Production ready Docker image for Kubernetes

[OlafRadicke]

Hi, the Docker image is currently not production ready on Kubernetes. From my point of view, the following would have to be adapted:

1. The image must be rootless
2. Only one process may run in the inage
3. The initialization should be outsourced to init container (instead of entrypoint-script)
4. The location where the application is located should be separated from the configurations and also from other dynamic files.
5. Friendica should already be installed IN the IMAGE and not be downloaded at runtime. This is the only way to check which version is being used. This in turn is the prerequisite for reproducibility. This in turn is required for a controlled rollback.

I already have experience with writing Helm charts and Docker images. But I don't know PHP and Friendica well enough to know if I would need help.

Is there a general interest in supporting Friendica for Kubernetes?

[ne20002]

Hi, help is always welcome.
I'm not sure if Friendica is able to fulfill all of your points based on how php works.
The image build setup seems to be based on how the Nextcloud community image is build and it is a common procedure for php based systems. But a few updates seem to be necessary.
For the moment I started to look a bit deeper into the build process to update it, upgrade the dependencies and base image versions just to catch up and maybe then improve the process. My first thought was starting with enabling the image to be able to run in read-only mode.
I'm obviously not a Docker expert (I'm running my system with Podman) but I take this as an opportunity to improve my Docker skills.