apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: discourse annotations: external-dns.alpha.kubernetes.io/target: traefik.k-space.ee traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.tls: "true" spec: tls: - hosts: - "*.k-space.ee" secretName: rules: - host: "discourse.k-space.ee" http: paths: - path: / pathType: Prefix backend: service: name: discourse port: name: http --- apiVersion: v1 kind: Service metadata: name: discourse spec: type: ClusterIP ipFamilyPolicy: SingleStack ports: - name: http port: 80 protocol: TCP targetPort: http selector: app.kubernetes.io/instance: discourse app.kubernetes.io/name: discourse --- apiVersion: v1 kind: ServiceAccount metadata: name: discourse --- apiVersion: apps/v1 kind: Deployment metadata: name: discourse annotations: reloader.stakater.com/auto: "true" spec: replicas: 1 selector: matchLabels: app.kubernetes.io/instance: discourse app.kubernetes.io/name: discourse strategy: type: Recreate template: metadata: labels: app.kubernetes.io/instance: discourse app.kubernetes.io/name: discourse spec: serviceAccountName: discourse securityContext: fsGroup: 0 fsGroupChangePolicy: Always initContainers: containers: - name: discourse image: docker.io/bitnami/discourse:3.3.2-debian-12-r0 imagePullPolicy: "IfNotPresent" securityContext: allowPrivilegeEscalation: false capabilities: add: - CHOWN - SYS_CHROOT - FOWNER - SETGID - SETUID - DAC_OVERRIDE drop: - ALL privileged: false readOnlyRootFilesystem: false runAsGroup: 0 runAsNonRoot: false runAsUser: 0 seLinuxOptions: {} seccompProfile: type: RuntimeDefault env: - name: BITNAMI_DEBUG value: "true" - name: DISCOURSE_USERNAME valueFrom: secretKeyRef: name: discourse-password key: username - name: DISCOURSE_PASSWORD valueFrom: secretKeyRef: name: discourse-password key: password - name: DISCOURSE_PORT_NUMBER value: "8080" - name: DISCOURSE_EXTERNAL_HTTP_PORT_NUMBER value: "80" - name: DISCOURSE_DATABASE_PASSWORD valueFrom: secretKeyRef: name: discourse-postgresql key: password - name: POSTGRESQL_CLIENT_CREATE_DATABASE_PASSWORD valueFrom: secretKeyRef: name: discourse-postgres-superuser key: password - name: POSTGRESQL_CLIENT_POSTGRES_PASSWORD valueFrom: secretKeyRef: name: discourse-postgres-superuser key: password - name: REDIS_PASSWORD valueFrom: secretKeyRef: name: discourse-redis key: redis-password envFrom: - configMapRef: name: discourse - secretRef: name: discourse-email ports: - name: http containerPort: 8080 protocol: TCP livenessProbe: tcpSocket: port: http initialDelaySeconds: 500 periodSeconds: 10 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 6 readinessProbe: httpGet: path: /srv/status port: http initialDelaySeconds: 100 periodSeconds: 10 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 6 resources: limits: cpu: "6.0" ephemeral-storage: 2Gi memory: 12288Mi requests: cpu: "1.0" ephemeral-storage: 50Mi memory: 3072Mi volumeMounts: - name: discourse-data mountPath: /bitnami/discourse subPath: discourse - name: sidekiq image: docker.io/bitnami/discourse:3.3.2-debian-12-r0 imagePullPolicy: "IfNotPresent" securityContext: allowPrivilegeEscalation: false capabilities: add: - CHOWN - SYS_CHROOT - FOWNER - SETGID - SETUID - DAC_OVERRIDE drop: - ALL privileged: false readOnlyRootFilesystem: false runAsGroup: 0 runAsNonRoot: false runAsUser: 0 seLinuxOptions: {} seccompProfile: type: RuntimeDefault command: - /opt/bitnami/scripts/discourse/entrypoint.sh args: - /opt/bitnami/scripts/discourse-sidekiq/run.sh env: - name: BITNAMI_DEBUG value: "true" - name: DISCOURSE_USERNAME valueFrom: secretKeyRef: name: discourse-password key: username - name: DISCOURSE_PASSWORD valueFrom: secretKeyRef: name: discourse-password key: password - name: DISCOURSE_DATABASE_PASSWORD valueFrom: secretKeyRef: name: discourse-postgresql key: password - name: DISCOURSE_POSTGRESQL_PASSWORD valueFrom: secretKeyRef: name: discourse-postgres-superuser key: password - name: REDIS_PASSWORD valueFrom: secretKeyRef: name: discourse-redis key: redis-password envFrom: - configMapRef: name: discourse - secretRef: name: discourse-email livenessProbe: exec: command: ["/bin/sh", "-c", "pgrep -f ^sidekiq"] initialDelaySeconds: 500 periodSeconds: 10 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 6 readinessProbe: exec: command: ["/bin/sh", "-c", "pgrep -f ^sidekiq"] initialDelaySeconds: 30 periodSeconds: 10 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 6 resources: limits: cpu: 750m ephemeral-storage: 2Gi memory: 768Mi requests: cpu: 500m ephemeral-storage: 50Mi memory: 512Mi volumeMounts: - name: discourse-data mountPath: /bitnami/discourse subPath: discourse volumes: - name: discourse-data persistentVolumeClaim: claimName: discourse-data --- kind: PersistentVolumeClaim apiVersion: v1 metadata: name: discourse-data namespace: discourse spec: accessModes: - "ReadWriteOnce" resources: requests: storage: "3Gi" storageClassName: "proxmox-nas" --- apiVersion: v1 kind: ConfigMap metadata: name: discourse namespace: discourse data: DISCOURSE_HOST: "discourse.k-space.ee" DISCOURSE_SKIP_INSTALL: "yes" DISCOURSE_PRECOMPILE_ASSETS: "no" DISCOURSE_SITE_NAME: "K-Space Discourse" DISCOURSE_USERNAME: "k-space" DISCOURSE_EMAIL: "dos4dev@k-space.ee" DISCOURSE_REDIS_HOST: "discourse-redis" DISCOURSE_REDIS_PORT_NUMBER: "6379" DISCOURSE_DATABASE_HOST: "discourse-postgres-rw" DISCOURSE_DATABASE_PORT_NUMBER: "5432" DISCOURSE_DATABASE_NAME: "discourse" DISCOURSE_DATABASE_USER: "discourse" POSTGRESQL_CLIENT_DATABASE_HOST: "discourse-postgres-rw" POSTGRESQL_CLIENT_DATABASE_PORT_NUMBER: "5432" POSTGRESQL_CLIENT_POSTGRES_USER: "postgres" POSTGRESQL_CLIENT_CREATE_DATABASE_NAME: "discourse" POSTGRESQL_CLIENT_CREATE_DATABASE_EXTENSIONS: "hstore,pg_trgm" --- apiVersion: codemowers.cloud/v1beta1 kind: OIDCClient metadata: name: discourse namespace: discourse spec: displayName: Discourse uri: https://discourse.k-space.ee redirectUris: - https://discourse.k-space.ee/auth/oidc/callback allowedGroups: - k-space:floor - k-space:friends grantTypes: - authorization_code - refresh_token responseTypes: - code availableScopes: - openid - profile pkce: false --- apiVersion: codemowers.cloud/v1beta1 kind: SecretClaim metadata: name: discourse-redis namespace: discourse spec: size: 32 mapping: - key: redis-password value: "%(plaintext)s" - key: REDIS_URI value: "redis://:%(plaintext)s@discourse-redis" --- apiVersion: dragonflydb.io/v1alpha1 kind: Dragonfly metadata: name: discourse-redis namespace: discourse spec: authentication: passwordFromSecret: key: redis-password name: discourse-redis replicas: 3 resources: limits: cpu: 1000m memory: 1Gi topologySpreadConstraints: - maxSkew: 1 topologyKey: topology.kubernetes.io/zone whenUnsatisfiable: DoNotSchedule labelSelector: matchLabels: app: discourse-redis app.kubernetes.io/part-of: dragonfly --- apiVersion: postgresql.cnpg.io/v1 kind: Cluster metadata: name: discourse-postgres namespace: discourse spec: instances: 1 enableSuperuserAccess: true bootstrap: initdb: database: discourse owner: discourse secret: name: discourse-postgresql dataChecksums: true encoding: 'UTF8' storage: size: 10Gi storageClass: postgres