admin/felhom.eu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fix/filebrowser-config-args
felhom.eu/manifests/webpage.yaml
T
admin ea66afa960 manifests: pass --config to filebrowser so it reads our ConfigMap 
The previous PR pinned filebrowser to v2.63.13 + runAsUser:0 which
solved the PVC permission issue, but the pod was still 0/1 Ready
because v2.63.x changed the default config-file lookup path:

  Old (v2-alpine): /.filebrowser.json (matched our existing mount)
  New (v2.63.13) : /config/settings.json (NOT mounted in this pod)

So the new image ran with its built-in defaults (port 80, in-memory
db), and the readiness probe on 8080/health timed out.

Fix: pass `args: ["-c", "/.filebrowser.json"]` so filebrowser uses the
ConfigMap we already mount there. No volumeMount changes needed.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-06-06 14:22:04 +02:00

363 lines
8.8 KiB
YAML
Raw Permalink Blame History

# FileBrowser + Webpage deployment for felhom.eu
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: filebrowser-files
namespace: felhom-system
spec:
accessModes:
- ReadWriteMany
storageClassName: longhorn
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: filebrowser-db
namespace: felhom-system
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn
resources:
requests:
storage: 100Mi
---
apiVersion: v1
kind: ConfigMap
metadata:
name: filebrowser-config
namespace: felhom-system
data:
.filebrowser.json: |
{
"port": 8080,
"baseURL": "",
"address": "0.0.0.0",
"log": "stdout",
"database": "/database/filebrowser.db",
"root": "/srv"
}
---
# ===================
# NGINX CONFIG FOR CLEAN URLs
# ===================
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-config
namespace: felhom-system
data:
default.conf: |
server {
listen 80;
server_name _;
root /usr/share/nginx/html/current/website;
index index.html;
# Enable clean URLs - serve .html files without extension
location / {
try_files $uri $uri.html $uri/ =404;
}
location = /sitemap.xml {
types { application/xml xml; }
default_type application/xml;
}
# Cache static assets
location ~* \.(css|js|png|jpg|jpeg|gif|ico|svg|woff|woff2)$ {
expires 7d;
add_header Cache-Control "public, immutable";
}
# Security headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
# Error pages
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
}
---
# ===================
# FILEBROWSER
# ===================
apiVersion: apps/v1
kind: Deployment
metadata:
name: filebrowser
namespace: felhom-system
labels:
app: filebrowser
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: filebrowser
template:
metadata:
labels:
app: filebrowser
spec:
# filebrowser v2.63.13 (debian default) runs as a non-root UID by default
# and can't write to PVC files left by the previous v2-alpine image (which
# ran as root). Force root explicitly so the existing PVC contents are
# readable + writable. (The alternative -- chown the PVC then drop perms --
# needs a one-shot initContainer; not worth the moving parts here.)
securityContext:
runAsUser: 0
runAsGroup: 0
containers:
- name: filebrowser
image: filebrowser/filebrowser:v2.63.13
# v2.63.x default config path is `/config/settings.json`; our ConfigMap
# is mounted at `/.filebrowser.json`. Tell filebrowser to read it
# explicitly so it picks up port 8080 (else it falls back to port 80
# and the readiness probe on 8080 fails).
args: ["-c", "/.filebrowser.json"]
ports:
- containerPort: 8080
volumeMounts:
- name: files
mountPath: /srv
- name: database
mountPath: /database
- name: config
mountPath: /.filebrowser.json
subPath: .filebrowser.json
resources:
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "256Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /health
port: 8080
initialDelaySeconds: 10
periodSeconds: 30
readinessProbe:
httpGet:
path: /health
port: 8080
initialDelaySeconds: 5
periodSeconds: 10
volumes:
- name: files
persistentVolumeClaim:
claimName: filebrowser-files
- name: database
persistentVolumeClaim:
claimName: filebrowser-db
- name: config
configMap:
name: filebrowser-config
---
apiVersion: v1
kind: Service
metadata:
name: filebrowser
namespace: felhom-system
spec:
selector:
app: filebrowser
ports:
- port: 80
targetPort: 8080
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: filebrowser
namespace: felhom-system
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
nginx.ingress.kubernetes.io/proxy-body-size: "100m"
spec:
ingressClassName: nginx-internal
tls:
- hosts:
- files.felhom.eu
secretName: filebrowser-tls
rules:
- host: files.felhom.eu
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: filebrowser
port:
number: 80
---
apiVersion: v1
kind: ConfigMap
metadata:
name: git-sync-sparse-checkout
namespace: felhom-system
data:
sparse-checkout: |
/website/
---
# ===================
# WEBPAGE (nginx)
# ===================
apiVersion: apps/v1
kind: Deployment
metadata:
name: felhom-webpage
namespace: felhom-system
labels:
app: felhom-webpage
spec:
replicas: 1
selector:
matchLabels:
app: felhom-webpage
template:
metadata:
labels:
app: felhom-webpage
spec:
containers:
- name: nginx
image: nginx:alpine
ports:
- containerPort: 80
volumeMounts:
- name: git-data
mountPath: /usr/share/nginx/html
readOnly: true
- name: nginx-config
mountPath: /etc/nginx/conf.d/default.conf
subPath: default.conf
resources:
requests:
memory: "32Mi"
cpu: "10m"
limits:
memory: "128Mi"
cpu: "200m"
livenessProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 5
periodSeconds: 30
readinessProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 3
periodSeconds: 10
- name: git-sync
image: registry.k8s.io/git-sync/git-sync:v4.4.0
args:
- --repo=https://gitea.dooplex.hu/admin/felhom.eu.git
- --branch=main
- --root=/git
- --link=current
- --period=30s
# Only sync the website subdirectory
- --sparse-checkout-file=/etc/git-sync/sparse-checkout
volumeMounts:
- name: git-data
mountPath: /git
- name: sparse-checkout
mountPath: /etc/git-sync
resources:
requests:
memory: "32Mi"
cpu: "10m"
limits:
memory: "128Mi"
cpu: "100m"
securityContext:
runAsUser: 65534 # nobody
# Init container: wait for first sync before nginx starts
initContainers:
- name: git-sync-init
image: registry.k8s.io/git-sync/git-sync:v4.4.0
args:
- --repo=https://gitea.dooplex.hu/admin/felhom.eu.git
- --branch=main
- --root=/git
- --link=current
- --one-time
- --sparse-checkout-file=/etc/git-sync/sparse-checkout
volumeMounts:
- name: git-data
mountPath: /git
- name: sparse-checkout
mountPath: /etc/git-sync
securityContext:
runAsUser: 65534
volumes:
- name: git-data
emptyDir: {}
- name: nginx-config
configMap:
name: nginx-config
- name: sparse-checkout
configMap:
name: git-sync-sparse-checkout
---
apiVersion: v1
kind: Service
metadata:
name: felhom-webpage
namespace: felhom-system
spec:
selector:
app: felhom-webpage
ports:
- port: 80
targetPort: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: felhom-webpage
namespace: felhom-system
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
ingressClassName: nginx-internal
tls:
- hosts:
- felhom.eu
- www.felhom.eu
secretName: felhom-webpage-tls
rules:
- host: felhom.eu
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: felhom-webpage
port:
number: 80
- host: www.felhom.eu
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: felhom-webpage
port:
number: 80
Reference in New Issue View Git Blame Copy Permalink