michael_dileo/Keybard-Vagabond-Demo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
Keybard-Vagabond-Demo/manifests/applications/bookwyrm/cronjobs.yaml
Michael DiLeo 7327d77dcd redaction (#1) 
Add the redacted source file for demo purposes

Reviewed-on: https://source.michaeldileo.org/michael_dileo/Keybard-Vagabond-Demo/pulls/1
Co-authored-by: Michael DiLeo <michael_dileo@proton.me>
Co-committed-by: Michael DiLeo <michael_dileo@proton.me>
2025-12-24 13:40:47 +00:00

265 lines
8.1 KiB
YAML
Raw Permalink Blame History

---
# BookWyrm Automod CronJob
# Replaces Celery beat scheduler for automod tasks
# This job checks for spam/moderation rules and creates reports
apiVersion: batch/v1
kind: CronJob
metadata:
name: bookwyrm-automod
namespace: bookwyrm-application
labels:
app: bookwyrm
component: automod-cronjob
spec:
# Run every 6 hours - adjust based on your moderation needs
# "0 */6 * * *" = every 6 hours at minute 0
schedule: "0 */6 * * *"
timeZone: "UTC"
concurrencyPolicy: Forbid # Don't allow overlapping jobs
successfulJobsHistoryLimit: 3
failedJobsHistoryLimit: 3
startingDeadlineSeconds: 600 # 10 minutes
jobTemplate:
metadata:
labels:
app: bookwyrm
component: automod-cronjob
spec:
# Clean up jobs after 1 hour
ttlSecondsAfterFinished: 3600
template:
metadata:
labels:
app: bookwyrm
component: automod-cronjob
spec:
securityContext:
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
seccompProfile:
type: RuntimeDefault
restartPolicy: OnFailure
containers:
- name: automod-task
image: <YOUR_REGISTRY_URL>/library/bookwyrm-worker:latest
command: ["/opt/venv/bin/python"]
args:
- "manage.py"
- "shell"
- "-c"
- "from bookwyrm.models.antispam import automod_task; automod_task()"
env:
- name: CONTAINER_TYPE
value: "cronjob-automod"
- name: DJANGO_SETTINGS_MODULE
value: "bookwyrm.settings"
envFrom:
- configMapRef:
name: bookwyrm-config
- secretRef:
name: bookwyrm-secrets
resources:
requests:
cpu: 50m
memory: 128Mi
limits:
cpu: 200m
memory: 256Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
readOnlyRootFilesystem: false
runAsNonRoot: true
runAsUser: 1000
nodeSelector:
kubernetes.io/arch: arm64
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
operator: Exists
---
# BookWyrm Update Check CronJob
# Replaces Celery beat scheduler for checking software updates
# This job checks GitHub for new BookWyrm releases
apiVersion: batch/v1
kind: CronJob
metadata:
name: bookwyrm-update-check
namespace: bookwyrm-application
labels:
app: bookwyrm
component: update-check-cronjob
spec:
# Run daily at 3:00 AM UTC
# "0 3 * * *" = every day at 3:00 AM
schedule: "0 3 * * *"
timeZone: "UTC"
concurrencyPolicy: Forbid # Don't allow overlapping jobs
successfulJobsHistoryLimit: 3
failedJobsHistoryLimit: 3
startingDeadlineSeconds: 600 # 10 minutes
jobTemplate:
metadata:
labels:
app: bookwyrm
component: update-check-cronjob
spec:
# Clean up jobs after 1 hour
ttlSecondsAfterFinished: 3600
template:
metadata:
labels:
app: bookwyrm
component: update-check-cronjob
spec:
securityContext:
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
seccompProfile:
type: RuntimeDefault
restartPolicy: OnFailure
containers:
- name: update-check-task
image: <YOUR_REGISTRY_URL>/library/bookwyrm-worker:latest
command: ["/opt/venv/bin/python"]
args:
- "manage.py"
- "shell"
- "-c"
- "from bookwyrm.models.site import check_for_updates_task; check_for_updates_task()"
env:
- name: CONTAINER_TYPE
value: "cronjob-update-check"
- name: DJANGO_SETTINGS_MODULE
value: "bookwyrm.settings"
envFrom:
- configMapRef:
name: bookwyrm-config
- secretRef:
name: bookwyrm-secrets
resources:
requests:
cpu: 50m
memory: 128Mi
limits:
cpu: 200m
memory: 256Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
readOnlyRootFilesystem: false
runAsNonRoot: true
runAsUser: 1000
nodeSelector:
kubernetes.io/arch: arm64
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
operator: Exists
---
# BookWyrm Database Cleanup CronJob
# Optional: Add database maintenance tasks that might be beneficial
# This can include cleaning up expired sessions, old notifications, etc.
apiVersion: batch/v1
kind: CronJob
metadata:
name: bookwyrm-db-cleanup
namespace: bookwyrm-application
labels:
app: bookwyrm
component: db-cleanup-cronjob
spec:
# Run weekly on Sunday at 2:00 AM UTC
# "0 2 * * 0" = every Sunday at 2:00 AM
schedule: "0 2 * * 0"
timeZone: "UTC"
concurrencyPolicy: Forbid # Don't allow overlapping jobs
successfulJobsHistoryLimit: 2
failedJobsHistoryLimit: 2
startingDeadlineSeconds: 1800 # 30 minutes
jobTemplate:
metadata:
labels:
app: bookwyrm
component: db-cleanup-cronjob
spec:
# Clean up jobs after 2 hours
ttlSecondsAfterFinished: 7200
template:
metadata:
labels:
app: bookwyrm
component: db-cleanup-cronjob
spec:
securityContext:
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
seccompProfile:
type: RuntimeDefault
restartPolicy: OnFailure
containers:
- name: db-cleanup-task
image: <YOUR_REGISTRY_URL>/library/bookwyrm-worker:latest
command: ["/opt/venv/bin/python"]
args:
- "manage.py"
- "shell"
- "-c"
- |
# Clean up expired sessions (older than 2 weeks)
from django.contrib.sessions.models import Session
from django.utils import timezone
from datetime import timedelta
cutoff = timezone.now() - timedelta(days=14)
expired_count = Session.objects.filter(expire_date__lt=cutoff).count()
Session.objects.filter(expire_date__lt=cutoff).delete()
print(f"Cleaned up {expired_count} expired sessions")
# Clean up old notifications (older than 90 days) if they are read
from bookwyrm.models import Notification
cutoff = timezone.now() - timedelta(days=90)
old_notifications = Notification.objects.filter(created_date__lt=cutoff, read=True)
old_count = old_notifications.count()
old_notifications.delete()
print(f"Cleaned up {old_count} old read notifications")
env:
- name: CONTAINER_TYPE
value: "cronjob-db-cleanup"
- name: DJANGO_SETTINGS_MODULE
value: "bookwyrm.settings"
envFrom:
- configMapRef:
name: bookwyrm-config
- secretRef:
name: bookwyrm-secrets
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
cpu: 500m
memory: 512Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
readOnlyRootFilesystem: false
runAsNonRoot: true
runAsUser: 1000
nodeSelector:
kubernetes.io/arch: arm64
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
operator: Exists
Reference in New Issue View Git Blame Copy Permalink