alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 2 Actions Activity
Files
4eabb8e7ec18c2b94596f41beb41d1006a1c1d79
infrastructure/clusters/cl01tl/manifests/karakeep/ConfigMap-karakeep-meilisearch-environment.yaml

906 lines
25 KiB
YAML
Raw Blame History

apiVersion: v1
kind: ConfigMap
metadata:
name: karakeep-meilisearch-environment
labels:
helm.sh/chart: meilisearch-0.27.0
app.kubernetes.io/name: meilisearch
app.kubernetes.io/instance: karakeep
app.kubernetes.io/version: "v1.38.0"
app.kubernetes.io/component: search-engine
app.kubernetes.io/part-of: meilisearch
app.kubernetes.io/managed-by: Helm
data:
MEILI_ENV: "production"
MEILI_EXPERIMENTAL_DUMPLESS_UPGRADE: "true"
MEILI_NO_ANALYTICS: "true"
MEILI_EXPERIMENTAL_ENABLE_METRICS: "true"
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: karakeep-cloudflared
labels:
app.kubernetes.io/controller: main
app.kubernetes.io/instance: karakeep
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cloudflared
app.kubernetes.io/version: 2026.3.0
helm.sh/chart: cloudflared-2.4.0
namespace: karakeep
spec:
revisionHistoryLimit: 3
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app.kubernetes.io/controller: main
app.kubernetes.io/name: cloudflared
app.kubernetes.io/instance: karakeep
template:
metadata:
labels:
app.kubernetes.io/controller: main
app.kubernetes.io/instance: karakeep
app.kubernetes.io/name: cloudflared
spec:
enableServiceLinks: false
serviceAccountName: default
automountServiceAccountToken: true
hostIPC: false
hostNetwork: false
hostPID: false
dnsPolicy: ClusterFirst
containers:
- args:
- tunnel
- --protocol
- http2
- --no-autoupdate
- run
- --token
- $(CF_MANAGED_TUNNEL_TOKEN)
env:
- name: CF_MANAGED_TUNNEL_TOKEN
valueFrom:
secretKeyRef:
key: cf-tunnel-token
name: karakeep-cloudflared-secret
image: cloudflare/cloudflared:2026.3.0
imagePullPolicy: IfNotPresent
name: main
resources:
requests:
cpu: 10m
memory: 128Mi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: karakeep
labels:
app.kubernetes.io/controller: main
app.kubernetes.io/instance: karakeep
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: karakeep
helm.sh/chart: karakeep-4.6.2
namespace: karakeep
spec:
revisionHistoryLimit: 3
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app.kubernetes.io/controller: main
app.kubernetes.io/name: karakeep
app.kubernetes.io/instance: karakeep
template:
metadata:
labels:
app.kubernetes.io/controller: main
app.kubernetes.io/instance: karakeep
app.kubernetes.io/name: karakeep
spec:
enableServiceLinks: false
serviceAccountName: default
automountServiceAccountToken: true
hostIPC: false
hostNetwork: false
hostPID: false
dnsPolicy: ClusterFirst
containers:
- args:
- --no-sandbox
- --disable-gpu
- --disable-dev-shm-usage
- --remote-debugging-address=0.0.0.0
- --remote-debugging-port=9222
- --hide-scrollbars
image: gcr.io/zenika-hub/alpine-chrome:124
imagePullPolicy: IfNotPresent
name: chrome
resources:
requests:
cpu: 10m
memory: 128Mi
- env:
- name: DATA_DIR
value: /data
- name: DB_WAL_MODE
value: "true"
- name: NEXTAUTH_URL
value: https://karakeep.alexlebens.dev/
- name: NEXTAUTH_SECRET
valueFrom:
secretKeyRef:
key: key
name: karakeep-key-secret
- name: PROMETHEUS_AUTH_TOKEN
valueFrom:
secretKeyRef:
key: prometheus-token
name: karakeep-key-secret
- name: ASSET_STORE_S3_ENDPOINT
value: http://garage-main.garage:3900
- name: ASSET_STORE_S3_REGION
valueFrom:
secretKeyRef:
key: ACCESS_REGION
name: karakeep-bucket-garage
- name: ASSET_STORE_S3_BUCKET
value: karakeep-assets
- name: ASSET_STORE_S3_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
key: ACCESS_KEY_ID
name: karakeep-bucket-garage
- name: ASSET_STORE_S3_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
key: ACCESS_SECRET_KEY
name: karakeep-bucket-garage
- name: ASSET_STORE_S3_FORCE_PATH_STYLE
value: "true"
- name: MEILI_ADDR
value: http://karakeep-meilisearch.karakeep:7700
- name: MEILI_MASTER_KEY
valueFrom:
secretKeyRef:
key: MEILI_MASTER_KEY
name: karakeep-meilisearch-master-key-secret
- name: BROWSER_WEB_URL
value: http://karakeep.karakeep:9222
- name: DISABLE_SIGNUPS
value: "false"
- name: OAUTH_PROVIDER_NAME
value: Authentik
- name: OAUTH_WELLKNOWN_URL
value: https://auth.alexlebens.dev/application/o/karakeep/.well-known/openid-configuration
- name: OAUTH_SCOPE
value: openid email profile
- name: OAUTH_CLIENT_ID
valueFrom:
secretKeyRef:
key: AUTHENTIK_CLIENT_ID
name: karakeep-oidc-secret
- name: OAUTH_CLIENT_SECRET
valueFrom:
secretKeyRef:
key: AUTHENTIK_CLIENT_SECRET
name: karakeep-oidc-secret
- name: OLLAMA_BASE_URL
value: http://ollama-server-3.ollama:11434
- name: OLLAMA_KEEP_ALIVE
value: 5m
- name: INFERENCE_TEXT_MODEL
value: gemma3:4b
- name: INFERENCE_IMAGE_MODEL
value: granite3.2-vision:2b
- name: EMBEDDING_TEXT_MODEL
value: mxbai-embed-large
- name: INFERENCE_JOB_TIMEOUT_SEC
value: "720"
image: ghcr.io/karakeep-app/karakeep:0.31.0
imagePullPolicy: IfNotPresent
name: main
resources:
requests:
cpu: 10m
memory: 256Mi
volumeMounts:
- mountPath: /data
name: data
volumes:
- name: data
persistentVolumeClaim:
claimName: karakeep
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: karakeep-backup-secret-external
namespace: karakeep
labels:
helm.sh/chart: volsync-target-data-0.8.0
app.kubernetes.io/instance: karakeep
app.kubernetes.io/part-of: karakeep
app.kubernetes.io/version: "0.8.0"
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: karakeep-backup-secret-external
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
target:
template:
mergePolicy: Merge
engineVersion: v2
data:
RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/karakeep/karakeep"
data:
- secretKey: BUCKET_ENDPOINT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /volsync/restic/digital-ocean
metadataPolicy: None
property: BUCKET_ENDPOINT
- secretKey: RESTIC_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /volsync/restic/digital-ocean
metadataPolicy: None
property: RESTIC_PASSWORD
- secretKey: AWS_DEFAULT_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: AWS_DEFAULT_REGION
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: AWS_ACCESS_KEY_ID
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: AWS_SECRET_ACCESS_KEY
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: karakeep-backup-secret-local
namespace: karakeep
labels:
helm.sh/chart: volsync-target-data-0.8.0
app.kubernetes.io/instance: karakeep
app.kubernetes.io/part-of: karakeep
app.kubernetes.io/version: "0.8.0"
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: karakeep-backup-secret-local
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
target:
template:
mergePolicy: Merge
engineVersion: v2
data:
RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/karakeep/karakeep"
data:
- secretKey: BUCKET_ENDPOINT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /volsync/restic/garage-local
metadataPolicy: None
property: BUCKET_ENDPOINT
- secretKey: RESTIC_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /volsync/restic/garage-local
metadataPolicy: None
property: RESTIC_PASSWORD
- secretKey: AWS_DEFAULT_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/volsync-backups
metadataPolicy: None
property: ACCESS_REGION
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/volsync-backups
metadataPolicy: None
property: ACCESS_KEY_ID
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/volsync-backups
metadataPolicy: None
property: ACCESS_SECRET_KEY
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: karakeep-backup-secret-remote
namespace: karakeep
labels:
helm.sh/chart: volsync-target-data-0.8.0
app.kubernetes.io/instance: karakeep
app.kubernetes.io/part-of: karakeep
app.kubernetes.io/version: "0.8.0"
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: karakeep-backup-secret-remote
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
target:
template:
mergePolicy: Merge
engineVersion: v2
data:
RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/karakeep/karakeep"
data:
- secretKey: BUCKET_ENDPOINT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /volsync/restic/garage-remote
metadataPolicy: None
property: BUCKET_ENDPOINT
- secretKey: RESTIC_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /volsync/restic/garage-remote
metadataPolicy: None
property: RESTIC_PASSWORD
- secretKey: AWS_DEFAULT_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/volsync-backups
metadataPolicy: None
property: ACCESS_REGION
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/volsync-backups
metadataPolicy: None
property: ACCESS_KEY_ID
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/volsync-backups
metadataPolicy: None
property: ACCESS_SECRET_KEY
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: karakeep-bucket-garage
namespace: karakeep
labels:
app.kubernetes.io/name: karakeep-bucket-garage
app.kubernetes.io/instance: karakeep
app.kubernetes.io/part-of: karakeep
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/karakeep-assets
metadataPolicy: None
property: ACCESS_KEY_ID
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/karakeep-assets
metadataPolicy: None
property: ACCESS_SECRET_KEY
- secretKey: ACCESS_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/karakeep-assets
metadataPolicy: None
property: ACCESS_REGION
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: karakeep-cloudflared-secret
namespace: karakeep
labels:
helm.sh/chart: cloudflared-2.4.0
app.kubernetes.io/instance: karakeep
app.kubernetes.io/part-of: karakeep
app.kubernetes.io/version: "2.4.0"
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: karakeep-cloudflared-secret
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: cf-tunnel-token
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cloudflare/tunnels/karakeep
metadataPolicy: None
property: token
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: karakeep-key-secret
namespace: karakeep
labels:
app.kubernetes.io/name: karakeep-key-secret
app.kubernetes.io/instance: karakeep
app.kubernetes.io/part-of: karakeep
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/karakeep/key
metadataPolicy: None
property: key
- secretKey: prometheus-token
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/karakeep/key
metadataPolicy: None
property: prometheus-token
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: karakeep-meilisearch-master-key-secret
namespace: karakeep
labels:
app.kubernetes.io/name: karakeep-meilisearch-master-key-secret
app.kubernetes.io/instance: karakeep
app.kubernetes.io/part-of: karakeep
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: MEILI_MASTER_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/karakeep/meilisearch
metadataPolicy: None
property: MEILI_MASTER_KEY
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: karakeep-oidc-secret
namespace: karakeep
labels:
app.kubernetes.io/name: karakeep-oidc-secret
app.kubernetes.io/instance: karakeep
app.kubernetes.io/part-of: karakeep
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: AUTHENTIK_CLIENT_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/karakeep
metadataPolicy: None
property: client
- secretKey: AUTHENTIK_CLIENT_SECRET
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/karakeep
metadataPolicy: None
property: secret
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: karakeep-meilisearch
labels:
helm.sh/chart: meilisearch-0.27.0
app.kubernetes.io/name: meilisearch
app.kubernetes.io/instance: karakeep
app.kubernetes.io/version: "v1.38.0"
app.kubernetes.io/component: search-engine
app.kubernetes.io/part-of: meilisearch
app.kubernetes.io/managed-by: Helm
spec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: "10Gi"
storageClassName: "ceph-block"
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: karakeep
labels:
app.kubernetes.io/instance: karakeep
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: karakeep
helm.sh/chart: karakeep-4.6.2
annotations:
helm.sh/resource-policy: keep
namespace: karakeep
spec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: "10Gi"
storageClassName: "ceph-block"
---
apiVersion: v1
kind: Pod
metadata:
name: karakeep-meilisearch-test-connection
labels:
app.kubernetes.io/name: meilisearch
helm.sh/chart: meilisearch-0.27.0
app.kubernetes.io/instance: karakeep
app.kubernetes.io/managed-by: Helm
annotations:
"helm.sh/hook": test-success
spec:
containers:
- name: wget
image: busybox
command: ['wget']
args: ['--spider', '--timeout=5', 'karakeep-meilisearch:7700']
restartPolicy: Never
---
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: karakeep-backup-source-external
namespace: karakeep
labels:
helm.sh/chart: volsync-target-data-0.8.0
app.kubernetes.io/instance: karakeep
app.kubernetes.io/part-of: karakeep
app.kubernetes.io/version: "0.8.0"
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: karakeep-backup
spec:
sourcePVC: karakeep
trigger:
schedule: 30 10 * * *
restic:
pruneIntervalDays: 7
repository: karakeep-backup-secret-external
retain:
daily: 7
hourly: 0
monthly: 3
weekly: 4
yearly: 1
copyMethod: Snapshot
storageClassName: ceph-block
volumeSnapshotClassName: ceph-blockpool-snapshot
cacheCapacity: 1Gi
---
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: karakeep-backup-source-local
namespace: karakeep
labels:
helm.sh/chart: volsync-target-data-0.8.0
app.kubernetes.io/instance: karakeep
app.kubernetes.io/part-of: karakeep
app.kubernetes.io/version: "0.8.0"
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: karakeep-backup
spec:
sourcePVC: karakeep
trigger:
schedule: 30 8 * * *
restic:
pruneIntervalDays: 7
repository: karakeep-backup-secret-local
retain:
daily: 7
hourly: 0
monthly: 3
weekly: 4
yearly: 1
copyMethod: Snapshot
storageClassName: ceph-block
volumeSnapshotClassName: ceph-blockpool-snapshot
cacheCapacity: 1Gi
---
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: karakeep-backup-source-remote
namespace: karakeep
labels:
helm.sh/chart: volsync-target-data-0.8.0
app.kubernetes.io/instance: karakeep
app.kubernetes.io/part-of: karakeep
app.kubernetes.io/version: "0.8.0"
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: karakeep-backup
spec:
sourcePVC: karakeep
trigger:
schedule: 30 9 * * *
restic:
pruneIntervalDays: 7
repository: karakeep-backup-secret-remote
retain:
daily: 7
hourly: 0
monthly: 3
weekly: 4
yearly: 1
copyMethod: Snapshot
storageClassName: ceph-block
volumeSnapshotClassName: ceph-blockpool-snapshot
cacheCapacity: 1Gi
---
apiVersion: v1
kind: Service
metadata:
name: karakeep-meilisearch
labels:
helm.sh/chart: meilisearch-0.27.0
app.kubernetes.io/name: meilisearch
app.kubernetes.io/instance: karakeep
app.kubernetes.io/version: "v1.38.0"
app.kubernetes.io/component: search-engine
app.kubernetes.io/part-of: meilisearch
app.kubernetes.io/managed-by: Helm
spec:
type: ClusterIP
ports:
- port: 7700
targetPort: http
protocol: TCP
name: http
selector:
app.kubernetes.io/name: meilisearch
app.kubernetes.io/instance: karakeep
---
apiVersion: v1
kind: Service
metadata:
name: karakeep
labels:
app.kubernetes.io/instance: karakeep
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: karakeep
app.kubernetes.io/service: karakeep
helm.sh/chart: karakeep-4.6.2
namespace: karakeep
spec:
type: ClusterIP
ports:
- port: 9222
targetPort: 9222
protocol: TCP
name: chrome
- port: 3000
targetPort: 3000
protocol: TCP
name: http
selector:
app.kubernetes.io/controller: main
app.kubernetes.io/instance: karakeep
app.kubernetes.io/name: karakeep
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: karakeep-meilisearch
labels:
helm.sh/chart: meilisearch-0.27.0
app.kubernetes.io/name: meilisearch
app.kubernetes.io/instance: karakeep
app.kubernetes.io/version: "v1.38.0"
app.kubernetes.io/component: search-engine
app.kubernetes.io/part-of: meilisearch
app.kubernetes.io/managed-by: Helm
automountServiceAccountToken: false
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: karakeep-meilisearch
namespace: karakeep
labels:
helm.sh/chart: meilisearch-0.27.0
app.kubernetes.io/name: meilisearch
app.kubernetes.io/instance: karakeep
app.kubernetes.io/version: "v1.38.0"
app.kubernetes.io/component: search-engine
app.kubernetes.io/part-of: meilisearch
app.kubernetes.io/managed-by: Helm
spec:
jobLabel: karakeep
namespaceSelector:
matchNames:
- karakeep
selector:
matchLabels:
app.kubernetes.io/name: meilisearch
app.kubernetes.io/instance: karakeep
endpoints:
- port: http
path: /metrics
interval: 1m
scrapeTimeout: 10s
bearerTokenSecret:
name: karakeep-meilisearch-master-key-secret
key: MEILI_MASTER_KEY
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: karakeep
labels:
app.kubernetes.io/instance: karakeep
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: karakeep
helm.sh/chart: karakeep-4.6.2
namespace: karakeep
spec:
jobLabel: karakeep
namespaceSelector:
matchNames:
- karakeep
selector:
matchLabels:
app.kubernetes.io/instance: karakeep
app.kubernetes.io/name: karakeep
endpoints:
- authorization:
credentials:
key: prometheus-token
name: karakeep-key-secret
interval: 30s
path: /api/metrics
port: http
scrapeTimeout: 15s
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: karakeep-meilisearch
labels:
helm.sh/chart: meilisearch-0.27.0
app.kubernetes.io/name: meilisearch
app.kubernetes.io/instance: karakeep
app.kubernetes.io/version: "v1.38.0"
app.kubernetes.io/component: search-engine
app.kubernetes.io/part-of: meilisearch
app.kubernetes.io/managed-by: Helm
spec:
replicas: 1
serviceName: karakeep-meilisearch
selector:
matchLabels:
app.kubernetes.io/name: meilisearch
app.kubernetes.io/instance: karakeep
template:
metadata:
labels:
helm.sh/chart: meilisearch-0.27.0
app.kubernetes.io/name: meilisearch
app.kubernetes.io/instance: karakeep
app.kubernetes.io/version: "v1.38.0"
app.kubernetes.io/component: search-engine
app.kubernetes.io/part-of: meilisearch
app.kubernetes.io/managed-by: Helm
annotations:
checksum/config: fc5108f9718d0b9dc1572a1e1ec94803ff463e34da5e212866d3aad38dc3eb0c
spec:
serviceAccountName: karakeep-meilisearch
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
volumes:
- name: tmp
emptyDir: {}
- name: data
persistentVolumeClaim:
claimName: karakeep-meilisearch
containers:
- name: meilisearch
image: "getmeili/meilisearch:v1.38.0"
imagePullPolicy: IfNotPresent
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
volumeMounts:
- name: tmp
mountPath: /tmp
- name: data
mountPath: /meili_data
envFrom:
- configMapRef:
name: karakeep-meilisearch-environment
- secretRef:
name: karakeep-meilisearch-master-key-secret
ports:
- name: http
containerPort: 7700
protocol: TCP
startupProbe:
httpGet:
path: /health
port: http
periodSeconds: 1
initialDelaySeconds: 1
failureThreshold: 60
timeoutSeconds: 1
livenessProbe:
httpGet:
path: /health
port: http
periodSeconds: 10
initialDelaySeconds: 0
timeoutSeconds: 10
readinessProbe:
httpGet:
path: /health
port: http
periodSeconds: 10
initialDelaySeconds: 0
timeoutSeconds: 10
resources:
requests:
cpu: 10m
memory: 128Mi
Reference in New Issue View Git Blame Copy Permalink