From 04a36fee7d5c79817f7ae50c899c608e067972a8 Mon Sep 17 00:00:00 2001 From: kisfenyo Date: Fri, 2 Jan 2026 19:25:23 +0100 Subject: [PATCH] fixed workout manifest --- workout-system/workout.yaml | 82 ++++++++++++++++++++++++++++++------- 1 file changed, 68 insertions(+), 14 deletions(-) diff --git a/workout-system/workout.yaml b/workout-system/workout.yaml index df5a6c9..e08867c 100644 --- a/workout-system/workout.yaml +++ b/workout-system/workout.yaml @@ -79,20 +79,26 @@ spec: app.kubernetes.io/instance: wger app.kubernetes.io/name: wger spec: - initContainers: - - name: fix-permissions - image: alpine:latest - # Change ownership of both folders to user 1000 (wger) - command: ["sh", "-c", "chown -R 1000:1000 /home/wger/static /home/wger/media"] - securityContext: - runAsUser: 0 + securityContext: + fsGroup: 1000 + runAsUser: 1000 + runAsGroup: 1000 + containers: + - name: nginx + image: nginx:alpine + ports: + - containerPort: 80 + name: http volumeMounts: - name: static mountPath: /home/wger/static - # ADD THIS: We need to fix the media volume too + readOnly: true - name: media mountPath: /home/wger/media - containers: + readOnly: true + - name: nginx-config + mountPath: /etc/nginx/conf.d/default.conf + subPath: nginx.conf - name: wger image: wger/server:latest env: @@ -200,6 +206,9 @@ spec: initialDelaySeconds: 60 periodSeconds: 10 volumes: + - name: nginx-config + configMap: + name: wger-nginx-config - name: media persistentVolumeClaim: claimName: wger-media @@ -228,6 +237,10 @@ spec: app.kubernetes.io/instance: wger app.kubernetes.io/name: wger-celery-worker spec: + securityContext: + fsGroup: 1000 + runAsUser: 1000 + runAsGroup: 1000 containers: - name: celery-worker image: wger/server:latest @@ -302,6 +315,10 @@ spec: app.kubernetes.io/instance: wger app.kubernetes.io/name: wger-celery-beat spec: + securityContext: + fsGroup: 1000 + runAsUser: 1000 + runAsGroup: 1000 containers: - name: celery-beat image: wger/server:latest @@ -381,8 +398,8 @@ spec: type: ClusterIP ports: - name: http - port: 8000 - targetPort: http + port: 80 + targetPort: 80 selector: app.kubernetes.io/instance: wger app.kubernetes.io/name: wger @@ -419,7 +436,7 @@ spec: service: name: wger port: - number: 8000 + number: 80 - host: workout.home http: paths: @@ -429,7 +446,7 @@ spec: service: name: wger port: - number: 8000 + number: 80 tls: - hosts: - workout.dooplex.hu @@ -467,4 +484,41 @@ spec: storageClassName: longhorn resources: requests: - storage: 2Gi \ No newline at end of file + storage: 2Gi +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: wger-nginx-config + namespace: workout-system +data: + nginx.conf: | + server { + listen 80; + server_name _; + client_max_body_size 4G; + + # Official Wger Logic + root /var/www/html/; # This is just a dummy root, aliases do the work + + location /static/ { + alias /home/wger/static/; + expires 30d; + access_log off; + } + + location /media/ { + alias /home/wger/media/; + expires 30d; + access_log off; + } + + location / { + proxy_pass http://localhost:8000; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + } +--- \ No newline at end of file