Kubernetes

HitKeep requires Persistent Storage for the database file. We recommend using a StatefulSet to ensure the persistent volume claim (PVC) stays attached to the pod.

Note

An official Helm Chart with Clustering support is planned for v2.0.0.

Minimal Manifest

This configuration uses a K8s Secret for the JWT key to ensure security.

Save this as hitkeep.yaml:

apiVersion: v1
kind: Secret
metadata:
  name: hitkeep-secrets
type: Opaque
stringData:
  # Change this to a real random string
  jwt-secret: "change-me-in-production-to-something-long"
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: hitkeep-pvc
spec:
  accessModes: [ "ReadWriteOnce" ]
  resources:
    requests:
      storage: 10Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: hitkeep
  labels:
    app: hitkeep
spec:
  replicas: 1
  selector:
    matchLabels:
      app: hitkeep
  template:
    metadata:
      labels:
        app: hitkeep
    spec:
      containers:
      - name: hitkeep
        image: ghcr.io/pascalebeier/hitkeep:latest
        ports:
        - containerPort: 8080
        # Inject sensitive data via Environment Variables
        env:
          - name: HITKEEP_JWT_SECRET
            valueFrom:
              secretKeyRef:
                name: hitkeep-secrets
                key: jwt-secret
        # Use args for non-sensitive configuration
        args:
          - "-public-url=https://analytics.example.com"
        volumeMounts:
        - mountPath: /var/lib/hitkeep/data
          name: data
      volumes:
      - name: data
        persistentVolumeClaim:
          claimName: hitkeep-pvc
---
apiVersion: v1
kind: Service
metadata:
  name: hitkeep
spec:
  selector:
    app: hitkeep
  ports:
    - protocol: TCP
      port: 80
      targetPort: 8080