apiVersion: apps/v1 kind: Deployment metadata: name: k8s-agent-dashboard namespace: k8s-agent labels: app.kubernetes.io/name: k8s-agent-dashboard app.kubernetes.io/component: dashboard spec: replicas: 1 selector: matchLabels: app.kubernetes.io/name: k8s-agent-dashboard template: metadata: labels: app.kubernetes.io/name: k8s-agent-dashboard spec: # Target Pi 3 node (lightweight workload) tolerations: - key: "capacity" operator: "Equal" value: "low" effect: "NoExecute" nodeSelector: kubernetes.io/hostname: pi3 # Security context securityContext: runAsNonRoot: true runAsUser: 1000 fsGroup: 1000 containers: - name: dashboard image: gitea-http.taildb3494.ts.net/will/k8s-agent-dashboard:latest imagePullPolicy: Always ports: - name: http containerPort: 8080 protocol: TCP args: - "--port" - "8080" - "--data" - "/data" # Resource limits for Pi 3 (1GB RAM) resources: requests: memory: "32Mi" cpu: "10m" limits: memory: "64Mi" cpu: "100m" # Health checks livenessProbe: httpGet: path: /api/health port: http initialDelaySeconds: 5 periodSeconds: 30 timeoutSeconds: 3 readinessProbe: httpGet: path: /api/health port: http initialDelaySeconds: 3 periodSeconds: 10 timeoutSeconds: 3 # Volume mount for persistent data volumeMounts: - name: data mountPath: /data # Security securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true capabilities: drop: - ALL volumes: - name: data persistentVolumeClaim: claimName: k8s-agent-dashboard-data