trmm-awesome/kubernetes/deployment/tactical-meshcentral.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  namespace: tacticalrmm
  labels:
    app: tacticalrmm
    service: tactical-meshcentral
  name: tactical-meshcentral
spec:
  replicas: 1
  selector:
    matchLabels:
      service: tactical-meshcentral
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        network/mesh-db: "true"
        network/proxy: "true"
        service: tactical-meshcentral
    spec:
      securityContext:
        runAsUser: 1000
        fsGroup: 1000
      containers:
        - name: trmm-meshcentral
          image: tacticalrmm/tactical-meshcentral:0.14.1
          resources: {}
          env:
            - name: MESH_HOST
              value: mesh.rmm.mydomain.com
            - name: MESH_USER
              value: meshuser
            - name: MESH_PASS
              valueFrom:
                secretKeyRef:
                  name: tactical-secrets
                  key: mesh-password
            - name: MESH_PERSISTENT_CONFIG
              value: "0"
            - name: MONGODB_USER
              value: mongodbuser
            - name: MONGODB_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: tactical-secrets
                  key: mongodb-password
            - name: NGINX_HOST_IP # Point to NGINX service
              value: tactical-nlb
            - name: NGINX_HOST_PORT # Should match the EXTERNAL port of the NGINX service
              value: "443"
            - name: WS_MASK_OVERRIDE # Enable for Traefik compatibility
              value: "0"
            - name: SMTP_HOST
              value: smtp.example.com
            - name: SMTP_PORT
              value: "587"
            - name: SMTP_FROM
              value: mesh@example.com
            - name: SMTP_USER
              value: mesh@example.com
            - name: SMTP_PASS
              valueFrom:
                secretKeyRef:
                  name: tactical-secrets
                  key: mesh-smtp-password
            - name: SMTP_TLS
              value: "false"
          volumeMounts:
            - mountPath: /opt/tactical
              name: tactical-data
            - mountPath: /home/node/app/meshcentral-data
              name: mesh-data
      restartPolicy: Always
      volumes:
        - name: tactical-data
          persistentVolumeClaim:
            claimName: tactical-data
        - name: mesh-data
          persistentVolumeClaim:
            claimName: mesh-data
---
apiVersion: v1
kind: Service
metadata:
  namespace: tacticalrmm
  labels:
    app: tacticalrmm
    service: tactical-meshcentral
  name: tactical-meshcentral
spec:
  ports:
    - name: "http"
      port: 8080
      targetPort: 8080
    - name: "https"
      port: 4443
      targetPort: 4443
  selector:
    service: tactical-meshcentral