blob: 9407aa2072a9911d097a84917441d635bd045cbf (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
|
apiVersion: apps/v1
kind: Deployment
metadata:
name: miniflux-server
labels:
app: miniflux-server
spec:
replicas: 1
selector:
matchLabels:
app: miniflux-server
template:
metadata:
labels:
app: miniflux-server
spec:
initContainers:
- name: wait-for-postgres
image: postgres:17
command: ["/bin/sh", "-c"]
args:
- |
echo "Waiting for Postgres at miniflux-postgres:5432...";
until pg_isready -h miniflux-postgres -p 5432 -U miniflux; do
echo "Postgres not ready, sleeping...";
sleep 2;
done;
echo "Postgres is ready."
containers:
- name: miniflux
image: miniflux/miniflux:latest
ports:
- containerPort: 8080
env:
- name: CREATE_ADMIN
value: "1"
- name: ADMIN_USERNAME
value: "admin"
- name: ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: miniflux-admin-password
key: admin_password
- name: RUN_MIGRATIONS
value: "1"
- name: POLLING_FREQUENCY
value: "10"
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: miniflux-db-password
key: fluxdb_password
command: ["/bin/sh", "-c"]
args:
- export DATABASE_URL="postgres://miniflux:${POSTGRES_PASSWORD}@miniflux-postgres:5432/miniflux?sslmode=disable"; exec /usr/bin/miniflux
livenessProbe:
httpGet:
path: /healthcheck
port: 8080
initialDelaySeconds: 60
periodSeconds: 30
readinessProbe:
httpGet:
path: /healthcheck
port: 8080
initialDelaySeconds: 15
periodSeconds: 15
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: miniflux-postgres
labels:
app: miniflux-postgres
spec:
replicas: 1
# Recreate so the old pod fully terminates before the new one starts —
# avoids NFS-lock races on the hostPath-backed PVC during rolling updates.
strategy:
type: Recreate
selector:
matchLabels:
app: miniflux-postgres
template:
metadata:
labels:
app: miniflux-postgres
spec:
initContainers:
- name: nfs-check-data
image: busybox:stable
command:
- sh
- -c
- |
test -f /mnt/.nfs-sentinel || (
echo "ERROR: NFS sentinel missing at /mnt/.nfs-sentinel"
echo "refusing to start; node likely has NFS unmounted"
echo "pod would otherwise bind-mount the local-XFS shadow"
exit 1
)
volumeMounts:
- name: miniflux-postgres-data
mountPath: /mnt
readOnly: true
containers:
- name: miniflux-postgres
image: postgres:17
ports:
- containerPort: 5432
env:
- name: POSTGRES_USER
value: "miniflux"
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: miniflux-db-password
key: fluxdb_password
volumeMounts:
- name: miniflux-postgres-data
mountPath: /var/lib/postgresql/data
livenessProbe:
exec:
command:
- pg_isready
- -U
- miniflux
initialDelaySeconds: 60
periodSeconds: 30
readinessProbe:
exec:
command:
- pg_isready
- -U
- miniflux
initialDelaySeconds: 15
periodSeconds: 15
volumes:
- name: miniflux-postgres-data
persistentVolumeClaim:
claimName: miniflux-postgres-pvc
|
