Undercloud/k8s-apps
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
k8s-apps/bookstack/bookstack.yaml
shodan 80a958a272 .
2026-03-29 19:32:14 +00:00

252 lines
6.1 KiB
YAML
Raw Permalink Blame History

apiVersion: v1
kind: ConfigMap
metadata:
name: env
namespace: bookstack
data:
.env: |
APP_DEFAULT_DARK_MODE=true
APP_KEY=base64:Gvel4j1kfhBBoT7aho5ibdozSkf7BwB/4vDfSbMTkiU=
APP_URL=https://bookstack.apps.undercloud.dev
DB_HOST='db'
DB_PORT='3306'
DB_DATABASE='bookstack'
DB_USERNAME='bookstack'
DB_PASSWORD='verysecurePWDBbookstackbookstack'
MAIL_DRIVER=smtp
MAIL_FROM_NAME="BookStack"
MAIL_FROM=bookstack@example.com
MAIL_HOST=localhost
MAIL_PORT=1025
MAIL_USERNAME=null
MAIL_PASSWORD=null
MAIL_ENCRYPTION=null
# AUTH_METHOD=ldap
# AUTH_METHOD=standard
AUTH_METHOD=oidc
AUTH_AUTO_INITIATE=true
OIDC_NAME=authentik
OIDC_DISPLAY_NAME_CLAIMS=name
OIDC_CLIENT_ID=78ySZZr4GU1DDCOlScBhplgjxCZgYoZHznr0QmiE
OIDC_CLIENT_SECRET=YrDCWVtaSfACIdJz1VEeON7oIgRfin0we347Ua6LcIaXEyVhDaJrv0a66OEUF7MpRFzjsYS8baqZrdR2iLSIKHFZYMSD2P1pQIOs268XDnUqyUVQADV1YpVWpuWFRuLu
OIDC_ISSUER=https://auth.apps.undercloud.dev/application/o/bookstack/
OIDC_ISSUER_DISCOVER=true
OIDC_END_SESSION_ENDPOINT=true
OIDC_USER_TO_GROUPS=true
OIDC_GROUPS_CLAIM=groups
# Samba AD / Active Directory
LDAP_SERVER=ldaps://dc.undercloud.local:636
LDAP_BASE_DN=OU=users,OU=Undercloud,DC=undercloud,DC=local
LDAP_DN="CN=bookstack,OU=serviceaccounts,OU=users,OU=Undercloud,DC=undercloud,DC=local"
LDAP_PASS="1thisismySECURELDAPPWbookstack"
# Search users by AD login name and require membership in the users group
LDAP_USER_FILTER=(&(sAMAccountName={user}))
LDAP_VERSION=3
# Use a stable unique AD identifier
LDAP_ID_ATTRIBUTE=BIN;objectGUID
LDAP_EMAIL_ATTRIBUTE=mail
LDAP_DISPLAY_NAME_ATTRIBUTE=displayName
LDAP_THUMBNAIL_ATTRIBUTE=thumbnailPhoto
LDAP_START_TLS=false
# Keep true if your LDAPS cert is internal/self-signed.
# Set to false once BookStack trusts your CA.
LDAP_TLS_INSECURE=true
LDAP_USER_TO_GROUPS=true
LDAP_GROUP_ATTRIBUTE=memberOf
LDAP_REMOVE_FROM_GROUPS=false
#APP_DEBUG=true
#LDAP_DUMP_USER_DETAILS=true
#LDAP_DUMP_USER_GROUPS=true
---
apiVersion: v1
kind: ConfigMap
metadata:
name: startup
namespace: bookstack
data:
startup.sh: |
#!/bin/sh
echo "startup..."
#if test ! -f "/config/startup.ran"; then
# touch /config/startup.ran
cp -f /mnt/.env /config/www/.env
#else
# echo "startup ran already!"
#fi
echo "startup done."
#exit 123
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: bookstack
namespace: bookstack
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 32Gi
storageClassName: cephfs-hyper
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: bookstack
namespace: bookstack
labels:
app: bookstack
spec:
replicas: 1
selector:
matchLabels:
app: bookstack
template:
metadata:
labels:
app: bookstack
spec:
dnsConfig:
options:
- name: ndots
value: "1"
initContainers:
#- name: copyappini
# image: linuxserver/bookstack
# command: ['/bin/startup.sh']
# volumeMounts:
# - mountPath: "/config"
# name: bookstack
# - mountPath: "/mnt/.env"
# name: env
# subPath: .env
# - mountPath: /bin/startup.sh
# name: startup
# subPath: startup.sh
containers:
- name: bookstack
image: linuxserver/bookstack
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
#lifecycle:
# postStart:
# exec:
# command:
# - "/bin/startup.sh"
#livenessProbe:
# httpGet:
# path: /status
# port: 80
# #httpHeaders:
# #- name: Custom-Header
# # value: Awesome
# initialDelaySeconds: 120
# periodSeconds: 10
env:
#- name: PUID
# value: "1000"
#- name: PGID
# value: "1000"
#- name: DB_HOST
# value: "db"
#- name: DB_PORT
# value: "3306"
#- name: APP_URL
# value: "https://bookstack.apps.undercloud.dev"
- name: DB_USER
valueFrom:
secretKeyRef:
name: bookstack-db
key: username
optional: false
- name: DB_PASS
valueFrom:
secretKeyRef:
name: bookstack-db
key: user.pw
optional: false
- name: DB_DATABASE
value: "bookstack"
volumeMounts:
- mountPath: "/config"
name: bookstack
- mountPath: "/config/www/.env"
name: env
subPath: .env
#lifecycle:
# postStart:
# exec:
# command:
# - /bin/sh
# - -c
# - |
# i=0
# until php /app/www/artisan migrate:status >/dev/null 2>&1; do
# i=$((i+1))
# [ "$i" -gt 60 ] && exit 1
# sleep 5
# done
# php /app/www/artisan bookstack:create-admin \
# --initial \
# --email="${ADMIN_EMAIL}" \
# --name="${ADMIN_NAME}" \
# --password="${ADMIN_PASSWORD}" || [ $? -eq 2 ]
volumes:
- name: bookstack
persistentVolumeClaim:
claimName: bookstack
- name: env
configMap:
name: env
defaultMode: 0777
items:
- key: ".env"
path: ".env"
#- name: startup
# configMap:
# name: startup
# defaultMode: 0700
# items:
# - key: "startup.sh"
# path: "startup.sh"
---
apiVersion: v1
kind: Service
metadata:
name: bookstack
namespace: bookstack
labels:
app: bookstack
spec:
internalTrafficPolicy: Cluster
ipFamilies:
- IPv6
- IPv4
ipFamilyPolicy: PreferDualStack
ports:
- name: http
port: 80
protocol: TCP
targetPort: 80
selector:
app: bookstack
sessionAffinity: None
type: ClusterIP
Reference in New Issue View Git Blame Copy Permalink