apiVersion: apps/v1 kind: Deployment metadata: name: miniflux-deployment namespace: apps-roboces labels: app.kubernetes.io/name: miniflux app.kubernetes.io/managed-by: argo app.kubernetes.io/version: 2.1.0 annotations: kube-score/ignore: pod-networkpolicy,deployment-has-host-podantiaffinity spec: selector: matchLabels: app.kubernetes.io/name: miniflux app.kubernetes.io/version: 2.1.0 replicas: 3 strategy: rollingUpdate: maxSurge: 50% maxUnavailable: 50% type: RollingUpdate template: metadata: labels: app.kubernetes.io/name: miniflux app.kubernetes.io/version: 2.1.0 spec: containers: - name: miniflux image: miniflux/miniflux:2.1.0 imagePullPolicy: Always securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true runAsUser: 10000 runAsGroup: 10000 capabilities: drop: - all resources: requests: cpu: 300m memory: 300Mi ephemeral-storage: 2Gi limits: cpu: 400m memory: 500Mi ephemeral-storage: 4Gi livenessProbe: tcpSocket: port: 8080 initialDelaySeconds: 5 timeoutSeconds: 15 successThreshold: 1 failureThreshold: 3 periodSeconds: 10 readinessProbe: httpGet: path: / port: 8080 initialDelaySeconds: 15 timeoutSeconds: 2 successThreshold: 1 failureThreshold: 3 periodSeconds: 10 envFrom: - secretRef: name: miniflux env: - name: RUN_MIGRATIONS value: "1" - name: CREATE_ADMIN value: "1" - name: OAUTH2_PROVIDER value: "oidc" - name: OAUTH2_REDIRECT_URL value: "https://feeds.roboces.dev/oauth2/oidc/callback" - name: OAUTH2_OIDC_DISCOVERY_ENDPOINT value: "https://auth.fukurokuju.dev/application/o/miniflux/" - name: OAUTH2_USER_CREATION value: "1" restartPolicy: Always automountServiceAccountToken: false