Unit 520 uses helm, specifically this chart: anance-charts/lemmy. It is well-designed and promising as the standard helm chart for lemmy.
Here is the command we use to deploy an arbitrary lemmy instance, including this one:
helm upgrade --install --namespace "${INSTANCE}" \
--create-namespace lemmy ananace-charts/lemmy \
--set image.tag=0.18.2 \
--set serverName=${INSTANCE}.${DOMAIN} \
--set ingress.className=kong \
--set config.siteName="${INSTANCE}" \
--set pictrs.securityContext.runAsUser=0 \
--set admin.username="${ADMIN_USERNAME}" \
--set postgresql.auth.password="${POSTGRES_PASS}" \
--set-string "ingress.annotations.external-dns\.alpha\.kubernetes\.io/ttl"="60" \
--set postgresql.postgresqlSharedPreloadLibraries="pg_stat_statements"
I will briefly cover the flags that might not be self explanatory:
ingress.className=kong - we use the Kong ingress controller because of its relative simplicity, with the option for advanced use cases such as KongPlugins, Consumers and other such benefits.
pictrs.securityContext.runAsUser=0 is necessary at this time because the persistentVolume for pictrs is not writable by the container. Therefore, we use this very insecure option to allow pictrs to write to local storage. A long term solution will allow us to remove this setting, but has yet to be decided upon.
postgresql.auth.password is set because we use a predictable postgresql password to further provision the database for monitoring with coroot
and finally, postgresql.postgresqlSharedPreloadLibraries="pg_stat_statements" is set because coroot needs this plugin loaded in order to produce traces for postgresql activity, allowing us to see what exactly is being slow on our lemmy’s postgresql instance.
This concludes the economy configuration for a single-user instance in Kubernetes; this costs me about $50/mo to run, and can scale (theoretically) to very high limits, which I will explore in a subsequent post entitled: Load Testing Lemmy
The end result topology looks like this (right click -> open image in new tab):
After we deploy the lemmy chart, the following charts also get deployed: lcs and mlmym, which I have not uploaded to any code repository yet. The lcs chart crawls a list of remote_instances and finds active communities, and subscribes to them. This is how my lemmy instance gets federated to major areas of the fediverse, constantly.
The mlmym chart is a deployment of this project’s docker image and provides an “old reddit” style interface. I deploy this at https://www.unit520.wtf for user friendliness, and since this interface is my preferred way to read link aggregation.
Hopefully this was interesting!