apiVersion: v1 kind: ConfigMap metadata: name: env namespace: bookstack data: # file-like keys .env: | #from configmap # This file, when named as ".env" in the root of your BookStack install # folder, is used for the core configuration of the application. # By default this file contains the most common required options but # a full list of options can be found in the '.env.example.complete' file. # NOTE: If any of your values contain a space or a hash you will need to # wrap the entire value in quotes. (eg. MAIL_FROM_NAME="BookStack Mailer") # Use dark mode by default # Will be overridden by any existing user/session preference. APP_DEFAULT_DARK_MODE=true # Application key # Used for encryption where needed. # Run `php artisan key:generate` to generate a valid key. APP_KEY=base64:Gvel4j1kfhBBoT7aho5ibdozSkf7BwB/4vDfSbMTkiU= # Application URL # This must be the root URL that you want to host BookStack on. # All URLs in BookStack will be generated using this value # to ensure URLs generated are consistent and secure. # If you change this in the future you may need to run a command # to update stored URLs in the database. Command example: # php artisan bookstack:update-url https://old.example.com https://new.example.com APP_URL=https://bookstack.apps.undercloud.dev # Database details DB_HOST='db' DB_PORT='3306' DB_DATABASE='bookstack' DB_USERNAME='bookstack' DB_PASSWORD='verysecurePWDBbookstackbookstack' # Mail system to use # Can be 'smtp' or 'sendmail' MAIL_DRIVER=smtp # Mail sender details MAIL_FROM_NAME="BookStack" MAIL_FROM=bookstack@example.com # SMTP mail options # These settings can be checked using the "Send a Test Email" # feature found in the "Settings > Maintenance" area of the system. MAIL_HOST=localhost MAIL_PORT=1025 MAIL_USERNAME=null MAIL_PASSWORD=null MAIL_ENCRYPTION=null # General auth #AUTH_METHOD=ldap AUTH_METHOD=standard # The LDAP host, Adding a port is optional #LDAP_SERVER=example.com:389 # If using LDAP over SSL you should also define the protocol: LDAP_SERVER=ldaps://ldap.undercloud.local:636 # The base DN from where users will be searched within LDAP_BASE_DN="ou=users,dc=undercloud,dc=local" # The full DN and password of the user used to search the server # Can both be left as 'false' (without quotes) to bind anonymously LDAP_DN="cn=bookstack,ou=serviceaccounts,ou=users,dc=undercloud,dc=local" LDAP_PASS="thisismysecureLDAPPWbookstack" # A filter to use when searching for users # The user-provided user-name used to replace any occurrences of '${user}' # If you're setting this option via other means, such as within a docker-compose.yml, # you may need escape the $, often using $$ or \$ instead. # Note: This option cannot be used with the docker-compose.yml `env_file` option. LDAP_USER_FILTER=(&(uid=${user})) # Set the LDAP version to use when connecting to the server # Should be set to 3 in most cases. LDAP_VERSION=3 # Set the property to use as a unique identifier for this user. # Stored and used to match LDAP users with existing BookStack users. # Prefixing the value with 'BIN;' will assume the LDAP service provides the attribute value as # binary data and BookStack will convert the value to a hexidecimal representation. # Defaults to 'uid'. LDAP_ID_ATTRIBUTE=uid # Set the default 'email' attribute. Defaults to 'mail' LDAP_EMAIL_ATTRIBUTE=mail # Set the property to use for a user's display name. Defaults to 'cn' LDAP_DISPLAY_NAME_ATTRIBUTE=cn # Set the attribute to use for the user's avatar image. # Must provide JPEG binary image data. # Will be used upon login or registration when the user doesn't # already have an avatar image set. # Remove this option or set to 'null' to disable LDAP avatar import. LDAP_THUMBNAIL_ATTRIBUTE=jpegphoto # Force TLS to be used for LDAP communication. # Use this if you can but your LDAP support will need to support it and # you may need to import your certificate to the BookStack host machine. # Defaults to 'false'. LDAP_START_TLS=false # If you need to allow untrusted LDAPS certificates, add the below and uncomment (remove the #) # Only set this option if debugging or you're absolutely sure it's required for your setup. # If using php-fpm, you may want to restart it after changing this option to avoid instability. LDAP_TLS_INSECURE=true # If you need to debug the details coming from your LDAP server, add the below and uncomment (remove the #) # Only set this option if debugging since it will block logins and potentially show private details. #LDAP_DUMP_USER_DETAILS=true --- apiVersion: v1 kind: ConfigMap metadata: name: startup namespace: bookstack data: startup.sh: | #!/bin/sh echo "startup..." #if test ! -f "/config/startup.ran"; then # touch /config/startup.ran cp -f /mnt/.env /config/www/.env #else # echo "startup ran already!" #fi echo "startup done." #exit 123 --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: bookstack namespace: bookstack spec: accessModes: - ReadWriteMany resources: requests: storage: 32Gi storageClassName: cephfs-hyper --- apiVersion: apps/v1 kind: Deployment metadata: name: bookstack namespace: bookstack labels: app: bookstack spec: replicas: 1 selector: matchLabels: app: bookstack template: metadata: labels: app: bookstack spec: dnsConfig: options: - name: ndots value: "1" initContainers: - name: copyappini image: linuxserver/bookstack:23.05.2 command: ['/bin/startup.sh'] volumeMounts: - mountPath: "/config" name: bookstack - mountPath: "/mnt/.env" name: env subPath: .env - mountPath: /bin/startup.sh name: startup subPath: startup.sh containers: - name: bookstack image: linuxserver/bookstack:23.05.2 imagePullPolicy: IfNotPresent ports: - containerPort: 80 #lifecycle: # postStart: # exec: # command: # - "/bin/startup.sh" #livenessProbe: # httpGet: # path: /status # port: 80 # #httpHeaders: # #- name: Custom-Header # # value: Awesome # initialDelaySeconds: 120 # periodSeconds: 10 env: - name: PUID value: "1000" - name: PGID value: "1000" - name: DB_HOST value: "db" - name: DB_PORT value: "3306" - name: APP_URL value: "https://bookstack.apps.undercloud.dev" - name: DB_USER valueFrom: secretKeyRef: name: bookstack-db key: username optional: false - name: DB_PASS valueFrom: secretKeyRef: name: bookstack-db key: user.pw optional: false - name: DB_DATABASE value: "bookstack" volumeMounts: - mountPath: "/config" name: bookstack volumes: - name: bookstack persistentVolumeClaim: claimName: bookstack - name: env configMap: name: env defaultMode: 0777 items: - key: ".env" path: ".env" - name: startup configMap: name: startup defaultMode: 0700 items: - key: "startup.sh" path: "startup.sh" --- apiVersion: v1 kind: Service metadata: name: bookstack namespace: bookstack labels: app: bookstack spec: internalTrafficPolicy: Cluster ipFamilies: - IPv6 - IPv4 ipFamilyPolicy: PreferDualStack ports: - name: http port: 80 protocol: TCP targetPort: 80 selector: app: bookstack sessionAffinity: None type: ClusterIP