apiVersion: apps/v1 kind: Deployment metadata: name: renovate namespace: renovate labels: app.kubernetes.io/name: renovate spec: selector: matchLabels: app.kubernetes.io/name: renovate template: metadata: labels: app.kubernetes.io/name: renovate spec: securityContext: runAsUser: 1000 runAsGroup: 1000 containers: - name: renovate image: ghcr.io/mend/renovate-ce:7.5.0-full securityContext: allowPrivilegeEscalation: false env: - name: MEND_RNV_ACCEPT_TOS value: y - name: MEND_RNV_LICENSE_KEY valueFrom: secretKeyRef: name: renovate-secrets key: renovate_license_key - name: MEND_RNV_PLATFORM value: github - name: MEND_RNV_ENDPOINT value: "https://api.github.com/" - name: MEND_RNV_DATA_HANDLER_TYPE value: "postgresql" - name: PGDATABASE valueFrom: secretKeyRef: name: renovate-secrets key: db_pg_database - name: PGUSER valueFrom: secretKeyRef: name: renovate-secrets key: db_pg_user - name: PGPORT value: "5432" - name: PGHOST valueFrom: secretKeyRef: name: renovate-secrets key: db_pg_host - name: PGPASSWORD valueFrom: secretKeyRef: name: renovate-secrets key: db_pg_password - name: MEND_RNV_GITHUB_APP_ID value: "938218" - name: RNV_GITHUB_PEM_FILE_PATH value: "/usr/src/app/rpi5-cluster-renovate.2024-07-05.private-key.pem" - name: MEND_RNV_WEBHOOK_SECRET valueFrom: secretKeyRef: name: renovate-secrets key: github_app_webhook_secret - name: MEND_RNV_ADMIN_API_ENABLED value: "true" - name: MEND_RNV_SERVER_API_SECRET valueFrom: secretKeyRef: name: renovate-secrets key: server_api_secret - name: GITHUB_COM_TOKEN valueFrom: secretKeyRef: name: renovate-secrets key: github_pat - name: MEND_RNV_AUTODISCOVER_FILTER value: "3dwardch3ng/home-cluster-ops" - name: MEND_RNV_ENQUEUE_JOBS_ON_STARTUP value: "enabled" - name: MEND_RNV_LOG_HISTORY_DIR value: "/logs" ports: - name: http containerPort: 8080 protocol: TCP livenessProbe: initialDelaySeconds: 2 httpGet: path: /health port: http periodSeconds: 10 timeoutSeconds: 1 failureThreshold: 3 successThreshold: 1 readinessProbe: httpGet: path: /health port: http periodSeconds: 10 timeoutSeconds: 1 failureThreshold: 3 successThreshold: 1 volumeMounts: - name: renovate-config-js-volume mountPath: /usr/src/app/config.js subPath: config.js - name: renovate-cache-volume mountPath: /tmp/renovate - name: renovate-logs mountPath: /logs - name: renovate-gh-app-pem mountPath: /usr/src/app/renovate.private-key.pem volumes: - name: renovate-config-js-volume configMap: name: renovate-config-js - name: renovate-cache-volume emptyDir: {} - name: renovate-logs hostPath: path: /mnt/nfs/AppData/renovate/logs type: Directory - name: renovate-gh-app-pem hostPath: path: /mnt/nfs/AppData/renovate/key/rpi5-cluster-renovate.2024-07-05.private-key.pem type: File nodeSelector: kubernetes.io/arch: amd64