michael_dileo/Keybard-Vagabond-Demo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

redaction (#1)

Browse Source 
Add the redacted source file for demo purposes

Reviewed-on: https://source.michaeldileo.org/michael_dileo/Keybard-Vagabond-Demo/pulls/1
Co-authored-by: Michael DiLeo <michael_dileo@proton.me>
Co-committed-by: Michael DiLeo <michael_dileo@proton.me>
This commit was merged in pull request #1.
This commit is contained in:
Michael DiLeo
2025-12-24 13:40:47 +00:00
committed by michael_dileo
parent 612235d52b
commit 7327d77dcd
333 changed files with 39286 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

195
manifests/applications/pixelfed/deployment-web.yaml Normal file
View File

@@ -0,0 +1,195 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: pixelfed-web
namespace: pixelfed-application
labels:
app: pixelfed
component: web
spec:
replicas: 2
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 0
maxSurge: 1
selector:
matchLabels:
app: pixelfed
component: web
template:
metadata:
labels:
app: pixelfed
component: web
spec:
securityContext:
runAsUser: 1000 # pixelfed user in Docker image
runAsGroup: 1000
fsGroup: 1000
runAsNonRoot: true
imagePullSecrets:
- name: harbor-pull-secret
initContainers:
- name: setup-env
image: <YOUR_REGISTRY_URL>/library/pixelfed-web:v0.12.6
imagePullPolicy: Always
command: ["/bin/sh", "-c"]
args:
- |
set -e
# Simple approach: only copy .env if it doesn't exist
if [ ! -f /var/www/pixelfed/.env ]; then
echo "No .env file found, copying ConfigMap content..."
cp /tmp/env-config/config /var/www/pixelfed/.env
echo "Environment file created successfully"
else
echo "Found existing .env file, preserving it"
fi
echo "Init container completed successfully"
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
volumeMounts:
- name: env-config-source
mountPath: /tmp/env-config
- name: pixelfed-env-writable
mountPath: /var/www/pixelfed/.env
subPath: .env
- name: app-storage
mountPath: /var/www/pixelfed/storage
- name: cache-storage
mountPath: /var/www/pixelfed/bootstrap/cache
containers:
- name: pixelfed-web
image: <YOUR_REGISTRY_URL>/library/pixelfed-web:v0.12.6
imagePullPolicy: Always
ports:
- name: http
containerPort: 80
protocol: TCP
- name: https
containerPort: 443
protocol: TCP
livenessProbe:
httpGet:
path: /api/v1/instance
port: http
initialDelaySeconds: 60
periodSeconds: 30
timeoutSeconds: 10
readinessProbe:
httpGet:
path: /api/v1/instance
port: http
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
startupProbe:
httpGet:
path: /api/v1/instance
port: http
initialDelaySeconds: 10
periodSeconds: 5
timeoutSeconds: 5
failureThreshold: 12
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
volumeMounts:
- name: pixelfed-env-writable
mountPath: /var/www/pixelfed/.env
subPath: .env
- name: app-storage
mountPath: /var/www/pixelfed/storage
- name: cache-storage
mountPath: /var/www/pixelfed/bootstrap/cache
- name: php-config
mountPath: /usr/local/etc/php/conf.d/99-pixelfed-uploads.ini
subPath: php.ini
- name: tls-cert
mountPath: /etc/ssl/certs/tls.crt
subPath: tls.crt
readOnly: true
- name: tls-key
mountPath: /etc/ssl/private/tls.key
subPath: tls.key
readOnly: true
resources:
requests:
cpu: 500m # 0.5 CPU core
memory: 1Gi # 1GB RAM
limits:
cpu: 2000m # 2 CPU cores (medium+ requirement)
memory: 4Gi # 4GB RAM (medium+ requirement)
volumes:
- name: app-storage
persistentVolumeClaim:
claimName: pixelfed-app-storage
- name: cache-storage
persistentVolumeClaim:
claimName: pixelfed-cache-storage
- name: env-config-source
configMap:
name: pixelfed-config
items:
- key: config
path: config
- name: pixelfed-env-writable
persistentVolumeClaim:
claimName: pixelfed-env-storage
- name: php-config
configMap:
name: pixelfed-php-config
- name: tls-cert
secret:
secretName: pixelfed-internal-tls-secret
items:
- key: tls.crt
path: tls.crt
- name: tls-key
secret:
secretName: pixelfed-internal-tls-secret
items:
- key: tls.key
path: tls.key
# Node affinity to distribute across nodes
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
# Prefer different nodes for web pods (spread web across nodes)
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app
operator: In
values: ["pixelfed"]
- key: component
operator: In
values: ["web"]
topologyKey: kubernetes.io/hostname
# Prefer to avoid worker pods (existing rule)
- weight: 50
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app
operator: In
values: ["pixelfed"]
- key: component
operator: In
values: ["worker"]
topologyKey: kubernetes.io/hostname