fixed workout manifest

workout-system/workout.yaml

@@ -79,20 +79,26 @@ spec:
         app.kubernetes.io/instance: wger
         app.kubernetes.io/name: wger
     spec:
-      initContainers:
+      securityContext:
-      - name: fix-permissions
+        fsGroup: 1000
-        image: alpine:latest
+        runAsUser: 1000
-        # Change ownership of both folders to user 1000 (wger)
+        runAsGroup: 1000
-        command: ["sh", "-c", "chown -R 1000:1000 /home/wger/static /home/wger/media"]
+      containers:
-        securityContext:
+      - name: nginx
-          runAsUser: 0
+        image: nginx:alpine
+        ports:
+        - containerPort: 80
+          name: http
         volumeMounts:
         - name: static
           mountPath: /home/wger/static
-        # ADD THIS: We need to fix the media volume too
+          readOnly: true
         - name: media
           mountPath: /home/wger/media
-      containers:
+          readOnly: true
+        - name: nginx-config
+          mountPath: /etc/nginx/conf.d/default.conf
+          subPath: nginx.conf
       - name: wger
         image: wger/server:latest
         env:
@@ -200,6 +206,9 @@ spec:
           initialDelaySeconds: 60
           periodSeconds: 10
       volumes:
+      - name: nginx-config
+        configMap:
+          name: wger-nginx-config
       - name: media
         persistentVolumeClaim:
           claimName: wger-media
@@ -228,6 +237,10 @@ spec:
         app.kubernetes.io/instance: wger
         app.kubernetes.io/name: wger-celery-worker
     spec:
+      securityContext:
+        fsGroup: 1000
+        runAsUser: 1000
+        runAsGroup: 1000
       containers:
       - name: celery-worker
         image: wger/server:latest
@@ -302,6 +315,10 @@ spec:
         app.kubernetes.io/instance: wger
         app.kubernetes.io/name: wger-celery-beat
     spec:
+      securityContext:
+        fsGroup: 1000
+        runAsUser: 1000
+        runAsGroup: 1000
       containers:
       - name: celery-beat
         image: wger/server:latest
@@ -381,8 +398,8 @@ spec:
   type: ClusterIP
   ports:
   - name: http
-    port: 8000
+    port: 80
-    targetPort: http
+    targetPort: 80
   selector:
     app.kubernetes.io/instance: wger
     app.kubernetes.io/name: wger
@@ -419,7 +436,7 @@ spec:
           service:
             name: wger
             port:
-              number: 8000
+              number: 80
   - host: workout.home
     http:
       paths:
@@ -429,7 +446,7 @@ spec:
           service:
             name: wger
             port:
-              number: 8000
+              number: 80
   tls:
   - hosts:
     - workout.dooplex.hu
@@ -468,3 +485,40 @@ spec:
   resources:
     requests:
       storage: 2Gi
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: wger-nginx-config
+  namespace: workout-system
+data:
+  nginx.conf: |
+    server {
+      listen 80;
+      server_name _;
+      client_max_body_size 4G;
+
+      # Official Wger Logic
+      root /var/www/html/; # This is just a dummy root, aliases do the work
+
+      location /static/ {
+        alias /home/wger/static/;
+        expires 30d;
+        access_log off;
+      }
+
+      location /media/ {
+        alias /home/wger/media/;
+        expires 30d;
+        access_log off;
+      }
+
+      location / {
+        proxy_pass http://localhost:8000;
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+      }
+    }
+---