fam/cube
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e5a87cc65f8e285bb4f61faebdeb57c95bfa1938
cube/apps/notes/k8s/all.yaml
T
Fam Zheng e5a87cc65f
deploy notes / build-and-deploy (push) Successful in 1m50s
Details
notes(feishu): lark-cli config 从 secret cp 到 PVC 子目录,可读可写 + 重启保留 
initContainer cp /secrets/lark-cli/config.json → /data/lark-cli/config.json
(已存在不覆盖,保留运行时 refresh 过的 token);feishu sidecar 主容器
subPath mount data PVC 的 lark-cli/ 到 /root/.lark-cli,lark-cli 写 cache、
refresh 都落 PVC。
2026-05-17 22:28:19 +01:00

188 lines
5.0 KiB
YAML
Raw Blame History

apiVersion: v1
kind: Namespace
metadata:
name: cube-notes
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: notes-data
namespace: cube-notes
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 30Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: notes
namespace: cube-notes
labels:
app: notes
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: notes
template:
metadata:
labels:
app: notes
spec:
imagePullSecrets:
- name: registry-creds
initContainers:
# secret volume 是只读的,但 lark-cli 跑时要写 cache / refresh token。
# 启动时把 secret 里的 config.json 复制到 PVC 子目录 lark-cli/,主容器再挂这个子目录到 ~/.lark-cli。
# 已存在不覆盖(保留运行时刷新过的 token)。
- name: lark-config-init
image: busybox:1.36
command:
- sh
- -c
- |
mkdir -p /data/lark-cli
if [ ! -f /data/lark-cli/config.json ]; then
cp /secrets/lark-cli/config.json /data/lark-cli/config.json
chmod 600 /data/lark-cli/config.json
echo "seeded lark-cli config from secret"
else
echo "lark-cli config already present in PVC, leaving alone"
fi
volumeMounts:
- name: lark-cli-secret
mountPath: /secrets/lark-cli
readOnly: true
- name: data
mountPath: /data
containers:
- name: notes
image: registry.famzheng.me/mochi/notes:latest
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8080
name: http
env:
- name: DB_PATH
value: /data/app.db
- name: BLOBS_DIR
value: /data/blobs
- name: ASR_URL
value: http://18.159.112.195:8848/v1/audio/transcriptions
- name: LLM_GATEWAY
value: http://3.135.65.204:8848/v1
- name: LLM_MODEL
value: gemma-4-31b-it
- name: PASSPHRASE
valueFrom:
secretKeyRef:
name: notes-creds
key: passphrase
- name: ASR_TOKEN
valueFrom:
secretKeyRef:
name: notes-creds
key: asr_token
- name: LLM_TOKEN
valueFrom:
secretKeyRef:
name: notes-creds
key: llm_token
- name: FEISHU_URL
value: http://localhost:8002
readinessProbe:
httpGet: { path: /healthz, port: http }
initialDelaySeconds: 1
periodSeconds: 5
livenessProbe:
httpGet: { path: /healthz, port: http }
initialDelaySeconds: 5
periodSeconds: 15
resources:
requests: { cpu: 10m, memory: 32Mi }
limits: { cpu: 1000m, memory: 512Mi }
volumeMounts:
- name: data
mountPath: /data
- name: feishu
image: registry.famzheng.me/mochi/notes-feishu:latest
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8002
name: feishu
readinessProbe:
httpGet: { path: /healthz, port: feishu }
initialDelaySeconds: 3
periodSeconds: 10
livenessProbe:
httpGet: { path: /healthz, port: feishu }
initialDelaySeconds: 30
periodSeconds: 30
resources:
requests: { cpu: 20m, memory: 64Mi }
limits: { cpu: 500m, memory: 384Mi }
volumeMounts:
- name: data
mountPath: /data
- name: data
mountPath: /root/.lark-cli
subPath: lark-cli
volumes:
- name: data
persistentVolumeClaim:
claimName: notes-data
- name: lark-cli-secret
secret:
secretName: lark-cli-creds
items:
- key: config.json
path: config.json
---
apiVersion: v1
kind: Service
metadata:
name: notes
namespace: cube-notes
spec:
selector:
app: notes
ports:
- name: http
port: 80
targetPort: 8080
---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: bodylimit
namespace: cube-notes
spec:
buffering:
maxRequestBodyBytes: 629145600
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: notes
namespace: cube-notes
annotations:
traefik.ingress.kubernetes.io/router.middlewares: cube-notes-bodylimit@kubernetescrd
spec:
ingressClassName: traefik
rules:
- host: notes.famzheng.me
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: notes
port:
number: 80
Reference in New Issue View Git Blame Copy Permalink