4
    helm.sh/chart: ocis-0.7.0
  name: storageusers
  namespace: ocis
spec:
  replicas: 1
  selector:
    matchLabels:
      app: storageusers
  strategy:
    rollingUpdate:
      maxSurge: 25%
      maxUnavailable: 25%
    type: RollingUpdate
  template:
    metadata:
      labels:
        app: storageusers
        app.kubernetes.io/instance: ocis
        app.kubernetes.io/managed-by: Helm
        app.kubernetes.io/name: ocis
        app.kubernetes.io/version: 7.1.4
        helm.sh/chart: ocis-0.7.0
    spec:
      containers:
        - args:
            - storage-users
            - server
          command:
            - ocis
          env:
            - name: MICRO_REGISTRY
              value: nats-js-kv
            - name: MICRO_REGISTRY_ADDRESS
              value: nats:9233
            - name: OCIS_EVENTS_ENDPOINT
              value: nats:9233
            - name: OCIS_CACHE_STORE
              value: nats-js-kv
            - name: OCIS_CACHE_STORE_NODES
              value: nats:9233
            - name: OCIS_CACHE_DISABLE_PERSISTENCE
              value: "true"
            - name: OCIS_CORS_ALLOW_ORIGINS
              value: https://drive.tr1ceracop.de
            - name: STORAGE_USERS_GATEWAY_GRPC_ADDR
              value: gateway:9142
            - name: STORAGE_USERS_LOG_COLOR
              value: "false"
            - name: STORAGE_USERS_LOG_LEVEL
              value: info
            - name: STORAGE_USERS_LOG_PRETTY
              value: "false"
            - name: STORAGE_USERS_TRACING_ENABLED
              value: "false"
            - name: STORAGE_USERS_TRACING_TYPE
              value: jaeger
            - name: STORAGE_USERS_TRACING_ENDPOINT
              value: null
            - name: STORAGE_USERS_TRACING_COLLECTOR
              value: null
            - name: STORAGE_USERS_DEBUG_PPROF
              value: "false"
            - name: STORAGE_USERS_GRPC_ADDR
              value: 0.0.0.0:9157
            - name: STORAGE_USERS_DEBUG_ADDR
              value: 0.0.0.0:9159
            - name: STORAGE_USERS_HTTP_ADDR
              value: 0.0.0.0:9158
            - name: STORAGE_USERS_DATA_SERVER_URL
              value: http://storageusers:9158/data
            - name: STORAGE_USERS_DRIVER
              value: s3ng
            - name: STORAGE_USERS_S3NG_MAX_CONCURRENCY
              value: "100"
            - name: STORAGE_USERS_S3NG_ENDPOINT
              value: https://nbg1.your-objectstorage.com
            - name: STORAGE_USERS_S3NG_REGION
              value: nbg1
            - name: STORAGE_USERS_S3NG_ACCESS_KEY
              valueFrom:
                secretKeyRef:
                  key: accessKey
                  name: ocis-s3-credentials
            - name: STORAGE_USERS_S3NG_SECRET_KEY
              valueFrom:
                secretKeyRef:
                  key: secretKey
                  name: ocis-s3-credentials
            - name: STORAGE_USERS_S3NG_BUCKET
              value: ocis-tr1ceracop
            - name: STORAGE_USERS_S3NG_PUT_OBJECT_DISABLE_CONTENT_SHA256
              value: "false"
            - name: STORAGE_USERS_S3NG_PUT_OBJECT_DISABLE_MULTIPART
              value: "false"
            - name: STORAGE_USERS_S3NG_PUT_OBJECT_SEND_CONTENT_MD5
              value: "true"
            - name: STORAGE_USERS_S3NG_PUT_OBJECT_CONCURRENT_STREAM_PARTS
              value: "true"
            - name: STORAGE_USERS_S3NG_PUT_OBJECT_NUM_THREADS
              value: "4"
            - name: STORAGE_USERS_S3NG_PUT_OBJECT_PART_SIZE
              value: "0"
            - name: STORAGE_USERS_UPLOAD_EXPIRATION
              value: "86400"
            - name: STORAGE_USERS_PURGE_TRASH_BIN_PERSONAL_DELETE_BEFORE
              value: 720h
            - name: STORAGE_USERS_PURGE_TRASH_BIN_PROJECT_DELETE_BEFORE
              value: 720h
            - name: STORAGE_USERS_SERVICE_ACCOUNT_ID
              valueFrom:
                configMapKeyRef:
                  key: service-account-id
                  name: auth-service
            - name: STORAGE_USERS_SERVICE_ACCOUNT_SECRET
              valueFrom:
                secretKeyRef:
                  key: service-account-secret
                  name: ocis-service-account-secret
            - name: STORAGE_USERS_STAT_CACHE_STORE
              value: noop
            - name: STORAGE_USERS_MOUNT_ID
              valueFrom:
                configMapKeyRef:
                  key: storage-uuid
                  name: storage-users
            - name: STORAGE_USERS_JWT_SECRET
              valueFrom:
                secretKeyRef:
                  key: jwt-secret
                  name: ocis-jwt-secret
            - name: OCIS_TRANSFER_SECRET
              valueFrom:
                secretKeyRef:
                  key: transfer-secret
                  name: ocis-transfer-secret
            - name: OCIS_ASYNC_UPLOADS
              value: "true"
            - name: STORAGE_USERS_EVENTS_NUM_CONSUMERS
              value: "10"
            - name: STORAGE_USERS_DATA_GATEWAY_URL
              value: http://frontend:9140/data/
          image: owncloud/ocis:7.1.4
          imagePullPolicy: IfNotPresent
          livenessProbe:
            failureThreshold: 3
            httpGet:
              path: /healthz
              port: metrics-debug
            initialDelaySeconds: 60
            periodSeconds: 20
            timeoutSeconds: 10
          name: storageusers
          ports:
            - containerPort: 9157
              name: grpc
            - containerPort: 9158
              name: http
            - containerPort: 9159
              name: metrics-debug
          resources:
            requests:
              cpu: 10m
              memory: 64Mi
          securityContext:
            readOnlyRootFilesystem: true
            runAsGroup: 1000
            runAsNonRoot: true
            runAsUser: 1000
          volumeMounts:
            - mountPath: /tmp
              name: tmp-volume
            - mountPath: /etc/ocis/messaging-system-ca
              name: messaging-system-ca
              readOnly: true
            - mountPath: /var/lib/ocis
              name: storageusers-data
      nodeSelector: {}
      securityContext:
        fsGroup: 1000
        fsGroupChangePolicy: OnRootMismatch
      volumes:
        - emptyDir: {}
          name: tmp-volume
        - emptyDir: {}
          name: messaging-system-ca
        - name: storageusers-data
          persistentVolumeClaim:
            claimName: storageusers-data