Undercloud/k8s-apps
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

more apps

Browse Source
This commit is contained in:
Gitea Root Administrator
2026-04-02 11:20:37 +00:00
parent b82e4c07d6
commit a9b8cc573d
4 changed files with 466 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
authentik/README.md
View File

@@ -36,4 +36,10 @@ https://goauthentik.io
- Enable **MFA (2FA)** for improved security
- Important to configure:
- external URL correctly
- trusted proxies (when behind ingress)
- trusted proxies (when behind ingress)
#Improvements:
HA (2x Database + 2x Pods)
Force 2FA for Admin if external
sync LDAP Thumbnail Pictures

84
graphviz/graphviz.yaml Normal file
View File

@@ -0,0 +1,84 @@
apiVersion: v1
kind: Namespace
metadata:
name: graphviz
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: graphviz
namespace: graphviz
spec:
replicas: 1
selector:
matchLabels:
app: graphviz
template:
metadata:
labels:
app: graphviz
spec:
containers:
- name: graphviz
image: vaudience/graphviz-visual-editor:0.6.5
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 80
readinessProbe:
httpGet:
path: /
port: http
initialDelaySeconds: 5
periodSeconds: 10
livenessProbe:
httpGet:
path: /
port: http
initialDelaySeconds: 15
periodSeconds: 20
resources:
requests:
cpu: 50m
memory: 128Mi
limits:
cpu: 500m
memory: 512Mi
---
apiVersion: v1
kind: Service
metadata:
name: graphviz
namespace: graphviz
spec:
selector:
app: graphviz
ports:
- name: http
port: 80
targetPort: http
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: graphviz
namespace: graphviz
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt
spec:
tls:
- hosts:
- graphviz.apps.undercloud.dev
secretName: graphviz-tls
rules:
- host: graphviz.apps.undercloud.dev
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: graphviz
port:
number: 80

198
stirling/stirling.yaml Normal file
View File

@@ -0,0 +1,198 @@
apiVersion: v1
kind: Namespace
metadata:
name: stirling
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: stirling-configs
namespace: stirling
spec:
accessModes:
- ReadWriteOnce
storageClassName: cephfs-hyper
resources:
requests:
storage: 5Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: stirling-customfiles
namespace: stirling
spec:
accessModes:
- ReadWriteMany
storageClassName: cephfs-hyper
resources:
requests:
storage: 5Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: stirling-logs
namespace: stirling
spec:
accessModes:
- ReadWriteMany
storageClassName: cephfs-hyper
resources:
requests:
storage: 5Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: stirling-tessdata
namespace: stirling
spec:
accessModes:
- ReadWriteMany
storageClassName: cephfs-hyper
resources:
requests:
storage: 10Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: stirling-pipeline
namespace: stirling
spec:
accessModes:
- ReadWriteMany
storageClassName: cephfs-hyper
resources:
requests:
storage: 5Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: stirling-pdf
namespace: stirling
spec:
replicas: 1
selector:
matchLabels:
app: stirling-pdf
template:
metadata:
labels:
app: stirling-pdf
spec:
containers:
- name: stirling-pdf
image: docker.stirlingpdf.com/stirlingtools/stirling-pdf:latest
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8080
name: http
env:
- name: SECURITY_ENABLELOGIN
value: "true"
- name: SECURITY_INITIALLOGIN_USERNAME
value: "admin"
- name: SECURITY_INITIALLOGIN_PASSWORD
value: "change-me-now"
- name: LANGS
value: "en_GB,de_DE,fr_FR"
- name: SYSTEM_DEFAULTLOCALE
value: "en-GB"
- name: SYSTEM_GOOGLEVISIBILITY
value: "false"
- name: SYSTEM_ROOTURIPATH
value: "/"
- name: SYSTEM_MAXFILESIZE
value: "2000"
- name: SYSTEM_CUSTOMSTATICFILEPATH
value: "/customFiles/static/"
volumeMounts:
- name: configs
mountPath: /configs
- name: customfiles
mountPath: /customFiles
- name: logs
mountPath: /logs
- name: tessdata
mountPath: /usr/share/tessdata
- name: pipeline
mountPath: /pipeline
readinessProbe:
httpGet:
path: /
port: 8080
initialDelaySeconds: 20
periodSeconds: 10
timeoutSeconds: 5
livenessProbe:
httpGet:
path: /
port: 8080
initialDelaySeconds: 60
periodSeconds: 20
timeoutSeconds: 5
resources:
requests:
cpu: "500m"
memory: "1Gi"
limits:
cpu: "2"
memory: "4Gi"
volumes:
- name: configs
persistentVolumeClaim:
claimName: stirling-configs
- name: customfiles
persistentVolumeClaim:
claimName: stirling-customfiles
- name: logs
persistentVolumeClaim:
claimName: stirling-logs
- name: tessdata
persistentVolumeClaim:
claimName: stirling-tessdata
- name: pipeline
persistentVolumeClaim:
claimName: stirling-pipeline
---
apiVersion: v1
kind: Service
metadata:
name: stirling-pdf
namespace: stirling
spec:
selector:
app: stirling-pdf
ports:
- name: http
port: 8080
targetPort: 8080
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: stirling-pdf
namespace: stirling
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/proxy-body-size: "2000m"
spec:
tls:
- hosts:
- pdf.apps.undercloud.dev
secretName: stirling-pdf-tls
rules:
- host: pdf.apps.undercloud.dev
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: stirling-pdf
port:
number: 8080

177
wekan/wekan.yaml Normal file
View File

@@ -0,0 +1,177 @@
apiVersion: v1
kind: Namespace
metadata:
name: wekan
---
apiVersion: v1
kind: Secret
metadata:
name: wekan-secrets
namespace: wekan
type: Opaque
stringData:
MONGO_INITDB_ROOT_USERNAME: wekan
MONGO_INITDB_ROOT_PASSWORD: change-me-now
MONGO_URL: mongodb://wekan:change-me-now@mongodb.wekan.svc.k8s.undercloud.local:27017/wekan?authSource=admin
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mongodb-data
namespace: wekan
spec:
accessModes:
- ReadWriteOnce
storageClassName: cephfs-hyper
resources:
requests:
storage: 10Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: mongodb
namespace: wekan
spec:
replicas: 1
selector:
matchLabels:
app: mongodb
template:
metadata:
labels:
app: mongodb
spec:
containers:
- name: mongodb
image: mongo:7
imagePullPolicy: IfNotPresent
ports:
- containerPort: 27017
name: mongo
env:
- name: MONGO_INITDB_ROOT_USERNAME
valueFrom:
secretKeyRef:
name: wekan-secrets
key: MONGO_INITDB_ROOT_USERNAME
- name: MONGO_INITDB_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: wekan-secrets
key: MONGO_INITDB_ROOT_PASSWORD
volumeMounts:
- name: mongodb-data
mountPath: /data/db
readinessProbe:
tcpSocket:
port: 27017
initialDelaySeconds: 10
periodSeconds: 10
livenessProbe:
tcpSocket:
port: 27017
initialDelaySeconds: 30
periodSeconds: 20
volumes:
- name: mongodb-data
persistentVolumeClaim:
claimName: mongodb-data
---
apiVersion: v1
kind: Service
metadata:
name: mongodb
namespace: wekan
spec:
selector:
app: mongodb
ports:
- name: mongo
port: 27017
targetPort: 27017
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: wekan
namespace: wekan
spec:
replicas: 1
selector:
matchLabels:
app: wekan
template:
metadata:
labels:
app: wekan
spec:
containers:
- name: wekan
image: ghcr.io/wekan/wekan:latest
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8080
name: http
env:
- name: ROOT_URL
value: "https://wekan.apps.undercloud.dev"
- name: PORT
value: "8080"
- name: WITH_API
value: "true"
- name: MONGO_URL
valueFrom:
secretKeyRef:
name: wekan-secrets
key: MONGO_URL
readinessProbe:
httpGet:
path: /
port: 8080
initialDelaySeconds: 20
periodSeconds: 10
livenessProbe:
httpGet:
path: /
port: 8080
initialDelaySeconds: 60
periodSeconds: 20
---
apiVersion: v1
kind: Service
metadata:
name: wekan
namespace: wekan
spec:
selector:
app: wekan
ports:
- name: http
port: 80
targetPort: 8080
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: wekan
namespace: wekan
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt
spec:
tls:
- hosts:
- wekan.apps.undercloud.dev
secretName: wekan-tls
rules:
- host: wekan.apps.undercloud.dev
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: wekan
port:
number: 80