api-server/deploy/40-statefulset.yaml

---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  labels:
    app.kubernetes.io/component: api-server
    app.kubernetes.io/name: p5x-api-server
  name: p5x-api-server
  namespace: p5x-system
spec:
  replicas: 1
  selector:
    matchLabels:
      app: p5x-api-server
  serviceName: p5x-api-server
  template:
    metadata:
      labels:
        app: p5x-api-server
    spec:
      priorityClassName: system-cluster-critical

      # api-server interacts w/ some parts of the K8s API, so bind its service account
      serviceAccountName: p5x-api-sa

      volumes:
        # Used for the api-server SQLite database et al
        - name: p5x-system-data
          persistentVolumeClaim:
            claimName: system-data

      initContainers:
        # Make sure the p5x-system-data disk exists in PVE and is mounted
        - name: ensure-system-disk
          image: docker.io/glmdev/p5x-api:latest
          imagePullPolicy: Always
          envFrom:
            - secretRef:
                name: api-env
          env:
            - name: P5X_NODE_HOSTNAME
              valueFrom:
                fieldRef:
                  fieldPath: spec.nodeName
            - name: RUST_LOG
              value: 'p5x=debug,sqlx=warn,info'
          command: ['/p5x/p5x', 'ensure-system-disk']

        # Transfer the p5x-system-data PVE disk to the correct node, if necessary
        - name: migrate-system-disk
          image: docker.io/glmdev/p5x-api:latest
          imagePullPolicy: Always
          envFrom:
            - secretRef:
                name: api-env
          env:
            - name: P5X_NODE_HOSTNAME
              valueFrom:
                fieldRef:
                  fieldPath: spec.nodeName
            - name: RUST_LOG
              value: 'p5x=debug,sqlx=warn,info'
          command: ['/p5x/p5x', 'migrate-system-disk']

      containers:
        - name: api-server
          image: docker.io/glmdev/p5x-api:latest
          imagePullPolicy: Always
# TODO: (1) add a dedicated /healthz endpoint and (2) prevent that endpoint from writing to the Rocket logs
#          livenessProbe:
#            failureThreshold: 5
#            httpGet:
#              path: /system/pubkey
#              port: p5x
#            initialDelaySeconds: 10
#            periodSeconds: 120
#            timeoutSeconds: 10
          envFrom:
            - secretRef:
                name: api-env
          env:
            - name: P5X_NODE_HOSTNAME
              valueFrom:
                fieldRef:
                  fieldPath: spec.nodeName
            - name: RUST_LOG
              value: 'p5x=debug,sqlx=warn,info'
          ports:
            - containerPort: 3450
              name: p5x
          volumeMounts:
            - mountPath: /p5x/data
              name: p5x-system-data
Start roughing out K8s deployment spec for api-server; bootstrap global locks AFTER DB migrations have run 2025-02-25 05:18:45 +00:00			`---`
			`apiVersion: apps/v1`
			`kind: StatefulSet`
			`metadata:`
			`labels:`
			`app.kubernetes.io/component: api-server`
			`app.kubernetes.io/name: p5x-api-server`
			`name: p5x-api-server`
			`namespace: p5x-system`
			`spec:`
			`replicas: 1`
			`selector:`
			`matchLabels:`
			`app: p5x-api-server`
			`serviceName: p5x-api-server`
			`template:`
			`metadata:`
			`labels:`
			`app: p5x-api-server`
			`spec:`
			`priorityClassName: system-cluster-critical`
More work on early system setup init containers 2025-04-22 14:03:57 +00:00
			`# api-server interacts w/ some parts of the K8s API, so bind its service account`
			`serviceAccountName: p5x-api-sa`

Start roughing out K8s deployment spec for api-server; bootstrap global locks AFTER DB migrations have run 2025-02-25 05:18:45 +00:00			`volumes:`
More work on early system setup init containers 2025-04-22 14:03:57 +00:00			`# Used for the api-server SQLite database et al`
Start roughing out K8s deployment spec for api-server; bootstrap global locks AFTER DB migrations have run 2025-02-25 05:18:45 +00:00			`- name: p5x-system-data`
			`persistentVolumeClaim:`
			`claimName: system-data`
More work on early system setup init containers 2025-04-22 14:03:57 +00:00
Better support for overriding docker reg + tag (for local testing); init container for ensure-system-disk 2025-04-22 13:21:17 +00:00			`initContainers:`
More work on early system setup init containers 2025-04-22 14:03:57 +00:00			`# Make sure the p5x-system-data disk exists in PVE and is mounted`
Better support for overriding docker reg + tag (for local testing); init container for ensure-system-disk 2025-04-22 13:21:17 +00:00			`- name: ensure-system-disk`
			`image: docker.io/glmdev/p5x-api:latest`
Statefulset deploy - always pull image 2025-04-22 14:07:55 +00:00			`imagePullPolicy: Always`
Better support for overriding docker reg + tag (for local testing); init container for ensure-system-disk 2025-04-22 13:21:17 +00:00			`envFrom:`
			`- secretRef:`
			`name: api-env`
			`env:`
			`- name: P5X_NODE_HOSTNAME`
			`valueFrom:`
			`fieldRef:`
			`fieldPath: spec.nodeName`
			`- name: RUST_LOG`
			`value: 'p5x=debug,sqlx=warn,info'`
			`command: ['/p5x/p5x', 'ensure-system-disk']`
More work on early system setup init containers 2025-04-22 14:03:57 +00:00
			`# Transfer the p5x-system-data PVE disk to the correct node, if necessary`
			`- name: migrate-system-disk`
			`image: docker.io/glmdev/p5x-api:latest`
Statefulset deploy - always pull image 2025-04-22 14:07:55 +00:00			`imagePullPolicy: Always`
More work on early system setup init containers 2025-04-22 14:03:57 +00:00			`envFrom:`
			`- secretRef:`
			`name: api-env`
			`env:`
			`- name: P5X_NODE_HOSTNAME`
			`valueFrom:`
			`fieldRef:`
			`fieldPath: spec.nodeName`
			`- name: RUST_LOG`
			`value: 'p5x=debug,sqlx=warn,info'`
			`command: ['/p5x/p5x', 'migrate-system-disk']`

Start roughing out K8s deployment spec for api-server; bootstrap global locks AFTER DB migrations have run 2025-02-25 05:18:45 +00:00			`containers:`
			`- name: api-server`
Clean up K8s specs and add README.md 2025-02-27 02:33:11 +00:00			`image: docker.io/glmdev/p5x-api:latest`
Statefulset deploy - always pull image 2025-04-22 14:07:55 +00:00			`imagePullPolicy: Always`
Start roughing out K8s deployment spec for api-server; bootstrap global locks AFTER DB migrations have run 2025-02-25 05:18:45 +00:00			`# TODO: (1) add a dedicated /healthz endpoint and (2) prevent that endpoint from writing to the Rocket logs`
			`# livenessProbe:`
			`# failureThreshold: 5`
			`# httpGet:`
			`# path: /system/pubkey`
			`# port: p5x`
			`# initialDelaySeconds: 10`
			`# periodSeconds: 120`
			`# timeoutSeconds: 10`
			`envFrom:`
Clean up K8s specs and add README.md 2025-02-27 02:33:11 +00:00			`- secretRef:`
Start roughing out K8s deployment spec for api-server; bootstrap global locks AFTER DB migrations have run 2025-02-25 05:18:45 +00:00			`name: api-env`
			`env:`
			`- name: P5X_NODE_HOSTNAME`
			`valueFrom:`
			`fieldRef:`
			`fieldPath: spec.nodeName`
Better support for overriding docker reg + tag (for local testing); init container for ensure-system-disk 2025-04-22 13:21:17 +00:00			`- name: RUST_LOG`
			`value: 'p5x=debug,sqlx=warn,info'`
Start roughing out K8s deployment spec for api-server; bootstrap global locks AFTER DB migrations have run 2025-02-25 05:18:45 +00:00			`ports:`
			`- containerPort: 3450`
			`name: p5x`
			`volumeMounts:`
			`- mountPath: /p5x/data`
			`name: p5x-system-data`