diff --git a/paperless-ngx/gotenberg.yaml b/paperless-ngx/gotenberg.yaml new file mode 100644 index 0000000..d3d3b75 --- /dev/null +++ b/paperless-ngx/gotenberg.yaml @@ -0,0 +1,65 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: gotenberg + app.kubernetes.io/component: gotenberg + app.kubernetes.io/instance: paperless-ngx + app.kubernetes.io/part-of: paperless-ngx + name: gotenberg + namespace: paperless-ngx +spec: + ports: + - name: gotenberg + port: 3000 + selector: + app.kubernetes.io/name: gotenberg + app.kubernetes.io/component: gotenberg + app.kubernetes.io/instance: paperless-ngx + type: ClusterIP + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: gotenberg + namespace: paperless-ngx + labels: + app.kubernetes.io/name: gotenberg + app.kubernetes.io/component: gotenberg + app.kubernetes.io/instance: paperless-ngx + app.kubernetes.io/part-of: paperless-ngx +spec: + selector: + matchLabels: + app.kubernetes.io/name: gotenberg + app.kubernetes.io/component: gotenberg + app.kubernetes.io/instance: paperless-ngx + template: + metadata: + labels: + app.kubernetes.io/name: gotenberg + app.kubernetes.io/component: gotenberg + app.kubernetes.io/instance: paperless-ngx + spec: + containers: + - name: gotenberg + image: docker.io/gotenberg/gotenberg:7.5.4 + imagePullPolicy: IfNotPresent + command: + - gotenberg + - --chromium-disable-javascript=true + - --chromium-allow-list=file:///tmp/.* + securityContext: + runAsNonRoot: true + readOnlyRootFilesystem: true + runAsUser: 1000 + runAsGroup: 1000 + volumeMounts: + - name: tmp + mountPath: /tmp + securityContext: + fsGroup: 1000 + volumes: + - name: tmp + emptyDir: diff --git a/paperless-ngx/kustomization.yaml b/paperless-ngx/kustomization.yaml index 3be80f1..91fe3fe 100644 --- a/paperless-ngx/kustomization.yaml +++ b/paperless-ngx/kustomization.yaml @@ -1,10 +1,31 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization +namespace: paperless-ngx + +labels: +- pairs: + app.kubernetes.io/instance: paperless-ngx + resources: +- namespace.yaml +- redis.yaml +- gotenberg.yaml +- tika.yaml - paperless-ngx.yaml - ingress.yaml +configMapGenerator: +- name: paperless-cmd + files: + - paperless_cmd.sh + options: + labels: + app.kubernetes.io/name: paperless_cmd.sh + app.kubernetes.io/component: paperless-ngx + app.kubernetes.io/part-of: paperless-ngx + disableNameSuffixHash: true + patches: - target: kind: StatefulSet diff --git a/paperless-ngx/namespace.yaml b/paperless-ngx/namespace.yaml new file mode 100644 index 0000000..48bbe95 --- /dev/null +++ b/paperless-ngx/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: paperless-ngx diff --git a/paperless-ngx/paperless-ngx.yaml b/paperless-ngx/paperless-ngx.yaml index aed94a5..3b27b63 100644 --- a/paperless-ngx/paperless-ngx.yaml +++ b/paperless-ngx/paperless-ngx.yaml @@ -1,29 +1,4 @@ apiVersion: v1 -kind: Namespace -metadata: - name: paperless-ngx - labels: - app.kubernetes.io/instance: paperless-ngx - ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: paperless-cmd - namespace: paperless-ngx - labels: - app.kubernetes.io/name: paperless_cmd.sh - app.kubernetes.io/component: paperless-ngx - app.kubernetes.io/instance: paperless-ngx - app.kubernetes.io/part-of: paperless-ngx -data: - paperless_cmd.sh: |+ - #!/bin/sh - - exec /usr/local/bin/supervisord -c /etc/supervisord.conf --user paperless - ---- -apiVersion: v1 kind: PersistentVolumeClaim metadata: name: paperless-ngx @@ -40,27 +15,6 @@ spec: requests: storage: 20Gi ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/name: redis - app.kubernetes.io/component: redis - app.kubernetes.io/instance: paperless-ngx - app.kubernetes.io/part-of: paperless-ngx - name: redis - namespace: paperless-ngx -spec: - ports: - - name: redis - port: 6379 - selector: - app.kubernetes.io/name: redis - app.kubernetes.io/component: redis - app.kubernetes.io/instance: paperless-ngx - type: ClusterIP - --- apiVersion: v1 kind: Service @@ -82,113 +36,6 @@ spec: app.kubernetes.io/instance: paperless-ngx type: ClusterIP ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/name: gotenberg - app.kubernetes.io/component: gotenberg - app.kubernetes.io/instance: paperless-ngx - app.kubernetes.io/part-of: paperless-ngx - name: gotenberg - namespace: paperless-ngx -spec: - ports: - - name: gotenberg - port: 3000 - selector: - app.kubernetes.io/name: gotenberg - app.kubernetes.io/component: gotenberg - app.kubernetes.io/instance: paperless-ngx - type: ClusterIP - ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/name: tika - app.kubernetes.io/component: tika - app.kubernetes.io/instance: paperless-ngx - app.kubernetes.io/part-of: paperless-ngx - name: tika - namespace: paperless-ngx -spec: - ports: - - name: tika - port: 9998 - selector: - app.kubernetes.io/name: tika - app.kubernetes.io/component: tika - app.kubernetes.io/instance: paperless-ngx - type: ClusterIP - ---- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: redis - namespace: paperless-ngx - labels: - app.kubernetes.io/name: redis - app.kubernetes.io/component: redis - app.kubernetes.io/instance: paperless-ngx - app.kubernetes.io/part-of: paperless-ngx -spec: - serviceName: redis - selector: - matchLabels: - app.kubernetes.io/name: redis - app.kubernetes.io/component: redis - app.kubernetes.io/instance: paperless-ngx - template: - metadata: - labels: - app.kubernetes.io/name: redis - app.kubernetes.io/component: redis - app.kubernetes.io/instance: paperless-ngx - spec: - containers: - - name: redis - image: docker.io/library/redis:7 - imagePullPolicy: IfNotPresent - ports: - - name: redis - containerPort: 6379 - securityContext: - runAsNonRoot: true - readOnlyRootFilesystem: true - runAsUser: 1000 - runAsGroup: 1000 - volumeMounts: - - name: data - mountPath: /data - subPath: data - - name: tmp - mountPath: /tmp - securityContext: - fsGroup: 1000 - volumes: - - name: tmp - emptyDir: - volumeClaimTemplates: - - apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - name: data - labels: - app.kubernetes.io/name: redis - app.kubernetes.io/component: redis - app.kubernetes.io/part-of: paperless-ngx - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 2Gi - - --- apiVersion: apps/v1 kind: StatefulSet @@ -299,91 +146,3 @@ spec: - name: run emptyDir: medium: Memory - ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: gotenberg - namespace: paperless-ngx - labels: - app.kubernetes.io/name: gotenberg - app.kubernetes.io/component: gotenberg - app.kubernetes.io/instance: paperless-ngx - app.kubernetes.io/part-of: paperless-ngx -spec: - selector: - matchLabels: - app.kubernetes.io/name: gotenberg - app.kubernetes.io/component: gotenberg - app.kubernetes.io/instance: paperless-ngx - template: - metadata: - labels: - app.kubernetes.io/name: gotenberg - app.kubernetes.io/component: gotenberg - app.kubernetes.io/instance: paperless-ngx - spec: - containers: - - name: gotenberg - image: docker.io/gotenberg/gotenberg:7.5.4 - imagePullPolicy: IfNotPresent - command: - - gotenberg - - --chromium-disable-javascript=true - - --chromium-allow-list=file:///tmp/.* - securityContext: - runAsNonRoot: true - readOnlyRootFilesystem: true - runAsUser: 1000 - runAsGroup: 1000 - volumeMounts: - - name: tmp - mountPath: /tmp - securityContext: - fsGroup: 1000 - volumes: - - name: tmp - emptyDir: - ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: tika - namespace: paperless-ngx - labels: - app.kubernetes.io/name: tika - app.kubernetes.io/component: tika - app.kubernetes.io/instance: paperless-ngx - app.kubernetes.io/part-of: paperless-ngx -spec: - selector: - matchLabels: - app.kubernetes.io/name: tika - app.kubernetes.io/component: tika - app.kubernetes.io/instance: paperless-ngx - template: - metadata: - labels: - app.kubernetes.io/name: tika - app.kubernetes.io/component: tika - app.kubernetes.io/instance: paperless-ngx - spec: - containers: - - name: tika - image: docker.io/apache/tika:2.5.0 - imagePullPolicy: IfNotPresent - securityContext: - runAsNonRoot: true - readOnlyRootFilesystem: true - runAsUser: 1000 - runAsGroup: 1000 - volumeMounts: - - name: tmp - mountPath: /tmp - securityContext: - fsGroup: 1000 - volumes: - - name: tmp - emptyDir: diff --git a/paperless-ngx/paperless_cmd.sh b/paperless-ngx/paperless_cmd.sh new file mode 100644 index 0000000..e3d995e --- /dev/null +++ b/paperless-ngx/paperless_cmd.sh @@ -0,0 +1,4 @@ +#!/bin/sh + +exec /usr/local/bin/supervisord -c /etc/supervisord.conf --user paperless + diff --git a/paperless-ngx/redis.yaml b/paperless-ngx/redis.yaml new file mode 100644 index 0000000..3a4401a --- /dev/null +++ b/paperless-ngx/redis.yaml @@ -0,0 +1,83 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: redis + app.kubernetes.io/component: redis + app.kubernetes.io/instance: paperless-ngx + app.kubernetes.io/part-of: paperless-ngx + name: redis + namespace: paperless-ngx +spec: + ports: + - name: redis + port: 6379 + selector: + app.kubernetes.io/name: redis + app.kubernetes.io/component: redis + app.kubernetes.io/instance: paperless-ngx + type: ClusterIP + +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: redis + namespace: paperless-ngx + labels: + app.kubernetes.io/name: redis + app.kubernetes.io/component: redis + app.kubernetes.io/instance: paperless-ngx + app.kubernetes.io/part-of: paperless-ngx +spec: + serviceName: redis + selector: + matchLabels: + app.kubernetes.io/name: redis + app.kubernetes.io/component: redis + app.kubernetes.io/instance: paperless-ngx + template: + metadata: + labels: + app.kubernetes.io/name: redis + app.kubernetes.io/component: redis + app.kubernetes.io/instance: paperless-ngx + spec: + containers: + - name: redis + image: docker.io/library/redis:7 + imagePullPolicy: IfNotPresent + ports: + - name: redis + containerPort: 6379 + securityContext: + runAsNonRoot: true + readOnlyRootFilesystem: true + runAsUser: 1000 + runAsGroup: 1000 + volumeMounts: + - name: data + mountPath: /data + subPath: data + - name: tmp + mountPath: /tmp + securityContext: + fsGroup: 1000 + volumes: + - name: tmp + emptyDir: + volumeClaimTemplates: + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: data + labels: + app.kubernetes.io/name: redis + app.kubernetes.io/component: redis + app.kubernetes.io/part-of: paperless-ngx + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 2Gi diff --git a/paperless-ngx/tika.yaml b/paperless-ngx/tika.yaml new file mode 100644 index 0000000..0a691f7 --- /dev/null +++ b/paperless-ngx/tika.yaml @@ -0,0 +1,61 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: tika + app.kubernetes.io/component: tika + app.kubernetes.io/instance: paperless-ngx + app.kubernetes.io/part-of: paperless-ngx + name: tika + namespace: paperless-ngx +spec: + ports: + - name: tika + port: 9998 + selector: + app.kubernetes.io/name: tika + app.kubernetes.io/component: tika + app.kubernetes.io/instance: paperless-ngx + type: ClusterIP + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tika + namespace: paperless-ngx + labels: + app.kubernetes.io/name: tika + app.kubernetes.io/component: tika + app.kubernetes.io/instance: paperless-ngx + app.kubernetes.io/part-of: paperless-ngx +spec: + selector: + matchLabels: + app.kubernetes.io/name: tika + app.kubernetes.io/component: tika + app.kubernetes.io/instance: paperless-ngx + template: + metadata: + labels: + app.kubernetes.io/name: tika + app.kubernetes.io/component: tika + app.kubernetes.io/instance: paperless-ngx + spec: + containers: + - name: tika + image: docker.io/apache/tika:2.5.0 + imagePullPolicy: IfNotPresent + securityContext: + runAsNonRoot: true + readOnlyRootFilesystem: true + runAsUser: 1000 + runAsGroup: 1000 + volumeMounts: + - name: tmp + mountPath: /tmp + securityContext: + fsGroup: 1000 + volumes: + - name: tmp + emptyDir: