blob: 4de270a9848bd19dced58c3a19618bc0e903d321 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
|
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: {{ namespace }}
name: sfive-{{ worker.name }}
labels:
app: sfive
worker: {{ worker.name }}
spec:
replicas: 1
selector:
matchLabels:
app: sfive
worker: {{ worker.name }}
strategy:
type: Recreate
revisionHistoryLimit: 5
template:
metadata:
labels:
app: sfive
worker: {{ worker.name }}
{% if worker.flags.sfive == 'proxy' and 'stream-onion' in worker.flags %}
spreadspace.org/onion-service: {{ worker.flags['stream-onion'] }}
{% endif %}
spec:
nodeName: {{ worker.name }}
serviceAccountName: sfive
securityContext:
runAsUser: 998
fsGroup: 998
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
initContainers:
- name: prepare-hub-data
image: busybox
command: ['sh', '-c', 'chown 998:998 /srv/data && chmod 0750 /srv/data']
securityContext:
runAsUser: 0
volumeMounts:
- name: hub-data
mountPath: /srv/data
{% if worker.flags.sfive == 'proxy' and 'stream-onion' in worker.flags %}
- name: prepare-onion-lib
image: busybox
command: ['sh', '-c', 'chown 998:998 /var/lib/tor && chmod 0750 /var/lib/tor']
securityContext:
runAsUser: 0
volumeMounts:
- name: onion-lib
mountPath: /var/lib/tor
{% endif %}
containers:
{% if worker.flags.sfive == 'proxy' %}
- name: proxy
image: spreadspace/sfive:{{ desc.globals.deployment.parameter.sfive_image_version }}
imagePullPolicy: Always
args:
- s5proxy
- -config
- /srv/config/proxy.json
volumeMounts:
- name: home
mountPath: /srv
- name: proxy-config
mountPath: /srv/config
{% if 'stream-onion' in worker.flags %}
- name: proxy-onion
image: spreadspace/sfive:{{ desc.globals.deployment.parameter.sfive_image_version }}
imagePullPolicy: Always
args:
- s5proxy
- -config
- /srv/config/proxy-onion.json
volumeMounts:
- name: home
mountPath: /srv
- name: proxy-config
mountPath: /srv/config
- name: onion-service
image: spreadspace/onion-service:{{ desc.globals.deployment.parameter.onion_service_image_version }}
imagePullPolicy: Always
env:
- name: ONION_HOST
value: "127.0.0.1"
- name: ONION_PORT
value: "8001"
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
volumeMounts:
- name: onion-lib
mountPath: /var/lib/tor
- name: proxy-config
mountPath: /srv/config
{% endif %}
{% endif %}
- name: hub
image: spreadspace/sfive:{{ desc.globals.deployment.parameter.sfive_image_version }}
imagePullPolicy: Always
args:
- sfive-hub
- -db
- /srv/data/db.bolt
- -start-pipe-server=false
- -start-web-server=false
- -start-pipegram-server
- -pipegram
- /srv/hub.sock
volumeMounts:
- name: home
mountPath: /srv
- name: hub-data
mountPath: /srv/data
volumes:
- name: home
emptyDir:
medium: Memory
{% if worker.flags.sfive == 'proxy' and 'stream-onion' in worker.flags %}
- name: onion-lib
emptyDir:
medium: Memory
{% endif %}
- name: proxy-config
configMap:
name: sfive-{{ worker.name }}
- name: hub-data
hostPath:
type: DirectoryOrCreate
path: /var/lib/sfive/{{ desc.globals.name }}
|