manifests/applications/write-freely/deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: writefreely
  namespace: writefreely-application
  labels:
    app: writefreely
spec:
  replicas: 1
  selector:
    matchLabels:
      app: writefreely
  template:
    metadata:
      labels:
        app: writefreely
    spec:
      securityContext:
        runAsUser: 1000
        runAsGroup: 1000
        fsGroup: 1000
      initContainers:
      - name: setup-keys-symlink
        image: busybox:1.35
        command: ['sh', '-c']
        args:
        - |
          # Ensure the keys directory exists in WriteFreely's expected location
          mkdir -p /writefreely/keys
          # Copy keys from persistent storage to WriteFreely's expected location
          if [ -d /data/keys ]; then
            cp -r /data/keys/* /writefreely/keys/ 2>/dev/null || echo "No keys found in /data/keys"
          fi
          echo "Keys setup completed"
        volumeMounts:
        - name: data
          mountPath: /data
        - name: writefreely-keys
          mountPath: /writefreely/keys
        securityContext:
          runAsUser: 1000
          runAsGroup: 1000
      containers:
      - name: writefreely
        image: jrasanen/writefreely
        imagePullPolicy: IfNotPresent
        command: ["/writefreely/writefreely"]
        args: ["-c", "/data/config.ini"]
        securityContext:
          runAsUser: 1000
          runAsGroup: 1000
          allowPrivilegeEscalation: false
          capabilities:
            drop:
            - ALL
          seccompProfile:
            type: RuntimeDefault
        env:
        - name: WRITEFREELY_HOST
          value: "https://blog.keyboardvagabond.com"
        - name: WRITEFREELY_ADMIN_USER
          value: "<ADMIN_USER>"
        - name: WRITEFREELY_ADMIN_PASSWORD
          valueFrom:
            secretKeyRef:
              name: writefreely-secret
              key: admin-password
        - name: WRITEFREELY_BIND_PORT
          value: "8080"
        - name: WRITEFREELY_BIND_HOST
          value: "0.0.0.0"
        - name: WRITEFREELY_SITE_NAME
          value: "Keyboard Vagabond Blog"
        - name: WRITEFREELY_SITE_DESCRIPTION
          value: "Personal blog for the Keyboard Vagabond community"
        - name: WRITEFREELY_SINGLE_USER
          value: "false"
        - name: WRITEFREELY_OPEN_REGISTRATION
          value: "false"
        - name: WRITEFREELY_FEDERATION
          value: "true"
        - name: WRITEFREELY_PUBLIC_STATS
          value: "true"
        - name: WRITEFREELY_MONETIZATION
          value: "true"
        - name: WRITEFREELY_PRIVATE
          value: "false"
        - name: WRITEFREELY_LOCAL_TIMELINE
          value: "false"
        - name: WRITEFREELY_USER_INVITES
          value: "user"
        - name: WRITEFREELY_DEFAULT_VISIBILITY
          value: "public"
        - name: WRITEFREELY_MAX_BLOG
          value: "4"
        - name: WRITEFREELY_MIN_USERNAME_LEN
          value: "3"
        - name: WRITEFREELY_CHORUS
          value: "true"
        - name: WRITEFREELY_OPEN_DELETION
          value: "true"
        - name: WRITEFREELY_DATABASE_DATABASE
          value: "sqlite3"
        - name: WRITEFREELY_SQLITE_FILENAME
          value: "/data/writefreely.db"
        ports:
        - containerPort: 8080
          name: http
        livenessProbe:
          httpGet:
            path: /api/me
            port: 8080
          initialDelaySeconds: 30
          periodSeconds: 10
        readinessProbe:
          httpGet:
            path: /api/me
            port: 8080
          initialDelaySeconds: 5
          periodSeconds: 5
        volumeMounts:
        - name: data
          mountPath: /data
        - name: writefreely-keys
          mountPath: /writefreely/keys
        resources:
          requests:
            memory: "256Mi"
            cpu: "100m"
          limits:
            memory: "1Gi"
            cpu: "1000m"
      volumes:
      - name: data
        persistentVolumeClaim:
          claimName: writefreely-data
      - name: writefreely-keys
        emptyDir: {}
redaction (#1) Add the redacted source file for demo purposes Reviewed-on: https://source.michaeldileo.org/michael_dileo/Keybard-Vagabond-Demo/pulls/1 Co-authored-by: Michael DiLeo <michael_dileo@proton.me> Co-committed-by: Michael DiLeo <michael_dileo@proton.me> 2025-12-24 13:40:47 +00:00			`apiVersion: apps/v1`
			`kind: Deployment`
			`metadata:`
			`name: writefreely`
			`namespace: writefreely-application`
			`labels:`
			`app: writefreely`
			`spec:`
			`replicas: 1`
			`selector:`
			`matchLabels:`
			`app: writefreely`
			`template:`
			`metadata:`
			`labels:`
			`app: writefreely`
			`spec:`
			`securityContext:`
			`runAsUser: 1000`
			`runAsGroup: 1000`
			`fsGroup: 1000`
			`initContainers:`
			`- name: setup-keys-symlink`
			`image: busybox:1.35`
			`command: ['sh', '-c']`
			`args:`
			`- \|`
			`# Ensure the keys directory exists in WriteFreely's expected location`
			`mkdir -p /writefreely/keys`
			`# Copy keys from persistent storage to WriteFreely's expected location`
			`if [ -d /data/keys ]; then`
			`cp -r /data/keys/* /writefreely/keys/ 2>/dev/null \|\| echo "No keys found in /data/keys"`
			`fi`
			`echo "Keys setup completed"`
			`volumeMounts:`
			`- name: data`
			`mountPath: /data`
			`- name: writefreely-keys`
			`mountPath: /writefreely/keys`
			`securityContext:`
			`runAsUser: 1000`
			`runAsGroup: 1000`
			`containers:`
			`- name: writefreely`
			`image: jrasanen/writefreely`
			`imagePullPolicy: IfNotPresent`
			`command: ["/writefreely/writefreely"]`
			`args: ["-c", "/data/config.ini"]`
			`securityContext:`
			`runAsUser: 1000`
			`runAsGroup: 1000`
			`allowPrivilegeEscalation: false`
			`capabilities:`
			`drop:`
			`- ALL`
			`seccompProfile:`
			`type: RuntimeDefault`
			`env:`
			`- name: WRITEFREELY_HOST`
			`value: "https://blog.keyboardvagabond.com"`
			`- name: WRITEFREELY_ADMIN_USER`
			`value: "<ADMIN_USER>"`
			`- name: WRITEFREELY_ADMIN_PASSWORD`
			`valueFrom:`
			`secretKeyRef:`
			`name: writefreely-secret`
			`key: admin-password`
			`- name: WRITEFREELY_BIND_PORT`
			`value: "8080"`
			`- name: WRITEFREELY_BIND_HOST`
			`value: "0.0.0.0"`
			`- name: WRITEFREELY_SITE_NAME`
			`value: "Keyboard Vagabond Blog"`
			`- name: WRITEFREELY_SITE_DESCRIPTION`
			`value: "Personal blog for the Keyboard Vagabond community"`
			`- name: WRITEFREELY_SINGLE_USER`
			`value: "false"`
			`- name: WRITEFREELY_OPEN_REGISTRATION`
			`value: "false"`
			`- name: WRITEFREELY_FEDERATION`
			`value: "true"`
			`- name: WRITEFREELY_PUBLIC_STATS`
			`value: "true"`
			`- name: WRITEFREELY_MONETIZATION`
			`value: "true"`
			`- name: WRITEFREELY_PRIVATE`
			`value: "false"`
			`- name: WRITEFREELY_LOCAL_TIMELINE`
			`value: "false"`
			`- name: WRITEFREELY_USER_INVITES`
			`value: "user"`
			`- name: WRITEFREELY_DEFAULT_VISIBILITY`
			`value: "public"`
			`- name: WRITEFREELY_MAX_BLOG`
			`value: "4"`
			`- name: WRITEFREELY_MIN_USERNAME_LEN`
			`value: "3"`
			`- name: WRITEFREELY_CHORUS`
			`value: "true"`
			`- name: WRITEFREELY_OPEN_DELETION`
			`value: "true"`
			`- name: WRITEFREELY_DATABASE_DATABASE`
			`value: "sqlite3"`
			`- name: WRITEFREELY_SQLITE_FILENAME`
			`value: "/data/writefreely.db"`
			`ports:`
			`- containerPort: 8080`
			`name: http`
			`livenessProbe:`
			`httpGet:`
			`path: /api/me`
			`port: 8080`
			`initialDelaySeconds: 30`
			`periodSeconds: 10`
			`readinessProbe:`
			`httpGet:`
			`path: /api/me`
			`port: 8080`
			`initialDelaySeconds: 5`
			`periodSeconds: 5`
			`volumeMounts:`
			`- name: data`
			`mountPath: /data`
			`- name: writefreely-keys`
			`mountPath: /writefreely/keys`
			`resources:`
			`requests:`
			`memory: "256Mi"`
			`cpu: "100m"`
			`limits:`
			`memory: "1Gi"`
			`cpu: "1000m"`
			`volumes:`
			`- name: data`
			`persistentVolumeClaim:`
			`claimName: writefreely-data`
			`- name: writefreely-keys`
			`emptyDir: {}`