--- apiVersion: apps/v1 kind: Deployment metadata: name: api namespace: artifactapi annotations: reloader.stakater.com/auto: "true" spec: selector: matchLabels: app: api strategy: rollingUpdate: maxUnavailable: 1 type: RollingUpdate template: metadata: labels: app: api spec: automountServiceAccountToken: true initContainers: - name: combine-certs image: alpine:3 command: - sh - -c - cat /etc/ssl/certs/ca-certificates.crt /custom-ca/ca.crt > /combined-certs/ca-certificates.crt volumeMounts: - name: vault-ca-cert mountPath: /custom-ca readOnly: true - name: combined-certs mountPath: /combined-certs containers: - name: api image: git.unkin.net/unkin/artifactapi:v3.5.0 imagePullPolicy: IfNotPresent ports: - containerPort: 8000 name: http protocol: TCP envFrom: - configMapRef: name: api-env optional: false - secretRef: name: environment optional: false volumeMounts: - name: combined-certs mountPath: /etc/ssl/combined readOnly: true livenessProbe: failureThreshold: 3 httpGet: path: /health port: http scheme: HTTP initialDelaySeconds: 30 periodSeconds: 30 successThreshold: 1 timeoutSeconds: 5 readinessProbe: failureThreshold: 3 httpGet: path: /health port: http scheme: HTTP initialDelaySeconds: 10 periodSeconds: 5 successThreshold: 1 timeoutSeconds: 5 resources: limits: cpu: "1" memory: 4Gi requests: cpu: 100m memory: 256Mi volumes: - name: vault-ca-cert secret: secretName: vault-ca-cert items: - key: ca.crt path: ca.crt - name: combined-certs emptyDir: {} restartPolicy: Always