kubernetes/firefly-iii/firefly-iii.yaml

apiVersion: v1
kind: Namespace
metadata:
  name: firefly-iii

---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  labels:
    app.kubernetes.io/component: firefly-iii
    app.kubernetes.io/instance: firefly-iii
    app.kubernetes.io/name: firefly-iii
    app.kubernetes.io/part-of: firefly-iii
  name: firefly-iii
spec:
  accessModes:
  - ReadWriteMany
  resources:
    requests:
      storage: 2Gi

---
apiVersion: v1
kind: Service
metadata:
  labels:
    app.kubernetes.io/component: firefly-iii
    app.kubernetes.io/instance: firefly-iii
    app.kubernetes.io/name: firefly-iii
    app.kubernetes.io/part-of: firefly-iii
  name: firefly-iii
spec:
  ports:
  - port: 8080
    name: http
  selector:
    app.kubernetes.io/component: firefly-iii
    app.kubernetes.io/instance: firefly-iii
    app.kubernetes.io/name: firefly-iii

---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app.kubernetes.io/component: firefly-iii
    app.kubernetes.io/instance: firefly-iii
    app.kubernetes.io/name: firefly-iii
    app.kubernetes.io/part-of: firefly-iii
  name: firefly-iii
spec:
  selector:
    matchLabels:
      app.kubernetes.io/component: firefly-iii
      app.kubernetes.io/instance: firefly-iii
      app.kubernetes.io/name: firefly-iii
  template:
    metadata:
      labels:
        app.kubernetes.io/component: firefly-iii
        app.kubernetes.io/instance: firefly-iii
        app.kubernetes.io/name: firefly-iii
        app.kubernetes.io/part-of: firefly-iii
    spec:
      containers:
      - name: firefly-iii
        image: docker.io/fireflyiii/core:version-6.0.19
        imagePullPolicy: IfNotPresent
        envFrom:
        - configMapRef:
            name: firefly-iii
            optional: true
        env:
        - name: APP_KEY_FILE
          value: /run/secrets/firefly-iii/app.key
        - name: STATIC_CRON_TOKEN_FILE
          value: /run/secrets/firefly-iii/cron.token
        ports:
        - containerPort: 8080
          name: http
        readinessProbe:
          httpGet:
            port: 8080
            path: /health
          failureThreshold: 3
          periodSeconds: 60
          successThreshold: 1
          timeoutSeconds: 1
        startupProbe:
          httpGet:
            port: 8080
            path: /health
          failureThreshold: 30
          periodSeconds: 3
          initialDelaySeconds: 3
          successThreshold: 1
          timeoutSeconds: 1
        volumeMounts:
        - name: firefly-iii-secrets
          mountPath: /run/secrets/firefly-iii
          readOnly: true
        - name: firefly-iii-data
          mountPath: /var/www/html/storage/upload
          subPath: upload
      securityContext:
        fsGroup: 33
      volumes:
      - name: firefly-iii-secrets
        secret:
          secretName: firefly-iii
          defaultMode: 0440
      - name: firefly-iii-data
        persistentVolumeClaim:
          claimName: firefly-iii

---
apiVersion: batch/v1
kind: CronJob
metadata:
  name: firefly-iii
spec:
  timeZone: America/Chicago
  schedule: '0 3 * * *'
  jobTemplate:
    spec:
      template:
        spec:
          containers:
          - image: docker.io/library/busybox
            imagePullPolicy: IfNotPresent
            name: wget
            command:
            - wget
            args:
            - http://$(FIREFLY_III_SERVICE_HOST):$(FIREFLY_III_SERVICE_PORT)/api/v1/cron/$(STATIC_CRON_TOKEN)
            - -O
            - /dev/null
            env:
            - name: STATIC_CRON_TOKEN
              valueFrom:
                secretKeyRef:
                  name: firefly-iii
                  key: cron.token
          securityContext:
            runAsGroup: 1000
            runAsNonRoot: true
            runAsUser: 1000
          restartPolicy: Never