k8s/daemon/deployment.yaml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106

apiVersion: apps/v1
kind: Deployment
metadata:
  name: makima-daemon
  labels:
    app: makima-daemon
    app.kubernetes.io/name: makima-daemon
    app.kubernetes.io/component: daemon
    app.kubernetes.io/part-of: makima
spec:
  replicas: 1
  selector:
    matchLabels:
      app: makima-daemon
  template:
    metadata:
      labels:
        app: makima-daemon
        app.kubernetes.io/name: makima-daemon
        app.kubernetes.io/component: daemon
        app.kubernetes.io/part-of: makima
    spec:
      terminationGracePeriodSeconds: 30
      containers:
        - name: makima-daemon
          image: ghcr.io/soryu-co/makima-daemon:latest
          imagePullPolicy: Always
          resources:
            requests:
              memory: "512Mi"
              cpu: "500m"
            limits:
              memory: "2Gi"
              cpu: "2000m"
          env:
            # --- Secrets ---
            - name: MAKIMA_API_KEY
              valueFrom:
                secretKeyRef:
                  name: makima-daemon-secrets
                  key: api-key
            - name: GITHUB_TOKEN
              valueFrom:
                secretKeyRef:
                  name: makima-daemon-secrets
                  key: github-token
                  optional: true
            - name: GH_TOKEN
              valueFrom:
                secretKeyRef:
                  name: makima-daemon-secrets
                  key: github-token
                  optional: true
            # --- ConfigMap ---
            - name: MAKIMA_DAEMON_SERVER_URL
              valueFrom:
                configMapKeyRef:
                  name: makima-daemon-config
                  key: server-url
            - name: RUST_LOG
              valueFrom:
                configMapKeyRef:
                  name: makima-daemon-config
                  key: log-level
          volumeMounts:
            - name: workdir
              mountPath: /app/workdir
            - name: data
              mountPath: /app/data
            - name: ssh-keys
              mountPath: /root/.ssh
              readOnly: true
          # Liveness probe: check that the makima daemon process is running
          livenessProbe:
            exec:
              command:
                - /bin/sh
                - -c
                - pgrep -f "makima daemon" > /dev/null
            initialDelaySeconds: 10
            periodSeconds: 30
            timeoutSeconds: 5
            failureThreshold: 3
          # Readiness probe: same check — daemon is ready when the process is alive
          readinessProbe:
            exec:
              command:
                - /bin/sh
                - -c
                - pgrep -f "makima daemon" > /dev/null
            initialDelaySeconds: 5
            periodSeconds: 10
            timeoutSeconds: 5
            failureThreshold: 3
      volumes:
        - name: workdir
          emptyDir:
            sizeLimit: 10Gi
        - name: data
          emptyDir:
            sizeLimit: 1Gi
        - name: ssh-keys
          secret:
            secretName: makima-daemon-ssh
            optional: true
            defaultMode: 0600