--- apiVersion: apps/v1 kind: Deployment metadata: name: meilisearch namespace: artifact-keeper labels: app.kubernetes.io/name: artifact-keeper app.kubernetes.io/instance: ak app.kubernetes.io/part-of: artifact-keeper app.kubernetes.io/component: meilisearch spec: replicas: 1 strategy: type: Recreate selector: matchLabels: app.kubernetes.io/name: artifact-keeper app.kubernetes.io/instance: ak app.kubernetes.io/component: meilisearch template: metadata: labels: app.kubernetes.io/name: artifact-keeper app.kubernetes.io/instance: ak app.kubernetes.io/component: meilisearch spec: automountServiceAccountToken: false securityContext: runAsNonRoot: true runAsUser: 1000 fsGroup: 1000 initContainers: - name: fix-ownership image: busybox:1.37 securityContext: runAsNonRoot: false runAsUser: 0 readOnlyRootFilesystem: true allowPrivilegeEscalation: false capabilities: drop: - ALL add: - CHOWN - FOWNER resources: requests: cpu: 10m memory: 16Mi ephemeral-storage: 32Mi limits: cpu: 100m memory: 64Mi ephemeral-storage: 64Mi command: ["sh", "-c", "chown -R 1000:1000 /meili_data"] volumeMounts: - name: meilisearch-data mountPath: /meili_data - name: version-guard image: busybox:1.37 securityContext: readOnlyRootFilesystem: true allowPrivilegeEscalation: false capabilities: drop: - ALL resources: requests: cpu: 10m memory: 16Mi limits: cpu: 100m memory: 64Mi command: ["sh", "-c"] args: - | EXPECTED="v1.12" VERSION_FILE="/meili_data/data.ms/VERSION" if [ ! -f "$VERSION_FILE" ]; then echo "No existing database, fresh start" exit 0 fi CURRENT=$(cat "$VERSION_FILE" 2>/dev/null || echo "unknown") echo "Current DB version: $CURRENT, expected image: $EXPECTED" if echo "$CURRENT" | grep -qv "$(echo $EXPECTED | sed 's/^v//')"; then echo "Version mismatch — wiping data.ms for clean re-index" rm -rf /meili_data/data.ms echo "Done. Backend will re-index automatically." else echo "Versions match, keeping existing data" fi volumeMounts: - name: meilisearch-data mountPath: /meili_data containers: - name: meilisearch image: "getmeili/meilisearch:v1.12" imagePullPolicy: IfNotPresent securityContext: readOnlyRootFilesystem: false allowPrivilegeEscalation: false capabilities: drop: - ALL ports: - name: http containerPort: 7700 protocol: TCP env: - name: MEILI_MASTER_KEY valueFrom: secretKeyRef: name: app-secrets key: MEILISEARCH_API_KEY - name: MEILI_ENV value: "production" - name: MEILI_MAX_INDEXING_THREADS value: "4" resources: limits: cpu: "1" memory: 8Gi requests: cpu: 250m memory: 512Mi readinessProbe: httpGet: path: /health port: 7700 initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 5 livenessProbe: httpGet: path: /health port: 7700 initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 5 volumeMounts: - name: meilisearch-data mountPath: /meili_data - name: tmp mountPath: /tmp volumes: - name: tmp emptyDir: sizeLimit: 256Mi - name: meilisearch-data persistentVolumeClaim: claimName: meilisearch