--- # BookWyrm Automod CronJob # Replaces Celery beat scheduler for automod tasks # This job checks for spam/moderation rules and creates reports apiVersion: batch/v1 kind: CronJob metadata: name: bookwyrm-automod namespace: bookwyrm-application labels: app: bookwyrm component: automod-cronjob spec: # Run every 6 hours - adjust based on your moderation needs # "0 */6 * * *" = every 6 hours at minute 0 schedule: "0 */6 * * *" timeZone: "UTC" concurrencyPolicy: Forbid # Don't allow overlapping jobs successfulJobsHistoryLimit: 3 failedJobsHistoryLimit: 3 startingDeadlineSeconds: 600 # 10 minutes jobTemplate: metadata: labels: app: bookwyrm component: automod-cronjob spec: # Clean up jobs after 1 hour ttlSecondsAfterFinished: 3600 template: metadata: labels: app: bookwyrm component: automod-cronjob spec: securityContext: runAsNonRoot: true runAsUser: 1000 runAsGroup: 1000 fsGroup: 1000 seccompProfile: type: RuntimeDefault restartPolicy: OnFailure containers: - name: automod-task image: /library/bookwyrm-worker:latest command: ["/opt/venv/bin/python"] args: - "manage.py" - "shell" - "-c" - "from bookwyrm.models.antispam import automod_task; automod_task()" env: - name: CONTAINER_TYPE value: "cronjob-automod" - name: DJANGO_SETTINGS_MODULE value: "bookwyrm.settings" envFrom: - configMapRef: name: bookwyrm-config - secretRef: name: bookwyrm-secrets resources: requests: cpu: 50m memory: 128Mi limits: cpu: 200m memory: 256Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: ["ALL"] readOnlyRootFilesystem: false runAsNonRoot: true runAsUser: 1000 nodeSelector: kubernetes.io/arch: arm64 tolerations: - effect: NoSchedule key: node-role.kubernetes.io/control-plane operator: Exists --- # BookWyrm Update Check CronJob # Replaces Celery beat scheduler for checking software updates # This job checks GitHub for new BookWyrm releases apiVersion: batch/v1 kind: CronJob metadata: name: bookwyrm-update-check namespace: bookwyrm-application labels: app: bookwyrm component: update-check-cronjob spec: # Run daily at 3:00 AM UTC # "0 3 * * *" = every day at 3:00 AM schedule: "0 3 * * *" timeZone: "UTC" concurrencyPolicy: Forbid # Don't allow overlapping jobs successfulJobsHistoryLimit: 3 failedJobsHistoryLimit: 3 startingDeadlineSeconds: 600 # 10 minutes jobTemplate: metadata: labels: app: bookwyrm component: update-check-cronjob spec: # Clean up jobs after 1 hour ttlSecondsAfterFinished: 3600 template: metadata: labels: app: bookwyrm component: update-check-cronjob spec: securityContext: runAsNonRoot: true runAsUser: 1000 runAsGroup: 1000 fsGroup: 1000 seccompProfile: type: RuntimeDefault restartPolicy: OnFailure containers: - name: update-check-task image: /library/bookwyrm-worker:latest command: ["/opt/venv/bin/python"] args: - "manage.py" - "shell" - "-c" - "from bookwyrm.models.site import check_for_updates_task; check_for_updates_task()" env: - name: CONTAINER_TYPE value: "cronjob-update-check" - name: DJANGO_SETTINGS_MODULE value: "bookwyrm.settings" envFrom: - configMapRef: name: bookwyrm-config - secretRef: name: bookwyrm-secrets resources: requests: cpu: 50m memory: 128Mi limits: cpu: 200m memory: 256Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: ["ALL"] readOnlyRootFilesystem: false runAsNonRoot: true runAsUser: 1000 nodeSelector: kubernetes.io/arch: arm64 tolerations: - effect: NoSchedule key: node-role.kubernetes.io/control-plane operator: Exists --- # BookWyrm Database Cleanup CronJob # Optional: Add database maintenance tasks that might be beneficial # This can include cleaning up expired sessions, old notifications, etc. apiVersion: batch/v1 kind: CronJob metadata: name: bookwyrm-db-cleanup namespace: bookwyrm-application labels: app: bookwyrm component: db-cleanup-cronjob spec: # Run weekly on Sunday at 2:00 AM UTC # "0 2 * * 0" = every Sunday at 2:00 AM schedule: "0 2 * * 0" timeZone: "UTC" concurrencyPolicy: Forbid # Don't allow overlapping jobs successfulJobsHistoryLimit: 2 failedJobsHistoryLimit: 2 startingDeadlineSeconds: 1800 # 30 minutes jobTemplate: metadata: labels: app: bookwyrm component: db-cleanup-cronjob spec: # Clean up jobs after 2 hours ttlSecondsAfterFinished: 7200 template: metadata: labels: app: bookwyrm component: db-cleanup-cronjob spec: securityContext: runAsNonRoot: true runAsUser: 1000 runAsGroup: 1000 fsGroup: 1000 seccompProfile: type: RuntimeDefault restartPolicy: OnFailure containers: - name: db-cleanup-task image: /library/bookwyrm-worker:latest command: ["/opt/venv/bin/python"] args: - "manage.py" - "shell" - "-c" - | # Clean up expired sessions (older than 2 weeks) from django.contrib.sessions.models import Session from django.utils import timezone from datetime import timedelta cutoff = timezone.now() - timedelta(days=14) expired_count = Session.objects.filter(expire_date__lt=cutoff).count() Session.objects.filter(expire_date__lt=cutoff).delete() print(f"Cleaned up {expired_count} expired sessions") # Clean up old notifications (older than 90 days) if they are read from bookwyrm.models import Notification cutoff = timezone.now() - timedelta(days=90) old_notifications = Notification.objects.filter(created_date__lt=cutoff, read=True) old_count = old_notifications.count() old_notifications.delete() print(f"Cleaned up {old_count} old read notifications") env: - name: CONTAINER_TYPE value: "cronjob-db-cleanup" - name: DJANGO_SETTINGS_MODULE value: "bookwyrm.settings" envFrom: - configMapRef: name: bookwyrm-config - secretRef: name: bookwyrm-secrets resources: requests: cpu: 100m memory: 256Mi limits: cpu: 500m memory: 512Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: ["ALL"] readOnlyRootFilesystem: false runAsNonRoot: true runAsUser: 1000 nodeSelector: kubernetes.io/arch: arm64 tolerations: - effect: NoSchedule key: node-role.kubernetes.io/control-plane operator: Exists