Newer
Older
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/component: app
app.kubernetes.io/instance: ${FQDN}
app.kubernetes.io/name: Rocketchat
app.kubernetes.io/part-of: Rocketchat
name: ${FQDN}-app
namespace: ${NS}
spec:
progressDeadlineSeconds: 600
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/component: app
app.kubernetes.io/instance: ${FQDN}
app.kubernetes.io/name: Rocketchat
app.kubernetes.io/part-of: Rocketchat
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app.kubernetes.io/component: app
app.kubernetes.io/instance: ${FQDN}
app.kubernetes.io/name: Rocketchat
app.kubernetes.io/part-of: Rocketchat
spec:
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
preference:
matchExpressions:
- key: stateless
operator: In
values:
- "true"
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 20
podAffinityTerm:
topologyKey: kubernetes.io/hostname
labelSelector:
matchExpressions:
- key: app.kubernetes.io/instance
operator: In
values:
- ${FQDN}
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
containers:
- env:
- name: TZ
value: Europe/Berlin
- name: INSTANCE_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
- name: OVERWRITE_SETTING_FileUpload_S3_AWSSecretAccessKey
valueFrom:
secretKeyRef:
key: AWS_SECRET_ACCESS_KEY
name: ${FQDN}-s3
- name: OVERWRITE_SETTING_FileUpload_S3_AWSAccessKeyId
valueFrom:
secretKeyRef:
key: AWS_ACCESS_KEY_ID
name: ${FQDN}-s3
- name: OVERWRITE_SETTING_From_Email
valueFrom:
secretKeyRef:
key: from_email
name: ${NS}-smtp
- name: OVERWRITE_SETTING_SMTP_Username
valueFrom:
secretKeyRef:
key: username
name: ${NS}-smtp
- name: OVERWRITE_SETTING_SMTP_Password
valueFrom:
secretKeyRef:
key: password
name: ${NS}-smtp
- name: OVERWRITE_SETTING_SMTP_Host
valueFrom:
secretKeyRef:
key: host
name: ${NS}-smtp
- name: OVERWRITE_SETTING_SMTP_Port
valueFrom:
secretKeyRef:
key: port
name: ${NS}-smtp
- name: EXIT_UNHANDLEDPROMISEREJECTION
value: "1"
- name: USE_NATIVE_OPLOG
value: "true"
{{if .ConfigureOAuth}}
- name: Accounts_OAuth_Custom_Liiibre_id
valueFrom:
secretKeyRef:
key: client-id
name: ${FQDN}-oidc
- name: Accounts_OAuth_Custom_Liiibre_secret
valueFrom:
secretKeyRef:
key: client-secret
name: ${FQDN}-oidc
{{end}}
envFrom:
- secretRef:
imagePullPolicy: IfNotPresent
name: app
ports:
- containerPort: 3000
name: http
protocol: TCP
resources:
requests:
memory: "500Mi"
limits:
memory: "2Gi"
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: app
app.kubernetes.io/instance: ${FQDN}
app.kubernetes.io/name: Rocketchat
app.kubernetes.io/part-of: Rocketchat
name: ${FQDN}-app
namespace: ${NS}
spec:
ports:
- name: http
port: 3000
protocol: TCP
targetPort: http
selector:
app.kubernetes.io/component: app
app.kubernetes.io/instance: ${FQDN}
app.kubernetes.io/name: Rocketchat
app.kubernetes.io/part-of: Rocketchat
type: ClusterIP
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/tls-acme: "true"
labels:
app.kubernetes.io/component: app
app.kubernetes.io/instance: ${FQDN}
app.kubernetes.io/name: Rocketchat
app.kubernetes.io/part-of: Rocketchat
name: ${FQDN}-app
namespace: ${NS}
spec:
rules:
- host: ${FQDN_DOTS}
http:
paths:
- backend:
serviceName: ${FQDN}-app
servicePort: http
path: /
tls:
- hosts:
- ${FQDN_DOTS}
secretName: ${FQDN}-tls
---
kind: ConfigMap
metadata:
name: ${FQDN}-config
apiVersion: v1
data:
ADMIN_EMAIL: contact@indiehosters.net
MONGO_USERNAME: rocketchat
MONGO_OPLOG_USERNAME: oplog
ROOT_URL: https://${FQDN_DOTS}
OVERWRITE_SETTING_Update_EnableChecker: 'false'
OVERWRITE_SETTING_Show_Setup_Wizard: completed
OVERWRITE_SETTING_Accounts_AllowDeleteOwnAccount: 'true'
# Email
OVERWRITE_SETTING_SMTP_Protocol: smtp
OVERWRITE_SETTING_SMTP_Pool: 'true'
OVERWRITE_SETTING_SMTP_IgnoreTLS: 'false'
# S3
OVERWRITE_SETTING_FileUpload_S3_Bucket: ${BUCKET}
OVERWRITE_SETTING_FileUpload_S3_BucketURL: ${S3_ENDPOINT}
OVERWRITE_SETTING_FileUpload_S3_ForcePathStyle: 'true'
OVERWRITE_SETTING_FileUpload_S3_Region: default
OVERWRITE_SETTING_FileUpload_Storage_Type: AmazonS3
# Jitsi
OVERWRITE_SETTING_Jitsi_Enabled: 'true'
OVERWRITE_SETTING_Jitsi_URL_Room_Prefix: ${NS}
OVERWRITE_SETTING_Jitsi_URL_Room_Hash: 'true'
OVERWRITE_SETTING_Jitsi_SSL: 'true'
OVERWRITE_SETTING_Jitsi_Open_New_Window: 'true'
OVERWRITE_SETTING_Jitsi_Enable_Channels: 'true'
{{if .ConfigureOAuth}}
# OAuth
OVERWRITE_SETTING_Accounts_TwoFactorAuthentication_By_Email_Enabled: 'false'
OVERWRITE_SETTING_Accounts_TwoFactorAuthentication_Enabled: 'false'
OVERWRITE_SETTING_Accounts_TwoFactorAuthentication_Enforce_Password_Fallback: 'false'
Accounts_OAuth_Custom_Liiibre: 'true'
Accounts_OAuth_Custom_Liiibre_url: https://id.indie.host/auth/realms/${NS}/protocol/openid-connect
Accounts_OAuth_Custom_Liiibre_token_path: /token
Accounts_OAuth_Custom_Liiibre_identity_path: /userinfo
Accounts_OAuth_Custom_Liiibre_token_sent_via: header
Accounts_OAuth_Custom_Liiibre_identity_token_sent_via: header
Accounts_OAuth_Custom_Liiibre_login_style: redirect
Accounts_OAuth_Custom_Liiibre_authorize_path: /auth
Accounts_OAuth_Custom_Liiibre_scope: openid
Accounts_OAuth_Custom_Liiibre_roles_claim: groups
Accounts_OAuth_Custom_Liiibre_groups_claim: groups
Accounts_OAuth_Custom_Liiibre_roles_to_sync: admin
Accounts_OAuth_Custom_Liiibre_button_label_text: 'Entrez dans le Chat'
# To check
Accounts_OAuth_Custom_Liiibre_key_field: username
Accounts_OAuth_Custom_Liiibre_merge_roles: 'true'
Accounts_OAuth_Custom_Liiibre_merge_users: 'true'
Layout_Sidenav_Footer: '<a href="https://${NUAGE_URL}" class="backToNuage"><img src="assets/logo.png" alt="Nuage"/></a>'
{{end}}
# Direct Reply
Direct_Reply_Enable: "false"
Direct_Reply_Protocol: "IMAP"
Direct_Reply_Host: mail.indie.host
Direct_Reply_Port: "993"
#OVERWRITE_SETTING_Assets_SvgFavicon_Enable: 'false'
OVERWRITE_SETTING_Accounts_RegistrationForm_LinkReplacementText: '-'
Accounts_ShowFormLogin: 'false'
Accounts_RegistrationForm: disabled
OVERWRITE_SETTING_Accounts_AllowPasswordChangeForOAuthUsers: 'false'
OVERWRITE_SETTING_Accounts_Send_Email_When_Activating: 'false'
OVERWRITE_SETTING_Accounts_RequirePasswordConfirmation: 'false'
OVERWRITE_SETTING_Accounts_Verify_Email_For_External_Accounts: 'true'
SETTINGS_BLOCKED: Accounts_TwoFactorAuthentication_By_Email_Enabled,Accounts_TwoFactorAuthentication_Enabled,Accounts_TwoFactorAuthentication_Enforce_Password_Fallback
Layout_Home_Body: '<h1>Bienvenue sur l''espace de discussion de ${NS}</h1> <p>Retrouvez-ici tous les membres de l''organisation, les canaux de discussion et échangez en temps réel :)</p> <p>Les applications de bureau Rocket.Chat pour Windows, macOS et Linux sont disponibles en téléchargement <a title="Rocket.Chat desktop apps" href="https://rocket.chat/download" target="_blank" rel="noopener">ici</a>.</p><p>L''application mobile native, Rocket.Chat, pour Android et iOS est disponible à l''adresse suivante <a title="Rocket.Chat on Google Play" href="https://play.google.com/store/apps/details?id=chat.rocket.android" target="_blank" rel="noopener">Google Play</a> et <a title="Rocket.Chat on the App Store" href="https://itunes.apple.com/app/rocket-chat/id1148741252" target="_blank" rel="noopener">App Store</a>. <p>Si besoin d''aide pour configurer votre application Rocketchat, <a href="https://support.indie.host/help/fr-fr" target="_blank" rel="noopener">une documentation</a> est à votre disposition.</p> <img src="assets/logo.png" width="120px"/>'