add hedgedoc

Signed-off-by: gwg313 <gwg313@pm.me>

apps/hedgedoc.yaml

@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: hedgedoc
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://github.com/gwg313/homelab-gitops
+    targetRevision: main
+    path: hedgedoc
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: hedgedoc
+  syncPolicy:
+    automated:
+      selfHeal: true
+      prune: true
+    syncOptions:
+      - CreateNamespace=true

hedgedoc/certificate.yaml

@@ -0,0 +1,12 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: hedgedoc-cert
+  namespace: istio-system
+spec:
+  secretName: hedgedoc-cert
+  issuerRef:
+    name: letsencrypt-dns
+    kind: ClusterIssuer
+  dnsNames:
+    - hdoc.gwg313.xyz

hedgedoc/configmap-hedgedoc.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: hedgedoc-config
+  namespace: hedgedoc
+data:
+  HD_BASE_URL: https://hdoc.gwg313.xyz

hedgedoc/configmap-postgres.yaml

@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: postgresql-config
+  namespace: hedgedoc
+data:
+  POSTGRESQL_FSYNC: "on"
+  POSTGRESQL_SYNCHRONOUS_COMMIT: "on"
+  POSTGRESQL_FULL_PAGE_WRITES: "on"
+  POSTGRESQL_WAL_LEVEL: "replica"
+  POSTGRESQL_ARCHIVE_MODE: "on"
+  POSTGRESQL_MAX_WAL_SIZE: "2GB"
+  POSTGRESQL_MIN_WAL_SIZE: "1GB"
+  POSTGRESQL_CHECKPOINT_TIMEOUT: "5min"
+  POSTGRESQL_LOG_CONNECTIONS: "on"
+  POSTGRESQL_LOG_DISCONNECTIONS: "on"
+  POSTGRESQL_LOG_STATEMENT: "all"
+  POSTGRESQL_LOG_DURATION: "1000"
+  POSTGRESQL_AUTOVACUUM: "on"
+  POSTGRESQL_VACUUM_COST_DELAY: "20ms"
+  POSTGRESQL_LOG_TIMEZONE: "UTC"
+  POSTGRESQL_LOG_CHECKPOINTS: "on"
+  POSTGRESQL_LOG_ERROR_VERBOSITY: "verbose"
+  POSTGRESQL_HOT_STANDBY: "on"
+  POSTGRESQL_ARCHIVE_TIMEOUT: "60s"

hedgedoc/deployment-backend.yaml

@@ -0,0 +1,71 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: hedgedoc-backend
+  namespace: hedgedoc
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: hedgedoc-backend
+  template:
+    metadata:
+      labels:
+        app: hedgedoc-backend
+    spec:
+      containers:
+        - name: backend
+          image: ghcr.io/hedgedoc/hedgedoc/backend:develop
+          env:
+            - name: HD_BASE_URL
+              valueFrom:
+                configMapKeyRef:
+                  name: hedgedoc-config
+                  key: HD_BASE_URL
+
+
+            - name: HD_AUTH_LOCAL_ENABLE_LOGIN
+              value: "true"
+            - name: HD_AUTH_LOCAL_ENABLE_REGISTER
+              value: "true"
+            - name: HD_MEDIA_BACKEND
+              value: "filesystem"
+            - name: HD_MEDIA_BACKEND_FILESYSTEM_UPLOAD_PATH
+              value: "/usr/src/app/backend/uploads"
+            - name: HD_DATABASE_TYPE
+              value: "postgres"
+            - name: HD_DATABASE_HOST
+              value: hedgedoc-db
+            - name: HD_DATABASE_PORT
+              value: "5432"
+            - name: HD_DATABASE_NAME
+              valueFrom:
+                secretKeyRef:
+                  name: hedgedoc-secret
+                  key: POSTGRESQL_DATABASE
+            - name: HD_DATABASE_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: hedgedoc-secret
+                  key: POSTGRESQL_USERNAME
+            - name: HD_DATABASE_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: hedgedoc-secret
+                  key: POSTGRESQL_PASSWORD
+            - name: HD_SESSION_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: hedgedoc-secret
+                  key: HD_SESSION_SECRET
+
+          volumeMounts:
+            - name: uploads
+              mountPath: /usr/src/app/backend/uploads
+      volumes:
+        - name: uploads
+          persistentVolumeClaim:
+            claimName: hedgedoc-uploads-pvc

hedgedoc/deployment-frontend.yaml

@@ -0,0 +1,24 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: hedgedoc-frontend
+  namespace: hedgedoc
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: hedgedoc-frontend
+  template:
+    metadata:
+      labels:
+        app: hedgedoc-frontend
+    spec:
+      containers:
+        - name: frontend
+          image: ghcr.io/hedgedoc/hedgedoc/frontend:develop
+          env:
+            - name: HD_BASE_URL
+              valueFrom:
+                configMapKeyRef:
+                  name: hedgedoc-config
+                  key: HD_BASE_URL

hedgedoc/deployment-postgres.yaml

@@ -0,0 +1,47 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: hedgedoc-db
+  namespace: hedgedoc
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: hedgedoc-db
+  template:
+    metadata:
+      labels:
+        app: hedgedoc-db
+    spec:
+      containers:
+        - name: postgresql
+          image: bitnami/postgresql:15
+          envFrom:
+            - configMapRef:
+                name: postgresql-config
+          env:
+            - name: POSTGRESQL_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: hedgedoc-secret
+                  key: POSTGRESQL_USERNAME
+            - name: POSTGRESQL_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: hedgedoc-secret
+                  key: POSTGRESQL_PASSWORD
+            - name: POSTGRESQL_DATABASE
+              valueFrom:
+                secretKeyRef:
+                  name: hedgedoc-secret
+                  key: POSTGRESQL_DATABASE
+          volumeMounts:
+            - name: db-data
+              mountPath: /bitnami/postgresql
+      volumes:
+        - name: db-data
+          persistentVolumeClaim:
+            claimName: hedgedoc-db-pvc
+      securityContext:
+        runAsUser: 999 # Ensure the container runs as the 'postgres' user (UID 999)
+        fsGroup: 999 # Ensure the filesystem group is 'postgres' (GID 999)

hedgedoc/gateway.yaml

@@ -0,0 +1,18 @@
+apiVersion: networking.istio.io/v1beta1
+kind: Gateway
+metadata:
+  name: hedgedoc-gateway
+  namespace: hedgedoc
+spec:
+  selector:
+    istio: gateway
+  servers:
+    - port:
+        number: 443
+        name: https
+        protocol: HTTPS
+      tls:
+        mode: SIMPLE
+        credentialName: hedgedoc-cert
+      hosts:
+        - hdoc.gwg313.xyz

hedgedoc/hedgedoc-secrets-sealed.yaml

@@ -0,0 +1,19 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: hedgedoc-secret
+  namespace: hedgedoc
+spec:
+  encryptedData:
+    HD_SESSION_SECRET: AgCZ7mWhyRYkO1A1Vdr41ix4sSqP1wGykx/8JE7IJQLRUVhmKe6omIF5fvnMTUxnirwaVjxBkBqr5FapLtRUnhLvnOAFRNwCPJJxNLPzNsSfXbSRANJdQCE32FyyGQFhyxywlPLML1IcUUr525uLVTgz6QLAFnyf7vnuB9c18KaPTEPOwOkea8uKXlCZ2gtxmPvgdNOpIq5c7z/DAyjMd8ou35umR8f0DQng/aV8YA8KcJ71xouemqL89iy3S2Q9jiniCpikFB4Y7tMXx1hxd+yesqMxTLHCJjqTvL71+9Tx7gAvcZmZNy576ECAUFUOLsqjGRZF70KqgIPOhUTEHAfAd8+WlSwMFh4giIFOrbs78aCmfLTmjf6Xgaror657Q5LiPg2LFgRawZmHEUQCpKfgJbjTuDret25l8XY+8Q4jGBp7PQXul59xFxIkW4XZ/n2LmcuVm0MTywcUq4cA3Xy4cn8IWz0i4odtrAQzJnZhNOF/8yJA4XthqfVnsDOSGE9EqVp3bYIFufDnsE/fRr43Sb7msCWytg1AUM0pbCtx9s/Fost967aaeCXDZYXDeh3/8B4/qBL5+01NPhMAJ/Sa2r2fBLI1PaekcQ3wE2GRxC6AUX1teYvqqf06Xbnhn4ZuHKeWF/p1fHlo71GQ1PbKLowPsoJr/sfM9vszHGnenTmsILkiKegq/eKtXpOydRmfNjTYClEssfYCN145f1yO1DTB6w==
+    POSTGRESQL_DATABASE: AgBh429qRp/3CWIb4XYcA3qORVhrfMpTm1W5P2muJMKbdSnQuOYXKNYs0tYSC5CauUthtBxKjmHmyATAs+373k4l3kNuKzwmBnkp173PnDIFXPFwJ2O0QFzOABR09xPDcFMwmTcWz4t5xjF+MPNib1EyagaTT+o6LjVpXj8AmtHIib2YwmR0XpcluvBubYPE454n9noWHRTMen5EWLBCJ1I5RkDQ6WIclSTKwOl9ra6A4IPk47+MUSaz/q06dEEhnR0HlPJimlR282MmgZ7/vhGqYbUDY+8Mr0g6UtIDCyzoBZt5Jmh88RRCX03GI7SMaJ47VQofRQxEfxB1UfHoMVB1a2uKkH5ZUFKonyGMC4GJs128hdKS2lcMGVE6lVRPkORVhHuxKiUtZxVG1Vz3rqClNk5C5lkNRI8o6vRhX95JvwqPra6GQPL5rdywtj54x+Erh8OVo/7aF/9ASN7ZvuLhDZ6HdWaNXN5VA6lG6USQyKh8KRr0+IDxmKqhbYiybzaSDj2dPD7j741jeSGmqiduM4CKGOlrpUok1/Iq1u9LOdSFeYO4oMGdom7gUhVkgFDaU2FtfHNw/UFIGVk/n9UJFfCntrul9g/0WViV3ZVvTVeHnZ6jU4td/XxvoTvpM73cdvbl/miiLrzcqHPlo55Lb6dktAXummc+oK2PgXilTlDVyhjlewdI87LwxXroMtEWnJ7lwhy75Q==
+    POSTGRESQL_PASSWORD: AgAPFubjxzoqlTht8sAiq0/FsHV1AvGgHK2h0oSoE1H4WzfFcaXPVvmnU/spvIQAM/Hih5rILMIFduaLQZLltn3rl8JR/OgjMoXWK0R3bqqFUuEMZBP7i15F0zm6dN+12GT0obR1rbXaNN1R9/G5Ee0URHQrsnZIlk0tyAVX/yK971vPEyyJcCNh4DfIhDRabj8y5LuB3tASVVsTl19BrN2nsX1J8M7YMxjQF5O/gL/g7u9huppat6IPg7QLaKP2dbBz01Yyb2P7R2IReV8HHWNvhUVXGhKfbVYYLXK4l97I1auNm5gC0WVJYmXRx8vx6gWU125/XeMEkC7672ILz+RqCD7h9PtWYHS45sQ6M6pJGZTZ1HRVywIFJysMJCXUL5SStoeEPhttCT45FaDQkl491vHTp81eyAbrmw61+2VB5yfse86vP1ppD2gIm71Wmc9pvMrePnQLjs3J6s6hxE70Kp+YPHDjopZb4vzclMPjKikeER9XOCX3Vmb7JG2hpcigyjp+kTuluLytX5Fmy6YIF1MM5gqwU8eXVIWMB+TcRJoqQsJb9ialFyM1kO2UV8hYKDoLN5lpKw5Cz6aRkVMtQ4mIdatgpEOaKIC/xt9/I263tKrNXIWWtI8+75x/1nj9t9ZiyyuokHyy32Z3pgDlAfKKugVSBVUsUZ2TReQHDiCPmBk84OGvjaZwPpMJcp5Pnh5tAgkYgL9PrOGCzdzM
+    POSTGRESQL_USERNAME: AgClUR3BTiJl2XQAnce6Y8T6tJOEVi/eB1uNztaRfQfcALEHZ32cAE1ENSAkwqLPPm2lLUT5Z7VDOG2G3RnW7KudutfpSEuwNQ7xlRRuD2oGT1t6NikVn7RTG9NxpPPd3sw+pzZEWoR1xxfpsXPochMMmgm+AED2QimAs7m9z7UoyxPMthYq0t+6wD0PP3R9VgXhC/VD0+oJM3bEd4WNcGayHXqMNB4QJfQD20vfb47tmIAt+oXTXyeRqSSXYQ4AyJdUexaeCs7xWDH6QG/GYaERM05pB+/RPp3stjyamyjcwrH46pAld1BYUnPmJn07aQqfmWyipWYYnYH4R1hphhZ1pPkXqUK+X5K4690yeZREPY57ya+ZbgYvaIA8Q3ieTuH1fhYgMS4hSIwIWKp/0OtEaWU9+PCFNJe+HEAZizr66lBo8QVmj3d5OiBN83WNBv0Icr2cIldk6mnDw60O0cEUszWRtZ86sQ5qqlFKK5zSK7jz2NnZx51CcxaVaY8NsyUbn2mPNKZgmHGXqwEUeGMZioJ24Lggk2MRbzc0GvQghM5Q1TZrsCmwbIsXjProQDHVRYRLjEEYRegMlSxZEoOp6SOTdSE+hi96UkTQQkVQEtH7o4pxggQdwAjxC1mFeFKRMccgGQmI+JV6h6MjLekGTnzLdniDFfNUp34cbjRAaJMmtBapOKO1jhNwJVqKtdkdpn20rP+QmQ==
+  template:
+    metadata:
+      creationTimestamp: null
+      name: hedgedoc-secret
+      namespace: hedgedoc
+    type: Opaque

hedgedoc/iscsi-secrets-sealed.yaml

@@ -0,0 +1,19 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: hedgedoc-iscsi-auth
+  namespace: hedgedoc
+spec:
+  encryptedData:
+    discovery.sendtargets.auth.password: AgCpz8js4W7jC3hNlXsA4PA1QPY+AlXokzx4QczqeZnUU+/5zDUSgIvV35g7WH9IRRK2pdnNV2/+D6TUTV0NSZmuHvsI1fe+sUnjggmlxj2QXNObhyogI3RqOJ5ruKKg524i2GF6k1F83H+LumfWx4SCUwxm3E08k3KQ7HR8qubdds/agRkAXzWvw6RXSFUB5FSdgJOaNOgVi2ukSbDe9LZB3aJms6GKQ8xd/NGiAMMTIGbzCHVEdioiEcQqzy1OdcXCPKXaC0ULooN94igyKFqXtyVcozekHLjTaugMqba0YEVkNHve+WluArQe++6lK0xyygpq8EVkRgV85WO6rGlaE1ZZeroFvGk/dRYgOL7L/xbItNnYIsIF8EhybsFkffd843pUNyBljvLyutZOrb3CafCdHV37dlOj8m6tfUtEDsMUXa/R4wLYFP8IpsZSH1VoJCzys+j5b2w3UI9IiXW9gH0EA8h5Z0WDrqtGqdLFRsK2eeNbhJaFP+Pl+RT/hXxXsdNOOm8yKFl2rXWpbwugvQ6ck/mn7j4scxHo6HIEoFPhjESpmBVpGc5a0vWYEiLRU8SqJEgHu9d5PZq5+TDAQIOlsFRUeQ13gKF+TnIwKLWIESwxTho0NwO4D3cKV9jPJReFATueS4dTTMyORSdsJXGLv2uBQsbNwOKuT7Lhc7QC8Or41Jeaj+VDIocyYAz0B3mZbBV8DAzakkTuCHsT
+    discovery.sendtargets.auth.username: AgA1VFDRwgAonFJ2VSjiZD2gFbLpak5n4NpSTtXdKdhtqyk8kKYtBMSQZGpEY/tUBxewaXpPc2CpnD1ph/Wf7/04QjjGuV6oIT2MBQ9PKFjxFQVZTpGX+rsTGZlrrmBEjjy0FQRPxG7pUyUfrTZPnlGQtIcFoj8xonKlF2NFF8OWVvdxlt8v0Ht5GyW0XJ4b+9SoaU7/PbQ+C1qIZI0LXoexJ42DquA5TfRScDs6L/8wBluIQvqJg+P+CtiBIjQQZ80WWWRVp9oQ+BcOI7aJ8h2WWtbSh9D9D0OfUoAyXNzzVV/ugAvBcGxUZtrpGXoVGRnY44zysiKGgMB6I//Il0GlOJXYnzeG756zw9qq/n8F51N6XtWZ3OslNhFcklUmBf4biGhx0qPLZx0Rt/W5EwG5FSPb/+Q7f7Xohg0Ehtz7bKNex7hIbmGxPNcFq29j4m5AcHlDzUxxjwwhlOtmgPSaviNzw1JMNBH7mEeqvgZ5izvQ2yv53zIwQjQ0jk1oe9R8QXxefq8Sm1VgruLCmyFtGolNvBBbHmq20EjLI6rWJbZ9icU7U0Z+1OUyk6W8KJOtBvgby6GN/pcX/3Emo1+ijQNGZWh3lWQA3hkvrk+bQ2+DWZS7vdTdr6Wlk9BqPbMAYkro2i7pcgqmODn3H33cEztdkLzMsnapYwul0ycpGPDVOeUSb0PMFLjKSCc6yL25tkx1nwYvDw==
+    node.session.auth.password: AgAh0iBW8jwOUQQRxYFgV2Nw5+n45E/yN3llbgYqYvSTmE2n/dk6g/t7K3YjhQE0uD38yqv69KgkqgJdV8rWkdc9WD970Pl2iysZru6PIXmSmbFXdWuTe0KK/WN35k+vABIjgE1/dkzpw/JFq3en+NtVzHNbYTQY9R4rbRXIBE67hTQQWkET80le4wMkq5ssfdijRJDwFpU9GTvJmTTSdjl4mpuA/K/S+r7HffbZmjgQUwtyT71wZB/661h25ufRFXIJnc6rf30F+osZcEQ3+u87Q0s6+ydIiXN5a3bSPOp7IlcjuzBDzMAVAoRcfNWJtacXSO9LH5u/nSp2jkUfQThp3YhjQSjgCXQ7qmmkAvB7LUq49HS8jM1AvWUChJDKSBW3AmVJrHJlUBGggR3e7cCG7fPcEcq9wDeTiJ8bD9pvRW1h1sY9RZATeT0EJdWMzhwRU7srlyw0MT7c7mBOgAzFOmkm10SKmKvsfD8Cer8nrfuSiYGZcm+OPyaBYbBpu1xLtEvGuKj90s2ZMA8WWfBOlIGRhqnO7ijn+lc5vei9zrfpZGm8bO5AFtD3ePSAFRIRyHHrDzLcHbSUHbKZCiObF+y4t6pmlSYyNoPynebDjM9OqAfY0ydX0FQz8Caew2uax51b5FBnQFF/9au8wfQBod71N1khFBHUou6VseX+wYBUOBgvTjCNafov0xRWMUdDl3HqpHLQsspJd7Yk1HH0
+    node.session.auth.username: AgBs01Cdxdpv3hluT+H/nUPwlSrY+/2CzaLVWKG7EqK7VzmxkVk12y71XpNW81WOhk1VHHqn3/2z3omefEB2QXXY1QakScHv/J6N1FHMwrylJl1otCTFow/wgjvJe5DlNQz+P1JV0ve/7wNFI0OODbdCT80mMH1xjemmSCb2fq10RmmzuOcyZZFz5r+L03jUUmlydTrkGCMXP9A47ItHOzzegvOoXzoQpJp6Rk1Lda58e0BlW7fq/hP5b5oGKoYP/0c3CGpEJAMUJDIkrjAyLKh7+nI+hZTisn5H/nI/xb3KP5tic5jOUhoFXLObKYOL51DlF6ug3RQ/I7dL8mAJDB76Krh22wEgQntSkAVp1HZZH9+3+fFqwsOuVdP0PzJa/xrhKcIuT/IMG429Gm39GXzrz69jHdsaKy7Y1jXNFPDzr4r1CJ5PCAjoqlIqQUxMoT+RfmFmQRWWYTLOmlnMHmgLIO8vjHfZ2KPiG6rilHFnAU4DhQBhen9hnPXW9fO8MJ5zqRbqiTHds2JkRaQ1Wn83oWbzFItpTAWfm7mOeAiQcPiFBr36pwhPnuG8g2VpGeqN56Q21fKn/86eSOWqjzCu0aAUc66p6JOYrqRZc1cpITENigv9JxMrvCz6olaEkuss1yoFhajE3Y0f9uq+qlrmpzCIPZiYgi3c9iI1yUOHJiaGqbe0JOfDERfYJjWJXG39TV1C4m2iqw==
+  template:
+    metadata:
+      creationTimestamp: null
+      name: hedgedoc-iscsi-auth
+      namespace: hedgedoc
+    type: kubernetes.io/iscsi-chap

hedgedoc/pvcs.yaml

@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: hedgedoc-uploads-pvc
+  namespace: hedgedoc
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 20Gi
+  volumeName: hedgedoc-uploads-pv
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: hedgedoc-db-pvc
+  namespace: hedgedoc
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 5Gi
+  volumeName: hedgedoc-db-pv

hedgedoc/pvs.yaml

@@ -0,0 +1,46 @@
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: hedgedoc-uploads-pv
+spec:
+  capacity:
+    storage: 20Gi
+  accessModes:
+    - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  iscsi:
+    targetPortal: truenas.local.gwg313.xyz:3260
+    iqn: iqn.2005-10.org.freenas.ctl:hedgedoc-data
+    lun: 0
+    fsType: ext4
+    chapAuthDiscovery: true
+    chapAuthSession: true
+    secretRef:
+      name: hedgedoc-iscsi-auth
+  claimRef:
+    namespace: hedgedoc
+    name: hedgedoc-uploads-pvc
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: hedgedoc-db-pv
+spec:
+  capacity:
+    storage: 5Gi
+  accessModes:
+    - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  iscsi:
+    targetPortal: truenas.local.gwg313.xyz:3260
+    iqn: iqn.2005-10.org.freenas.ctl:hedgedoc-database
+    lun: 1
+    fsType: ext4
+    chapAuthDiscovery: true
+    chapAuthSession: true
+    secretRef:
+      name: hedgedoc-iscsi-auth
+  claimRef:
+    namespace: hedgedoc
+    name: hedgedoc-db-pvc

hedgedoc/services.yaml

@@ -0,0 +1,38 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: hedgedoc-backend
+  namespace: hedgedoc
+spec:
+  selector:
+    app: hedgedoc-backend
+  ports:
+    - protocol: TCP
+      port: 3000
+      targetPort: 3000
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: hedgedoc-frontend
+  namespace: hedgedoc
+spec:
+  selector:
+    app: hedgedoc-frontend
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 3001
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: hedgedoc-db
+  namespace: hedgedoc
+spec:
+  selector:
+    app: hedgedoc-db
+  ports:
+    - protocol: TCP
+      port: 5432
+      targetPort: 5432

hedgedoc/virtualservice.yaml

@@ -0,0 +1,35 @@
+apiVersion: networking.istio.io/v1beta1
+kind: VirtualService
+metadata:
+  name: hedgedoc
+  namespace: hedgedoc
+spec:
+  hosts:
+    - hdoc.gwg313.xyz
+  gateways:
+    - hedgedoc-gateway
+  http:
+    - match:
+        - uri:
+            prefix: /api/
+        - uri:
+            prefix: /realtime
+        - uri:
+            prefix: /uploads/
+        - uri:
+            prefix: /public/
+        - uri:
+            prefix: /apidoc/
+      route:
+        - destination:
+            host: hedgedoc-backend
+            port:
+              number: 3000
+    - match:
+        - uri:
+            prefix: /
+      route:
+        - destination:
+            host: hedgedoc-frontend
+            port:
+              number: 80