Remark42

Deploy with Kubernetes

Using Helm

Use remark42 Helm chart.

Without Helm

Here's the sample manifest for running remark42 on Hetzner Cloud:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: remark42
  namespace: remark42
  labels:
    app: remark42
spec:
  replicas: 1
  selector:
    matchLabels:
      app: remark42
  strategy:
    type: Recreate
  template:
    metadata:
      namespace: remark42
      labels:
        app: remark42
    spec:
      containers:
        - name: remark42
          image: umputun/remark42:v1.8.1
          ports:
            # http:
            - containerPort: 8080
          env:
            - name: REMARK_URL
              value: "https://remark42.mysite.com/"
            - name: "SITE"
              value: "mysite.com"
            - name: SECRET
              valueFrom:
                secretKeyRef:
                  name: remark42
                  key: SECRET
            - name: AUTH_GOOGLE_CID
              valueFrom:
                secretKeyRef:
                  name: remark42
                  key: AUTH_GOOGLE_CID
            - name: AUTH_GOOGLE_CSEC
              valueFrom:
                secretKeyRef:
                  name: remark42
                  key: AUTH_GOOGLE_CSEC
            - name: AUTH_GITHUB_CID
              valueFrom:
                secretKeyRef:
                  name: remark42
                  key: AUTH_GITHUB_CID
            - name: AUTH_GITHUB_CSEC
              valueFrom:
                secretKeyRef:
                  name: remark42
                  key: AUTH_GITHUB_CSEC
            - name: ADMIN_SHARED_ID
              value: "google_b182b5daa0004104b348d9bde762b1880ed9d98d"
            - name: TIME_ZONE
              value: "Europe/Dublin"
          volumeMounts:
            - name: srvvar
              mountPath: /srv/var
          securityContext:
            readOnlyRootFilesystem: false
          resources:
            requests:
              cpu: "100m"
              memory: "25Mi"
            limits:
              cpu: "1"
              memory: "1Gi"
      securityContext:
        # Has its own root privilege drop. Can't do runAsUser / runAsGroup.
      volumes:
        - name: srvvar
          persistentVolumeClaim:
            claimName: remark42
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: remark42
  namespace: remark42
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 10Gi
  storageClassName: hcloud-volumes
---
apiVersion: v1
kind: Service
metadata:
  name: remark42-web
  namespace: remark42
spec:
  selector:
    app: remark42
  ports:
    - name: http
      protocol: TCP
      port: 8080
      targetPort: 8080
---
# TODO: switch to networking.k8s.io/v1
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: remark42-ingress
  namespace: remark42
  annotations:
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    cert-manager.io/cluster-issuer: "letsencrypt-prod"
spec:
  tls:
    - hosts:
        - remark42.mysite.com
      secretName: comments-tls
  rules:
    - host: "remark42.mysite.com"
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              serviceName: remark42-web
              servicePort: 8080

Change storageClassName if you run on top of different cloud / bare metal.

This example assumes there is Nginx Ingress with a cert-manager already set up.
Adjust if you use different Ingress.

In addition you'd need to define secrets, e.g.

apiVersion: v1
kind: Secret
metadata:
  name: remark42
  namespace: remark42
stringData:
  SECRET: <changeme>
  AUTH_GOOGLE_CID: <changeme>.apps.googleusercontent.com
  AUTH_GOOGLE_CSEC: <changeme>
  AUTH_GITHUB_CID: <changeme>
  AUTH_GITHUB_CSEC: <changeme>

Some more information (and comments!) may be found
here.