ai/at
1
0
Fork 0
Code Wiki Activity

add k8s

Browse Source
This commit is contained in:
syui
2026-02-04 22:52:06 +09:00
parent 88cb429951
commit 718820daec
16 changed files with 1001 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@@ -4,6 +4,9 @@ deploy.yml
claude.md claude.md
embedded.mobileprovision embedded.mobileprovision
.env .env
k8s/secrets.env
k8s/deploy.yml
web/dist web/dist
node_modules node_modules
package-lock.json package-lock.json

78
k8s/bgs.yaml Normal file
View File

@@ -0,0 +1,78 @@
apiVersion: v1
kind: Service
metadata:
name: bgs
namespace: atproto
spec:
selector:
app: bgs
ports:
- port: 2470
targetPort: 2470
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: bgs-data
namespace: atproto
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 10Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: bgs
namespace: atproto
spec:
replicas: 1
selector:
matchLabels:
app: bgs
template:
metadata:
labels:
app: bgs
spec:
containers:
- name: bgs
image: registry/bgs
ports:
- containerPort: 2470
env:
- name: DATABASE_URL
value: "postgres://postgres:postgres@database/bgs"
- name: CARSTORE_DATABASE_URL
value: "postgres://postgres:postgres@database/carstore"
- name: DATA_DIR
value: "/data"
- name: ATP_PLC_HOST
value: "https://plc.syu.is"
- name: BGS_NEW_PDS_PER_DAY_LIMIT
value: "1000"
- name: BGS_ADMIN_KEY
valueFrom:
secretKeyRef:
name: atproto-secrets
key: bgs-admin-key
volumeMounts:
- name: data
mountPath: /data
livenessProbe:
httpGet:
path: /xrpc/_health
port: 2470
initialDelaySeconds: 15
periodSeconds: 10
readinessProbe:
httpGet:
path: /xrpc/_health
port: 2470
initialDelaySeconds: 5
periodSeconds: 5
volumes:
- name: data
persistentVolumeClaim:
claimName: bgs-data

199
k8s/bsky.yaml Normal file
View File

@@ -0,0 +1,199 @@
apiVersion: v1
kind: Service
metadata:
name: bsky
namespace: atproto
spec:
selector:
app: bsky
ports:
- name: api
port: 2584
targetPort: 2584
- name: dataplane
port: 3001
targetPort: 3001
- name: bsync
port: 3002
targetPort: 3002
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: bsky-data
namespace: atproto
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 5Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: bsky
namespace: atproto
spec:
replicas: 1
selector:
matchLabels:
app: bsky
template:
metadata:
labels:
app: bsky
spec:
securityContext:
runAsUser: 0
containers:
- name: bsky
image: registry/bsky
command: ["node", "--enable-source-maps", "api.js"]
ports:
- containerPort: 2584
- containerPort: 3001
- containerPort: 3002
env:
- name: BSKY_PORT
value: "2584"
- name: BSKY_BLOB_CACHE_LOC
value: "/data/"
- name: BSKY_BSYNC_HTTP_VERSION
value: "1.1"
- name: BSKY_BSYNC_PORT
value: "3002"
- name: BSKY_BSYNC_URL
value: "http://localhost:3002"
- name: BSKY_COURIER_URL
value: "http://fake-courier.example.invalid/"
- name: BSKY_DATAPLANE_HTTP_VERSION
value: "1.1"
- name: BSKY_DATAPLANE_PORT
value: "3001"
- name: BSKY_DATAPLANE_URLS
value: "http://localhost:3001"
- name: BSKY_DB_POSTGRES_URL
value: "postgres://postgres:postgres@database/bsky"
- name: BSKY_DID_PLC_URL
value: "https://plc.syu.is"
- name: BSKY_PUBLIC_URL
value: "https://bsky.syu.is"
- name: BSKY_REPO_PROVIDER
value: "ws://bgs:2470"
- name: BSKY_SERVER_DID
value: "did:web:bsky.syu.is"
- name: MOD_SERVICE_DID
value: "did:web:ozone.syu.is"
- name: BSKY_ADMIN_PASSWORDS
valueFrom:
secretKeyRef:
name: atproto-secrets
key: bsky-admin-passwords
- name: BSKY_SERVICE_SIGNING_KEY
valueFrom:
secretKeyRef:
name: atproto-secrets
key: bsky-service-signing-key
volumeMounts:
- name: data
mountPath: /data
livenessProbe:
httpGet:
path: /xrpc/_health
port: 2584
initialDelaySeconds: 15
periodSeconds: 10
failureThreshold: 3
readinessProbe:
httpGet:
path: /xrpc/_health
port: 2584
initialDelaySeconds: 5
periodSeconds: 5
volumes:
- name: data
persistentVolumeClaim:
claimName: bsky-data
---
## bsky subscription monitor
## subscriptionが停止していたらPodを再起動する
apiVersion: batch/v1
kind: CronJob
metadata:
name: bsky-subscription-watchdog
namespace: atproto
spec:
schedule: "*/5 * * * *"
jobTemplate:
spec:
template:
spec:
containers:
- name: watchdog
image: postgres:16-alpine
command:
- /bin/sh
- -c
- |
# BGSの最新seqを取得
LATEST_SEQ=$(psql -t -A "$DB_URL" -c "SELECT COALESCE(MAX(seq),0) FROM repo_event_records")
# bskyのsubscription cursorを取得
BSKY_CURSOR=$(psql -t -A "$BSKY_DB_URL" -c "SELECT COALESCE(state,0) FROM subscription WHERE service='ws://bgs:2470' LIMIT 1")
LAG=$((LATEST_SEQ - BSKY_CURSOR))
echo "BGS seq=$LATEST_SEQ, bsky cursor=$BSKY_CURSOR, lag=$LAG"
if [ "$LAG" -gt 50 ]; then
echo "WARN: bsky subscription lag=$LAG, restarting bsky pod"
# Podを削除すればDeploymentが再作成する
apk add --no-cache curl > /dev/null 2>&1
APISERVER=https://kubernetes.default.svc
TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
NAMESPACE=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)
# bsky podを取得して削除
POD=$(curl -s -k -H "Authorization: Bearer $TOKEN" \
"$APISERVER/api/v1/namespaces/$NAMESPACE/pods?labelSelector=app=bsky" \
| grep -o '"name":"bsky-[^"]*"' | head -1 | cut -d'"' -f4)
if [ -n "$POD" ]; then
curl -s -k -X DELETE -H "Authorization: Bearer $TOKEN" \
"$APISERVER/api/v1/namespaces/$NAMESPACE/pods/$POD"
echo "Deleted pod $POD"
fi
else
echo "OK: subscription is healthy"
fi
env:
- name: DB_URL
value: "postgres://postgres:postgres@database/bgs"
- name: BSKY_DB_URL
value: "postgres://postgres:postgres@database/bsky"
restartPolicy: OnFailure
serviceAccountName: bsky-watchdog
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: bsky-watchdog
namespace: atproto
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: bsky-watchdog
namespace: atproto
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "list", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: bsky-watchdog
namespace: atproto
subjects:
- kind: ServiceAccount
name: bsky-watchdog
namespace: atproto
roleRef:
kind: Role
name: bsky-watchdog
apiGroup: rbac.authorization.k8s.io

71
k8s/feed.yaml Normal file
View File

@@ -0,0 +1,71 @@
apiVersion: v1
kind: Service
metadata:
name: feed
namespace: atproto
spec:
selector:
app: feed
ports:
- port: 3000
targetPort: 3000
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: feed-data
namespace: atproto
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 2Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: feed
namespace: atproto
spec:
replicas: 1
selector:
matchLabels:
app: feed
template:
metadata:
labels:
app: feed
spec:
containers:
- name: feed
image: registry/feed
ports:
- containerPort: 3000
env:
- name: FEEDGEN_PORT
value: "3000"
- name: FEEDGEN_LISTENHOST
value: "0.0.0.0"
- name: FEEDGEN_SQLITE_LOCATION
value: "/data/db.sqlite"
- name: FEEDGEN_HOSTNAME
value: "feed.syu.is"
- name: FEEDGEN_PUBLISHER_DID
value: "did:plc:6qyecktefllvenje24fcxnie"
- name: FEEDGEN_SERVICE_DID
value: "did:web:feed.syu.is"
- name: FEEDGEN_JETSTREAM_URL
value: "ws://jetstream:6008/subscribe"
volumeMounts:
- name: data
mountPath: /data
livenessProbe:
httpGet:
path: /
port: 3000
initialDelaySeconds: 10
periodSeconds: 10
volumes:
- name: data
persistentVolumeClaim:
claimName: feed-data

26
k8s/gen-secrets.sh Executable file
View File

@@ -0,0 +1,26 @@
#!/bin/bash
## envs/ から k8s/secrets.env を生成する
## usage: cd k8s && bash gen-secrets.sh
ENVS_DIR="${1:-../envs}"
OUT="secrets.env"
get_val() {
local file="$1" key="$2"
grep "^${key}=" "$file" 2>/dev/null | head -1 | cut -d'=' -f2-
}
cat > "$OUT" <<EOF
pds-admin-password=$(get_val "$ENVS_DIR/pds" PDS_ADMIN_PASSWORD)
pds-plc-rotation-key=$(get_val "$ENVS_DIR/pds" PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX)
pds-repo-signing-key=$(get_val "$ENVS_DIR/pds" PDS_REPO_SIGNING_KEY_K256_PRIVATE_KEY_HEX)
pds-jwt-secret=$(get_val "$ENVS_DIR/pds" PDS_JWT_SECRET)
pds-email-smtp-url=$(get_val "$ENVS_DIR/pds" PDS_EMAIL_SMTP_URL)
bsky-admin-passwords=$(get_val "$ENVS_DIR/bsky" BSKY_ADMIN_PASSWORDS)
bsky-service-signing-key=$(get_val "$ENVS_DIR/bsky" BSKY_SERVICE_SIGNING_KEY)
bgs-admin-key=$(get_val "$ENVS_DIR/bgs" BGS_ADMIN_KEY)
ozone-admin-password=$(get_val "$ENVS_DIR/ozone" OZONE_ADMIN_PASSWORD)
ozone-signing-key-hex=$(get_val "$ENVS_DIR/ozone" OZONE_SIGNING_KEY_HEX)
EOF
echo "generated $OUT"

67
k8s/jetstream.yaml Normal file
View File

@@ -0,0 +1,67 @@
apiVersion: v1
kind: Service
metadata:
name: jetstream
namespace: atproto
spec:
selector:
app: jetstream
ports:
- port: 6008
targetPort: 6008
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: jetstream-data
namespace: atproto
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 2Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: jetstream
namespace: atproto
spec:
replicas: 1
selector:
matchLabels:
app: jetstream
template:
metadata:
labels:
app: jetstream
spec:
containers:
- name: jetstream
image: registry/jetstream
ports:
- containerPort: 6008
env:
- name: JETSTREAM_WS_URL
value: "ws://bgs:2470/xrpc/com.atproto.sync.subscribeRepos"
- name: JETSTREAM_DATA_DIR
value: "/data"
- name: JETSTREAM_LISTEN_ADDR
value: ":6008"
- name: JETSTREAM_METRICS_LISTEN_ADDR
value: ":6009"
- name: JETSTREAM_LIVENESS_TTL
value: "96h"
volumeMounts:
- name: data
mountPath: /data
livenessProbe:
httpGet:
path: /
port: 6009
initialDelaySeconds: 10
periodSeconds: 10
volumes:
- name: data
persistentVolumeClaim:
claimName: jetstream-data

27
k8s/kustomization.yaml Normal file
View File

@@ -0,0 +1,27 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: atproto
resources:
- namespace.yaml
- postgres.yaml
- redis.yaml
- plc.yaml
- pds.yaml
- bgs.yaml
- bsky.yaml
- social-app.yaml
- ozone.yaml
- ozone-web.yaml
- jetstream.yaml
- feed.yaml
## deploy.yml に images / secretGenerator を設定
## デプロイ: cp deploy.yml kustomization.yaml && kubectl apply -k .
secretGenerator:
- name: atproto-secrets
envs:
- secrets.env
options:
disableNameSuffixHash: true

4
k8s/namespace.yaml Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: atproto

47
k8s/ozone-web.yaml Normal file
View File

@@ -0,0 +1,47 @@
apiVersion: v1
kind: Service
metadata:
name: ozone-web
namespace: atproto
spec:
selector:
app: ozone-web
ports:
- port: 3000
targetPort: 3000
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: ozone-web
namespace: atproto
spec:
replicas: 1
selector:
matchLabels:
app: ozone-web
template:
metadata:
labels:
app: ozone-web
spec:
containers:
- name: ozone-web
image: registry/ozone-web
ports:
- containerPort: 3000
env:
- name: NEXT_PUBLIC_PLC_DIRECTORY_URL
value: "https://plc.syu.is"
- name: NEXT_PUBLIC_OZONE_SERVICE_DID
value: "did:web:ozone.syu.is"
- name: NEXT_PUBLIC_SOCIAL_APP_DOMAIN
value: "syu.is"
- name: NEXT_PUBLIC_SOCIAL_APP_URL
value: "https://syu.is"
livenessProbe:
httpGet:
path: /
port: 3000
initialDelaySeconds: 10
periodSeconds: 10

96
k8s/ozone.yaml Normal file
View File

@@ -0,0 +1,96 @@
apiVersion: v1
kind: Service
metadata:
name: ozone
namespace: atproto
spec:
selector:
app: ozone
ports:
- port: 3000
targetPort: 3000
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: ozone-data
namespace: atproto
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 2Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: ozone
namespace: atproto
spec:
replicas: 1
selector:
matchLabels:
app: ozone
template:
metadata:
labels:
app: ozone
spec:
containers:
- name: ozone
image: registry/ozone
command: ["node", "--enable-source-maps", "api.js"]
ports:
- containerPort: 3000
env:
- name: OZONE_SERVER_DID
value: "did:web:ozone.syu.is"
- name: OZONE_PUBLIC_URL
value: "https://ozone.syu.is"
- name: OZONE_DB_POSTGRES_URL
value: "postgres://postgres:postgres@database/ozone"
- name: OZONE_DID_PLC_URL
value: "https://plc.syu.is"
- name: OZONE_APPVIEW_DID
value: "did:web:bsky.syu.is"
- name: OZONE_APPVIEW_URL
value: "https://bsky.syu.is"
- name: OZONE_APPVIEW_PUSH_EVENTS
value: "true"
- name: OZONE_PDS_DID
value: "did:web:syu.is"
- name: OZONE_PDS_URL
value: "https://syu.is"
- name: OZONE_DEV_MODE
value: "true"
- name: OZONE_DB_MIGRATE
value: "1"
- name: OZONE_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: atproto-secrets
key: ozone-admin-password
- name: OZONE_SIGNING_KEY_HEX
valueFrom:
secretKeyRef:
name: atproto-secrets
key: ozone-signing-key-hex
volumeMounts:
- name: data
mountPath: /data
livenessProbe:
httpGet:
path: /xrpc/_health
port: 3000
initialDelaySeconds: 10
periodSeconds: 10
readinessProbe:
httpGet:
path: /xrpc/_health
port: 3000
initialDelaySeconds: 5
periodSeconds: 5
volumes:
- name: data
persistentVolumeClaim:
claimName: ozone-data

121
k8s/pds.yaml Normal file
View File

@@ -0,0 +1,121 @@
apiVersion: v1
kind: Service
metadata:
name: pds
namespace: atproto
spec:
selector:
app: pds
ports:
- port: 3000
targetPort: 3000
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pds-data
namespace: atproto
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 10Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: pds
namespace: atproto
spec:
replicas: 1
selector:
matchLabels:
app: pds
template:
metadata:
labels:
app: pds
spec:
containers:
- name: pds
image: registry/pds
command: ["node", "--enable-source-maps", "index.js"]
ports:
- containerPort: 3000
env:
- name: PDS_HOSTNAME
value: "syu.is"
- name: PDS_DB_POSTGRES_URL
value: "postgres://postgres:postgres@database/pds"
- name: PDS_DATA_DIRECTORY
value: "/data"
- name: PDS_BLOBSTORE_DISK_LOCATION
value: "/data/img/static"
- name: PDS_BSKY_APP_VIEW_DID
value: "did:web:bsky.syu.is"
- name: PDS_BSKY_APP_VIEW_URL
value: "https://bsky.syu.is"
- name: PDS_CRAWLERS
value: "https://bgs.syu.is"
- name: PDS_SEQUENCER_ENABLED
value: "true"
- name: PDS_SEQUENCER_DB_LOCATION
value: "/data/sequencer.sqlite"
- name: PDS_DEV_MODE
value: "true"
- name: PDS_DID_PLC_URL
value: "https://plc.syu.is"
- name: PDS_ENABLE_DID_DOC_WITH_SESSION
value: "true"
- name: PDS_INVITE_INTERVAL
value: "604800000"
- name: PDS_SERVICE_DID
value: "did:web:syu.is"
- name: PDS_EMAIL_FROM_ADDRESS
value: "no-reply@syu.is"
- name: PDS_INVITE_REQUIRED
value: "true"
- name: PDS_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: atproto-secrets
key: pds-admin-password
- name: PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX
valueFrom:
secretKeyRef:
name: atproto-secrets
key: pds-plc-rotation-key
- name: PDS_REPO_SIGNING_KEY_K256_PRIVATE_KEY_HEX
valueFrom:
secretKeyRef:
name: atproto-secrets
key: pds-repo-signing-key
- name: PDS_JWT_SECRET
valueFrom:
secretKeyRef:
name: atproto-secrets
key: pds-jwt-secret
- name: PDS_EMAIL_SMTP_URL
valueFrom:
secretKeyRef:
name: atproto-secrets
key: pds-email-smtp-url
volumeMounts:
- name: data
mountPath: /data
livenessProbe:
httpGet:
path: /xrpc/_health
port: 3000
initialDelaySeconds: 15
periodSeconds: 10
readinessProbe:
httpGet:
path: /xrpc/_health
port: 3000
initialDelaySeconds: 5
periodSeconds: 5
volumes:
- name: data
persistentVolumeClaim:
claimName: pds-data

53
k8s/plc.yaml Normal file
View File

@@ -0,0 +1,53 @@
apiVersion: v1
kind: Service
metadata:
name: plc
namespace: atproto
spec:
selector:
app: plc
ports:
- port: 3000
targetPort: 3000
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: plc
namespace: atproto
spec:
replicas: 1
selector:
matchLabels:
app: plc
template:
metadata:
labels:
app: plc
spec:
containers:
- name: plc
image: registry/plc
ports:
- containerPort: 3000
env:
- name: DATABASE_URL
value: "postgres://postgres:postgres@database/plc"
- name: DB_CREDS_JSON
value: '{"username":"postgres","password":"postgres","host":"database","port":"5432","database":"plc"}'
- name: ENABLE_MIGRATIONS
value: "true"
- name: DB_MIGRATE_CREDS_JSON
value: '{"username":"postgres","password":"postgres","host":"database","port":"5432","database":"plc"}'
livenessProbe:
httpGet:
path: /_health
port: 3000
initialDelaySeconds: 10
periodSeconds: 10
readinessProbe:
httpGet:
path: /_health
port: 3000
initialDelaySeconds: 5
periodSeconds: 5

89
k8s/postgres.yaml Normal file
View File

@@ -0,0 +1,89 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: postgres-init
namespace: atproto
data:
init.sql: |
CREATE DATABASE plc;
GRANT ALL PRIVILEGES ON DATABASE plc TO postgres;
CREATE DATABASE bgs;
CREATE DATABASE carstore;
GRANT ALL PRIVILEGES ON DATABASE bgs TO postgres;
GRANT ALL PRIVILEGES ON DATABASE carstore TO postgres;
CREATE DATABASE bsky;
GRANT ALL PRIVILEGES ON DATABASE bsky TO postgres;
CREATE DATABASE ozone;
GRANT ALL PRIVILEGES ON DATABASE ozone TO postgres;
CREATE DATABASE pds;
GRANT ALL PRIVILEGES ON DATABASE pds TO postgres;
CREATE DATABASE bsync;
GRANT ALL PRIVILEGES ON DATABASE bsync TO postgres;
---
apiVersion: v1
kind: Service
metadata:
name: database
namespace: atproto
spec:
selector:
app: postgres
ports:
- port: 5432
targetPort: 5432
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: postgres
namespace: atproto
spec:
serviceName: database
replicas: 1
selector:
matchLabels:
app: postgres
template:
metadata:
labels:
app: postgres
spec:
containers:
- name: postgres
image: postgres:16-alpine
env:
- name: POSTGRES_USER
value: postgres
- name: POSTGRES_PASSWORD
value: postgres
- name: POSTGRES_DB
value: healthcheck
ports:
- containerPort: 5432
volumeMounts:
- name: data
mountPath: /var/lib/postgresql/data
- name: init
mountPath: /docker-entrypoint-initdb.d
livenessProbe:
exec:
command: ["pg_isready", "-U", "postgres", "-d", "healthcheck"]
initialDelaySeconds: 10
periodSeconds: 5
readinessProbe:
exec:
command: ["pg_isready", "-U", "postgres", "-d", "healthcheck"]
initialDelaySeconds: 5
periodSeconds: 5
volumes:
- name: init
configMap:
name: postgres-init
volumeClaimTemplates:
- metadata:
name: data
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 20Gi

58
k8s/redis.yaml Normal file
View File

@@ -0,0 +1,58 @@
apiVersion: v1
kind: Service
metadata:
name: redis
namespace: atproto
spec:
selector:
app: redis
ports:
- port: 6379
targetPort: 6379
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: redis
namespace: atproto
spec:
replicas: 1
selector:
matchLabels:
app: redis
template:
metadata:
labels:
app: redis
spec:
containers:
- name: redis
image: redis:alpine
ports:
- containerPort: 6379
volumeMounts:
- name: data
mountPath: /data
livenessProbe:
exec:
command: ["redis-cli", "ping"]
periodSeconds: 5
readinessProbe:
exec:
command: ["redis-cli", "ping"]
periodSeconds: 5
volumes:
- name: data
persistentVolumeClaim:
claimName: redis-data
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: redis-data
namespace: atproto
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 1Gi

10
k8s/secrets.env.example Normal file
View File

@@ -0,0 +1,10 @@
pds-admin-password=
pds-plc-rotation-key=
pds-repo-signing-key=
pds-jwt-secret=
pds-email-smtp-url=
bsky-admin-passwords=
bsky-service-signing-key=
bgs-admin-key=
ozone-admin-password=
ozone-signing-key-hex=

52
k8s/social-app.yaml Normal file
View File

@@ -0,0 +1,52 @@
apiVersion: v1
kind: Service
metadata:
name: social-app
namespace: atproto
spec:
selector:
app: social-app
ports:
- port: 8100
targetPort: 8100
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: social-app
namespace: atproto
spec:
replicas: 1
selector:
matchLabels:
app: social-app
template:
metadata:
labels:
app: social-app
spec:
containers:
- name: social-app
image: registry/social-app
command: ["/usr/bin/bskyweb", "serve"]
ports:
- containerPort: 8100
env:
- name: ATP_APPVIEW_HOST
value: "https://public.api.bsky.app"
- name: EXPO_PUBLIC_BLUESKY_PROXY_DID
value: "did:web:api.bsky.app"
- name: EXPO_PUBLIC_ENV
value: "production"
livenessProbe:
httpGet:
path: /
port: 8100
initialDelaySeconds: 10
periodSeconds: 10
readinessProbe:
httpGet:
path: /
port: 8100
initialDelaySeconds: 5
periodSeconds: 5