Stitch any CI into Tangled
1apiVersion: apps/v1
2kind: Deployment
3metadata:
4 name: tack
5 namespace: tack
6spec:
7 replicas: 1 # SQLite is single-writer; do not scale above 1
8 selector:
9 matchLabels:
10 app: tack
11 template:
12 metadata:
13 labels:
14 app: tack
15 spec:
16 serviceAccountName: tack
17 securityContext:
18 runAsNonRoot: true
19 runAsUser: 1000
20 fsGroup: 1000
21 seccompProfile:
22 type: RuntimeDefault
23 containers:
24 - name: tack
25 image: atcr.io/dsx.sh/tack:latest
26 imagePullPolicy: IfNotPresent
27 ports:
28 - name: http
29 containerPort: 8080
30 env:
31 - name: TACK_LISTEN_ADDR
32 value: ":8080"
33 - name: TACK_DB_PATH
34 value: "/var/lib/tack/tack.db"
35 - name: TACK_TEKTON_ENABLED
36 value: "1"
37 - name: TACK_TEKTON_NAMESPACE
38 value: "tekton-pipelines"
39 envFrom:
40 - secretRef:
41 name: tack
42 volumeMounts:
43 - name: db
44 mountPath: /var/lib/tack
45 livenessProbe:
46 httpGet:
47 path: /
48 port: http
49 initialDelaySeconds: 5
50 periodSeconds: 30
51 readinessProbe:
52 httpGet:
53 path: /
54 port: http
55 initialDelaySeconds: 2
56 periodSeconds: 10
57 resources:
58 requests:
59 cpu: 50m
60 memory: 64Mi
61 limits:
62 memory: 256Mi
63 securityContext:
64 allowPrivilegeEscalation: false
65 readOnlyRootFilesystem: true
66 capabilities:
67 drop: ["ALL"]
68 volumes:
69 - name: db
70 persistentVolumeClaim:
71 claimName: tack-db