# FileBrowser + Webpage deployment for felhom.eu --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: filebrowser-files namespace: felhom-system spec: accessModes: - ReadWriteMany storageClassName: longhorn resources: requests: storage: 1Gi --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: filebrowser-db namespace: felhom-system spec: accessModes: - ReadWriteOnce storageClassName: longhorn resources: requests: storage: 100Mi --- apiVersion: v1 kind: ConfigMap metadata: name: filebrowser-config namespace: felhom-system data: .filebrowser.json: | { "port": 8080, "baseURL": "", "address": "0.0.0.0", "log": "stdout", "database": "/database/filebrowser.db", "root": "/srv" } --- # =================== # NGINX CONFIG FOR CLEAN URLs # =================== apiVersion: v1 kind: ConfigMap metadata: name: nginx-config namespace: felhom-system data: default.conf: | server { listen 80; server_name _; root /usr/share/nginx/html/current/website; index index.html; # Enable clean URLs - serve .html files without extension location / { try_files $uri $uri.html $uri/ =404; } location = /sitemap.xml { types { application/xml xml; } default_type application/xml; } # Cache static assets location ~* \.(css|js|png|jpg|jpeg|gif|ico|svg|woff|woff2)$ { expires 7d; add_header Cache-Control "public, immutable"; } # Security headers add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Content-Type-Options "nosniff" always; # Error pages error_page 404 /404.html; error_page 500 502 503 504 /50x.html; } --- # =================== # FILEBROWSER # =================== apiVersion: apps/v1 kind: Deployment metadata: name: filebrowser namespace: felhom-system labels: app: filebrowser spec: replicas: 1 strategy: type: Recreate selector: matchLabels: app: filebrowser template: metadata: labels: app: filebrowser spec: containers: - name: filebrowser image: filebrowser/filebrowser:v2-alpine ports: - containerPort: 8080 volumeMounts: - name: files mountPath: /srv - name: database mountPath: /database - name: config mountPath: /.filebrowser.json subPath: .filebrowser.json resources: requests: memory: "64Mi" cpu: "50m" limits: memory: "256Mi" cpu: "500m" livenessProbe: httpGet: path: /health port: 8080 initialDelaySeconds: 10 periodSeconds: 30 readinessProbe: httpGet: path: /health port: 8080 initialDelaySeconds: 5 periodSeconds: 10 volumes: - name: files persistentVolumeClaim: claimName: filebrowser-files - name: database persistentVolumeClaim: claimName: filebrowser-db - name: config configMap: name: filebrowser-config --- apiVersion: v1 kind: Service metadata: name: filebrowser namespace: felhom-system spec: selector: app: filebrowser ports: - port: 80 targetPort: 8080 --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: filebrowser namespace: felhom-system annotations: cert-manager.io/cluster-issuer: letsencrypt-prod nginx.ingress.kubernetes.io/proxy-body-size: "100m" spec: ingressClassName: nginx-internal tls: - hosts: - files.felhom.eu secretName: filebrowser-tls rules: - host: files.felhom.eu http: paths: - path: / pathType: Prefix backend: service: name: filebrowser port: number: 80 --- apiVersion: v1 kind: ConfigMap metadata: name: git-sync-sparse-checkout namespace: felhom-system data: sparse-checkout: | /website/ --- # =================== # WEBPAGE (nginx) # =================== apiVersion: apps/v1 kind: Deployment metadata: name: felhom-webpage namespace: felhom-system labels: app: felhom-webpage spec: replicas: 1 selector: matchLabels: app: felhom-webpage template: metadata: labels: app: felhom-webpage spec: containers: - name: nginx image: nginx:alpine ports: - containerPort: 80 volumeMounts: - name: git-data mountPath: /usr/share/nginx/html readOnly: true - name: nginx-config mountPath: /etc/nginx/conf.d/default.conf subPath: default.conf resources: requests: memory: "32Mi" cpu: "10m" limits: memory: "128Mi" cpu: "200m" livenessProbe: httpGet: path: / port: 80 initialDelaySeconds: 5 periodSeconds: 30 readinessProbe: httpGet: path: / port: 80 initialDelaySeconds: 3 periodSeconds: 10 - name: git-sync image: registry.k8s.io/git-sync/git-sync:v4.4.0 args: - --repo=https://gitea.dooplex.hu/admin/felhom.eu.git - --branch=main - --root=/git - --link=current - --period=30s # Only sync the website subdirectory - --sparse-checkout-file=/etc/git-sync/sparse-checkout volumeMounts: - name: git-data mountPath: /git - name: sparse-checkout mountPath: /etc/git-sync resources: requests: memory: "32Mi" cpu: "10m" limits: memory: "128Mi" cpu: "100m" securityContext: runAsUser: 65534 # nobody # Init container: wait for first sync before nginx starts initContainers: - name: git-sync-init image: registry.k8s.io/git-sync/git-sync:v4.4.0 args: - --repo=https://gitea.dooplex.hu/admin/felhom.eu.git - --branch=main - --root=/git - --link=current - --one-time - --sparse-checkout-file=/etc/git-sync/sparse-checkout volumeMounts: - name: git-data mountPath: /git - name: sparse-checkout mountPath: /etc/git-sync securityContext: runAsUser: 65534 volumes: - name: git-data emptyDir: {} - name: nginx-config configMap: name: nginx-config - name: sparse-checkout configMap: name: git-sync-sparse-checkout --- apiVersion: v1 kind: Service metadata: name: felhom-webpage namespace: felhom-system spec: selector: app: felhom-webpage ports: - port: 80 targetPort: 80 --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: felhom-webpage namespace: felhom-system annotations: cert-manager.io/cluster-issuer: letsencrypt-prod spec: ingressClassName: nginx-internal tls: - hosts: - felhom.eu - www.felhom.eu secretName: felhom-webpage-tls rules: - host: felhom.eu http: paths: - path: / pathType: Prefix backend: service: name: felhom-webpage port: number: 80 - host: www.felhom.eu http: paths: - path: / pathType: Prefix backend: service: name: felhom-webpage port: number: 80