apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/component: app
app.kubernetes.io/instance: ${FQDN}
app.kubernetes.io/name: hedgedoc
app.kubernetes.io/part-of: hedgedoc
name: ${FQDN}-app
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/component: app
app.kubernetes.io/instance: ${FQDN}
app.kubernetes.io/name: hedgedoc
app.kubernetes.io/part-of: hedgedoc
template:
metadata:
labels:
app.kubernetes.io/component: app
app.kubernetes.io/instance: ${FQDN}
app.kubernetes.io/name: hedgedoc
app.kubernetes.io/part-of: hedgedoc
spec:
volumes:
containers:
- env:
- name: CMD_DB_URL
valueFrom:
secretKeyRef:
key: postgresql-url
name: ${FQDN}
- name: CMD_SESSION_SECRET
valueFrom:
secretKeyRef:
key: session
name: ${FQDN}
- name: CMD_MINIO_ACCESS_KEY
valueFrom:
secretKeyRef:
key: AWS_ACCESS_KEY_ID
name: ${FQDN}-s3
- name: CMD_MINIO_SECRET_KEY
valueFrom:
secretKeyRef:
key: AWS_SECRET_ACCESS_KEY
name: ${FQDN}-s3
{{if .ConfigureOAuth}}
- name: CMD_OAUTH2_CLIENT_ID
valueFrom:
secretKeyRef:
key: client-id
name: ${FQDN}-oidc
- name: CMD_OAUTH2_CLIENT_SECRET
valueFrom:
secretKeyRef:
key: client-secret
name: ${FQDN}-oidc
{{end}}
envFrom:
- configMapRef:
name: ${FQDN}-config
image: indiehosters/codimd:1.6.0
imagePullPolicy: IfNotPresent
name: hedgedoc
ports:
- containerPort: 3000
name: http
protocol: TCP
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: app
app.kubernetes.io/instance: ${FQDN}
app.kubernetes.io/name: hedgedoc
app.kubernetes.io/part-of: hedgedoc
name: ${FQDN}-app
namespace: ${DOMAIN}
spec:
ports:
- name: http
port: 3000
protocol: TCP
targetPort: http
selector:
app.kubernetes.io/component: app
app.kubernetes.io/instance: ${FQDN}
app.kubernetes.io/name: hedgedoc
app.kubernetes.io/part-of: hedgedoc
type: ClusterIP
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/tls-acme: "true"
labels:
app.kubernetes.io/component: app
app.kubernetes.io/instance: ${FQDN}
app.kubernetes.io/name: hedgedoc
app.kubernetes.io/part-of: hedgedoc
name: ${FQDN}-app
namespace: ${DOMAIN}
spec:
rules:
- host: ${FQDN_DOTS}
http:
paths:
- backend:
serviceName: ${FQDN}-app
servicePort: http
path: /
tls:
- hosts:
- ${FQDN_DOTS}
secretName: ${FQDN}-tls
---
kind: ConfigMap
metadata:
name: ${FQDN}-config
apiVersion: v1
data:
{{ if .ConfigureOAuth }}
CMD_OAUTH2_USER_PROFILE_URL: https://id.indie.host/auth/realms/${DOMAIN}/protocol/openid-connect/userinfo
CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR: preferred_username
CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR: name
CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR: email
CMD_OAUTH2_TOKEN_URL: https://id.indie.host/com/auth/realms/${DOMAIN}/protocol/openid-connect/token
CMD_OAUTH2_AUTHORIZATION_URL: https://id.indie.host/auth/realms/${DOMAIN}/protocol/openid-connect/auth
CMD_OAUTH2_PROVIDERNAME: Keycloak
{{ end }}
CMD_IMAGE_UPLOAD_TYPE: minio
CMD_S3_REGION: default
CMD_S3_BUCKET: ${FQDN}
CMD_MINIO_ENDPOINT: "s3.standard.indie.host"
CMD_PROTOCOL_USESSL: "true"
CMD_URL_ADDPORT: "false"
CMD_ALLOW_FREEURL: "true"
CMD_MINIO_PORT: "443"
CMD_MINIO_SECURE: "true"
CMD_USECDN: "false"
CMD_DOMAIN: ${FQDN_DOTS}
DB_TYPE: postgres