127 lines
2.9 KiB
YAML
127 lines
2.9 KiB
YAML
kind: PersistentVolumeClaim
|
|
apiVersion: v1
|
|
metadata:
|
|
name: nfs-tusd
|
|
namespace: tus
|
|
spec:
|
|
accessModes:
|
|
- ReadWriteMany
|
|
storageClassName: ""
|
|
resources:
|
|
requests:
|
|
storage: 20Gi
|
|
---
|
|
apiVersion: extensions/v1beta1
|
|
kind: Deployment
|
|
metadata:
|
|
name: tusd
|
|
namespace: tus
|
|
spec:
|
|
replicas: 1
|
|
minReadySeconds: 10
|
|
strategy:
|
|
type: RollingUpdate
|
|
rollingUpdate:
|
|
maxSurge: 2
|
|
maxUnavailable: 0
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: tusd
|
|
spec:
|
|
containers:
|
|
- image: docker.io/tusproject/tusd:latest
|
|
imagePullPolicy: Always
|
|
args: ["-port=8080","-behind-proxy","-max-size=1000000000"]
|
|
name: tusd
|
|
resources:
|
|
limits:
|
|
memory: "2Gi"
|
|
requests:
|
|
memory: "1Gi"
|
|
ports:
|
|
- name: tusd-web
|
|
containerPort: 8080
|
|
securityContext:
|
|
runAsUser: 0
|
|
fsGroup: 0
|
|
volumeMounts:
|
|
- name: tusd-disk
|
|
mountPath: /srv/tusd-data
|
|
volumes:
|
|
- name: tusd-disk
|
|
persistentVolumeClaim:
|
|
claimName: nfs-tusd
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: tusd
|
|
namespace: tus
|
|
spec:
|
|
ports:
|
|
- name: tusd-web
|
|
port: 80
|
|
targetPort: 8080
|
|
protocol: TCP
|
|
selector:
|
|
app: tusd
|
|
---
|
|
apiVersion: extensions/v1beta1
|
|
kind: Ingress
|
|
metadata:
|
|
name: tusd
|
|
namespace: tus
|
|
annotations:
|
|
kubernetes.io/tls-acme: "true"
|
|
kubernetes.io/ingress.class: "nginx"
|
|
nginx.ingress.kubernetes.io/configuration-snippet: |
|
|
# Security: Don't allow people to upload html and then have browsers parse it
|
|
if ($uri ~ \.(?!(jpe?g|gif|png|webp|webm|mp4|mpg|avi|3gp|wav|mp3))$) {
|
|
add_header Content-Type application/octet-stream;
|
|
add_header Content-Disposition "attachment; filename=$basename";
|
|
add_header X-Download-Options noopen;
|
|
add_header X-Content-Type-Options nosniff;
|
|
}
|
|
nginx.ingress.kubernetes.io/proxy-body-size: 0m
|
|
nginx.ingress.kubernetes.io/proxy-connect-timeout: "300"
|
|
nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
|
|
nginx.ingress.kubernetes.io/proxy-request-buffering: "off"
|
|
nginx.ingress.kubernetes.io/proxy-send-timeout: "300"
|
|
spec:
|
|
tls:
|
|
- hosts:
|
|
- tusd.tus.io
|
|
secretName: tusd-tls
|
|
- hosts:
|
|
- master.tus.io
|
|
secretName: master-tls
|
|
rules:
|
|
- host: tusd.tus.io
|
|
http:
|
|
paths:
|
|
- path: /
|
|
backend:
|
|
serviceName: tusd
|
|
servicePort: 80
|
|
- host: master.tus.io
|
|
http:
|
|
paths:
|
|
- path: /
|
|
backend:
|
|
serviceName: tusd
|
|
servicePort: 80
|
|
---
|
|
apiVersion: autoscaling/v1
|
|
kind: HorizontalPodAutoscaler
|
|
metadata:
|
|
name: tusd
|
|
namespace: tus
|
|
spec:
|
|
scaleTargetRef:
|
|
apiVersion: apps/v1beta1
|
|
kind: Deployment
|
|
name: tusd
|
|
minReplicas: 1
|
|
maxReplicas: 5
|
|
targetCPUUtilizationPercentage: 90 |