add affine

deploy/affine/deployment.yaml

@@ -0,0 +1,105 @@
+# --------------------------------------------------------------------
+# 5a) Job: affine-migration (runs once at startup to initialize the DB)
+# --------------------------------------------------------------------
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: affine-migration
+  namespace: affine
+spec:
+  backoffLimit: 2
+  template:
+    metadata:
+      labels:
+        job: affine-migration
+    spec:
+      restartPolicy: OnFailure
+      containers:
+        - name: affine-migrate
+          image: ghcr.io/toeverything/affine-graphql:${AFFINE_REVISION:-stable}
+          command: ["sh", "-c", "node ./scripts/self-host-predeploy.js"]
+          env:
+            - name: REDIS_SERVER_HOST
+              value: "redis-lb.redis.svc.cluster.local:6379"
+            - name: DATABASE_URL
+              value: >-
+                postgresql://$(DB_USERNAME):$(DB_PASSWORD)@postgres-base-rw.postgres.svc.cluster.local:5432/$(DB_DATABASE)
+          envFrom:
+            - secretRef:
+                name: affine-db-secret
+          volumeMounts:
+            - name: affine-storage
+              mountPath: /root/.affine/storage
+            - name: affine-config
+              mountPath: /root/.affine/config
+      volumes:
+        - name: affine-storage
+          persistentVolumeClaim:
+            claimName: affine-storage-pvc
+        - name: affine-config
+          persistentVolumeClaim:
+            claimName: affine-config-pvc
+
+---
+# --------------------------------------------------------------------
+# 5b) Deployment: affine-server (serves HTTP on port 3010)
+# --------------------------------------------------------------------
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: affine-server
+  namespace: affine
+  labels:
+    app: affine-server
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: affine-server
+  template:
+    metadata:
+      labels:
+        app: affine-server
+    spec:
+      containers:
+        - name: affine
+          image: ghcr.io/toeverything/affine-graphql:${AFFINE_REVISION:-stable}
+          ports:
+            - containerPort: 3010
+              name: http
+          env:
+            - name: REDIS_SERVER_HOST
+              value: "redis-lb.redis.svc.cluster.local:6379"
+            - name: DATABASE_URL
+              value: >-
+                postgresql://$(DB_USERNAME):$(DB_PASSWORD)@postgres-base-rw.postgres.svc.cluster.local:5432/$(DB_DATABASE)
+            - name: AFFINE_SERVER_EXTERNAL_URL
+              value: "https://affine.prod.panic.haus"
+          envFrom:
+            - secretRef:
+                name: affine-db-secret
+          readinessProbe:
+            # If Affine supports an HTTP health endpoint, replace “/health” with the actual path.
+            httpGet:
+              path: /health
+              port: 3010
+            initialDelaySeconds: 10
+            periodSeconds: 10
+          livenessProbe:
+            httpGet:
+              path: /health
+              port: 3010
+            initialDelaySeconds: 30
+            periodSeconds: 20
+          volumeMounts:
+            - name: affine-storage
+              mountPath: /root/.affine/storage
+            - name: affine-config
+              mountPath: /root/.affine/config
+      volumes:
+        - name: affine-storage
+          persistentVolumeClaim:
+            claimName: affine-storage-pvc
+        - name: affine-config
+          persistentVolumeClaim:
+            claimName: affine-config-pvc

deploy/affine/ingress.yaml

@@ -0,0 +1,27 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: affine-ingress
+  namespace: affine
+  annotations:
+    # (If you’re using cert-manager + Let’s Encrypt)
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/proxy-body-size: "50m"
+spec:
+  ingressClassName: nginx
+  tls:
+    - hosts:
+        - affine.prod.panic.haus      # ← replace with your desired Affine hostname
+      secretName: affine-tls          # ← must match an existing TLS Secret for that host
+  rules:
+    - host: affine.prod.panic.haus   # ← change to whatever subdomain you choose
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: affine-server
+                port:
+                  number: 3010

deploy/affine/kustomization.yaml

@@ -0,0 +1,11 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: affine
+
+resources:
+  - secret.yaml
+  - pvc.yaml
+  - service.yaml
+  - deployment.yaml
+  - ingress.yaml

deploy/affine/pvc.yaml

@@ -0,0 +1,28 @@
+# 3a) PVC for Affine’s upload storage (~/root/.affine/storage)
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: affine-storage-pvc
+  namespace: affine
+spec:
+  storageClassName: longhorn
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 10Gi
+
+---
+# 3b) PVC for Affine’s config (~/root/.affine/config)
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: affine-config-pvc
+  namespace: affine
+spec:
+  storageClassName: longhorn
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi

deploy/affine/secret.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: affine-db-secret
+  namespace: affine
+stringData:
+  # Database credentials for Affine
+  DB_USERNAME: "affine"
+  DB_PASSWORD: "tqMB9UjJ7GZrWnux4sJ9nDPR4xQLq6Vz"
+  DB_DATABASE: "affine_db"

deploy/affine/service.yaml

@@ -0,0 +1,15 @@
+# This Service exposes Affine on port 3010 within the cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: affine-server
+  namespace: affine
+spec:
+  selector:
+    app: affine-server
+  ports:
+    - name: http
+      port: 3010
+      targetPort: 3010
+      protocol: TCP
+  type: ClusterIP