Skip to content

Instantly share code, notes, and snippets.

@clementnuss

clementnuss/README.md

Created February 14, 2024 11:45
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save clementnuss/e92294a677b268a28a45e0ad29b56b20 to your computer and use it in GitHub Desktop.
Save clementnuss/e92294a677b268a28a45e0ad29b56b20 to your computer and use it in GitHub Desktop.
Download ZIP
asciinema-server Kubernetes deployment
Raw
README.md
Raw
deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: asciinema
spec:
selector:
matchLabels:
app: asciinema
revisionHistoryLimit: 3
template:
metadata:
labels:
app: asciinema
spec:
containers:
- name: asciinema
image: ghcr.io/asciinema/asciinema-server:latest
resources:
limits:
memory: "1Gi"
envFrom:
- secretRef:
name: env-asciinema
readinessProbe:
failureThreshold: 5
httpGet:
path: /
port: 4000
- name: nginx
image: nginx:latest
ports:
- containerPort: 8080
readinessProbe:
failureThreshold: 5
httpGet:
path: /
port: 8080
resources:
limits:
memory: "128Mi"
volumeMounts:
- name: nginx-conf
mountPath: /etc/nginx/conf.d/
volumes:
- name: nginx-conf
configMap:
name: nginx-conf
items:
- key: asciinema.conf
path: asciinema.conf
Raw
nginx-config.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-conf
data:
asciinema.conf: |-
# asciicast cache
proxy_cache_path /var/cache/nginx/cast levels=1:2 keys_zone=cast_cache:100m
max_size=10g inactive=180d use_temp_path=off;
resolver kube-dns.kube-system.svc.cluster.local;
server {
listen 8080;
location / {
proxy_pass http://localhost:4000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ ^/_proxy/asciicasts/(.+) {
internal;
set $redirect_uri "$upstream_http_redirect_uri";
set $cache_key "$1";
proxy_cache cast_cache;
proxy_cache_key $cache_key;
proxy_cache_lock on;
proxy_cache_revalidate on;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_valid 200 304 180d;
gunzip on;
proxy_set_header Connection "";
proxy_hide_header x-amz-id-2;
proxy_hide_header x-amz-version-id;
proxy_hide_header x-amz-request-id;
proxy_hide_header x-amz-meta-server-side-encryption;
proxy_hide_header x-amz-server-side-encryption;
proxy_hide_header x-amz-replication-status;
proxy_hide_header Set-Cookie;
proxy_ignore_headers Set-Cookie;
proxy_intercept_errors on;
add_header X-Cache-Status $upstream_cache_status;
add_header access-control-allow-origin "*";
proxy_pass $redirect_uri;
}
}
Raw
secret.yaml
---
apiVersion: v1
kind: Secret
metadata:
name: asciinema-credentials
stringData:
DATABASE_URL: postgresql://asciinema:password@postgres:5439/asciinema
S3_ACCESS_KEY_ID: 00de5a2ef2ee551c1331
S3_SECRET_ACCESS_KEY: fH1HsW/R6nm12NXrqdTZINLHt0vbBJqcUY2YoNtW
S3_BUCKET: asciinema
S3_ENDPOINT: https://your-s3-endpoint.tld
S3_REGION: auto
S3_PROXY_ENABLED: "true" # permits doing the S3 queries from the pod
SECRET_KEY_BASE: 64charsstring
SMTP_FROM_ADDRESS: noreploy@yourdomain.tld
SMTP_HOST: smtp.yourdomain.tld
SMTP_PORT: "465"
SMTP_REPLY_TO_ADDRESS: noreply@yourdomain.tld
URL_HOST: asciinema.yourdomain.tld
URL_PORT: "443"
URL_SCHEME: https
Raw
service+ingress.yaml
apiVersion: v1
kind: Service
metadata:
name: asciinema
spec:
selector:
app: asciinema
ports:
- port: 8080
targetPort: 8080
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: asciinema
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: 'true'
spec:
ingressClassName: nginx
rules:
- host: asciinema.yourdomain.tld
http:
paths:
- backend:
service:
name: asciinema
port:
number: 8080
path: /
pathType: Prefix
tls:
- hosts:
- asciinema.yourdomain.tld
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment