--- apiVersion: apps/v1 kind: Deployment metadata: name: pixelfed-worker namespace: pixelfed-application labels: app: pixelfed component: worker spec: replicas: 1 strategy: type: RollingUpdate rollingUpdate: maxUnavailable: 0 maxSurge: 1 selector: matchLabels: app: pixelfed component: worker template: metadata: labels: app: pixelfed component: worker spec: securityContext: runAsUser: 1000 # pixelfed user in Docker image runAsGroup: 1000 fsGroup: 1000 runAsNonRoot: true imagePullSecrets: - name: harbor-pull-secret initContainers: - name: setup-env image: /library/pixelfed-worker:v0.12.6 imagePullPolicy: Always command: ["/bin/sh", "-c"] args: - | set -e echo "Worker init: Waiting for .env file to be available..." # Simple wait for .env file to exist (shared via PVC) while [ ! -f /var/www/pixelfed/.env ]; do echo "Waiting for .env file to be created..." sleep 5 done echo "Worker init: .env file found, creating storage link..." cd /var/www/pixelfed php artisan storage:link echo "Worker init: Storage link created, ready to start worker processes" securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL seccompProfile: type: RuntimeDefault volumeMounts: - name: pixelfed-env-writable mountPath: /var/www/pixelfed/.env subPath: .env - name: app-storage mountPath: /var/www/pixelfed/storage - name: cache-storage mountPath: /var/www/pixelfed/bootstrap/cache containers: - name: pixelfed-worker image: /library/pixelfed-worker:v0.12.6 imagePullPolicy: Always command: ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"] volumeMounts: - name: app-storage mountPath: /var/www/pixelfed/storage - name: pixelfed-env-writable mountPath: /var/www/pixelfed/.env subPath: .env - name: cache-storage mountPath: /var/www/pixelfed/bootstrap/cache resources: requests: memory: "2Gi" cpu: "500m" limits: memory: "4Gi" cpu: "1500m" securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL seccompProfile: type: RuntimeDefault livenessProbe: exec: command: - /bin/sh - -c - "cd /var/www/pixelfed && php artisan horizon:status >/dev/null 2>&1" initialDelaySeconds: 60 periodSeconds: 30 timeoutSeconds: 10 readinessProbe: exec: command: - /bin/sh - -c - "cd /var/www/pixelfed && php artisan horizon:status >/dev/null 2>&1" initialDelaySeconds: 30 periodSeconds: 10 timeoutSeconds: 5 startupProbe: exec: command: - /bin/sh - -c - "cd /var/www/pixelfed && php artisan horizon:status >/dev/null 2>&1" initialDelaySeconds: 10 periodSeconds: 5 timeoutSeconds: 5 failureThreshold: 12 volumes: - name: app-storage persistentVolumeClaim: claimName: pixelfed-app-storage - name: cache-storage persistentVolumeClaim: claimName: pixelfed-cache-storage - name: pixelfed-env-writable persistentVolumeClaim: claimName: pixelfed-env-storage # Node affinity to distribute across nodes affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 100 podAffinityTerm: labelSelector: matchExpressions: - key: app operator: In values: ["pixelfed"] - key: component operator: In values: ["web"] topologyKey: kubernetes.io/hostname