apiVersion: apps/v1 kind: Deployment metadata: name: writefreely namespace: writefreely-application labels: app: writefreely spec: replicas: 1 selector: matchLabels: app: writefreely template: metadata: labels: app: writefreely spec: securityContext: runAsUser: 1000 runAsGroup: 1000 fsGroup: 1000 initContainers: - name: setup-keys-symlink image: busybox:1.35 command: ['sh', '-c'] args: - | # Ensure the keys directory exists in WriteFreely's expected location mkdir -p /writefreely/keys # Copy keys from persistent storage to WriteFreely's expected location if [ -d /data/keys ]; then cp -r /data/keys/* /writefreely/keys/ 2>/dev/null || echo "No keys found in /data/keys" fi echo "Keys setup completed" volumeMounts: - name: data mountPath: /data - name: writefreely-keys mountPath: /writefreely/keys securityContext: runAsUser: 1000 runAsGroup: 1000 containers: - name: writefreely image: jrasanen/writefreely imagePullPolicy: IfNotPresent command: ["/writefreely/writefreely"] args: ["-c", "/data/config.ini"] securityContext: runAsUser: 1000 runAsGroup: 1000 allowPrivilegeEscalation: false capabilities: drop: - ALL seccompProfile: type: RuntimeDefault env: - name: WRITEFREELY_HOST value: "https://blog.keyboardvagabond.com" - name: WRITEFREELY_ADMIN_USER value: "" - name: WRITEFREELY_ADMIN_PASSWORD valueFrom: secretKeyRef: name: writefreely-secret key: admin-password - name: WRITEFREELY_BIND_PORT value: "8080" - name: WRITEFREELY_BIND_HOST value: "0.0.0.0" - name: WRITEFREELY_SITE_NAME value: "Keyboard Vagabond Blog" - name: WRITEFREELY_SITE_DESCRIPTION value: "Personal blog for the Keyboard Vagabond community" - name: WRITEFREELY_SINGLE_USER value: "false" - name: WRITEFREELY_OPEN_REGISTRATION value: "false" - name: WRITEFREELY_FEDERATION value: "true" - name: WRITEFREELY_PUBLIC_STATS value: "true" - name: WRITEFREELY_MONETIZATION value: "true" - name: WRITEFREELY_PRIVATE value: "false" - name: WRITEFREELY_LOCAL_TIMELINE value: "false" - name: WRITEFREELY_USER_INVITES value: "user" - name: WRITEFREELY_DEFAULT_VISIBILITY value: "public" - name: WRITEFREELY_MAX_BLOG value: "4" - name: WRITEFREELY_MIN_USERNAME_LEN value: "3" - name: WRITEFREELY_CHORUS value: "true" - name: WRITEFREELY_OPEN_DELETION value: "true" - name: WRITEFREELY_DATABASE_DATABASE value: "sqlite3" - name: WRITEFREELY_SQLITE_FILENAME value: "/data/writefreely.db" ports: - containerPort: 8080 name: http livenessProbe: httpGet: path: /api/me port: 8080 initialDelaySeconds: 30 periodSeconds: 10 readinessProbe: httpGet: path: /api/me port: 8080 initialDelaySeconds: 5 periodSeconds: 5 volumeMounts: - name: data mountPath: /data - name: writefreely-keys mountPath: /writefreely/keys resources: requests: memory: "256Mi" cpu: "100m" limits: memory: "1Gi" cpu: "1000m" volumes: - name: data persistentVolumeClaim: claimName: writefreely-data - name: writefreely-keys emptyDir: {}