diff --git a/apps/hedgedoc.yaml b/apps/hedgedoc.yaml new file mode 100644 index 0000000..60daf8d --- /dev/null +++ b/apps/hedgedoc.yaml @@ -0,0 +1,20 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: hedgedoc + namespace: argocd +spec: + project: default + source: + repoURL: https://github.com/gwg313/homelab-gitops + targetRevision: main + path: hedgedoc + destination: + server: https://kubernetes.default.svc + namespace: hedgedoc + syncPolicy: + automated: + selfHeal: true + prune: true + syncOptions: + - CreateNamespace=true diff --git a/hedgedoc/certificate.yaml b/hedgedoc/certificate.yaml new file mode 100644 index 0000000..7596fb3 --- /dev/null +++ b/hedgedoc/certificate.yaml @@ -0,0 +1,12 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: hedgedoc-cert + namespace: istio-system +spec: + secretName: hedgedoc-cert + issuerRef: + name: letsencrypt-dns + kind: ClusterIssuer + dnsNames: + - hdoc.gwg313.xyz diff --git a/hedgedoc/configmap-hedgedoc.yaml b/hedgedoc/configmap-hedgedoc.yaml new file mode 100644 index 0000000..ad7932b --- /dev/null +++ b/hedgedoc/configmap-hedgedoc.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: hedgedoc-config + namespace: hedgedoc +data: + HD_BASE_URL: https://hdoc.gwg313.xyz diff --git a/hedgedoc/configmap-postgres.yaml b/hedgedoc/configmap-postgres.yaml new file mode 100644 index 0000000..acb5c33 --- /dev/null +++ b/hedgedoc/configmap-postgres.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: postgresql-config + namespace: hedgedoc +data: + POSTGRESQL_FSYNC: "on" + POSTGRESQL_SYNCHRONOUS_COMMIT: "on" + POSTGRESQL_FULL_PAGE_WRITES: "on" + POSTGRESQL_WAL_LEVEL: "replica" + POSTGRESQL_ARCHIVE_MODE: "on" + POSTGRESQL_MAX_WAL_SIZE: "2GB" + POSTGRESQL_MIN_WAL_SIZE: "1GB" + POSTGRESQL_CHECKPOINT_TIMEOUT: "5min" + POSTGRESQL_LOG_CONNECTIONS: "on" + POSTGRESQL_LOG_DISCONNECTIONS: "on" + POSTGRESQL_LOG_STATEMENT: "all" + POSTGRESQL_LOG_DURATION: "1000" + POSTGRESQL_AUTOVACUUM: "on" + POSTGRESQL_VACUUM_COST_DELAY: "20ms" + POSTGRESQL_LOG_TIMEZONE: "UTC" + POSTGRESQL_LOG_CHECKPOINTS: "on" + POSTGRESQL_LOG_ERROR_VERBOSITY: "verbose" + POSTGRESQL_HOT_STANDBY: "on" + POSTGRESQL_ARCHIVE_TIMEOUT: "60s" diff --git a/hedgedoc/deployment-backend.yaml b/hedgedoc/deployment-backend.yaml new file mode 100644 index 0000000..e5992da --- /dev/null +++ b/hedgedoc/deployment-backend.yaml @@ -0,0 +1,71 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: +apiVersion: apps/v1 +kind: Deployment +metadata: + name: hedgedoc-backend + namespace: hedgedoc +spec: + replicas: 1 + selector: + matchLabels: + app: hedgedoc-backend + template: + metadata: + labels: + app: hedgedoc-backend + spec: + containers: + - name: backend + image: ghcr.io/hedgedoc/hedgedoc/backend:develop + env: + - name: HD_BASE_URL + valueFrom: + configMapKeyRef: + name: hedgedoc-config + key: HD_BASE_URL + + + - name: HD_AUTH_LOCAL_ENABLE_LOGIN + value: "true" + - name: HD_AUTH_LOCAL_ENABLE_REGISTER + value: "true" + - name: HD_MEDIA_BACKEND + value: "filesystem" + - name: HD_MEDIA_BACKEND_FILESYSTEM_UPLOAD_PATH + value: "/usr/src/app/backend/uploads" + - name: HD_DATABASE_TYPE + value: "postgres" + - name: HD_DATABASE_HOST + value: hedgedoc-db + - name: HD_DATABASE_PORT + value: "5432" + - name: HD_DATABASE_NAME + valueFrom: + secretKeyRef: + name: hedgedoc-secret + key: POSTGRESQL_DATABASE + - name: HD_DATABASE_USERNAME + valueFrom: + secretKeyRef: + name: hedgedoc-secret + key: POSTGRESQL_USERNAME + - name: HD_DATABASE_PASSWORD + valueFrom: + secretKeyRef: + name: hedgedoc-secret + key: POSTGRESQL_PASSWORD + - name: HD_SESSION_SECRET + valueFrom: + secretKeyRef: + name: hedgedoc-secret + key: HD_SESSION_SECRET + + volumeMounts: + - name: uploads + mountPath: /usr/src/app/backend/uploads + volumes: + - name: uploads + persistentVolumeClaim: + claimName: hedgedoc-uploads-pvc diff --git a/hedgedoc/deployment-frontend.yaml b/hedgedoc/deployment-frontend.yaml new file mode 100644 index 0000000..2681260 --- /dev/null +++ b/hedgedoc/deployment-frontend.yaml @@ -0,0 +1,24 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: hedgedoc-frontend + namespace: hedgedoc +spec: + replicas: 1 + selector: + matchLabels: + app: hedgedoc-frontend + template: + metadata: + labels: + app: hedgedoc-frontend + spec: + containers: + - name: frontend + image: ghcr.io/hedgedoc/hedgedoc/frontend:develop + env: + - name: HD_BASE_URL + valueFrom: + configMapKeyRef: + name: hedgedoc-config + key: HD_BASE_URL diff --git a/hedgedoc/deployment-postgres.yaml b/hedgedoc/deployment-postgres.yaml new file mode 100644 index 0000000..3db0f54 --- /dev/null +++ b/hedgedoc/deployment-postgres.yaml @@ -0,0 +1,47 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: hedgedoc-db + namespace: hedgedoc +spec: + replicas: 1 + selector: + matchLabels: + app: hedgedoc-db + template: + metadata: + labels: + app: hedgedoc-db + spec: + containers: + - name: postgresql + image: bitnami/postgresql:15 + envFrom: + - configMapRef: + name: postgresql-config + env: + - name: POSTGRESQL_USERNAME + valueFrom: + secretKeyRef: + name: hedgedoc-secret + key: POSTGRESQL_USERNAME + - name: POSTGRESQL_PASSWORD + valueFrom: + secretKeyRef: + name: hedgedoc-secret + key: POSTGRESQL_PASSWORD + - name: POSTGRESQL_DATABASE + valueFrom: + secretKeyRef: + name: hedgedoc-secret + key: POSTGRESQL_DATABASE + volumeMounts: + - name: db-data + mountPath: /bitnami/postgresql + volumes: + - name: db-data + persistentVolumeClaim: + claimName: hedgedoc-db-pvc + securityContext: + runAsUser: 999 # Ensure the container runs as the 'postgres' user (UID 999) + fsGroup: 999 # Ensure the filesystem group is 'postgres' (GID 999) diff --git a/hedgedoc/gateway.yaml b/hedgedoc/gateway.yaml new file mode 100644 index 0000000..f4fc110 --- /dev/null +++ b/hedgedoc/gateway.yaml @@ -0,0 +1,18 @@ +apiVersion: networking.istio.io/v1beta1 +kind: Gateway +metadata: + name: hedgedoc-gateway + namespace: hedgedoc +spec: + selector: + istio: gateway + servers: + - port: + number: 443 + name: https + protocol: HTTPS + tls: + mode: SIMPLE + credentialName: hedgedoc-cert + hosts: + - hdoc.gwg313.xyz diff --git a/hedgedoc/hedgedoc-secrets-sealed.yaml b/hedgedoc/hedgedoc-secrets-sealed.yaml new file mode 100644 index 0000000..e2ffe5c --- /dev/null +++ b/hedgedoc/hedgedoc-secrets-sealed.yaml @@ -0,0 +1,19 @@ +--- +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: hedgedoc-secret + namespace: hedgedoc +spec: + encryptedData: + HD_SESSION_SECRET: AgCZ7mWhyRYkO1A1Vdr41ix4sSqP1wGykx/8JE7IJQLRUVhmKe6omIF5fvnMTUxnirwaVjxBkBqr5FapLtRUnhLvnOAFRNwCPJJxNLPzNsSfXbSRANJdQCE32FyyGQFhyxywlPLML1IcUUr525uLVTgz6QLAFnyf7vnuB9c18KaPTEPOwOkea8uKXlCZ2gtxmPvgdNOpIq5c7z/DAyjMd8ou35umR8f0DQng/aV8YA8KcJ71xouemqL89iy3S2Q9jiniCpikFB4Y7tMXx1hxd+yesqMxTLHCJjqTvL71+9Tx7gAvcZmZNy576ECAUFUOLsqjGRZF70KqgIPOhUTEHAfAd8+WlSwMFh4giIFOrbs78aCmfLTmjf6Xgaror657Q5LiPg2LFgRawZmHEUQCpKfgJbjTuDret25l8XY+8Q4jGBp7PQXul59xFxIkW4XZ/n2LmcuVm0MTywcUq4cA3Xy4cn8IWz0i4odtrAQzJnZhNOF/8yJA4XthqfVnsDOSGE9EqVp3bYIFufDnsE/fRr43Sb7msCWytg1AUM0pbCtx9s/Fost967aaeCXDZYXDeh3/8B4/qBL5+01NPhMAJ/Sa2r2fBLI1PaekcQ3wE2GRxC6AUX1teYvqqf06Xbnhn4ZuHKeWF/p1fHlo71GQ1PbKLowPsoJr/sfM9vszHGnenTmsILkiKegq/eKtXpOydRmfNjTYClEssfYCN145f1yO1DTB6w== + POSTGRESQL_DATABASE: AgBh429qRp/3CWIb4XYcA3qORVhrfMpTm1W5P2muJMKbdSnQuOYXKNYs0tYSC5CauUthtBxKjmHmyATAs+373k4l3kNuKzwmBnkp173PnDIFXPFwJ2O0QFzOABR09xPDcFMwmTcWz4t5xjF+MPNib1EyagaTT+o6LjVpXj8AmtHIib2YwmR0XpcluvBubYPE454n9noWHRTMen5EWLBCJ1I5RkDQ6WIclSTKwOl9ra6A4IPk47+MUSaz/q06dEEhnR0HlPJimlR282MmgZ7/vhGqYbUDY+8Mr0g6UtIDCyzoBZt5Jmh88RRCX03GI7SMaJ47VQofRQxEfxB1UfHoMVB1a2uKkH5ZUFKonyGMC4GJs128hdKS2lcMGVE6lVRPkORVhHuxKiUtZxVG1Vz3rqClNk5C5lkNRI8o6vRhX95JvwqPra6GQPL5rdywtj54x+Erh8OVo/7aF/9ASN7ZvuLhDZ6HdWaNXN5VA6lG6USQyKh8KRr0+IDxmKqhbYiybzaSDj2dPD7j741jeSGmqiduM4CKGOlrpUok1/Iq1u9LOdSFeYO4oMGdom7gUhVkgFDaU2FtfHNw/UFIGVk/n9UJFfCntrul9g/0WViV3ZVvTVeHnZ6jU4td/XxvoTvpM73cdvbl/miiLrzcqHPlo55Lb6dktAXummc+oK2PgXilTlDVyhjlewdI87LwxXroMtEWnJ7lwhy75Q== + POSTGRESQL_PASSWORD: AgAPFubjxzoqlTht8sAiq0/FsHV1AvGgHK2h0oSoE1H4WzfFcaXPVvmnU/spvIQAM/Hih5rILMIFduaLQZLltn3rl8JR/OgjMoXWK0R3bqqFUuEMZBP7i15F0zm6dN+12GT0obR1rbXaNN1R9/G5Ee0URHQrsnZIlk0tyAVX/yK971vPEyyJcCNh4DfIhDRabj8y5LuB3tASVVsTl19BrN2nsX1J8M7YMxjQF5O/gL/g7u9huppat6IPg7QLaKP2dbBz01Yyb2P7R2IReV8HHWNvhUVXGhKfbVYYLXK4l97I1auNm5gC0WVJYmXRx8vx6gWU125/XeMEkC7672ILz+RqCD7h9PtWYHS45sQ6M6pJGZTZ1HRVywIFJysMJCXUL5SStoeEPhttCT45FaDQkl491vHTp81eyAbrmw61+2VB5yfse86vP1ppD2gIm71Wmc9pvMrePnQLjs3J6s6hxE70Kp+YPHDjopZb4vzclMPjKikeER9XOCX3Vmb7JG2hpcigyjp+kTuluLytX5Fmy6YIF1MM5gqwU8eXVIWMB+TcRJoqQsJb9ialFyM1kO2UV8hYKDoLN5lpKw5Cz6aRkVMtQ4mIdatgpEOaKIC/xt9/I263tKrNXIWWtI8+75x/1nj9t9ZiyyuokHyy32Z3pgDlAfKKugVSBVUsUZ2TReQHDiCPmBk84OGvjaZwPpMJcp5Pnh5tAgkYgL9PrOGCzdzM + POSTGRESQL_USERNAME: AgClUR3BTiJl2XQAnce6Y8T6tJOEVi/eB1uNztaRfQfcALEHZ32cAE1ENSAkwqLPPm2lLUT5Z7VDOG2G3RnW7KudutfpSEuwNQ7xlRRuD2oGT1t6NikVn7RTG9NxpPPd3sw+pzZEWoR1xxfpsXPochMMmgm+AED2QimAs7m9z7UoyxPMthYq0t+6wD0PP3R9VgXhC/VD0+oJM3bEd4WNcGayHXqMNB4QJfQD20vfb47tmIAt+oXTXyeRqSSXYQ4AyJdUexaeCs7xWDH6QG/GYaERM05pB+/RPp3stjyamyjcwrH46pAld1BYUnPmJn07aQqfmWyipWYYnYH4R1hphhZ1pPkXqUK+X5K4690yeZREPY57ya+ZbgYvaIA8Q3ieTuH1fhYgMS4hSIwIWKp/0OtEaWU9+PCFNJe+HEAZizr66lBo8QVmj3d5OiBN83WNBv0Icr2cIldk6mnDw60O0cEUszWRtZ86sQ5qqlFKK5zSK7jz2NnZx51CcxaVaY8NsyUbn2mPNKZgmHGXqwEUeGMZioJ24Lggk2MRbzc0GvQghM5Q1TZrsCmwbIsXjProQDHVRYRLjEEYRegMlSxZEoOp6SOTdSE+hi96UkTQQkVQEtH7o4pxggQdwAjxC1mFeFKRMccgGQmI+JV6h6MjLekGTnzLdniDFfNUp34cbjRAaJMmtBapOKO1jhNwJVqKtdkdpn20rP+QmQ== + template: + metadata: + creationTimestamp: null + name: hedgedoc-secret + namespace: hedgedoc + type: Opaque diff --git a/hedgedoc/iscsi-secrets-sealed.yaml b/hedgedoc/iscsi-secrets-sealed.yaml new file mode 100644 index 0000000..5eb0bbe --- /dev/null +++ b/hedgedoc/iscsi-secrets-sealed.yaml @@ -0,0 +1,19 @@ +--- +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: hedgedoc-iscsi-auth + namespace: hedgedoc +spec: + encryptedData: + discovery.sendtargets.auth.password: AgCpz8js4W7jC3hNlXsA4PA1QPY+AlXokzx4QczqeZnUU+/5zDUSgIvV35g7WH9IRRK2pdnNV2/+D6TUTV0NSZmuHvsI1fe+sUnjggmlxj2QXNObhyogI3RqOJ5ruKKg524i2GF6k1F83H+LumfWx4SCUwxm3E08k3KQ7HR8qubdds/agRkAXzWvw6RXSFUB5FSdgJOaNOgVi2ukSbDe9LZB3aJms6GKQ8xd/NGiAMMTIGbzCHVEdioiEcQqzy1OdcXCPKXaC0ULooN94igyKFqXtyVcozekHLjTaugMqba0YEVkNHve+WluArQe++6lK0xyygpq8EVkRgV85WO6rGlaE1ZZeroFvGk/dRYgOL7L/xbItNnYIsIF8EhybsFkffd843pUNyBljvLyutZOrb3CafCdHV37dlOj8m6tfUtEDsMUXa/R4wLYFP8IpsZSH1VoJCzys+j5b2w3UI9IiXW9gH0EA8h5Z0WDrqtGqdLFRsK2eeNbhJaFP+Pl+RT/hXxXsdNOOm8yKFl2rXWpbwugvQ6ck/mn7j4scxHo6HIEoFPhjESpmBVpGc5a0vWYEiLRU8SqJEgHu9d5PZq5+TDAQIOlsFRUeQ13gKF+TnIwKLWIESwxTho0NwO4D3cKV9jPJReFATueS4dTTMyORSdsJXGLv2uBQsbNwOKuT7Lhc7QC8Or41Jeaj+VDIocyYAz0B3mZbBV8DAzakkTuCHsT + discovery.sendtargets.auth.username: AgA1VFDRwgAonFJ2VSjiZD2gFbLpak5n4NpSTtXdKdhtqyk8kKYtBMSQZGpEY/tUBxewaXpPc2CpnD1ph/Wf7/04QjjGuV6oIT2MBQ9PKFjxFQVZTpGX+rsTGZlrrmBEjjy0FQRPxG7pUyUfrTZPnlGQtIcFoj8xonKlF2NFF8OWVvdxlt8v0Ht5GyW0XJ4b+9SoaU7/PbQ+C1qIZI0LXoexJ42DquA5TfRScDs6L/8wBluIQvqJg+P+CtiBIjQQZ80WWWRVp9oQ+BcOI7aJ8h2WWtbSh9D9D0OfUoAyXNzzVV/ugAvBcGxUZtrpGXoVGRnY44zysiKGgMB6I//Il0GlOJXYnzeG756zw9qq/n8F51N6XtWZ3OslNhFcklUmBf4biGhx0qPLZx0Rt/W5EwG5FSPb/+Q7f7Xohg0Ehtz7bKNex7hIbmGxPNcFq29j4m5AcHlDzUxxjwwhlOtmgPSaviNzw1JMNBH7mEeqvgZ5izvQ2yv53zIwQjQ0jk1oe9R8QXxefq8Sm1VgruLCmyFtGolNvBBbHmq20EjLI6rWJbZ9icU7U0Z+1OUyk6W8KJOtBvgby6GN/pcX/3Emo1+ijQNGZWh3lWQA3hkvrk+bQ2+DWZS7vdTdr6Wlk9BqPbMAYkro2i7pcgqmODn3H33cEztdkLzMsnapYwul0ycpGPDVOeUSb0PMFLjKSCc6yL25tkx1nwYvDw== + node.session.auth.password: AgAh0iBW8jwOUQQRxYFgV2Nw5+n45E/yN3llbgYqYvSTmE2n/dk6g/t7K3YjhQE0uD38yqv69KgkqgJdV8rWkdc9WD970Pl2iysZru6PIXmSmbFXdWuTe0KK/WN35k+vABIjgE1/dkzpw/JFq3en+NtVzHNbYTQY9R4rbRXIBE67hTQQWkET80le4wMkq5ssfdijRJDwFpU9GTvJmTTSdjl4mpuA/K/S+r7HffbZmjgQUwtyT71wZB/661h25ufRFXIJnc6rf30F+osZcEQ3+u87Q0s6+ydIiXN5a3bSPOp7IlcjuzBDzMAVAoRcfNWJtacXSO9LH5u/nSp2jkUfQThp3YhjQSjgCXQ7qmmkAvB7LUq49HS8jM1AvWUChJDKSBW3AmVJrHJlUBGggR3e7cCG7fPcEcq9wDeTiJ8bD9pvRW1h1sY9RZATeT0EJdWMzhwRU7srlyw0MT7c7mBOgAzFOmkm10SKmKvsfD8Cer8nrfuSiYGZcm+OPyaBYbBpu1xLtEvGuKj90s2ZMA8WWfBOlIGRhqnO7ijn+lc5vei9zrfpZGm8bO5AFtD3ePSAFRIRyHHrDzLcHbSUHbKZCiObF+y4t6pmlSYyNoPynebDjM9OqAfY0ydX0FQz8Caew2uax51b5FBnQFF/9au8wfQBod71N1khFBHUou6VseX+wYBUOBgvTjCNafov0xRWMUdDl3HqpHLQsspJd7Yk1HH0 + node.session.auth.username: AgBs01Cdxdpv3hluT+H/nUPwlSrY+/2CzaLVWKG7EqK7VzmxkVk12y71XpNW81WOhk1VHHqn3/2z3omefEB2QXXY1QakScHv/J6N1FHMwrylJl1otCTFow/wgjvJe5DlNQz+P1JV0ve/7wNFI0OODbdCT80mMH1xjemmSCb2fq10RmmzuOcyZZFz5r+L03jUUmlydTrkGCMXP9A47ItHOzzegvOoXzoQpJp6Rk1Lda58e0BlW7fq/hP5b5oGKoYP/0c3CGpEJAMUJDIkrjAyLKh7+nI+hZTisn5H/nI/xb3KP5tic5jOUhoFXLObKYOL51DlF6ug3RQ/I7dL8mAJDB76Krh22wEgQntSkAVp1HZZH9+3+fFqwsOuVdP0PzJa/xrhKcIuT/IMG429Gm39GXzrz69jHdsaKy7Y1jXNFPDzr4r1CJ5PCAjoqlIqQUxMoT+RfmFmQRWWYTLOmlnMHmgLIO8vjHfZ2KPiG6rilHFnAU4DhQBhen9hnPXW9fO8MJ5zqRbqiTHds2JkRaQ1Wn83oWbzFItpTAWfm7mOeAiQcPiFBr36pwhPnuG8g2VpGeqN56Q21fKn/86eSOWqjzCu0aAUc66p6JOYrqRZc1cpITENigv9JxMrvCz6olaEkuss1yoFhajE3Y0f9uq+qlrmpzCIPZiYgi3c9iI1yUOHJiaGqbe0JOfDERfYJjWJXG39TV1C4m2iqw== + template: + metadata: + creationTimestamp: null + name: hedgedoc-iscsi-auth + namespace: hedgedoc + type: kubernetes.io/iscsi-chap diff --git a/hedgedoc/pvcs.yaml b/hedgedoc/pvcs.yaml new file mode 100644 index 0000000..34124bc --- /dev/null +++ b/hedgedoc/pvcs.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: hedgedoc-uploads-pvc + namespace: hedgedoc +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + volumeName: hedgedoc-uploads-pv +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: hedgedoc-db-pvc + namespace: hedgedoc +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi + volumeName: hedgedoc-db-pv diff --git a/hedgedoc/pvs.yaml b/hedgedoc/pvs.yaml new file mode 100644 index 0000000..62a0d8a --- /dev/null +++ b/hedgedoc/pvs.yaml @@ -0,0 +1,46 @@ +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: hedgedoc-uploads-pv +spec: + capacity: + storage: 20Gi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + iscsi: + targetPortal: truenas.local.gwg313.xyz:3260 + iqn: iqn.2005-10.org.freenas.ctl:hedgedoc-data + lun: 0 + fsType: ext4 + chapAuthDiscovery: true + chapAuthSession: true + secretRef: + name: hedgedoc-iscsi-auth + claimRef: + namespace: hedgedoc + name: hedgedoc-uploads-pvc +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: hedgedoc-db-pv +spec: + capacity: + storage: 5Gi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + iscsi: + targetPortal: truenas.local.gwg313.xyz:3260 + iqn: iqn.2005-10.org.freenas.ctl:hedgedoc-database + lun: 1 + fsType: ext4 + chapAuthDiscovery: true + chapAuthSession: true + secretRef: + name: hedgedoc-iscsi-auth + claimRef: + namespace: hedgedoc + name: hedgedoc-db-pvc diff --git a/hedgedoc/services.yaml b/hedgedoc/services.yaml new file mode 100644 index 0000000..e7339cf --- /dev/null +++ b/hedgedoc/services.yaml @@ -0,0 +1,38 @@ +apiVersion: v1 +kind: Service +metadata: + name: hedgedoc-backend + namespace: hedgedoc +spec: + selector: + app: hedgedoc-backend + ports: + - protocol: TCP + port: 3000 + targetPort: 3000 +--- +apiVersion: v1 +kind: Service +metadata: + name: hedgedoc-frontend + namespace: hedgedoc +spec: + selector: + app: hedgedoc-frontend + ports: + - protocol: TCP + port: 80 + targetPort: 3001 +--- +apiVersion: v1 +kind: Service +metadata: + name: hedgedoc-db + namespace: hedgedoc +spec: + selector: + app: hedgedoc-db + ports: + - protocol: TCP + port: 5432 + targetPort: 5432 diff --git a/hedgedoc/virtualservice.yaml b/hedgedoc/virtualservice.yaml new file mode 100644 index 0000000..f9ecb9e --- /dev/null +++ b/hedgedoc/virtualservice.yaml @@ -0,0 +1,35 @@ +apiVersion: networking.istio.io/v1beta1 +kind: VirtualService +metadata: + name: hedgedoc + namespace: hedgedoc +spec: + hosts: + - hdoc.gwg313.xyz + gateways: + - hedgedoc-gateway + http: + - match: + - uri: + prefix: /api/ + - uri: + prefix: /realtime + - uri: + prefix: /uploads/ + - uri: + prefix: /public/ + - uri: + prefix: /apidoc/ + route: + - destination: + host: hedgedoc-backend + port: + number: 3000 + - match: + - uri: + prefix: / + route: + - destination: + host: hedgedoc-frontend + port: + number: 80