239 lines
5.6 KiB
YAML
239 lines
5.6 KiB
YAML
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: env
|
|
namespace: bookstack
|
|
data:
|
|
.env: |
|
|
APP_DEFAULT_DARK_MODE=true
|
|
APP_KEY=base64:Gvel4j1kfhBBoT7aho5ibdozSkf7BwB/4vDfSbMTkiU=
|
|
APP_URL=https://bookstack.apps.undercloud.dev
|
|
|
|
DB_HOST='db'
|
|
DB_PORT='3306'
|
|
DB_DATABASE='bookstack'
|
|
DB_USERNAME='bookstack'
|
|
DB_PASSWORD='verysecurePWDBbookstackbookstack'
|
|
|
|
MAIL_DRIVER=smtp
|
|
MAIL_FROM_NAME="BookStack"
|
|
MAIL_FROM=bookstack@example.com
|
|
MAIL_HOST=localhost
|
|
MAIL_PORT=1025
|
|
MAIL_USERNAME=null
|
|
MAIL_PASSWORD=null
|
|
MAIL_ENCRYPTION=null
|
|
|
|
AUTH_METHOD=ldap
|
|
# AUTH_METHOD=standard
|
|
|
|
# Samba AD / Active Directory
|
|
LDAP_SERVER=ldaps://dc.undercloud.local:636
|
|
LDAP_BASE_DN=OU=users,OU=Undercloud,DC=undercloud,DC=local
|
|
|
|
LDAP_DN="CN=bookstack,OU=serviceaccounts,OU=users,OU=Undercloud,DC=undercloud,DC=local"
|
|
LDAP_PASS="1thisismySECURELDAPPWbookstack"
|
|
|
|
# Search users by AD login name and require membership in the users group
|
|
LDAP_USER_FILTER=(&(sAMAccountName={user}))
|
|
|
|
LDAP_VERSION=3
|
|
|
|
# Use a stable unique AD identifier
|
|
LDAP_ID_ATTRIBUTE=BIN;objectGUID
|
|
|
|
LDAP_EMAIL_ATTRIBUTE=mail
|
|
LDAP_DISPLAY_NAME_ATTRIBUTE=displayName
|
|
LDAP_THUMBNAIL_ATTRIBUTE=thumbnailPhoto
|
|
|
|
LDAP_START_TLS=false
|
|
|
|
# Keep true if your LDAPS cert is internal/self-signed.
|
|
# Set to false once BookStack trusts your CA.
|
|
LDAP_TLS_INSECURE=true
|
|
|
|
LDAP_USER_TO_GROUPS=true
|
|
LDAP_GROUP_ATTRIBUTE=memberOf
|
|
LDAP_REMOVE_FROM_GROUPS=false
|
|
|
|
#APP_DEBUG=true
|
|
#LDAP_DUMP_USER_DETAILS=true
|
|
#LDAP_DUMP_USER_GROUPS=true
|
|
---
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: startup
|
|
namespace: bookstack
|
|
data:
|
|
startup.sh: |
|
|
#!/bin/sh
|
|
echo "startup..."
|
|
#if test ! -f "/config/startup.ran"; then
|
|
# touch /config/startup.ran
|
|
cp -f /mnt/.env /config/www/.env
|
|
#else
|
|
# echo "startup ran already!"
|
|
#fi
|
|
echo "startup done."
|
|
#exit 123
|
|
---
|
|
apiVersion: v1
|
|
kind: PersistentVolumeClaim
|
|
metadata:
|
|
name: bookstack
|
|
namespace: bookstack
|
|
spec:
|
|
accessModes:
|
|
- ReadWriteMany
|
|
resources:
|
|
requests:
|
|
storage: 32Gi
|
|
storageClassName: cephfs-hyper
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: bookstack
|
|
namespace: bookstack
|
|
labels:
|
|
app: bookstack
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: bookstack
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: bookstack
|
|
spec:
|
|
dnsConfig:
|
|
options:
|
|
- name: ndots
|
|
value: "1"
|
|
initContainers:
|
|
#- name: copyappini
|
|
# image: linuxserver/bookstack
|
|
# command: ['/bin/startup.sh']
|
|
# volumeMounts:
|
|
# - mountPath: "/config"
|
|
# name: bookstack
|
|
# - mountPath: "/mnt/.env"
|
|
# name: env
|
|
# subPath: .env
|
|
# - mountPath: /bin/startup.sh
|
|
# name: startup
|
|
# subPath: startup.sh
|
|
containers:
|
|
- name: bookstack
|
|
image: linuxserver/bookstack
|
|
imagePullPolicy: IfNotPresent
|
|
ports:
|
|
- containerPort: 80
|
|
#lifecycle:
|
|
# postStart:
|
|
# exec:
|
|
# command:
|
|
# - "/bin/startup.sh"
|
|
#livenessProbe:
|
|
# httpGet:
|
|
# path: /status
|
|
# port: 80
|
|
# #httpHeaders:
|
|
# #- name: Custom-Header
|
|
# # value: Awesome
|
|
# initialDelaySeconds: 120
|
|
# periodSeconds: 10
|
|
env:
|
|
#- name: PUID
|
|
# value: "1000"
|
|
#- name: PGID
|
|
# value: "1000"
|
|
#- name: DB_HOST
|
|
# value: "db"
|
|
#- name: DB_PORT
|
|
# value: "3306"
|
|
#- name: APP_URL
|
|
# value: "https://bookstack.apps.undercloud.dev"
|
|
- name: DB_USER
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: bookstack-db
|
|
key: username
|
|
optional: false
|
|
- name: DB_PASS
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: bookstack-db
|
|
key: user.pw
|
|
optional: false
|
|
- name: DB_DATABASE
|
|
value: "bookstack"
|
|
volumeMounts:
|
|
- mountPath: "/config"
|
|
name: bookstack
|
|
- mountPath: "/config/www/.env"
|
|
name: env
|
|
subPath: .env
|
|
#lifecycle:
|
|
# postStart:
|
|
# exec:
|
|
# command:
|
|
# - /bin/sh
|
|
# - -c
|
|
# - |
|
|
# i=0
|
|
# until php /app/www/artisan migrate:status >/dev/null 2>&1; do
|
|
# i=$((i+1))
|
|
# [ "$i" -gt 60 ] && exit 1
|
|
# sleep 5
|
|
# done
|
|
|
|
# php /app/www/artisan bookstack:create-admin \
|
|
# --initial \
|
|
# --email="${ADMIN_EMAIL}" \
|
|
# --name="${ADMIN_NAME}" \
|
|
# --password="${ADMIN_PASSWORD}" || [ $? -eq 2 ]
|
|
volumes:
|
|
- name: bookstack
|
|
persistentVolumeClaim:
|
|
claimName: bookstack
|
|
- name: env
|
|
configMap:
|
|
name: env
|
|
defaultMode: 0777
|
|
items:
|
|
- key: ".env"
|
|
path: ".env"
|
|
#- name: startup
|
|
# configMap:
|
|
# name: startup
|
|
# defaultMode: 0700
|
|
# items:
|
|
# - key: "startup.sh"
|
|
# path: "startup.sh"
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: bookstack
|
|
namespace: bookstack
|
|
labels:
|
|
app: bookstack
|
|
spec:
|
|
internalTrafficPolicy: Cluster
|
|
ipFamilies:
|
|
- IPv6
|
|
- IPv4
|
|
ipFamilyPolicy: PreferDualStack
|
|
ports:
|
|
- name: http
|
|
port: 80
|
|
protocol: TCP
|
|
targetPort: 80
|
|
selector:
|
|
app: bookstack
|
|
sessionAffinity: None
|
|
type: ClusterIP
|