Aner Zakobar
214 lines
5.5 KiB
YAML
214 lines
5.5 KiB
YAML
apiVersion: v1
|
|
kind: PersistentVolumeClaim
|
|
metadata:
|
|
name: davical-postgres-pvc
|
|
spec:
|
|
accessModes:
|
|
- ReadWriteMany
|
|
resources:
|
|
requests:
|
|
storage: 1Gi
|
|
storageClassName: longhorn
|
|
|
|
---
|
|
{{- $_ := set $ "homey_davical_postgres_pass" (include "homey.lookuporgensecret" (merge (dict "secretname" "davical-postgres-pass") $))}}
|
|
{{ include "homey.randomsecret" (merge (dict "secretname" "davical-postgres-pass" "secretval" .homey_davical_postgres_pass) $) }}
|
|
---
|
|
# apiVersion: extensions/v1beta1
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: davical-postgres-config
|
|
labels:
|
|
app: davical-postgres
|
|
data:
|
|
POSTGRES_DB: postgres
|
|
POSTGRES_USER: postgres
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: davical-postgres
|
|
labels:
|
|
app: davical-postgres
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: davical-postgres
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: davical-postgres
|
|
name: davical-postgres
|
|
spec:
|
|
containers:
|
|
- name: davical-postgres
|
|
image: postgres
|
|
imagePullPolicy: "IfNotPresent"
|
|
ports:
|
|
- containerPort: 5432
|
|
envFrom:
|
|
- configMapRef:
|
|
name: davical-postgres-config
|
|
env:
|
|
- name: POSTGRES_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: davical-postgres-pass
|
|
key: password
|
|
volumeMounts:
|
|
- mountPath: /var/lib/postgresql/data
|
|
subPath: data
|
|
name: davical-postgredb
|
|
volumes:
|
|
- name: davical-postgredb
|
|
persistentVolumeClaim:
|
|
claimName: davical-postgres-pvc
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: davical-postgres
|
|
labels:
|
|
app: davical-postgres
|
|
spec:
|
|
ports:
|
|
- port: 5432
|
|
selector:
|
|
app: davical-postgres
|
|
---
|
|
{{- $_ := set $ "homey_davical_admin_pass" (include "homey.lookuporgensecret" (merge (dict "secretname" "davical-admin-pass") $))}}
|
|
{{ include "homey.randomsecret" (merge (dict "secretname" "davical-admin-pass" "secretval" .homey_davical_admin_pass) $) }}
|
|
---
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: davical-conf
|
|
data:
|
|
config.php: |-
|
|
{{ tpl (.Files.Get "files/davical-config.php" | indent 4) . }}
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: davical
|
|
labels:
|
|
app: davical
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: davical
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: davical
|
|
spec:
|
|
containers:
|
|
- name: davical
|
|
image: anerisgreat/davical-multiarch-docker:latest
|
|
imagePullPolicy: "Always"
|
|
ports:
|
|
- containerPort: 80
|
|
name: dav
|
|
env:
|
|
- name: PGHOST
|
|
value: "davical-postgres"
|
|
- name: PGUSER
|
|
value: "postgres"
|
|
- name: PGPASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: davical-postgres-pass
|
|
key: password
|
|
- name: PGDATABASE
|
|
value: "davical"
|
|
- name: PGPORT
|
|
value: "5432"
|
|
- name: HOST_NAME
|
|
value:
|
|
"dav.{{ .Values.homey.url }}"
|
|
- name: DAVICAL_ADMIN_PASS
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: davical-admin-pass
|
|
key: password
|
|
- name: ROOT_PGUSER
|
|
value: "postgres"
|
|
- name: ROOT_PGPASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: davical-postgres-pass
|
|
key: password
|
|
- name: RUN_MIGRATIONS_AT_STARTUP
|
|
value: "true"
|
|
volumeMounts:
|
|
- name: davical-conf
|
|
mountPath: /etc/davical/config.php
|
|
subPath: config.php
|
|
readOnly: true
|
|
volumes:
|
|
- name: davical-conf
|
|
configMap:
|
|
name: davical-conf
|
|
items:
|
|
- key: config.php
|
|
path: config.php
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: davical
|
|
spec:
|
|
selector:
|
|
app: davical
|
|
ports:
|
|
- name: dav
|
|
protocol: TCP
|
|
port: 80
|
|
targetPort: 80
|
|
selector:
|
|
app: davical
|
|
---
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
name: davical
|
|
annotations:
|
|
kubernetes.io/ingress.allow-http: "false"
|
|
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
|
|
nginx.ingress.kubernetes.io/auth-method: GET
|
|
nginx.ingress.kubernetes.io/auth-url: http://authelia.{{ .Release.Namespace }}.svc.cluster.local:9091/api/verify
|
|
nginx.ingress.kubernetes.io/auth-signin: https://auth.{{ .Values.homey.url }}?rm=$request_method
|
|
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
|
nginx.ingress.kubernetes.io/auth-snippet: |
|
|
proxy_set_header X-Forwarded-Method $request_method;
|
|
auth_request_set $user $upstream_http_remote_user;
|
|
auth_request_set $groups $upstream_http_remote_groups;
|
|
auth_request_set $name $upstream_http_remote_name;
|
|
auth_request_set $email $upstream_http_remote_email;
|
|
proxy_set_header Remote-User $user;
|
|
proxy_set_header Remote-Fullname $name;
|
|
proxy_set_header Remote-Email $email;
|
|
proxy_set_header Redirect-Remote-User $user;
|
|
proxy_set_header Redirect-Remote-Fullname $name;
|
|
proxy_set_header Redirect-Remote-Email $email;
|
|
spec:
|
|
ingressClassName: {{ .Values.homey.ingress_class }}
|
|
tls:
|
|
- hosts:
|
|
- dav.{{ .Values.homey.url }}
|
|
secretName: {{ .Values.homey.certname }}
|
|
rules:
|
|
- host: dav.{{ .Values.homey.url }}
|
|
http:
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
backend:
|
|
service:
|
|
name: davical
|
|
port:
|
|
number: 80
|