apiVersion: v1 kind: ServiceAccount metadata: namespace: default name: diun --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: diun rules: - apiGroups: - "" resources: - pods verbs: - get - watch - list --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: diun roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: diun subjects: - kind: ServiceAccount name: diun namespace: default --- apiVersion: apps/v1 kind: Deployment metadata: namespace: default name: diun spec: replicas: 1 selector: matchLabels: app: diun template: metadata: labels: app: diun annotations: diun.enable: "true" diun.include_tags: '^\d+\.\d+\.\d+$' diun.exclude_tags: 'edge;latest' spec: serviceAccountName: diun containers: - name: diun image: crazymax/diun:4.31.0 imagePullPolicy: IfNotPresent args: ["serve"] env: - name: TZ value: "Europe/Paris" - name: LOG_LEVEL value: "info" - name: LOG_JSON value: "false" - name: DIUN_WATCH_WORKERS value: "20" - name: DIUN_WATCH_SCHEDULE value: "0 */6 * * *" - name: DIUN_WATCH_JITTER value: "30s" - name: DIUN_DEFAULTS_WATCHREPO value: "true" - name: DIUN_DEFAULTS_MAXTAGS value: "10" - name: DIUN_NOTIF_NTFY_ENDPOINT value: "http://ntfy" - name: DIUN_NOTIF_NTFY_TOKEN value: "tk_vlw5tjsiwnb8b91w2lv4hh9ad6q5b" - name: DIUN_NOTIF_NTFY_TOPIC value: "image-update" - name: DIUN_PROVIDERS_KUBERNETES value: "true" - name: DIUN_PROVIDERS_KUBERNETES_WATCHBYDEFAULT value: "false" volumeMounts: - mountPath: "/data" name: "data" restartPolicy: Always volumes: # Set up a data directory for diun # For production usage, you should consider using PV/PVC instead(or simply using storage like NAS) # For more details, please see https://kubernetes.io/docs/concepts/storage/volumes/ - name: "data" hostPath: path: /mnt/diun/data type: Directory