wmde · tarrow · Feb 5, 2025 · outdooracorn · Oct 30, 2025 · deer-wmde
diff --git a/skaffold/k8s/api-app-backend.yaml b/skaffold/k8s/api-app-backend.yaml
@@ -0,0 +1,219 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  annotations: {}
+  labels:
+    app.kubernetes.io/instance: api
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: api
+    app.kubernetes.io/version: "1.0"
+    argocd.argoproj.io/instance: api
+    helm.sh/chart: api-0.35.0
+  name: api-app-backend
+  namespace: default
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/component: app-backend
+      app.kubernetes.io/instance: api
+      app.kubernetes.io/name: api
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/component: app-backend
+        app.kubernetes.io/instance: api
+        app.kubernetes.io/name: api
+    spec:
+      containers:
+      - env:
+        - name: CONTAINER_ROLE
+          value: app
+        - name: ROUTES_LOAD_WEB
+          value: "0"
+        - name: ROUTES_LOAD_BACKEND
+          value: "1"
+        - name: APP_NAME
+          value: WBaaS Localhost
+        - name: APP_ENV
+          value: local
+        - name: APP_KEY
+          valueFrom:
+            secretKeyRef:
+              key: api-app-key
+              name: api-app-secrets
+        - name: APP_DEBUG
+          value: "true"
+        - name: APP_URL
+          value: https://www.wbaas.dev
+        - name: APP_TIMEZONE
+          value: UTC
+        - name: WBSTACK_SUBDOMAIN_SUFFIX
+          value: .wbaas.dev
+        - name: WBSTACK_UI_URL
+          value: https://wbaas.dev
+        - name: WBSTACK_WIKI_DB_PROVISION_VERSION
+          value: mw1.43-wbs1
+        - name: WBSTACK_WIKI_DB_USE_VERSION
+          value: mw1.43-wbs1
+        - name: WBSTACK_SUMMARY_CREATION_RATE_RANGES
+          value: PT24H,P30D
+        - name: WBSTACK_SIGNUP_THROTTLING_LIMIT
+          value: "20"
+        - name: WBSTACK_SIGNUP_THROTTLING_RANGE
+          value: PT24H
+        - name: WBSTACK_QS_BATCH_PENDING_TIMEOUT
+          value: PT300S
+        - name: WBSTACK_QS_BATCH_MARK_FAILED_AFTER
+          value: "3"
+        - name: WBSTACK_CONTACT_MAIL_RECIPIENT
+          value: [email protected]
+        - name: WBSTACK_CONTACT_MAIL_SENDER
+          value: contact-<subject>@wbaas.dev
+        - name: WBSTACK_COMPLAINT_MAIL_RECIPIENT
+          value: [email protected]
+        - name: WBSTACK_COMPLAINT_MAIL_SENDER
+          value: [email protected]
+        - name: WBSTACK_ELASTICSEARCH_ENABLED_BY_DEFAULT
+          value: "true"
+        - name: TRUSTED_PROXY_PROXIES
+          value: '*'
+        - name: ELASTICSEARCH_SHARED_INDEX_HOST
+          value: elasticsearch-2.default.svc.cluster.local:9200
+        - name: ELASTICSEARCH_SHARED_INDEX_PREFIX
+          value: wiki_1
+        - name: QUERY_SERVICE_HOST
+          value: queryservice.default.svc.cluster.local:9999
+        - name: PLATFORM_MW_BACKEND_HOST
+          value: mediawiki-143-app-backend.default.svc.cluster.local
+        - name: REDIS_HOST
+          value: redis-master.default.svc.cluster.local
+        - name: REDIS_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              key: password
+              name: redis-password
+        - name: REDIS_PORT
+          value: "6379"
+        - name: REDIS_DB
+          value: "2"
+        - name: REDIS_CACHE_DB
+          value: "3"
+        - name: REDIS_PREFIX
+          value: wikibase_dev_api
+        - name: MAIL_MAILER
+          value: smtp
+        - name: MAILGUN_DOMAIN
+          value: sandbox111.mailgun.org
+        - name: MAILGUN_SECRET
+          value: abc123
+        - name: MAIL_FROM_ADDRESS
+          value: [email protected]
+        - name: MAIL_FROM_NAME
+          value: Wikibase-dev
+        - name: MAIL_HOST
+          value: mailhog
+        - name: MAIL_PORT
+          value: "1025"
+        - name: MAIL_ENCRYPTION
+          value: null
+        - name: MAIL_USERNAME
+        - name: MAIL_PASSWORD
+        - name: GOOGLE_CLOUD_PROJECT_ID
+          value: something
+        - name: GOOGLE_CLOUD_STORAGE_BUCKET
+          valueFrom:
+            configMapKeyRef:
+              key: gcs_api_static_bucket_name
+              name: storage-bucket
+              optional: true
+        - name: GOOGLE_CLOUD_STORAGE_KEY_FILE
+          value: /var/run/secret/cloud.google.com/key.json
+        - name: LOG_CHANNEL
+          value: stderr
+        - name: LOG_LEVEL
+          value: debug
+        - name: STACKDRIVER_ENABLED
+          value: "false"
+        - name: STACKDRIVER_PROJECT_ID
+          value: something
+        - name: STACKDRIVER_LOGGING_ENABLED
+          value: "false"
+        - name: STACKDRIVER_TRACING_ENABLED
+          value: "false"
+        - name: STACKDRIVER_ERROR_REPORTING_ENABLED
+          value: "true"
+        - name: STACKDRIVER_KEY_FILE_PATH
+          value: /var/run/secret/cloud.google.com/key.json
+        - name: STACKDRIVER_ERROR_REPORTING_BATCH_ENABLED
+          value: "false"
+        - name: STACKDRIVER_LOGGING_BATCH_ENABLED
+          value: "false"
+        - name: CACHE_DRIVER
+          value: redis
+        - name: QUEUE_CONNECTION
+          value: redis
+        - name: JWT_SECRET
+          valueFrom:
+            secretKeyRef:
+              key: api-app-jwt-secret
+              name: api-app-secrets
+        - name: DB_CONNECTION
+          value: mysql
+        - name: DB_HOST_READ
+          value: sql-mariadb-secondary.default.svc.cluster.local
+        - name: DB_HOST_WRITE
+          value: sql-mariadb-primary.default.svc.cluster.local
+        - name: DB_PORT
+          value: "3306"
+        - name: DB_DATABASE
+          value: apidb
+        - name: DB_USERNAME
+          value: apiuser
+        - name: DB_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              key: SQL_INIT_PASSWORD_API
+              name: sql-secrets-init-passwords
+        - name: PASSPORT_PUBLIC_KEY
+          valueFrom:
+            secretKeyRef:
+              key: oauth-public.key
+              name: api-passport-keys
+        - name: PASSPORT_PRIVATE_KEY
+          valueFrom:
+            secretKeyRef:
+              key: oauth-private.key
+              name: api-passport-keys
+        image: ghcr.io/wbstack/api:10x.18.2
+        imagePullPolicy: IfNotPresent
+        livenessProbe:
+          failureThreshold: 3
+          httpGet:
+            path: /backend/healthz
+            port: http
+          initialDelaySeconds: 10
+          periodSeconds: 10
+          successThreshold: 1
+          timeoutSeconds: 2
+        name: api-backend
+        ports:
+        - containerPort: 80
+          name: http
+          protocol: TCP
+        readinessProbe:
+          failureThreshold: 3
+          httpGet:
+            path: /backend/healthz
+            port: http
+          initialDelaySeconds: 10
+          periodSeconds: 10
+          successThreshold: 1
+          timeoutSeconds: 2
+        resources:
+          limits:
+            cpu: 1000m
+            memory: 600Mi
+          requests:
+            cpu: 200m
+            memory: 300Mi