--- apiVersion: v1 kind: ServiceAccount metadata: namespace: diun name: diun --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: diun rules: - apiGroups: - "" resources: - pods verbs: - get - watch - list --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: diun roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: diun subjects: - kind: ServiceAccount name: diun namespace: diun --- apiVersion: apps/v1 kind: Deployment metadata: namespace: diun name: diun spec: strategy: type: Recreate replicas: 1 selector: matchLabels: app: diun template: metadata: labels: app: diun spec: serviceAccountName: diun containers: - name: diun image: crazymax/diun:latest imagePullPolicy: Always args: ["serve"] env: - name: TZ value: "America/New_York" - name: LOG_LEVEL value: "info" - name: LOG_JSON value: "false" - name: DIUN_WATCH_WORKERS value: "20" - name: DIUN_WATCH_SCHEDULE value: "0 */6 * * *" - name: DIUN_WATCH_JITTER value: "30s" - name: DIUN_PROVIDERS_KUBERNETES value: "true" - name: DIUN_PROVIDERS_KUBERNETES_WATCHBYDEFAULT value: "true" - name: DIUN_NOTIF_NTFY_ENDPOINT value: "https://ntfy.jibby.org" - name: DIUN_NOTIF_NTFY_TOKEN valueFrom: secretKeyRef: name: diun-ntfy-token key: ntfy-token optional: false - name: DIUN_NOTIF_NTFY_TOPIC value: "diun" volumeMounts: - mountPath: "/data" name: "data" restartPolicy: Always volumes: - name: data persistentVolumeClaim: claimName: diun-pvc --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: diun-ntfy-token namespace: diun spec: target: name: diun-ntfy-token deletionPolicy: Delete template: type: Opaque data: ntfy-token: |- {{ .token }} data: - secretKey: token sourceRef: storeRef: name: bitwarden-notes kind: ClusterSecretStore remoteRef: key: 460f814b-e777-4440-b10a-b3f7013b8337