lukevella/rallly-selfhosted
1
0
Fork 1
mirror of https://github.com/lukevella/rallly-selfhosted.git synced 2025-12-10 10:52:50 +01:00
Code

Compare commits

base: lukevella:015fc2bf403f282457229ea2cd448907e78430e8
Branches Tags
lukevella:main
lukevella:3.0.0
..
compare: lukevella:013f5c16dbd92c41a5c7a973aa66f63dee988397
Branches Tags
lukevella:main
lukevella:3.0.0

1 Commits
015fc2bf40 ... 013f5c16db

Author SHA1 Message Date
Gabriel Windlin
013f5c16db
Merge 1894faa7d28e4f71ac776a57700e3946b66239c9 into 297e04f69bcd32f311ed3928ef3141389b701bc9 2025-11-25 12:09:30 +01:00
6 changed files with 36 additions and 77 deletions
Show Stats Expand all files Collapse all files

46
kubernetes/README.md
View File

@ -1,46 +0,0 @@
# Rallly Kubernetes Manifests
This directory contains base Kubernetes manifests to self-host Rallly. It separates configuration (ConfigMaps) from sensitive data (Secrets) and uses a StatefulSet for the PostgreSQL database.
## Prerequisites
- A Kubernetes cluster.
- `kubectl` configured to talk to your cluster.
- An Ingress Controller (e.g., NGINX) installed.
## Configuration
1. **Secrets (`secrets.yaml`):**
- **Important:** Do not commit the `secrets.yaml` file with real credentials to version control.
- Update `POSTGRES_PASSWORD` and `SECRET_PASSWORD` (use `openssl rand -hex 32` to generate).
- Update `DATABASE_URL` to match your postgres password.
2. **Config (`rallly-config.yaml`):**
- Update `NEXT_PUBLIC_BASE_URL` to match your domain.
- Configure your SMTP settings for emails.
3. **Ingress (`ingress.yaml`):**
- Change `host: rallly.example.com` to your actual domain.
- Ensure `ingressClassName` matches your cluster's controller (default is set to `nginx`).
## Deployment Order
Apply the manifests in the following order to ensure dependencies are met:
```bash
# 1. Apply Secrets and Config first
kubectl apply -f secrets.yaml
kubectl apply -f rallly-config.yaml
# 2. Apply Database (StatefulSet)
kubectl apply -f postgres.yaml
# 3. Apply Application (Deployment)
kubectl apply -f rallly.yaml
# 4. Apply Ingress
kubectl apply -f ingress.yaml
# 5. Check that the pods are running - should show '1/1 Running' for each pod.
kubectl get pods
```

BIN
kubernetes/README.pdf
View File

Binary file not shown.

30
kubernetes/ingress.yaml
View File

@ -6,25 +6,23 @@ metadata:
annotations:
# Example for cert-manager (uncomment if using)
# cert-manager.io/cluster-issuer: letsencrypt-prod
# Example for NGINX ingress controller size limit
# nginx.ingress.kubernetes.io/proxy-body-size: "10m"
spec:
# NOTE: Explicitly set to 'nginx'. Remove this line if using a different Ingress Controller
# or if you wish to use the cluster default.
ingressClassName: nginx
rules:
- host: rallly.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: rallly
port:
number: 80
- host: rallly.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: rallly
port:
number: 80
tls:
- hosts:
- rallly.example.com
secretName: rallly-tls
- hosts:
- rallly.example.com
secretName: rallly-tls

14
kubernetes/postgres.yaml
View File

@ -1,3 +1,4 @@
# kubernetes/postgres.yaml
apiVersion: v1
kind: Service
metadata:
@ -32,8 +33,7 @@ spec:
runAsUser: 999
containers:
- name: postgres
# Switched to 14-alpine to align with official docker-compose
image: postgres:14-alpine
image: postgres:15-alpine
securityContext:
allowPrivilegeEscalation: false
capabilities:
@ -52,9 +52,6 @@ spec:
key: POSTGRES_PASSWORD
- name: POSTGRES_DB
value: rallly
# Fix: Point PGDATA to a generic subpath to avoid mount errors (lost+found)
- name: PGDATA
value: /var/lib/postgresql/data/pgdata
ports:
- containerPort: 5432
name: postgres
@ -64,8 +61,7 @@ spec:
command:
- /bin/sh
- -c
# Uses env var and adds timeout to prevent hanging
- pg_isready -U $POSTGRES_USER -t 5
- pg_isready -U rallly
initialDelaySeconds: 30
periodSeconds: 10
readinessProbe:
@ -73,8 +69,7 @@ spec:
command:
- /bin/sh
- -c
# Uses env var and adds timeout to prevent hanging
- pg_isready -U $POSTGRES_USER -t 5
- pg_isready -U rallly
initialDelaySeconds: 10
periodSeconds: 5
volumeMounts:
@ -94,4 +89,5 @@ spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
# Note: Adjust storage size based on your data retention needs.
storage: 1Gi

20
kubernetes/rallly.yaml
View File

@ -1,3 +1,4 @@
# kubernetes/rallly.yaml
apiVersion: v1
kind: Service
metadata:
@ -37,7 +38,7 @@ spec:
runAsUser: 1000
containers:
- name: rallly
# Pinned version for stability and reproducibility
# Pinned version for stability (latest stable at time of refactoring)
image: lukevella/rallly:v4.5.4
imagePullPolicy: IfNotPresent
ports:
@ -86,6 +87,7 @@ spec:
configMapKeyRef:
name: rallly-config
key: SMTP_SECURE
# 2. Secrets (from Secret)
- name: DATABASE_URL
valueFrom:
@ -102,6 +104,19 @@ spec:
secretKeyRef:
name: rallly-secrets
key: INITIAL_ADMIN_EMAIL
# SMTP User/Password (optional usage)
# - name: SMTP_USER
# valueFrom:
# secretKeyRef:
# name: rallly-secrets
# key: SMTP_USER
# - name: SMTP_PASSWORD
# valueFrom:
# secretKeyRef:
# name: rallly-secrets
# key: SMTP_PASSWORD
resources:
limits:
cpu: "1"
@ -120,6 +135,5 @@ spec:
httpGet:
path: /
port: 3000
# Reduced delay so the pod becomes ready faster once running
initialDelaySeconds: 10
initialDelaySeconds: 30
periodSeconds: 5

3
kubernetes/secrets.yaml
View File

@ -1,7 +1,4 @@
# kubernetes/secrets.yaml
# WARNING: This file uses 'stringData' for demonstration.
# For production, DO NOT commit this file to Git.
# Use SealedSecrets, ExternalSecrets, or manually create the secret on the cluster.
apiVersion: v1
kind: Secret
metadata: