133 lines
4.3 KiB
YAML
133 lines
4.3 KiB
YAML
# services/outline/deployment.yaml
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: outline
|
|
namespace: outline
|
|
labels:
|
|
app: outline
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: outline
|
|
strategy:
|
|
type: RollingUpdate
|
|
rollingUpdate:
|
|
maxSurge: 0
|
|
maxUnavailable: 1
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: outline
|
|
annotations:
|
|
vault.hashicorp.com/agent-inject: "true"
|
|
vault.hashicorp.com/role: "outline"
|
|
vault.hashicorp.com/agent-inject-secret-outline-env.sh: "kv/data/atlas/outline/outline-db"
|
|
vault.hashicorp.com/agent-inject-template-outline-env.sh: |
|
|
{{ with secret "kv/data/atlas/outline/outline-db" }}
|
|
export DATABASE_URL="{{ .Data.data.DATABASE_URL }}"
|
|
{{ end }}
|
|
{{ with secret "kv/data/atlas/outline/outline-secrets" }}
|
|
export SECRET_KEY="{{ .Data.data.SECRET_KEY }}"
|
|
export UTILS_SECRET="{{ .Data.data.UTILS_SECRET }}"
|
|
{{ end }}
|
|
{{ with secret "kv/data/atlas/outline/outline-oidc" }}
|
|
export OIDC_AUTH_URI="{{ .Data.data.OIDC_AUTH_URI }}"
|
|
export OIDC_CLIENT_ID="{{ .Data.data.OIDC_CLIENT_ID }}"
|
|
export OIDC_CLIENT_SECRET="{{ .Data.data.OIDC_CLIENT_SECRET }}"
|
|
export OIDC_LOGOUT_URI="{{ .Data.data.OIDC_LOGOUT_URI }}"
|
|
export OIDC_TOKEN_URI="{{ .Data.data.OIDC_TOKEN_URI }}"
|
|
export OIDC_USERINFO_URI="{{ .Data.data.OIDC_USERINFO_URI }}"
|
|
{{ end }}
|
|
{{ with secret "kv/data/atlas/outline/outline-smtp" }}
|
|
export SMTP_HOST="{{ .Data.data.SMTP_HOST }}"
|
|
{{ end }}
|
|
export SMTP_FROM_EMAIL="no-reply-outline@bstein.dev"
|
|
{{ with secret "kv/data/atlas/shared/postmark-relay" }}
|
|
export SMTP_USERNAME="{{ index .Data.data "relay-username" }}"
|
|
export SMTP_PASSWORD="{{ index .Data.data "relay-password" }}"
|
|
{{ end }}
|
|
spec:
|
|
serviceAccountName: outline-vault
|
|
nodeSelector:
|
|
node-role.kubernetes.io/worker: "true"
|
|
affinity:
|
|
nodeAffinity:
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
nodeSelectorTerms:
|
|
- matchExpressions:
|
|
- key: hardware
|
|
operator: In
|
|
values: ["rpi4", "rpi5"]
|
|
containers:
|
|
- name: outline
|
|
image: outlinewiki/outline:1.2.0
|
|
command:
|
|
- /bin/sh
|
|
- -c
|
|
args:
|
|
- . /vault/secrets/outline-env.sh && exec node build/server/index.js
|
|
ports:
|
|
- name: http
|
|
containerPort: 3000
|
|
env:
|
|
- name: NODE_ENV
|
|
value: production
|
|
- name: URL
|
|
value: https://notes.bstein.dev
|
|
- name: PORT
|
|
value: "3000"
|
|
- name: REDIS_URL
|
|
value: redis://outline-redis:6379
|
|
- name: PGSSLMODE
|
|
value: disable
|
|
- name: FILE_STORAGE
|
|
value: local
|
|
- name: FILE_STORAGE_LOCAL_ROOT_DIR
|
|
value: /var/lib/outline/data
|
|
- name: FORCE_HTTPS
|
|
value: "true"
|
|
- name: OIDC_ENFORCED
|
|
value: "true"
|
|
- name: OIDC_SCOPES
|
|
value: openid profile email
|
|
- name: OIDC_USERNAME_CLAIM
|
|
value: preferred_username
|
|
- name: OIDC_DISPLAY_NAME
|
|
value: Atlas SSO
|
|
- name: SMTP_SECURE
|
|
value: "false"
|
|
- name: SMTP_PORT
|
|
value: "587"
|
|
volumeMounts:
|
|
- name: user-data
|
|
mountPath: /var/lib/outline/data
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /_health
|
|
port: http
|
|
initialDelaySeconds: 15
|
|
periodSeconds: 10
|
|
timeoutSeconds: 3
|
|
failureThreshold: 6
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /_health
|
|
port: http
|
|
initialDelaySeconds: 30
|
|
periodSeconds: 20
|
|
timeoutSeconds: 3
|
|
failureThreshold: 6
|
|
resources:
|
|
requests:
|
|
cpu: 200m
|
|
memory: 512Mi
|
|
limits:
|
|
cpu: "1"
|
|
memory: 2Gi
|
|
volumes:
|
|
- name: user-data
|
|
persistentVolumeClaim:
|
|
claimName: outline-user-data
|