kakera.yml

---
kind: ConfigMap
apiVersion: v1
metadata:
  name: kakera
  labels:
    app: kakera
data:
  nginx.conf: |-
    worker_processes auto;
    daemon off;
    error_log stderr info;

    events {
      worker_connections 1024;
      multi_accept on;
    }

    http {
      include       /etc/nginx/mime.types;
      default_type  application/octet-stream;

      sendfile           on;
      tcp_nopush         on;
      keepalive_timeout  65;

      client_max_body_size 64M;

      set_real_ip_from 0.0.0.0/0;

      upstream kakera {
        # Call the local instance, with no failure timeouts.
        server 127.0.0.1:8000 fail_timeout=0;
        # Fall back to calling another instance if the local one is dead.
        server kakera.default.svc.cluster.local backup;
      }

      server {
        listen       80 default_server;
        server_name  kazamatsuri.org new.kazamatsuri.org;
        root         /srv/www;

        # Rewrite old WordPress URLs to their kakera equivalents
        rewrite "^/[0-9]{4}/[0-9]{2}/[0-9]{2}/(.*)$" "/$1" permanent;

        # Try to resolve real files in the www directory first, fall back to kakera
        location / {
          try_files $uri $uri/ @kakera;
          error_page 403 = @kakera;
        }

        # Bypass kakera for media and static files
        location /static {
          expires 365d;
        }
        location /media {
          expires 365d;
        }

        # Internal location for kakera
        location @kakera {
          proxy_pass http://kakera;
          proxy_set_header Host $host;
          proxy_set_header X-Real-IP $remote_addr;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_redirect off;
        }

        # The real Podcast XML file is on Github Pages for easier publishing
        location = /podcast.xml { return 302 http://podcast.kazamatsuri.org/feed.xml; }
        # Podcast MP3s are now on S3
        location ~ ^/podcast/?(.*)$ { return 302 https://kazamatsuri.s3.amazonaws.com/podcast/$1; }

        # Redirects to the forum (thanks Youtube)
        location ~ ^/go/t/(.*)$ { return 302 https://forum.kazamatsuri.org/t/$1; }
      }

      server {
        listen       80;
        server_name  rokkenjima.org new.rokkenjima.org;
        root         /srv/www;

        # Try to resolve real files in the www directory first, fall back to kakera
        location / {
          try_files $uri $uri/ @kakera;
          error_page 403 = @kakera;
        }

        # Bypass kakera for media and static files
        location /static {
          expires 365d;
        }
        location /media {
          expires 365d;
        }

        # Internal location for kakera
        location @kakera {
          proxy_pass http://kakera;
          proxy_set_header Host $host;
          proxy_set_header X-Real-IP $remote_addr;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_redirect off;
        }

        # Redirects to the forum (thanks Youtube)
        location ~ ^/go/t/(.*)$ { return 302 https://forum.rokkenjima.org/t/$1; }
      }
    }
---
kind: Service
apiVersion: v1
metadata:
  name: kakera
  labels:
    app: kakera
spec:
  ports:
  - name: http
    port: 80
    targetPort: 80
    protocol: TCP
  selector:
    app: kakera
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: kakera-media
  annotations:
    volume.beta.kubernetes.io/storage-class: "slow"
spec:
  accessModes:
  - ReadWriteMany
  resources:
    requests:
      storage: 1000Gi
---
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
  name: kakera
  labels:
    app: kakera
spec:
  replicas: 2
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxUnavailable: 1
      maxSurge: 1
  template:
    metadata:
      labels:
        app: kakera
    spec:
      containers:
      - name: kakera
        image: kazokuco/kakera
        imagePullPolicy: Always
        command: ["/bin/bash", "-c", "cp -R /srv/kakera/public/static/* /srv/www/static && ./manage.py migrate --noinput && ./docker_entrypoint.sh"]
        env:
        - name: SECRET_KEY
          valueFrom:
            secretKeyRef:
              name: kakera
              key: secret
        - name: DB_ENGINE
          value: django.db.backends.postgresql
        - name: DB_HOST
          value: postgresql.default.svc.cluster.local
        - name: DB_PORT
          value: "5432"
        - name: DB_NAME
          valueFrom:
            secretKeyRef:
              name: kakera
              key: db.name
        - name: DB_USER
          valueFrom:
            secretKeyRef:
              name: kakera
              key: db.username
        - name: DB_PASSWORD
          valueFrom:
            secretKeyRef:
              name: kakera
              key: db.password
        - name: REDIS_URL
          value: redis://redis.default.svc.cluster.local:6379/0
        - name: DEFAULT_FILE_STORAGE
          value: storages.backends.s3boto3.S3Boto3Storage
        - name: AWS_ACCESS_KEY_ID
          valueFrom:
            secretKeyRef:
              name: kakera
              key: aws.keyid
        - name: AWS_SECRET_ACCESS_KEY
          valueFrom:
            secretKeyRef:
              name: kakera
              key: aws.key
        - name: AWS_STORAGE_BUCKET_NAME
          value: kakera
        - name: AWS_S3_CUSTOM_DOMAIN
          value: d31u62iyrzhln9.cloudfront.net
        - name: CLOUDFLARE_EMAIL
          valueFrom:
            secretKeyRef:
              name: cloudflare
              key: email
        - name: CLOUDFLARE_TOKEN
          valueFrom:
            secretKeyRef:
              name: cloudflare
              key: token
        - name: GUNICORN_WORKERS
          value: "8"
        - name: GUNICORN_THREADS
          value: "1"
        readinessProbe:
          httpGet:
            path: /healthz/
            port: gunicorn
            httpHeaders:
            - name: Accept
              value: application/json
          successThreshold: 6
        ports:
        - name: gunicorn
          containerPort: 8000
          protocol: TCP
        volumeMounts:
        - name: static
          mountPath: /srv/www/static
        - name: media
          mountPath: /srv/kakera/public/media
      - name: nginx
        image: nginx:1
        imagePullPolicy: Always
        command: ["nginx", "-c", "/etc/config/nginx.conf"]
        readinessProbe:
          httpGet:
            path: /healthz/
            port: http
            httpHeaders:
            - name: Accept
              value: application/json
        ports:
        - name: http
          containerPort: 80
          protocol: TCP
        volumeMounts:
        - name: config
          mountPath: /etc/config
        - name: static
          mountPath: /srv/www/static
        - name: media
          mountPath: /srv/www/media
      volumes:
      - name: config
        configMap:
          name: kakera
      - name: static
        emptyDir: {}
      - name: media
        persistentVolumeClaim:
          claimName: kakera-media