---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/component: app
app.kubernetes.io/instance: ${FQDN}
app.kubernetes.io/name: Rocketchat
app.kubernetes.io/part-of: Rocketchat
name: ${FQDN}-app
namespace: ${NS}
spec:
progressDeadlineSeconds: 600
replicas: 2
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/component: app
app.kubernetes.io/instance: ${FQDN}
app.kubernetes.io/name: Rocketchat
app.kubernetes.io/part-of: Rocketchat
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app.kubernetes.io/component: app
app.kubernetes.io/instance: ${FQDN}
app.kubernetes.io/name: Rocketchat
app.kubernetes.io/part-of: Rocketchat
spec:
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 20
preference:
matchExpressions:
- key: stateless
operator: In
values:
- "true"
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- topologyKey: kubernetes.io/hostname
labelSelector:
matchExpressions:
- key: app.kubernetes.io/instance
operator: In
values:
- ${FQDN}
containers:
- env:
- name: TZ
value: Europe/Berlin
- name: INSTANCE_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
- name: OVERWRITE_SETTING_FileUpload_S3_AWSSecretAccessKey
valueFrom:
secretKeyRef:
key: AWS_SECRET_ACCESS_KEY
name: ${FQDN}-s3
- name: OVERWRITE_SETTING_FileUpload_S3_AWSAccessKeyId
valueFrom:
secretKeyRef:
key: AWS_ACCESS_KEY_ID
name: ${FQDN}-s3
- name: Direct_Reply_Username
valueFrom:
secretKeyRef:
key: username
name: ${FQDN}-smtp
- name: Direct_Reply_Password
valueFrom:
secretKeyRef:
key: password
name: ${FQDN}-smtp
- name: Direct_Reply_ReplyTo
valueFrom:
secretKeyRef:
key: username
name: ${FQDN}-smtp
- name: OVERWRITE_SETTING_From_Email
valueFrom:
secretKeyRef:
key: from_email
name: ${NS}-smtp
- name: OVERWRITE_SETTING_SMTP_Username
valueFrom:
secretKeyRef:
key: username
name: ${NS}-smtp
- name: OVERWRITE_SETTING_SMTP_Password
valueFrom:
secretKeyRef:
key: password
name: ${NS}-smtp
- name: OVERWRITE_SETTING_SMTP_Host
valueFrom:
secretKeyRef:
key: host
name: ${NS}-smtp
- name: OVERWRITE_SETTING_SMTP_Port
valueFrom:
secretKeyRef:
key: port
name: ${NS}-smtp
- name: EXIT_UNHANDLEDPROMISEREJECTION
value: "1"
- name: USE_NATIVE_OPLOG
value: "true"
{{if .ConfigureOAuth}}
- name: Accounts_OAuth_Custom_Liiibre_id
valueFrom:
secretKeyRef:
key: client-id
name: ${FQDN}-oidc
- name: Accounts_OAuth_Custom_Liiibre_secret
valueFrom:
secretKeyRef:
key: client-secret
name: ${FQDN}-oidc
{{end}}
envFrom:
- secretRef:
name: ${FQDN}-app
- configMapRef:
name: ${FQDN}-config
- configMapRef:
name: ${FQDN}-config-custom
image: libresh/rocketchat:3.17.2
imagePullPolicy: IfNotPresent
name: app
ports:
- containerPort: 3000
name: http
protocol: TCP
resources:
requests:
memory: "500Mi"
limits:
memory: "2Gi"
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: app
app.kubernetes.io/instance: ${FQDN}
app.kubernetes.io/name: Rocketchat
app.kubernetes.io/part-of: Rocketchat
name: ${FQDN}-app
namespace: ${NS}
spec:
ports:
- name: http
port: 3000
protocol: TCP
targetPort: http
selector:
app.kubernetes.io/component: app
app.kubernetes.io/instance: ${FQDN}
app.kubernetes.io/name: Rocketchat
app.kubernetes.io/part-of: Rocketchat
type: ClusterIP
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/tls-acme: "true"
labels:
app.kubernetes.io/component: app
app.kubernetes.io/instance: ${FQDN}
app.kubernetes.io/name: Rocketchat
app.kubernetes.io/part-of: Rocketchat
name: ${FQDN}-app
namespace: ${NS}
spec:
rules:
- host: ${FQDN_DOTS}
http:
paths:
- backend:
serviceName: ${FQDN}-app
servicePort: http
path: /
tls:
- hosts:
- ${FQDN_DOTS}
secretName: ${FQDN}-tls
---
kind: ConfigMap
metadata:
name: ${FQDN}-config-custom
apiVersion: v1
data:
OVERWRITE_SETTING_Jitsi_Domain: meet.liiib.re
---
kind: ConfigMap
metadata:
name: ${FQDN}-config
apiVersion: v1
data:
ADMIN_USERNAME: admin
ADMIN_EMAIL: contact@indiehosters.net
MONGO_USERNAME: rocketchat
MONGO_OPLOG_USERNAME: oplog
ROOT_URL: https://${FQDN_DOTS}
OVERWRITE_SETTING_Update_EnableChecker: 'false'
OVERWRITE_SETTING_Show_Setup_Wizard: completed
OVERWRITE_SETTING_Accounts_AllowDeleteOwnAccount: 'true'
# Email
OVERWRITE_SETTING_SMTP_Protocol: smtp
OVERWRITE_SETTING_SMTP_Pool: 'true'
OVERWRITE_SETTING_SMTP_IgnoreTLS: 'false'
# S3
OVERWRITE_SETTING_FileUpload_S3_Bucket: ${BUCKET}
OVERWRITE_SETTING_FileUpload_S3_BucketURL: https://s3.standard.indie.host
OVERWRITE_SETTING_FileUpload_S3_ForcePathStyle: 'true'
OVERWRITE_SETTING_FileUpload_S3_Region: default
OVERWRITE_SETTING_FileUpload_Storage_Type: AmazonS3
# Jitsi
OVERWRITE_SETTING_Jitsi_Enabled: 'true'
OVERWRITE_SETTING_Jitsi_URL_Room_Prefix: ${NS}
OVERWRITE_SETTING_Jitsi_URL_Room_Hash: 'true'
OVERWRITE_SETTING_Jitsi_SSL: 'true'
OVERWRITE_SETTING_Jitsi_Open_New_Window: 'true'
OVERWRITE_SETTING_Jitsi_Enable_Channels: 'true'
{{if .ConfigureOAuth}}
# OAuth
OVERWRITE_SETTING_Accounts_TwoFactorAuthentication_By_Email_Enabled: 'false'
OVERWRITE_SETTING_Accounts_TwoFactorAuthentication_Enabled: 'false'
OVERWRITE_SETTING_Accounts_TwoFactorAuthentication_Enforce_Password_Fallback: 'false'
Accounts_OAuth_Custom_Liiibre: 'true'
Accounts_OAuth_Custom_Liiibre_url: https://id.indie.host/auth/realms/${NS}/protocol/openid-connect
Accounts_OAuth_Custom_Liiibre_token_path: /token
Accounts_OAuth_Custom_Liiibre_identity_path: /userinfo
Accounts_OAuth_Custom_Liiibre_token_sent_via: header
Accounts_OAuth_Custom_Liiibre_identity_token_sent_via: header
Accounts_OAuth_Custom_Liiibre_login_style: redirect
Accounts_OAuth_Custom_Liiibre_authorize_path: /auth
Accounts_OAuth_Custom_Liiibre_scope: openid
Accounts_OAuth_Custom_Liiibre_roles_claim: groups
Accounts_OAuth_Custom_Liiibre_groups_claim: groups
Accounts_OAuth_Custom_Liiibre_button_label_text: 'Entrez dans le Chat'
# To check
Accounts_OAuth_Custom_Liiibre_key_field: username
Accounts_OAuth_Custom_Liiibre_merge_roles: 'true'
Accounts_OAuth_Custom_Liiibre_merge_users: 'true'
Layout_Sidenav_Footer: '<a href="https://${NUAGE_URL}" class="backToNuage"><img src="assets/logo.png" alt="Nuage"/></a>'
{{end}}
# Direct Reply
Direct_Reply_Enable: "false"
Direct_Reply_Protocol: "IMAP"
Direct_Reply_Host: mail.indie.host
Direct_Reply_Port: "993"
#OVERWRITE_SETTING_Assets_SvgFavicon_Enable: 'false'
OVERWRITE_SETTING_Accounts_RegistrationForm_LinkReplacementText: '-'
Accounts_ShowFormLogin: 'false'
Accounts_RegistrationForm: disabled
OVERWRITE_SETTING_Accounts_AllowPasswordChangeForOAuthUsers: 'false'
OVERWRITE_SETTING_Accounts_Send_Email_When_Activating: 'false'
OVERWRITE_SETTING_Accounts_RequirePasswordConfirmation: 'false'
OVERWRITE_SETTING_Accounts_Verify_Email_For_External_Accounts: 'true'
SETTINGS_BLOCKED: Accounts_TwoFactorAuthentication_By_Email_Enabled,Accounts_TwoFactorAuthentication_Enabled,Accounts_TwoFactorAuthentication_Enforce_Password_Fallback
Layout_Home_Body: '<h1>Bienvenue sur l''espace de discussion de ${NS}</h1> <p>Retrouvez-ici tous les membres de l''organisation, les canaux de discussion et échangez en temps réel :)</p> <p>Les applications de bureau Rocket.Chat pour Windows, macOS et Linux sont disponibles en téléchargement <a title="Rocket.Chat desktop apps" href="https://rocket.chat/download" target="_blank" rel="noopener">ici</a>.</p><p>L''application mobile native, Rocket.Chat, pour Android et iOS est disponible à l''adresse suivante <a title="Rocket.Chat on Google Play" href="https://play.google.com/store/apps/details?id=chat.rocket.android" target="_blank" rel="noopener">Google Play</a> et <a title="Rocket.Chat on the App Store" href="https://itunes.apple.com/app/rocket-chat/id1148741252" target="_blank" rel="noopener">App Store</a>. <p>Si besoin d''aide pour configurer votre application Rocketchat, <a href="https://support.indie.host/help/fr-fr" target="_blank" rel="noopener">une documentation</a> est à votre disposition.</p> <img src="assets/logo.png" width="120px"/>'