6ed436b973
## Why Roll out artifactapi `v3.7.5`, which ships the local docker registry (artifactapi#103): local `docker` repos now serve the Docker Registry HTTP API V2 for push and pull. ## Changes - `apps/base/artifactapi/api-deployment.yaml`: `artifactapi` image `v3.7.4` → `v3.7.5` - `apps/base/artifactapi/ui-deployment.yaml`: `artifactapi-ui` image `v3.7.4` → `v3.7.5` ## Heads-up (follow-up needed) The API HPA runs `minReplicas: 2`. Local-docker **chunked** blob uploads keep the upload session in-memory per replica, so a real `docker push` (POST → PATCH → PUT across replicas, no session affinity) can intermittently 404 with `BLOB_UPLOAD_UNKNOWN`. Monolithic pushes are unaffected. Recommend a follow-up to make upload sessions replica-independent (S3-backed) or add session affinity for `/v2/*/blobs/uploads/` before relying on pushes in anger. Reviewed-on: #231 Co-authored-by: Ben Vincent <ben@unkin.net> Co-committed-by: Ben Vincent <ben@unkin.net>
92 lines
2.3 KiB
YAML
92 lines
2.3 KiB
YAML
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: api
|
|
namespace: artifactapi
|
|
annotations:
|
|
reloader.stakater.com/auto: "true"
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app: api
|
|
strategy:
|
|
rollingUpdate:
|
|
maxUnavailable: 1
|
|
type: RollingUpdate
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: api
|
|
spec:
|
|
automountServiceAccountToken: true
|
|
initContainers:
|
|
- name: combine-certs
|
|
image: alpine:3
|
|
command:
|
|
- sh
|
|
- -c
|
|
- cat /etc/ssl/certs/ca-certificates.crt /custom-ca/ca.crt > /combined-certs/ca-certificates.crt
|
|
volumeMounts:
|
|
- name: vault-ca-cert
|
|
mountPath: /custom-ca
|
|
readOnly: true
|
|
- name: combined-certs
|
|
mountPath: /combined-certs
|
|
containers:
|
|
- name: api
|
|
image: git.unkin.net/unkin/artifactapi:v3.7.5
|
|
imagePullPolicy: IfNotPresent
|
|
ports:
|
|
- containerPort: 8000
|
|
name: http
|
|
protocol: TCP
|
|
envFrom:
|
|
- configMapRef:
|
|
name: api-env
|
|
optional: false
|
|
- secretRef:
|
|
name: environment
|
|
optional: false
|
|
volumeMounts:
|
|
- name: combined-certs
|
|
mountPath: /etc/ssl/combined
|
|
readOnly: true
|
|
livenessProbe:
|
|
failureThreshold: 3
|
|
httpGet:
|
|
path: /health
|
|
port: http
|
|
scheme: HTTP
|
|
initialDelaySeconds: 30
|
|
periodSeconds: 30
|
|
successThreshold: 1
|
|
timeoutSeconds: 5
|
|
readinessProbe:
|
|
failureThreshold: 3
|
|
httpGet:
|
|
path: /health
|
|
port: http
|
|
scheme: HTTP
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 5
|
|
successThreshold: 1
|
|
timeoutSeconds: 5
|
|
resources:
|
|
limits:
|
|
cpu: "1"
|
|
memory: 4Gi
|
|
requests:
|
|
cpu: 100m
|
|
memory: 256Mi
|
|
volumes:
|
|
- name: vault-ca-cert
|
|
secret:
|
|
secretName: vault-ca-cert
|
|
items:
|
|
- key: ca.crt
|
|
path: ca.crt
|
|
- name: combined-certs
|
|
emptyDir: {}
|
|
restartPolicy: Always
|