Undercloud/k8s-apps
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2aaae8ee0f68c7d152a403d90325d5d67c9253a7
k8s-apps/bookstack/bookstack.yaml
Sebastian 2aaae8ee0f more apps
2025-08-24 13:38:37 +02:00

308 lines
9.2 KiB
YAML
Raw Blame History

apiVersion: v1
kind: ConfigMap
metadata:
name: env
namespace: bookstack
data:
# file-like keys
.env: |
#from configmap
# This file, when named as ".env" in the root of your BookStack install
# folder, is used for the core configuration of the application.
# By default this file contains the most common required options but
# a full list of options can be found in the '.env.example.complete' file.
# NOTE: If any of your values contain a space or a hash you will need to
# wrap the entire value in quotes. (eg. MAIL_FROM_NAME="BookStack Mailer")
# Use dark mode by default
# Will be overridden by any existing user/session preference.
APP_DEFAULT_DARK_MODE=true
# Application key
# Used for encryption where needed.
# Run `php artisan key:generate` to generate a valid key.
APP_KEY=base64:Gvel4j1kfhBBoT7aho5ibdozSkf7BwB/4vDfSbMTkiU=
# Application URL
# This must be the root URL that you want to host BookStack on.
# All URLs in BookStack will be generated using this value
# to ensure URLs generated are consistent and secure.
# If you change this in the future you may need to run a command
# to update stored URLs in the database. Command example:
# php artisan bookstack:update-url https://old.example.com https://new.example.com
APP_URL=https://bookstack.undercloud.cf
# Database details
DB_HOST='db'
DB_PORT='3306'
DB_DATABASE='bookstack'
DB_USERNAME='bookstack'
DB_PASSWORD='verysecurePWDBbookstackbookstack'
# Mail system to use
# Can be 'smtp' or 'sendmail'
MAIL_DRIVER=smtp
# Mail sender details
MAIL_FROM_NAME="BookStack"
MAIL_FROM=bookstack@example.com
# SMTP mail options
# These settings can be checked using the "Send a Test Email"
# feature found in the "Settings > Maintenance" area of the system.
MAIL_HOST=localhost
MAIL_PORT=1025
MAIL_USERNAME=null
MAIL_PASSWORD=null
MAIL_ENCRYPTION=null
# General auth
#AUTH_METHOD=ldap
AUTH_METHOD=standard
# The LDAP host, Adding a port is optional
#LDAP_SERVER=example.com:389
# If using LDAP over SSL you should also define the protocol:
LDAP_SERVER=ldaps://ldap.undercloud.cf:636
# The base DN from where users will be searched within
LDAP_BASE_DN="ou=users,dc=undercloud,dc=cf"
# The full DN and password of the user used to search the server
# Can both be left as 'false' (without quotes) to bind anonymously
LDAP_DN="cn=bookstack,ou=serviceaccounts,ou=users,dc=undercloud,dc=cf"
LDAP_PASS="thisismysecureLDAPPWbookstack"
# A filter to use when searching for users
# The user-provided user-name used to replace any occurrences of '${user}'
# If you're setting this option via other means, such as within a docker-compose.yml,
# you may need escape the $, often using $$ or \$ instead.
# Note: This option cannot be used with the docker-compose.yml `env_file` option.
LDAP_USER_FILTER=(&(uid=${user}))
# Set the LDAP version to use when connecting to the server
# Should be set to 3 in most cases.
LDAP_VERSION=3
# Set the property to use as a unique identifier for this user.
# Stored and used to match LDAP users with existing BookStack users.
# Prefixing the value with 'BIN;' will assume the LDAP service provides the attribute value as
# binary data and BookStack will convert the value to a hexidecimal representation.
# Defaults to 'uid'.
LDAP_ID_ATTRIBUTE=uid
# Set the default 'email' attribute. Defaults to 'mail'
LDAP_EMAIL_ATTRIBUTE=mail
# Set the property to use for a user's display name. Defaults to 'cn'
LDAP_DISPLAY_NAME_ATTRIBUTE=cn
# Set the attribute to use for the user's avatar image.
# Must provide JPEG binary image data.
# Will be used upon login or registration when the user doesn't
# already have an avatar image set.
# Remove this option or set to 'null' to disable LDAP avatar import.
LDAP_THUMBNAIL_ATTRIBUTE=jpegphoto
# Force TLS to be used for LDAP communication.
# Use this if you can but your LDAP support will need to support it and
# you may need to import your certificate to the BookStack host machine.
# Defaults to 'false'.
LDAP_START_TLS=false
# If you need to allow untrusted LDAPS certificates, add the below and uncomment (remove the #)
# Only set this option if debugging or you're absolutely sure it's required for your setup.
# If using php-fpm, you may want to restart it after changing this option to avoid instability.
LDAP_TLS_INSECURE=true
# If you need to debug the details coming from your LDAP server, add the below and uncomment (remove the #)
# Only set this option if debugging since it will block logins and potentially show private details.
#LDAP_DUMP_USER_DETAILS=true
---
apiVersion: v1
kind: ConfigMap
metadata:
name: startup
namespace: bookstack
data:
startup.sh: |
#!/bin/sh
echo "startup..."
#if test ! -f "/config/startup.ran"; then
# touch /config/startup.ran
cp -f /mnt/.env /config/www/.env
#else
# echo "startup ran already!"
#fi
echo "startup done."
#exit 123
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: bookstack
# Change "rook-ceph" provisioner prefix to match the operator namespace if needed
provisioner: rook-ceph.cephfs.csi.ceph.com
parameters:
# clusterID is the namespace where the rook cluster is running
# If you change this namespace, also change the namespace below where the secret namespaces are defined
clusterID: rook-ceph
# CephFS filesystem name into which the volume shall be created
fsName: bookstack
# Ceph pool into which the volume shall be created
# Required for provisionVolume: "true"
pool: bookstack-replicated
# The secrets contain Ceph admin credentials. These are generated automatically by the operator
# in the same namespace as the cluster.
csi.storage.k8s.io/provisioner-secret-name: rook-csi-cephfs-provisioner
csi.storage.k8s.io/provisioner-secret-namespace: rook-ceph
csi.storage.k8s.io/controller-expand-secret-name: rook-csi-cephfs-provisioner
csi.storage.k8s.io/controller-expand-secret-namespace: rook-ceph
csi.storage.k8s.io/node-stage-secret-name: rook-csi-cephfs-node
csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph
reclaimPolicy: Delete
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: bookstack
namespace: bookstack
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 32Gi
storageClassName: bookstack
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: bookstack
namespace: bookstack
labels:
app: bookstack
spec:
replicas: 1
selector:
matchLabels:
app: bookstack
template:
metadata:
labels:
app: bookstack
spec:
dnsConfig:
options:
- name: ndots
value: "1"
initContainers:
- name: copyappini
image: linuxserver/bookstack:23.05.2
command: ['/bin/startup.sh']
volumeMounts:
- mountPath: "/config"
name: bookstack
- mountPath: "/mnt/.env"
name: env
subPath: .env
- mountPath: /bin/startup.sh
name: startup
subPath: startup.sh
containers:
- name: bookstack
image: linuxserver/bookstack:23.05.2
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
#lifecycle:
# postStart:
# exec:
# command:
# - "/bin/startup.sh"
#livenessProbe:
# httpGet:
# path: /status
# port: 80
# #httpHeaders:
# #- name: Custom-Header
# # value: Awesome
# initialDelaySeconds: 120
# periodSeconds: 10
env:
- name: PUID
value: "1000"
- name: PGID
value: "1000"
- name: DB_HOST
value: "db"
- name: DB_PORT
value: "3306"
- name: APP_URL
value: "https://bookstack.undercloud.cf"
- name: DB_USER
valueFrom:
secretKeyRef:
name: bookstack-db
key: username
optional: false
- name: DB_PASS
valueFrom:
secretKeyRef:
name: bookstack-db
key: user.pw
optional: false
- name: DB_DATABASE
value: "bookstack"
volumeMounts:
- mountPath: "/config"
name: bookstack
volumes:
- name: bookstack
persistentVolumeClaim:
claimName: bookstack
- name: env
configMap:
name: env
defaultMode: 0777
items:
- key: ".env"
path: ".env"
- name: startup
configMap:
name: startup
defaultMode: 0700
items:
- key: "startup.sh"
path: "startup.sh"
---
apiVersion: v1
kind: Service
metadata:
name: bookstack
namespace: bookstack
labels:
app: bookstack
spec:
internalTrafficPolicy: Cluster
ipFamilies:
- IPv6
- IPv4
ipFamilyPolicy: PreferDualStack
ports:
- name: http
port: 80
protocol: TCP
targetPort: 80
selector:
app: bookstack
sessionAffinity: None
type: ClusterIP
Reference in New Issue View Git Blame Copy Permalink