Firefish with plain k8s objects and fluxcd.
If you are not using fluxcd, you can simply use plain helm command.
Created
January 22, 2024 01:14
-
-
Save sftblw/bd11c76b4ed3cfbf3366dd69822ff58e to your computer and use it in GitHub Desktop.
firefish.yaml
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| kind: Namespace | |
| metadata: | |
| name: firefish | |
| --- | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| name: firefish-web-service | |
| namespace: firefish | |
| spec: | |
| selector: | |
| app: firefish | |
| ports: | |
| - protocol: TCP | |
| port: 3000 | |
| targetPort: 3000 | |
| --- | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| name: firefish-web-deployment | |
| namespace: firefish | |
| spec: | |
| replicas: 1 | |
| selector: | |
| matchLabels: | |
| app: firefish | |
| strategy: | |
| type: Recreate | |
| template: | |
| metadata: | |
| labels: | |
| app: firefish | |
| spec: | |
| containers: | |
| - name: firefish-web | |
| image: registry.joinfirefish.org/firefish/firefish:stable-arm64 | |
| ports: | |
| - containerPort: 3000 | |
| name: http | |
| env: | |
| - name: NODE_ENV | |
| value: "production" | |
| volumeMounts: | |
| - name: files-volume | |
| mountPath: /firefish/files | |
| - name: config-volume | |
| mountPath: /firefish/.config | |
| readOnly: true | |
| startupProbe: | |
| httpGet: | |
| path: / | |
| port: http | |
| failureThreshold: 30 | |
| periodSeconds: 10 | |
| livenessProbe: | |
| httpGet: | |
| path: / | |
| port: http | |
| failureThreshold: 3 | |
| periodSeconds: 10 | |
| timeoutSeconds: 3 | |
| readinessProbe: | |
| httpGet: | |
| path: / | |
| port: http | |
| resources: | |
| limits: | |
| cpu: "4000m" | |
| memory: "8Gi" | |
| requests: | |
| cpu: "100m" | |
| memory: "1Gi" | |
| volumes: | |
| - name: files-volume | |
| persistentVolumeClaim: | |
| claimName: firefish-files-pvc | |
| - name: config-volume | |
| configMap: | |
| name: firefish-web-config | |
| --- | |
| apiVersion: v1 | |
| kind: PersistentVolumeClaim | |
| metadata: | |
| name: firefish-files-pvc | |
| namespace: firefish | |
| spec: | |
| accessModes: | |
| - ReadWriteOnce | |
| storageClassName: change-here | |
| resources: | |
| requests: | |
| storage: 10Gi | |
| --- | |
| apiVersion: v1 | |
| kind: ConfigMap | |
| metadata: | |
| name: firefish-web-config | |
| namespace: firefish | |
| data: | |
| default.yml: | | |
| url: https://firefish.your.domain/ | |
| port: 3000 | |
| db: | |
| host: firefish-db-postgresql | |
| port: 5432 | |
| #ssl: false | |
| # Database name | |
| db: change_here_db_name | |
| # Auth | |
| user: change_here_db_user | |
| pass: change_here_db_password | |
| redis: | |
| host: firefish-redis-master | |
| port: 6379 | |
| pass: change_here_redis_password | |
| user: default | |
| # Reserved usernames that only the administrator can register with | |
| reservedUsernames: [ | |
| 'root', | |
| 'admin', | |
| 'administrator', | |
| 'me', | |
| 'system' | |
| ] | |
| # Number of worker processes by type. | |
| # The sum must not exceed the number of available cores. | |
| clusterLimits: | |
| web: 2 | |
| queue: 2 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: helm.toolkit.fluxcd.io/v2beta1 | |
| kind: HelmRelease | |
| metadata: | |
| name: firefish-db | |
| namespace: firefish | |
| spec: | |
| interval: 5m | |
| timeout: 10m | |
| chart: | |
| spec: | |
| chart: postgresql | |
| version: '13.2.30' | |
| sourceRef: | |
| kind: HelmRepository | |
| name: bitnami | |
| namespace: flux-system | |
| interval: 10m | |
| values: | |
| global: | |
| storageClass: "change-here" | |
| image: | |
| tag: 16 | |
| auth: | |
| ## @param auth.enablePostgresUser Assign a password to the "postgres" admin user. Otherwise, remote access will be blocked for this user | |
| ## | |
| enablePostgresUser: true | |
| ## @param auth.postgresPassword Password for the "postgres" admin user. Ignored if `auth.existingSecret` is provided | |
| ## | |
| postgresPassword: "change_here_db_password_postgres_user" | |
| ## @param auth.username Name for a custom user to create | |
| ## | |
| username: "change_here_db_user" | |
| ## @param auth.password Password for the custom user to create. Ignored if `auth.existingSecret` is provided | |
| ## | |
| password: "change_here_db_password" | |
| ## @param auth.database Name for a custom database to create | |
| ## | |
| database: "change_here_db_name" | |
| ## @param architecture PostgreSQL architecture (`standalone` or `replication`) | |
| ## | |
| architecture: standalone | |
| ## @section PostgreSQL Primary parameters | |
| ## | |
| primary: | |
| ## PostgreSQL Primary persistence configuration | |
| ## | |
| persistence: | |
| ## @param primary.persistence.enabled Enable PostgreSQL Primary data persistence using PVC | |
| ## | |
| enabled: true | |
| storageClass: "change_here" | |
| size: 8Gi | |
| ## @section Backup parameters | |
| ## This section implements a trivial logical dump cronjob of the database. | |
| ## This only comes with the consistency guarantees of the dump program. | |
| ## This is not a snapshot based roll forward/backward recovery backup. | |
| ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/ | |
| backup: | |
| ## @param backup.enabled Enable the logical dump of the database "regularly" | |
| enabled: false | |
| ## Service account for PostgreSQL to use. | |
| ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ | |
| ## | |
| serviceAccount: | |
| ## @param serviceAccount.create Enable creation of ServiceAccount for PostgreSQL pod | |
| ## | |
| create: false |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| apiVersion: networking.k8s.io/v1 | |
| kind: Ingress | |
| metadata: | |
| name: firefish-ingress | |
| namespace: firefish | |
| annotations: | |
| cert-manager.io/cluster-issuer: "letsencrypt-prod" | |
| traefik.ingress.kubernetes.io/router.entrypoints: websecure | |
| spec: | |
| ingressClassName: traefik | |
| tls: | |
| - hosts: | |
| - firefish.your.domain | |
| secretName: firefish.your.domain-tls | |
| rules: | |
| - host: firefish.your.domain | |
| http: | |
| paths: | |
| - pathType: Prefix | |
| path: "/" | |
| backend: | |
| service: | |
| name: firefish-web-service | |
| port: | |
| number: 3000 | |
| --- | |
| # https://github.com/traefik/traefik/issues/8444#issuecomment-919238687 | |
| apiVersion: networking.k8s.io/v1 | |
| kind: Ingress | |
| metadata: | |
| name: firefish-ingress-http | |
| namespace: firefish | |
| annotations: | |
| traefik.ingress.kubernetes.io/router.entrypoints: web | |
| traefik.ingress.kubernetes.io/router.middlewares: firefish-redirectscheme@kubernetescrd | |
| spec: | |
| ingressClassName: traefik | |
| rules: | |
| - host: firefish.your.domain | |
| http: | |
| paths: | |
| - pathType: Prefix | |
| path: "/" | |
| backend: | |
| service: | |
| name: firefish-web-service | |
| port: | |
| number: 3000 | |
| --- | |
| apiVersion: traefik.io/v1alpha1 | |
| kind: Middleware | |
| metadata: | |
| name: redirectscheme | |
| namespace: firefish | |
| spec: | |
| redirectScheme: | |
| scheme: https | |
| permanent: true |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: helm.toolkit.fluxcd.io/v2beta1 | |
| kind: HelmRelease | |
| metadata: | |
| name: firefish-redis | |
| namespace: firefish | |
| spec: | |
| interval: 5m | |
| chart: | |
| spec: | |
| chart: redis | |
| version: '18.3.3' | |
| sourceRef: | |
| kind: HelmRepository | |
| name: bitnami | |
| namespace: flux-system | |
| interval: 10m | |
| values: | |
| global: | |
| storageClass: "change_here" | |
| redis: | |
| password: "change_here_redis_password" | |
| ## @section Redis® common configuration parameters | |
| ## https://github.com/bitnami/containers/tree/main/bitnami/redis#configuration | |
| ## | |
| ## @param architecture Redis® architecture. Allowed values: `standalone` or `replication` | |
| ## | |
| architecture: standalone | |
| ## Redis® Authentication parameters | |
| ## ref: https://github.com/bitnami/containers/tree/main/bitnami/redis#setting-the-server-password-on-first-run | |
| ## | |
| auth: | |
| ## @param auth.enabled Enable password authentication | |
| ## | |
| enabled: true | |
| ## @param auth.sentinel Enable password authentication on sentinels too | |
| ## | |
| sentinel: false | |
| ## @param auth.password Redis® password | |
| ## Defaults to a random 10-character alphanumeric string if not set | |
| ## | |
| password: "change_here_redis_password" | |
| ## @param auth.existingSecret The name of an existing secret with Redis® credentials | |
| ## NOTE: When it's set, the previous `auth.password` parameter is ignored | |
| ## | |
| existingSecret: "" | |
| ## @param auth.existingSecretPasswordKey Password key to be retrieved from existing secret | |
| ## NOTE: ignored unless `auth.existingSecret` parameter is set | |
| ## | |
| existingSecretPasswordKey: "" | |
| ## @param auth.usePasswordFiles Mount credentials as files instead of using an environment variable | |
| ## | |
| usePasswordFiles: false | |
| master: | |
| ## @param master.count Number of Redis® master instances to deploy (experimental, requires additional configuration) | |
| ## | |
| count: 1 | |
| persistence: | |
| ## @param master.persistence.enabled Enable persistence on Redis® master nodes using Persistent Volume Claims | |
| ## | |
| enabled: true | |
| storageClass: "change_here" | |
| ## @param master.persistence.accessModes Persistent Volume access modes | |
| ## | |
| accessModes: | |
| - ReadWriteOnce | |
| ## @param master.persistence.size Persistent Volume size | |
| ## | |
| size: 8Gi | |
| ## @section Redis® replicas configuration parameters | |
| ## | |
| replica: | |
| replicaCount: 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment