diff --git a/kube/deploy/apps/gotosocial/app/hr.yaml b/kube/deploy/apps/gotosocial/app/hr.yaml index 0a0dda71..dbb58c0c 100644 --- a/kube/deploy/apps/gotosocial/app/hr.yaml +++ b/kube/deploy/apps/gotosocial/app/hr.yaml @@ -32,10 +32,11 @@ spec: prom.home.arpa/kps: "allow" fluentbit.io/parser: "logfmt" containers: - main: + app: image: &img repository: "docker.io/superseriousbusiness/gotosocial" tag: "0.18.3@sha256:5eb48f2273092126e71e1290c80c92df90ba3ef72b1e81de070ae38fd5d85d27" + command: ["/bin/sh", "-c", "sleep 3600"] env: &env TZ: "${CONFIG_TZ}" GTS_APPLICATION_NAME: "The JJGadgets Hut" @@ -51,29 +52,30 @@ spec: GTS_OIDC_ENABLED: "true" GTS_OIDC_IDP_NAME: "JJGadgets Auth" # OIDC secrets in ExternalSecret envFrom - GTS_DB_TYPE: "postgres" - GTS_DB_TLS_MODE: "enable" - GTS_DB_TLS_CA_CERT: &pgca /secrets/pg/ca.crt - GTS_DB_ADDRESS: "pg-gotosocial-pgbouncer.gotosocial.svc.cluster.local" - # valueFrom: - # secretKeyRef: - # name: &pgsec "pg-gotosocial-pguser-gotosocial" - # key: "pgbouncer-host" - GTS_DB_DATABASE: - valueFrom: - secretKeyRef: - name: &pgsec "pg-gotosocial-pguser-gotosocial" - key: "dbname" - GTS_DB_USER: - valueFrom: - secretKeyRef: - name: *pgsec - key: "user" - GTS_DB_PASSWORD: - valueFrom: - secretKeyRef: - name: *pgsec - key: "password" + GTS_DB_TYPE: "sqlite" + GTS_DB_ADDRESS: "/gotosocial/storage/sqlite.db" + # GTS_DB_TLS_MODE: "enable" + # GTS_DB_TLS_CA_CERT: &pgca /secrets/pg/ca.crt + # GTS_DB_ADDRESS: "pg-gotosocial-pgbouncer.gotosocial.svc.cluster.local" + # # valueFrom: + # # secretKeyRef: + # # name: &pgsec "pg-gotosocial-pguser-gotosocial" + # # key: "pgbouncer-host" + # GTS_DB_DATABASE: + # valueFrom: + # secretKeyRef: + # name: &pgsec "pg-gotosocial-pguser-gotosocial" + # key: "dbname" + # GTS_DB_USER: + # valueFrom: + # secretKeyRef: + # name: *pgsec + # key: "user" + # GTS_DB_PASSWORD: + # valueFrom: + # secretKeyRef: + # name: *pgsec + # key: "password" #GTS_STORAGE_LOCAL_BASE_PATH: &media "/gotosocial/storage" GTS_STORAGE_BACKEND: "s3" GTS_STORAGE_S3_PROXY: "true" @@ -106,16 +108,16 @@ spec: limits: cpu: "1" memory: 1536Mi - probes: - liveness: - enabled: true - readiness: - enabled: true - startup: # in case of large DB migrations - enabled: true - spec: - periodSeconds: 1 - failureThreshold: 14400 + # probes: + # liveness: + # enabled: true + # readiness: + # enabled: true + # startup: # in case of large DB migrations + # enabled: true + # spec: + # periodSeconds: 1 + # failureThreshold: 14400 service: app: controller: app @@ -154,18 +156,25 @@ spec: path: /api/v1/media tls: *tls persistence: + data: + existingClaim: gotosocial-data + advancedMounts: + app: + app: + - subPath: data + path: /gotosocial/storage tmp: type: emptyDir medium: Memory sizeLimit: 128Mi - pg-ca: - type: secret - #name: pg-authentik-pgbouncer - name: pg-gotosocial-cluster-cert - defaultMode: 0400 - globalMounts: - - subPath: ca.crt - path: *pgca + # pg-ca: + # type: secret + # #name: pg-authentik-pgbouncer + # name: pg-gotosocial-cluster-cert + # defaultMode: 0400 + # globalMounts: + # - subPath: ca.crt + # path: *pgca defaultPodOptions: automountServiceAccountToken: false enableServiceLinks: false @@ -175,7 +184,7 @@ spec: hostUsers: false securityContext: runAsNonRoot: true # TODO: tmp migrate - runAsUser: &uid 1000 + runAsUser: &uid 65534 runAsGroup: *uid fsGroup: *uid fsGroupChangePolicy: Always diff --git a/kube/deploy/apps/gotosocial/ks.yaml b/kube/deploy/apps/gotosocial/ks.yaml index da3dd19d..e25a087c 100644 --- a/kube/deploy/apps/gotosocial/ks.yaml +++ b/kube/deploy/apps/gotosocial/ks.yaml @@ -37,9 +37,9 @@ spec: SC: &sc "file" SNAP: *sc ACCESSMODE: "ReadWriteMany" - RUID: "568" - RGID: "568" - RFSG: "568" + RUID: "65534" + RGID: "65534" + RFSG: "65534" --- apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization