# services/outline/deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: outline namespace: outline labels: app: outline spec: replicas: 1 selector: matchLabels: app: outline strategy: type: RollingUpdate rollingUpdate: maxSurge: 0 maxUnavailable: 1 template: metadata: labels: app: outline annotations: vault.hashicorp.com/agent-inject: "true" vault.hashicorp.com/role: "outline" vault.hashicorp.com/agent-inject-secret-outline-env.sh: "kv/data/atlas/outline/outline-db" vault.hashicorp.com/agent-inject-template-outline-env.sh: | {{ with secret "kv/data/atlas/outline/outline-db" }} export DATABASE_URL="{{ .Data.data.DATABASE_URL }}" {{ end }} {{ with secret "kv/data/atlas/outline/outline-secrets" }} export SECRET_KEY="{{ .Data.data.SECRET_KEY }}" export UTILS_SECRET="{{ .Data.data.UTILS_SECRET }}" {{ end }} {{ with secret "kv/data/atlas/outline/outline-oidc" }} export OIDC_AUTH_URI="{{ .Data.data.OIDC_AUTH_URI }}" export OIDC_CLIENT_ID="{{ .Data.data.OIDC_CLIENT_ID }}" export OIDC_CLIENT_SECRET="{{ .Data.data.OIDC_CLIENT_SECRET }}" export OIDC_LOGOUT_URI="{{ .Data.data.OIDC_LOGOUT_URI }}" export OIDC_TOKEN_URI="{{ .Data.data.OIDC_TOKEN_URI }}" export OIDC_USERINFO_URI="{{ .Data.data.OIDC_USERINFO_URI }}" {{ end }} {{ with secret "kv/data/atlas/outline/outline-smtp" }} export SMTP_HOST="{{ .Data.data.SMTP_HOST }}" {{ end }} export SMTP_FROM_EMAIL="no-reply-outline@bstein.dev" {{ with secret "kv/data/atlas/shared/postmark-relay" }} export SMTP_USERNAME="{{ index .Data.data "apikey" }}" export SMTP_PASSWORD="{{ index .Data.data "apikey" }}" {{ end }} spec: serviceAccountName: outline-vault nodeSelector: node-role.kubernetes.io/worker: "true" affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: hardware operator: In values: ["rpi4", "rpi5"] containers: - name: outline image: outlinewiki/outline:1.2.0 command: - /bin/sh - -c args: - . /vault/secrets/outline-env.sh && exec node build/server/index.js ports: - name: http containerPort: 3000 env: - name: NODE_ENV value: production - name: URL value: https://notes.bstein.dev - name: PORT value: "3000" - name: REDIS_URL value: redis://outline-redis:6379 - name: PGSSLMODE value: disable - name: FILE_STORAGE value: local - name: FILE_STORAGE_LOCAL_ROOT_DIR value: /var/lib/outline/data - name: FORCE_HTTPS value: "true" - name: OIDC_ENFORCED value: "true" - name: OIDC_SCOPES value: openid profile email - name: OIDC_USERNAME_CLAIM value: preferred_username - name: OIDC_DISPLAY_NAME value: Atlas SSO - name: SMTP_SECURE value: "false" - name: SMTP_PORT value: "587" volumeMounts: - name: user-data mountPath: /var/lib/outline/data readinessProbe: httpGet: path: /_health port: http initialDelaySeconds: 15 periodSeconds: 10 timeoutSeconds: 3 failureThreshold: 6 livenessProbe: httpGet: path: /_health port: http initialDelaySeconds: 30 periodSeconds: 20 timeoutSeconds: 3 failureThreshold: 6 resources: requests: cpu: 200m memory: 512Mi limits: cpu: "1" memory: 2Gi volumes: - name: user-data persistentVolumeClaim: claimName: outline-user-data