wild-cloud/wild-directory
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add Kubernetes manifests for communitarian application including deployments, services, ingress, middleware, PVC, and kustomization

Browse Source
This commit is contained in:
Paul Payne
2026-02-18 13:23:04 +00:00
parent 1e8425c98d
commit f9938f4ca6
10 changed files with 242 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

75
communitarian/deployment-api.yaml Normal file
View File

@@ -0,0 +1,75 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: communitarian-api
namespace: "{{ .namespace }}"
spec:
replicas: 1
selector:
matchLabels:
component: api
template:
metadata:
labels:
component: api
spec:
securityContext:
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
seccompProfile:
type: RuntimeDefault
initContainers:
- name: fix-permissions
image: busybox:1.36
command: ['sh', '-c']
args:
- |
mkdir -p /app/data/citizens /app/data/communities /app/data/content
chmod -R 777 /app/data
echo "Permissions fixed"
volumeMounts:
- name: data
mountPath: /app/data
securityContext:
runAsUser: 0
runAsNonRoot: false
containers:
- name: communitarian-api
image: "{{ .apiImage }}"
ports:
- containerPort: {{ .apiPort }}
name: http
env:
- name: TZ
value: "{{ .timezone }}"
- name: API_KEY
valueFrom:
secretKeyRef:
name: communitarian-secrets
key: apiKey
- name: JWT_SECRET
valueFrom:
secretKeyRef:
name: communitarian-secrets
key: jwtSecret
volumeMounts:
- name: data
mountPath: /app/data
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "1Gi"
cpu: "500m"
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: [ALL]
readOnlyRootFilesystem: false
volumes:
- name: data
persistentVolumeClaim:
claimName: communitarian-data

47
communitarian/deployment-app.yaml Normal file
View File

@@ -0,0 +1,47 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: communitarian-app
namespace: "{{ .namespace }}"
spec:
replicas: 1
selector:
matchLabels:
component: app
template:
metadata:
labels:
component: app
spec:
securityContext:
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
seccompProfile:
type: RuntimeDefault
containers:
- name: communitarian-app
image: "{{ .appImage }}"
ports:
- containerPort: {{ .appPort }}
name: http
env:
- name: TZ
value: "{{ .timezone }}"
- name: API_URL
value: "http://communitarian-api:{{ .apiPort }}"
- name: NEXT_PUBLIC_API_URL
value: "/api"
resources:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: [ALL]
readOnlyRootFilesystem: false

33
communitarian/ingress.yaml Normal file
View File

@@ -0,0 +1,33 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: communitarian
namespace: "{{ .namespace }}"
annotations:
external-dns.alpha.kubernetes.io/target: "{{ .externalDnsDomain }}"
external-dns.alpha.kubernetes.io/cloudflare-proxied: "false"
traefik.ingress.kubernetes.io/router.middlewares: "{{ .namespace }}-strip-api@kubernetescrd"
spec:
ingressClassName: traefik
tls:
- hosts:
- "{{ .domain }}"
secretName: "{{ .tlsSecretName }}"
rules:
- host: "{{ .domain }}"
http:
paths:
- path: /api
pathType: Prefix
backend:
service:
name: communitarian-api
port:
number: {{ .apiPort }}
- path: /
pathType: Prefix
backend:
service:
name: communitarian-app
port:
number: {{ .appPort }}

18
communitarian/kustomization.yaml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: "{{ .namespace }}"
labels:
- includeSelectors: true
pairs:
app: communitarian
managedBy: kustomize
partOf: wild-cloud
resources:
- namespace.yaml
- deployment-app.yaml
- deployment-api.yaml
- service-app.yaml
- service-api.yaml
- middleware.yaml
- ingress.yaml
- pvc.yaml

19
communitarian/manifest.yaml Normal file
View File

@@ -0,0 +1,19 @@
name: communitarian
is: communitarian
description: Communitarian is a community-focused application with a web frontend and API backend for collaborative features.
version: 1.0.0
icon: https://cdn.jsdelivr.net/gh/homarr-labs/dashboard-icons/svg/community.svg
defaultConfig:
namespace: communitarian
appImage: payneio/communitarian-app:latest
apiImage: payneio/communitarian-api:latest
appPort: 3000
apiPort: 8000
domain: communitarian.{{ .cloud.domain }}
externalDnsDomain: "{{ .cloud.domain }}"
tlsSecretName: wildcard-wild-cloud-tls
storage: 10Gi
timezone: UTC
defaultSecrets:
- key: apiKey
- key: jwtSecret

9
communitarian/middleware.yaml Normal file
View File

@@ -0,0 +1,9 @@
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: strip-api
namespace: "{{ .namespace }}"
spec:
stripPrefix:
prefixes:
- /api

4
communitarian/namespace.yaml Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: "{{ .namespace }}"

11
communitarian/pvc.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: communitarian-data
namespace: "{{ .namespace }}"
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: "{{ .storage }}"

13
communitarian/service-api.yaml Normal file
View File

@@ -0,0 +1,13 @@
apiVersion: v1
kind: Service
metadata:
name: communitarian-api
namespace: "{{ .namespace }}"
spec:
selector:
component: api
ports:
- port: {{ .apiPort }}
targetPort: {{ .apiPort }}
protocol: TCP
name: http

13
communitarian/service-app.yaml Normal file
View File

@@ -0,0 +1,13 @@
apiVersion: v1
kind: Service
metadata:
name: communitarian-app
namespace: "{{ .namespace }}"
spec:
selector:
component: app
ports:
- port: {{ .appPort }}
targetPort: {{ .appPort }}
protocol: TCP
name: http