Home Explore Help
Sign In
wigust
/
dotfiles
Watch 2
Star 1
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: a1aa22b46e
Branches Tags
dotfiles
/
apps
/
base
/
socialstream
/
pod.yaml

pod.yaml 2.1 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990 
  1. apiVersion: v1
    2. 

  2. kind: Pod
    3. 

  3. metadata:
    4. 

  4.   name: socialstream
    5. 

  5.   annotations:
    6. 

  6.     # Setting spec.force to true will make Flux recreate the Pod when any
    7. 

  7.     # immutable field is changed, forcing the Pod to run every time the
    8. 

  8.     # container image tag changes.
    9. 

  9.     kustomize.toolkit.fluxcd.io/force: enabled
    10. 

  10. spec:
    11. 

  11.   restartPolicy: Never
    12. 

  12.   automountServiceAccountToken: false
    13. 

  13.   containers:
    14. 

  14.   - image: harbor.home.wugi.info/library/socialstream:0.1.45-2
    15. 

  15.     name: socialstream
    16. 

  16.     env:
    17. 

  17.     - name: container
    18. 

  18.       value: docker
    19. 

  19.     command:
    20. 

  20.     - /bin/bash
    21. 

  21.     - -c
    22. 

  22.     - |
    23. 

  23.       set -o nounset -o errexit -o pipefail -o xtrace
    24. 

  24. 

  25.       systemctl enable socialstream.service
    26. 

  26. 

  27.       rm -vf /usr/lib/systemd/system/systemd-networkd*
    28. 

  28.       rm -vf /usr/lib/systemd/system/systemd-firstboot.service
    29. 

  29.       rm -vf /usr/lib/systemd/system/systemd-resolved.service
    30. 

  30. 

  31.       passwd --delete root
    32. 

  32. 

  33.       umount /sys/fs/cgroup
    34. 

  34.       mount -t cgroup2 -o rw,relatime,nsdelegate,memory_recursiveprot cgroup2 /sys/fs/cgroup
    35. 

  35. 

  36.       sed -i 's@#TTYPath=/dev/console@TTYPath=/dev/console@; s@#ForwardToConsole=no@ForwardToConsole=yes@' /etc/systemd/journald.conf
    37. 

  37. 

  38.       exec /sbin/init
    39. 

  39.     securityContext:
    40. 

  40.       capabilities:
    41. 

  41.         add:
    42. 

  42.         - NET_ADMIN
    43. 

  43.         - NET_BIND_SERVICE
    44. 

  44.         - NET_RAW
    45. 

  45.         - SYS_ADMIN
    46. 

  46.         - SYS_NICE
    47. 

  47.         - SYS_TIME
    48. 

  48.     resources:
    49. 

  49.       limits:
    50. 

  50.         cpu: 2000m
    51. 

  51.         memory: 4096Mi
    52. 

  52.       requests:
    53. 

  53.         cpu: 100m
    54. 

  54.         memory: 512Mi
    55. 

  55.     tty: true
    56. 

  56.     livenessProbe:
    57. 

  57.       exec:
    58. 

  58.         command:
    59. 

  59.         - /bin/systemctl
    60. 

  60.         - is-system-running
    61. 

  61.       failureThreshold: 100
    62. 

  62.       periodSeconds: 10
    63. 

  63.       timeoutSeconds: 15
    64. 

  64.     volumeMounts:
    65. 

  65.     - mountPath: /run
    66. 

  66.       name: run
    67. 

  67.     - mountPath: /tmp
    68. 

  68.       name: tmp
    69. 

  69.     - mountPath: /tmp/.X11-unix/X0
    70. 

  70.       name: x11-unix-socket
    71. 

  71.     - mountPath: /dev/dri
    72. 

  72.       name: dev-dri
    73. 

  73.   volumes:
    74. 

  74.   - emptyDir:
    75. 

  75.       medium: Memory
    76. 

  76.       sizeLimit: 512M
    77. 

  77.     name: run
    78. 

  78.   - emptyDir:
    79. 

  79.       medium: Memory
    80. 

  80.       sizeLimit: 2G
    81. 

  81.     name: tmp
    82. 

  82.   - name: x11-unix-socket
    83. 

  83.     hostPath:
    84. 

  84.       path: /tmp/.X11-unix/X0
    85. 

  85.       type: Socket
    86. 

  86.   - name: dev-dri
    87. 

  87.     hostPath:
    88. 

  88.       path: /dev/dri
    89. 

  89.       type: Directory
    90. 

  90.