homelab-gitops/apps/navidrome/deployment.yaml
gwg313 baa0216960
add kyverno policies
Signed-off-by: gwg313 <gwg313@pm.me>
2026-05-28 20:09:06 -04:00

56 lines
1.4 KiB
YAML

apiVersion: apps/v1
kind: Deployment
metadata:
name: navidrome
namespace: navidrome
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: navidrome
template:
metadata:
labels:
app: navidrome
spec:
securityContext:
runAsNonRoot: true
runAsUser: 1000
fsGroup: 1000
containers:
- name: navidrome
securityContext:
allowPrivilegeEscalation: false
runAsNonRoot: true
runAsUser: 1000
readOnlyRootFilesystem: false
image: deluan/navidrome:pr-5495
ports:
- containerPort: 4533
resources:
requests:
cpu: "100m"
memory: "128Mi"
limits:
cpu: "1000m"
memory: "512Mi"
envFrom:
- configMapRef:
name: navidrome-config
- secretRef:
name: navidrome-secrets
volumeMounts:
- mountPath: /data
name: navidrome-data
- mountPath: /music
name: navidrome-music
readOnly: true
volumes:
- name: navidrome-data
persistentVolumeClaim:
claimName: navidrome-data
- name: navidrome-music
persistentVolumeClaim:
claimName: navidrome-music