From 32498c73b8d1f871ceabb1b9455d6de4085fefbf Mon Sep 17 00:00:00 2001
From: Paul Payne <paul@payne.io>
Date: Thu, 1 Jan 2026 20:57:03 +0000
Subject: [PATCH] Get discourse working.

---
 discourse/deployment.yaml | 78 +++++++++++++++++++++++++++++++++++++--
 1 file changed, 74 insertions(+), 4 deletions(-)

diff --git a/discourse/deployment.yaml b/discourse/deployment.yaml
index 6393a34..2103e89 100644
--- a/discourse/deployment.yaml
+++ b/discourse/deployment.yaml
@@ -21,8 +21,8 @@ spec:
       securityContext:
         fsGroup: 1000
         fsGroupChangePolicy: Always
-      containers:
-        - name: discourse
+      initContainers:
+        - name: discourse-migrate
           image: discourse/discourse:3.5.3
           imagePullPolicy: "IfNotPresent"
           securityContext:
@@ -42,7 +42,75 @@ spec:
             runAsUser: 0
             seccompProfile:
               type: RuntimeDefault
+          command:
+            - /bin/bash
+            - -c
+            - |
+              set -e
+              cd /var/www/discourse
+              export HOME=/root
+              git config --global --add safe.directory /var/www/discourse
+              bundle exec rake db:migrate
+              bundle exec rake assets:precompile
           env:
+            - name: RAILS_ENV
+              value: "production"
+            - name: DISCOURSE_DB_HOST
+              value: {{ .dbHostname }}
+            - name: DISCOURSE_DB_PORT
+              value: "{{ .dbPort }}"
+            - name: DISCOURSE_DB_NAME
+              value: {{ .dbName }}
+            - name: DISCOURSE_DB_USERNAME
+              value: {{ .dbUsername }}
+            - name: DISCOURSE_DB_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: discourse-secrets
+                  key: dbPassword
+            - name: DISCOURSE_REDIS_HOST
+              value: {{ .redisHostname }}
+            - name: DISCOURSE_REDIS_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: discourse-secrets
+                  key: redis.password
+            - name: DISCOURSE_HOSTNAME
+              value: {{ .domain }}
+            - name: DISCOURSE_SECRET_KEY_BASE
+              valueFrom:
+                secretKeyRef:
+                  name: discourse-secrets
+                  key: secretKeyBase
+          volumeMounts:
+            - name: discourse-data
+              mountPath: /shared
+      containers:
+        - name: discourse
+          image: discourse/discourse:3.5.3
+          imagePullPolicy: "IfNotPresent"
+          command:
+            - /sbin/boot
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+              add:
+                - CHOWN
+                - FOWNER
+                - SETGID
+                - SETUID
+                - DAC_OVERRIDE
+            privileged: false
+            readOnlyRootFilesystem: false
+            runAsNonRoot: false
+            runAsUser: 0
+            seccompProfile:
+              type: RuntimeDefault
+          env:
+            - name: RAILS_ENV
+              value: "production"
             # Discourse database configuration
             - name: DISCOURSE_DB_HOST
               value: {{ .dbHostname }}
@@ -91,7 +159,7 @@ spec:
               value: "{{ .smtp.startTls }}"
           ports:
             - name: http
-              containerPort: 3000
+              containerPort: 80
               protocol: TCP
           livenessProbe:
             httpGet:
@@ -146,8 +214,10 @@ spec:
           command:
             - /bin/bash
             - -c
-            - "cd /var/www/discourse && exec bundle exec sidekiq"
+            - "cd /var/www/discourse && export HOME=/root && exec bundle exec sidekiq"
           env:
+            - name: RAILS_ENV
+              value: "production"
             # Discourse database configuration
             - name: DISCOURSE_DB_HOST
               value: {{ .dbHostname }}