--- apiVersion: apps/v1 kind: StatefulSet metadata: labels: app.kubernetes.io/component: api-server app.kubernetes.io/name: p5x-api-server name: p5x-api-server namespace: p5x-system spec: replicas: 1 selector: matchLabels: app: p5x-api-server serviceName: p5x-api-server template: metadata: labels: app: p5x-api-server spec: priorityClassName: system-cluster-critical # api-server interacts w/ some parts of the K8s API, so bind its service account serviceAccountName: p5x-api-sa volumes: # Used for the api-server SQLite database et al - name: p5x-system-data persistentVolumeClaim: claimName: system-data initContainers: # Make sure the p5x-system-data disk exists in PVE and is mounted - name: ensure-system-disk image: docker.io/glmdev/p5x-api:latest imagePullPolicy: Always envFrom: - secretRef: name: api-env env: - name: P5X_NODE_HOSTNAME valueFrom: fieldRef: fieldPath: spec.nodeName - name: RUST_LOG value: 'p5x=debug,sqlx=warn,info' command: ['/p5x/p5x', 'ensure-system-disk'] # Transfer the p5x-system-data PVE disk to the correct node, if necessary - name: migrate-system-disk image: docker.io/glmdev/p5x-api:latest imagePullPolicy: Always envFrom: - secretRef: name: api-env env: - name: P5X_NODE_HOSTNAME valueFrom: fieldRef: fieldPath: spec.nodeName - name: RUST_LOG value: 'p5x=debug,sqlx=warn,info' command: ['/p5x/p5x', 'migrate-system-disk'] containers: - name: api-server image: docker.io/glmdev/p5x-api:latest imagePullPolicy: Always # TODO: (1) add a dedicated /healthz endpoint and (2) prevent that endpoint from writing to the Rocket logs # livenessProbe: # failureThreshold: 5 # httpGet: # path: /system/pubkey # port: p5x # initialDelaySeconds: 10 # periodSeconds: 120 # timeoutSeconds: 10 envFrom: - secretRef: name: api-env env: - name: P5X_NODE_HOSTNAME valueFrom: fieldRef: fieldPath: spec.nodeName - name: RUST_LOG value: 'p5x=debug,sqlx=warn,info' ports: - containerPort: 3450 name: p5x volumeMounts: - mountPath: /p5x/data name: p5x-system-data