apiVersion: apps/v1 kind: Deployment metadata: name: xiaohongshu-mcp labels: app: xiaohongshu-mcp spec: replicas: 1 strategy: type: Recreate selector: matchLabels: app: xiaohongshu-mcp template: metadata: labels: app: xiaohongshu-mcp spec: # Docker Compose 中 init: true 的等效设置 shareProcessNamespace: false # 国内镜像源(阿里云) # imagePullSecrets: # - name: aliyun-regcred containers: - name: xhs-mcp # Docker Hub 镜像 image: image # 国内用户可换阿里云镜像(需要先拉取到本地仓库) # image: crpi-hocnvtkomt7w9v8t.cn-beijing.personal.cr.aliyuncs.com/xpzouying/xiaohongshu-mcp ports: - containerPort: 18060 protocol: TCP env: - name: ROD_BROWSER_BIN value: /usr/bin/google-chrome - name: COOKIES_PATH value: /app/data/cookies.json volumeMounts: - name: cookies mountPath: /app/data/cookies.json subPath: cookies.json - name: data mountPath: /app/data - name: images mountPath: /app/images resources: requests: memory: "256Mi" cpu: "100m" limits: memory: "1Gi" cpu: "500m" # Chrome 在容器内需要 --no-sandbox 等参数 # 项目 rod 默认会处理,这里加安全上下文确保 Chrome 能跑 securityContext: allowPrivilegeEscalation: false capabilities: add: ["SYS_ADMIN"] seccompProfile: type: Unconfined # Chrome 需要一些额外的系统调用权限 runAsNonRoot: false lifecycle: preStop: exec: command: ["/bin/sh", "-c", "killall -TERM chrome || true"] volumes: - name: cookies configMap: name: xhs-cookies - name: data hostPath: type: DirectoryOrCreate path: /data/xiaohongshu-mcp - name: images emptyDir: {}