Merge pull request #85 from epoch-philosophy/epoch-philosophy-patch-1

Add manifest files for a Kubernetes deployment.

kubernetes/README.md

@@ -0,0 +1,10 @@
+Proper manifest files for a deployment using Kubernetes. Obviously feel free to adjust to your needs. In this example, Traefik is used but feel free to use whatever ingress method (Nginx, HA Proxy, etc.) you would like. Also, you can create the Kubernetes secret via the CLI.
+
+1. After deployed, enter the Kubernetes pod via a command such as "kubectl exec -it mollysocket-5c767fb96d-8gfzz -n default -- /bin/sh"
+
+2. Generate the VAPID key in the pod by running the command "mollysocket vapid gen"
+
+3. Copy the VAPID key from the prior command and paste into the secret.yaml file, under the ENV variable/key of "vapid_privkey".
+
+Restart the Mollysocket pod, and you should be good to go!
+

kubernetes/deployment.yaml

@@ -0,0 +1,50 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: mollysocket
+  namespace: default
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: mollysocket
+  template:
+    metadata:
+      labels:
+        app: mollysocket
+    spec:
+      containers:
+      - name: mollysocket
+        image: ghcr.io/mollyim/mollysocket:1
+        args: ["server"]
+        workingDir: /data
+        ports:
+        - containerPort: 8020
+        env:
+        - name: MOLLY_ALLOWED_ENDPOINTS
+          valueFrom:
+            secretKeyRef:
+              name: mollysocket-config
+              key: allowed_endpoints
+        - name: MOLLY_VAPID_PRIVKEY
+          valueFrom:
+            secretKeyRef:
+              name: mollysocket-config
+              key: vapid_privkey
+        - name: MOLLY_DB
+          value: "/data/mollysocket.db"
+        - name: MOLLY_ALLOWED_UUIDS
+          value: '["*"]'
+        - name: MOLLY_HOST
+          value: "0.0.0.0"
+        - name: MOLLY_PORT
+          value: "8020"
+        - name: RUST_LOG
+          value: "info"
+        volumeMounts:
+        - name: data
+          mountPath: /data
+      volumes:
+      - name: data
+        persistentVolumeClaim:
+          claimName: mollysocket-pvc

kubernetes/ingress.yaml

@@ -0,0 +1,20 @@
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: mollysocket
+  namespace: default
+  annotations:
+    kubernetes.io/ingress.class: traefik-external
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`mollysocket.domain.tld`)
+      kind: Rule
+      services:
+        - name: mollysocket
+          port: 8020
+  tls:
+    secretName: domain-tld-tls
+
+

kubernetes/pvc.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: mollysocket-pvc
+  namespace: default
+spec:
+  accessModes:
+  - ReadWriteOnce
+  storageClassName: placeholder
+  resources:
+    requests:
+      storage: 1Gi

kubernetes/secret.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: mollysocket-config
+  namespace: default
+type: Opaque
+stringData:
+  allowed_endpoints: '["*"]' # If self-hosting, use domain of custom provider such as '["https://ntfy.domain.tld"]'
+  vapid_privkey: "placeholder"

kubernetes/service.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: mollysocket
+  namespace: default
+spec:
+  type: ClusterIP
+  selector:
+    app: mollysocket
+  ports:
+  - protocol: TCP
+    port: 8020
+    targetPort: 8020