homelab/apps/harness/k8s/base/deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: harness
  labels:
    app: harness
spec:
  replicas: 1
  selector:
    matchLabels:
      app: harness
  template:
    metadata:
      labels:
        app: harness
    spec:
      serviceAccountName: harness
      imagePullSecrets:
        - name: gitea-pull-secret
      containers:
        - name: harness
          image: gitea.coreworlds.io/lazorgurl/homelab-harness:latest
          ports:
            - containerPort: 3100
          env:
            - name: HARNESS_WORK_DIR
              value: /data/harness
            - name: CLAUDE_CONFIG_DIR
              value: /secrets/claude
            - name: OPENCODE_CONFIG_DIR
              value: /secrets/opencode
            - name: DATABASE_URL
              valueFrom:
                secretKeyRef:
                  name: harness-db-credentials
                  key: database-url
            - name: GITEA_TOKEN
              valueFrom:
                secretKeyRef:
                  name: harness-mcp-credentials
                  key: gitea-token
            - name: GITEA_URL
              value: "http://gitea.platform.svc:3000"
            - name: HARNESS_PG_MCP_URL
              valueFrom:
                secretKeyRef:
                  name: harness-mcp-credentials
                  key: postgres-mcp-url
          volumeMounts:
            - name: workspace
              mountPath: /data/harness
            - name: claude-credentials
              mountPath: /secrets/claude
              readOnly: true
            - name: opencode-credentials
              mountPath: /secrets/opencode
              readOnly: true
          resources:
            requests:
              memory: 256Mi
              cpu: 100m
            limits:
              memory: 2Gi
          readinessProbe:
            httpGet:
              path: /api/health
              port: 3100
            initialDelaySeconds: 5
            periodSeconds: 10
          livenessProbe:
            httpGet:
              path: /api/health
              port: 3100
            initialDelaySeconds: 15
            periodSeconds: 20
      volumes:
        - name: workspace
          emptyDir:
            sizeLimit: 2Gi
        - name: claude-credentials
          secret:
            secretName: harness-claude-credentials
        - name: opencode-credentials
          secret:
            secretName: harness-opencode-credentials