The 2024 edition of How I deploy my Telegram bot

It has been a good 600 days since I last wrote about deploying @SuperSeriousBot. There are now about 8,000 users.

Not a lot has changed since the last update regarding comittting the code and building it. I still use semantic-release to manage releases and Docker to build the project. However, I have migrated away from Nomad to k3s for deployment.

Building

• I now use my own self-hosted ARM runner for GitHub actions. I can now finally build the arm64 Docker image in a reasonable amount of time!
• Like before, GitHub Actions then publish the Docker images to ghcr.io with the :latest tag

Deploying

I now use k3s to deploy @SuperSeriousBot. It’s a stripped down Kubernetes distribution that runs off of a single binary. I liked it enough to migrate most of my projects off of systemd and Nomad to k3s (I blame Katia). If you’re curious you can check out my k3s setup.

The manifest for @SuperSeriousBot can be found here.

What I like about k3s:

• Setting it up was a breeze. It’s a single binary that you can run with a few flags
• kubeseal lets me commit secrets to the repository in an encrypted format. This is probably my favourite feature:

$ kubeseal --format=yaml < unsealed-secrets/superseriousbot.yaml > superseriousbot/base/secrets.yaml

• kubernetes-dashboard is awesome
• Full compatibility with kubectl lets me use tools like k9s and kubectx
• BIG fan of automatic TLS with cert-manager and nginx-ingress:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: superseriousbot
  annotations:
    nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
    nginx.ingress.kubernetes.io/proxy-send-timeout: "300"
    kubernetes.io/ingress.class: nginx
    cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
  rules:
  - host: superseriousbot.superserio.us
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: superseriousbot
            port:
              number: 4242
  tls:
  - hosts:
    - superseriousbot.superserio.us
    secretName: superseriousbot-tls

…plus a few more goodies that I might put in a separate post.

What I miss from Nomad:

• Integrated templating with consul-template (but you need to install consul)
• HCL >>> YAML
• Ability to schedule non-Docker workloads

But all in all, I think I’m leaning a bit more towards k3s for now. Not enough to start a migration at work though ;)

Conclusion

Lately I’ve been tinkering more with deploying the bot rather than the bot itself. I need to trim the fat, remove unused commands, rip out some dependencies and profile the random delays that have been creeping in. But that’s a story for another day.

Wishlist

• Use Litestream / Turso for backups

  I actually lost a few days of data due to accidentally deleting the pvc that stored the SQLite database.

• Python 3.12

• A feature that uses Telegram’s Web Apps