319 lines
9.7 KiB
YAML
319 lines
9.7 KiB
YAML
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: env
|
|
namespace: bookstack
|
|
data:
|
|
# file-like keys
|
|
.env: |
|
|
#from configmap
|
|
# This file, when named as ".env" in the root of your BookStack install
|
|
# folder, is used for the core configuration of the application.
|
|
# By default this file contains the most common required options but
|
|
# a full list of options can be found in the '.env.example.complete' file.
|
|
|
|
# NOTE: If any of your values contain a space or a hash you will need to
|
|
# wrap the entire value in quotes. (eg. MAIL_FROM_NAME="BookStack Mailer")
|
|
|
|
# Use dark mode by default
|
|
# Will be overridden by any existing user/session preference.
|
|
APP_DEFAULT_DARK_MODE=true
|
|
|
|
# Application key
|
|
# Used for encryption where needed.
|
|
# Run `php artisan key:generate` to generate a valid key.
|
|
APP_KEY=base64:Gvel4j1kfhBBoT7aho5ibdozSkf7BwB/4vDfSbMTkiU=
|
|
|
|
# Application URL
|
|
# This must be the root URL that you want to host BookStack on.
|
|
# All URLs in BookStack will be generated using this value
|
|
# to ensure URLs generated are consistent and secure.
|
|
# If you change this in the future you may need to run a command
|
|
# to update stored URLs in the database. Command example:
|
|
# php artisan bookstack:update-url https://old.example.com https://new.example.com
|
|
APP_URL=https://bookstack.apps.undercloud.dev
|
|
|
|
# Database details
|
|
DB_HOST='db'
|
|
DB_PORT='3306'
|
|
DB_DATABASE='bookstack'
|
|
DB_USERNAME='bookstack'
|
|
DB_PASSWORD='verysecurePWDBbookstackbookstack'
|
|
|
|
# Mail system to use
|
|
# Can be 'smtp' or 'sendmail'
|
|
MAIL_DRIVER=smtp
|
|
|
|
# Mail sender details
|
|
MAIL_FROM_NAME="BookStack"
|
|
MAIL_FROM=bookstack@example.com
|
|
|
|
# SMTP mail options
|
|
# These settings can be checked using the "Send a Test Email"
|
|
# feature found in the "Settings > Maintenance" area of the system.
|
|
MAIL_HOST=localhost
|
|
MAIL_PORT=1025
|
|
MAIL_USERNAME=null
|
|
MAIL_PASSWORD=null
|
|
MAIL_ENCRYPTION=null
|
|
|
|
|
|
|
|
# General auth
|
|
# user standard login for the first time to create deault admin
|
|
# then enable ldap
|
|
AUTH_METHOD=ldap
|
|
# AUTH_METHOD=standard
|
|
|
|
# The LDAP host, Adding a port is optional
|
|
#LDAP_SERVER=example.com:389
|
|
# If using LDAP over SSL you should also define the protocol:
|
|
LDAP_SERVER=ldaps://ldap.undercloud.local:636
|
|
|
|
# The base DN from where users will be searched within
|
|
LDAP_BASE_DN="ou=users,dc=undercloud,dc=local"
|
|
|
|
# The full DN and password of the user used to search the server
|
|
# Can both be left as 'false' (without quotes) to bind anonymously
|
|
LDAP_DN="cn=bookstack,ou=serviceaccounts,ou=users,dc=undercloud,dc=local"
|
|
LDAP_PASS="thisismysecureLDAPPWbookstack"
|
|
|
|
# A filter to use when searching for users
|
|
# The user-provided user-name used to replace any occurrences of '${user}'
|
|
# If you're setting this option via other means, such as within a docker-compose.yml,
|
|
# you may need escape the $, often using $$ or \$ instead.
|
|
# Note: This option cannot be used with the docker-compose.yml `env_file` option.
|
|
#LDAP_USER_FILTER=(&(uid=${user}))
|
|
LDAP_USER_FILTER=(&(uid=${user})(memberOf=cn=users,ou=groups,dc=undercloud,dc=local))
|
|
|
|
# Set the LDAP version to use when connecting to the server
|
|
# Should be set to 3 in most cases.
|
|
LDAP_VERSION=3
|
|
|
|
# Set the property to use as a unique identifier for this user.
|
|
# Stored and used to match LDAP users with existing BookStack users.
|
|
# Prefixing the value with 'BIN;' will assume the LDAP service provides the attribute value as
|
|
# binary data and BookStack will convert the value to a hexidecimal representation.
|
|
# Defaults to 'uid'.
|
|
LDAP_ID_ATTRIBUTE=uid
|
|
|
|
# Set the default 'email' attribute. Defaults to 'mail'
|
|
LDAP_EMAIL_ATTRIBUTE=mail
|
|
|
|
# Set the property to use for a user's display name. Defaults to 'cn'
|
|
LDAP_DISPLAY_NAME_ATTRIBUTE=cn
|
|
|
|
# Set the attribute to use for the user's avatar image.
|
|
# Must provide JPEG binary image data.
|
|
# Will be used upon login or registration when the user doesn't
|
|
# already have an avatar image set.
|
|
# Remove this option or set to 'null' to disable LDAP avatar import.
|
|
LDAP_THUMBNAIL_ATTRIBUTE=jpegphoto
|
|
|
|
# Force TLS to be used for LDAP communication.
|
|
# Use this if you can but your LDAP support will need to support it and
|
|
# you may need to import your certificate to the BookStack host machine.
|
|
# Defaults to 'false'.
|
|
LDAP_START_TLS=false
|
|
|
|
# If you need to allow untrusted LDAPS certificates, add the below and uncomment (remove the #)
|
|
# Only set this option if debugging or you're absolutely sure it's required for your setup.
|
|
# If using php-fpm, you may want to restart it after changing this option to avoid instability.
|
|
LDAP_TLS_INSECURE=true
|
|
|
|
# If you need to debug the details coming from your LDAP server, add the below and uncomment (remove the #)
|
|
# Only set this option if debugging since it will block logins and potentially show private details.
|
|
#LDAP_DUMP_USER_DETAILS=true
|
|
|
|
# Enable LDAP group sync, Set to 'true' to enable.
|
|
LDAP_USER_TO_GROUPS=true
|
|
|
|
# LDAP user attribute containing groups, Defaults to 'memberOf'.
|
|
LDAP_GROUP_ATTRIBUTE="memberOf"
|
|
|
|
# Remove users from roles that don't match LDAP groups.
|
|
# Note: While this is enabled the "Default Registration Role", editable within the
|
|
# BookStack settings view, will be considered a matched role and assigned to the user.
|
|
LDAP_REMOVE_FROM_GROUPS=false
|
|
|
|
# If you need to debug the group details coming from your LDAP server, add the below and uncomment (remove the #).
|
|
# Only set this option if debugging since it will block logins and potentially show private details.
|
|
#LDAP_DUMP_USER_GROUPS=true
|
|
---
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: startup
|
|
namespace: bookstack
|
|
data:
|
|
startup.sh: |
|
|
#!/bin/sh
|
|
echo "startup..."
|
|
#if test ! -f "/config/startup.ran"; then
|
|
# touch /config/startup.ran
|
|
cp -f /mnt/.env /config/www/.env
|
|
#else
|
|
# echo "startup ran already!"
|
|
#fi
|
|
echo "startup done."
|
|
#exit 123
|
|
---
|
|
apiVersion: v1
|
|
kind: PersistentVolumeClaim
|
|
metadata:
|
|
name: bookstack
|
|
namespace: bookstack
|
|
spec:
|
|
accessModes:
|
|
- ReadWriteMany
|
|
resources:
|
|
requests:
|
|
storage: 32Gi
|
|
storageClassName: cephfs-hyper
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: bookstack
|
|
namespace: bookstack
|
|
labels:
|
|
app: bookstack
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: bookstack
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: bookstack
|
|
spec:
|
|
dnsConfig:
|
|
options:
|
|
- name: ndots
|
|
value: "1"
|
|
initContainers:
|
|
#- name: copyappini
|
|
# image: linuxserver/bookstack
|
|
# command: ['/bin/startup.sh']
|
|
# volumeMounts:
|
|
# - mountPath: "/config"
|
|
# name: bookstack
|
|
# - mountPath: "/mnt/.env"
|
|
# name: env
|
|
# subPath: .env
|
|
# - mountPath: /bin/startup.sh
|
|
# name: startup
|
|
# subPath: startup.sh
|
|
containers:
|
|
- name: bookstack
|
|
image: linuxserver/bookstack
|
|
imagePullPolicy: IfNotPresent
|
|
ports:
|
|
- containerPort: 80
|
|
#lifecycle:
|
|
# postStart:
|
|
# exec:
|
|
# command:
|
|
# - "/bin/startup.sh"
|
|
#livenessProbe:
|
|
# httpGet:
|
|
# path: /status
|
|
# port: 80
|
|
# #httpHeaders:
|
|
# #- name: Custom-Header
|
|
# # value: Awesome
|
|
# initialDelaySeconds: 120
|
|
# periodSeconds: 10
|
|
env:
|
|
#- name: PUID
|
|
# value: "1000"
|
|
#- name: PGID
|
|
# value: "1000"
|
|
#- name: DB_HOST
|
|
# value: "db"
|
|
#- name: DB_PORT
|
|
# value: "3306"
|
|
#- name: APP_URL
|
|
# value: "https://bookstack.apps.undercloud.dev"
|
|
- name: DB_USER
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: bookstack-db
|
|
key: username
|
|
optional: false
|
|
- name: DB_PASS
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: bookstack-db
|
|
key: user.pw
|
|
optional: false
|
|
- name: DB_DATABASE
|
|
value: "bookstack"
|
|
volumeMounts:
|
|
- mountPath: "/config"
|
|
name: bookstack
|
|
- mountPath: "/config/www/.env"
|
|
name: env
|
|
subPath: .env
|
|
#lifecycle:
|
|
# postStart:
|
|
# exec:
|
|
# command:
|
|
# - /bin/sh
|
|
# - -c
|
|
# - |
|
|
# i=0
|
|
# until php /app/www/artisan migrate:status >/dev/null 2>&1; do
|
|
# i=$((i+1))
|
|
# [ "$i" -gt 60 ] && exit 1
|
|
# sleep 5
|
|
# done
|
|
|
|
# php /app/www/artisan bookstack:create-admin \
|
|
# --initial \
|
|
# --email="${ADMIN_EMAIL}" \
|
|
# --name="${ADMIN_NAME}" \
|
|
# --password="${ADMIN_PASSWORD}" || [ $? -eq 2 ]
|
|
volumes:
|
|
- name: bookstack
|
|
persistentVolumeClaim:
|
|
claimName: bookstack
|
|
- name: env
|
|
configMap:
|
|
name: env
|
|
defaultMode: 0777
|
|
items:
|
|
- key: ".env"
|
|
path: ".env"
|
|
#- name: startup
|
|
# configMap:
|
|
# name: startup
|
|
# defaultMode: 0700
|
|
# items:
|
|
# - key: "startup.sh"
|
|
# path: "startup.sh"
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: bookstack
|
|
namespace: bookstack
|
|
labels:
|
|
app: bookstack
|
|
spec:
|
|
internalTrafficPolicy: Cluster
|
|
ipFamilies:
|
|
- IPv6
|
|
- IPv4
|
|
ipFamilyPolicy: PreferDualStack
|
|
ports:
|
|
- name: http
|
|
port: 80
|
|
protocol: TCP
|
|
targetPort: 80
|
|
selector:
|
|
app: bookstack
|
|
sessionAffinity: None
|
|
type: ClusterIP
|