commit 5aa06485defdc08d8c8a1d21175b5aed25c95fc5
Author: Andrew Godwin <andrew@aeracode.org>
Date:   Tue Dec 6 13:14:15 2022 -0700

    Add initial kubernetes example

diff --git a/kubernetes/README.md b/kubernetes/README.md
new file mode 100644
index 0000000..8168ecb
--- /dev/null
+++ b/kubernetes/README.md
@@ -0,0 +1,34 @@
+Kubernetes Example
+==================
+
+This uses plain Kubernetes manifests to configure and run a Deployment for the
+webserver, one for Stator (our background worker), an ingress system using
+Traefik, and a migrate job that you can run on demand.
+
+To use it, you will first need to create a secret:
+
+```bash
+kubectl create secret generic takahe-secrets --from-literal=TAKAHE_SECRET_KEY=mysecretkey --from-literal=PGPASSWORD=mypassword --from-literal=TAKAHE_EMAIL_SERVER="smtp://..."
+```
+
+Then, adjust the contents of `configmap.yaml` to match your settings (you
+can add and update all environment variables in here as needed).
+
+Then, adjust the ingress options in `webserver.yaml` to match your ingress controller
+and your chosen domain.
+
+Then, deploy the core pieces:
+
+```bash
+kubectl apply -f configmap.yaml
+kubectl apply -f traefik.yaml
+kubectl apply -f webserver.yaml
+kubectl apply -f stator.yaml
+```
+
+Then, run the migrations (you should do this whenever an upgrade has migrations
+too):
+
+```bash
+kubectl apply -f migrate.yaml
+```
diff --git a/kubernetes/configmap.yaml b/kubernetes/configmap.yaml
new file mode 100644
index 0000000..4120c30
--- /dev/null
+++ b/kubernetes/configmap.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: takahe-config
+data:
+  PGHOST: "my-postgres-hostname"
+  PGUSER: takahe
+  PGDATABASE: takahe
+  TAKAHE_MEDIA_BACKEND: "s3:///mybucket"
+  TAKAHE_MAIN_DOMAIN: example.com
+  TAKAHE_EMAIL_FROM: noreply@example.com
+  TAKAHE_USE_PROXY_HEADERS: "true"
diff --git a/kubernetes/migrate.yaml b/kubernetes/migrate.yaml
new file mode 100644
index 0000000..9407b5e
--- /dev/null
+++ b/kubernetes/migrate.yaml
@@ -0,0 +1,25 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: migrate
+spec:
+  ttlSecondsAfterFinished: 120
+  template:
+    spec:
+      restartPolicy: Never
+      containers:
+        - name: webserver
+          image: jointakahe/takahe:0.5
+          args: ["python3", "manage.py", "migrate"]
+          ports:
+            - containerPort: 8000
+          envFrom:
+            - configMapRef:
+                name: takahe-config
+            - secretRef:
+                name: takahe-secrets
+          resources:
+            requests:
+              memory: "1024Mi"
+            limits:
+              memory: "1024Mi"
diff --git a/kubernetes/stator.yaml b/kubernetes/stator.yaml
new file mode 100644
index 0000000..a4570f6
--- /dev/null
+++ b/kubernetes/stator.yaml
@@ -0,0 +1,31 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: stator
+spec:
+  selector:
+    matchLabels:
+      run: stator
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        run: stator
+    spec:
+      containers:
+        - name: stator
+          image: jointakahe/takahe:0.5
+          args:
+            - python3
+            - manage.py
+            - runstator
+          envFrom:
+            - configMapRef:
+                name: takahe-config
+            - secretRef:
+                name: takahe-secrets
+          resources:
+            requests:
+              memory: "512Mi"
+            limits:
+              memory: "1024Mi"
diff --git a/kubernetes/webserver.yaml b/kubernetes/webserver.yaml
new file mode 100644
index 0000000..78a9cc1
--- /dev/null
+++ b/kubernetes/webserver.yaml
@@ -0,0 +1,97 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: webserver
+spec:
+  selector:
+    matchLabels:
+      run: webserver
+  replicas: 2
+  template:
+    metadata:
+      labels:
+        run: webserver
+    spec:
+      containers:
+        - name: webserver
+          image: jointakahe/takahe:0.5
+          args:
+            - "gunicorn"
+            - "takahe.wsgi:application"
+            - "-w"
+            - "6"
+            - "-b"
+            - "0.0.0.0:8000"
+          ports:
+            - containerPort: 8000
+          envFrom:
+            - configMapRef:
+                name: takahe-config
+            - secretRef:
+                name: takahe-secrets
+          resources:
+            requests:
+              memory: "1024Mi"
+            limits:
+              memory: "1024Mi"
+          livenessProbe:
+            httpGet:
+              path: /
+              port: 8000
+            periodSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /
+              port: 8000
+            initialDelaySeconds: 5
+            periodSeconds: 5
+          startupProbe:
+            httpGet:
+              path: /
+              port: 8000
+            initialDelaySeconds: 2
+            failureThreshold: 30
+            periodSeconds: 2
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: webserver
+  labels:
+    run: webserver
+spec:
+  ports:
+    - port: 80
+      targetPort: 8000
+      name: web
+  selector:
+    run: webserver
+
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: webserver
+spec:
+  rules:
+    - host: example.com
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: webserver
+                port:
+                  name: web
+    - host: "*.example.com"
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: webserver
+                port:
+                  name: web