firefly-iii: Deploy Firefly III

[Firefly III][0] is a free and open source, web-based personal finance management application. It features a double-entry bookkeeping system for tracking transactions, plus other classification options like budgets, categories, and tags. It has a rule engine that can automatically manipulate transactions, plus several other really useful features. The application itself is mostly standard browser-based GUI written in PHP. There is an official container image, though it is not particularly well designed and must be run as root (it does drop privileges before launching the actual application, thankfully). I may decide to create a better image later. Along with the main application, there is a separate tool for importing transactions from a CSV file. Its design is rather interesting: though it is a web-based application, it does not have any authentication or user management, but uses a user API key to access the main Firefly III application. This effectively requires us to have one instance of the importer per user. While not ideal, it isn't particularly problematic since there are only two of us (and Tabitha may not even end up using it; she seems to like YNAB). [0]: https://www.firefly-iii.org/
2023-04-30 22:04:12 -05:00
parent ffffe9d3c8
commit 5d5b69a629
11 changed files with 583 additions and 0 deletions
--- a/firefly-iii/firefly-iii.yaml
+++ b/firefly-iii/firefly-iii.yaml
@@ -0,0 +1,149 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: firefly-iii
+
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  labels:
+    app.kubernetes.io/component: firefly-iii
+    app.kubernetes.io/instance: firefly-iii
+    app.kubernetes.io/name: firefly-iii
+    app.kubernetes.io/part-of: firefly-iii
+  name: firefly-iii
+spec:
+  accessModes:
+  - ReadWriteMany
+  resources:
+    requests:
+      storage: 2Gi
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/component: firefly-iii
+    app.kubernetes.io/instance: firefly-iii
+    app.kubernetes.io/name: firefly-iii
+    app.kubernetes.io/part-of: firefly-iii
+  name: firefly-iii
+spec:
+  ports:
+  - port: 8080
+    name: http
+  selector:
+    app.kubernetes.io/component: firefly-iii
+    app.kubernetes.io/instance: firefly-iii
+    app.kubernetes.io/name: firefly-iii
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/component: firefly-iii
+    app.kubernetes.io/instance: firefly-iii
+    app.kubernetes.io/name: firefly-iii
+    app.kubernetes.io/part-of: firefly-iii
+  name: firefly-iii
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/component: firefly-iii
+      app.kubernetes.io/instance: firefly-iii
+      app.kubernetes.io/name: firefly-iii
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/component: firefly-iii
+        app.kubernetes.io/instance: firefly-iii
+        app.kubernetes.io/name: firefly-iii
+        app.kubernetes.io/part-of: firefly-iii
+    spec:
+      containers:
+      - name: firefly-iii
+        image: docker.io/fireflyiii/core:version-6.0.8
+        envFrom:
+        - configMapRef:
+            name: firefly-iii
+            optional: true
+        env:
+        - name: APP_KEY_FILE
+          value: /run/secrets/firefly-iii/app.key
+        - name: DB_PASSWORD_FILE
+          value: /run/secrets/firefly-iii/db.password
+        - name: STATIC_CRON_TOKEN_FILE
+          value: /run/secrets/firefly-iii/cron.token
+        ports:
+        - containerPort: 8080
+          name: http
+        readinessProbe:
+          httpGet:
+            port: 8080
+            path: /health
+          failureThreshold: 3
+          periodSeconds: 60
+          successThreshold: 1
+          timeoutSeconds: 1
+        startupProbe:
+          httpGet:
+            port: 8080
+            path: /health
+          failureThreshold: 30
+          periodSeconds: 3
+          initialDelaySeconds: 3
+          successThreshold: 1
+          timeoutSeconds: 1
+        volumeMounts:
+        - name: firefly-iii-secrets
+          mountPath: /run/secrets/firefly-iii
+          readOnly: true
+        - name: firefly-iii-data
+          mountPath: /var/www/html/storage/upload
+          subPath: upload
+      securityContext:
+        fsGroup: 33
+      volumes:
+      - name: firefly-iii-secrets
+        secret:
+          secretName: firefly-iii
+          defaultMode: 0440
+      - name: firefly-iii-data
+        persistentVolumeClaim:
+          claimName: firefly-iii
+
+---
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: firefly-iii
+spec:
+  timeZone: America/Chicago
+  schedule: '0 3 * * *'
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          containers:
+          - image: docker.io/library/busybox
+            name: wget
+            command:
+            - wget
+            args:
+            - http://$(FIREFLY_III_SERVICE_HOST):$(FIREFLY_III_SERVICE_PORT)/api/v1/cron/$(STATIC_CRON_TOKEN)
+            - -O
+            - /dev/null
+            env:
+            - name: STATIC_CRON_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: firefly-iii
+                  key: cron.token
+          securityContext:
+            runAsGroup: 1000
+            runAsNonRoot: true
+            runAsUser: 1000
+          restartPolicy: Never