Dustin C. Hatch
a2225e583e
Using a volume claim template to define the persistent volume claim for the Redis pod has two advantages: first, it enables using clustered Redis, if we decide that becomes necessary, and second, it makes deleteing and recreating the volume easier in the case of data corruption. Simply scale down the StatefulSet to 0, delete the PVC, and scale the StatefulSet back up.
390 lines
9.4 KiB
YAML
390 lines
9.4 KiB
YAML
apiVersion: v1
|
|
kind: Namespace
|
|
metadata:
|
|
name: paperless-ngx
|
|
labels:
|
|
app.kubernetes.io/instance: paperless-ngx
|
|
|
|
---
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: paperless-cmd
|
|
namespace: paperless-ngx
|
|
labels:
|
|
app.kubernetes.io/name: paperless_cmd.sh
|
|
app.kubernetes.io/component: paperless-ngx
|
|
app.kubernetes.io/instance: paperless-ngx
|
|
app.kubernetes.io/part-of: paperless-ngx
|
|
data:
|
|
paperless_cmd.sh: |+
|
|
#!/bin/sh
|
|
|
|
exec /usr/local/bin/supervisord -c /etc/supervisord.conf --user paperless
|
|
|
|
---
|
|
apiVersion: v1
|
|
kind: PersistentVolumeClaim
|
|
metadata:
|
|
name: paperless-ngx
|
|
namespace: paperless-ngx
|
|
labels:
|
|
app.kubernetes.io/name: data
|
|
app.kubernetes.io/component: paperless-ngx
|
|
app.kubernetes.io/instance: paperless-ngx
|
|
app.kubernetes.io/part-of: paperless-ngx
|
|
spec:
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
resources:
|
|
requests:
|
|
storage: 20Gi
|
|
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: redis
|
|
app.kubernetes.io/component: redis
|
|
app.kubernetes.io/instance: paperless-ngx
|
|
app.kubernetes.io/part-of: paperless-ngx
|
|
name: redis
|
|
namespace: paperless-ngx
|
|
spec:
|
|
ports:
|
|
- name: redis
|
|
port: 6379
|
|
selector:
|
|
app.kubernetes.io/name: redis
|
|
app.kubernetes.io/component: redis
|
|
app.kubernetes.io/instance: paperless-ngx
|
|
type: ClusterIP
|
|
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: paperless-ngx
|
|
app.kubernetes.io/component: paperless-ngx
|
|
app.kubernetes.io/instance: paperless-ngx
|
|
app.kubernetes.io/part-of: paperless-ngx
|
|
name: paperless-ngx
|
|
namespace: paperless-ngx
|
|
spec:
|
|
ports:
|
|
- name: http
|
|
port: 8000
|
|
selector:
|
|
app.kubernetes.io/name: paperless-ngx
|
|
app.kubernetes.io/component: paperless-ngx
|
|
app.kubernetes.io/instance: paperless-ngx
|
|
type: ClusterIP
|
|
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: gotenberg
|
|
app.kubernetes.io/component: gotenberg
|
|
app.kubernetes.io/instance: paperless-ngx
|
|
app.kubernetes.io/part-of: paperless-ngx
|
|
name: gotenberg
|
|
namespace: paperless-ngx
|
|
spec:
|
|
ports:
|
|
- name: gotenberg
|
|
port: 3000
|
|
selector:
|
|
app.kubernetes.io/name: gotenberg
|
|
app.kubernetes.io/component: gotenberg
|
|
app.kubernetes.io/instance: paperless-ngx
|
|
type: ClusterIP
|
|
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: tika
|
|
app.kubernetes.io/component: tika
|
|
app.kubernetes.io/instance: paperless-ngx
|
|
app.kubernetes.io/part-of: paperless-ngx
|
|
name: tika
|
|
namespace: paperless-ngx
|
|
spec:
|
|
ports:
|
|
- name: tika
|
|
port: 9998
|
|
selector:
|
|
app.kubernetes.io/name: tika
|
|
app.kubernetes.io/component: tika
|
|
app.kubernetes.io/instance: paperless-ngx
|
|
type: ClusterIP
|
|
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: StatefulSet
|
|
metadata:
|
|
name: redis
|
|
namespace: paperless-ngx
|
|
labels:
|
|
app.kubernetes.io/name: redis
|
|
app.kubernetes.io/component: redis
|
|
app.kubernetes.io/instance: paperless-ngx
|
|
app.kubernetes.io/part-of: paperless-ngx
|
|
spec:
|
|
serviceName: redis
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: redis
|
|
app.kubernetes.io/component: redis
|
|
app.kubernetes.io/instance: paperless-ngx
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: redis
|
|
app.kubernetes.io/component: redis
|
|
app.kubernetes.io/instance: paperless-ngx
|
|
spec:
|
|
containers:
|
|
- name: redis
|
|
image: docker.io/library/redis:7
|
|
imagePullPolicy: IfNotPresent
|
|
ports:
|
|
- name: redis
|
|
containerPort: 6379
|
|
securityContext:
|
|
runAsNonRoot: true
|
|
readOnlyRootFilesystem: true
|
|
runAsUser: 1000
|
|
runAsGroup: 1000
|
|
volumeMounts:
|
|
- name: data
|
|
mountPath: /data
|
|
subPath: data
|
|
- name: tmp
|
|
mountPath: /tmp
|
|
securityContext:
|
|
fsGroup: 1000
|
|
volumes:
|
|
- name: tmp
|
|
emptyDir:
|
|
volumeClaimTemplates:
|
|
- apiVersion: v1
|
|
kind: PersistentVolumeClaim
|
|
metadata:
|
|
name: data
|
|
labels:
|
|
app.kubernetes.io/name: redis
|
|
app.kubernetes.io/component: redis
|
|
app.kubernetes.io/part-of: paperless-ngx
|
|
spec:
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
resources:
|
|
requests:
|
|
storage: 2Gi
|
|
|
|
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: StatefulSet
|
|
metadata:
|
|
name: paperless-ngx
|
|
namespace: paperless-ngx
|
|
labels:
|
|
app.kubernetes.io/name: paperless-ngx
|
|
app.kubernetes.io/component: paperless-ngx
|
|
app.kubernetes.io/instance: paperless-ngx
|
|
app.kubernetes.io/part-of: paperless-ngx
|
|
spec:
|
|
serviceName: paperless-ngx
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: paperless-ngx
|
|
app.kubernetes.io/component: paperless-ngx
|
|
app.kubernetes.io/instance: paperless-ngx
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: paperless-ngx
|
|
app.kubernetes.io/component: paperless-ngx
|
|
app.kubernetes.io/instance: paperless-ngx
|
|
spec:
|
|
containers:
|
|
- name: paperless-ngx
|
|
image: ghcr.io/paperless-ngx/paperless-ngx:1.11.3
|
|
imagePullPolicy: IfNotPresent
|
|
env:
|
|
- name: PAPERLESS_REDIS
|
|
value: redis://redis:6379
|
|
- name: PAPERLESS_TIKA_ENABLED
|
|
value: '1'
|
|
- name: PAPERLESS_TIKA_GOTENBERG_ENDPOINT
|
|
value: http://gotenberg:3000
|
|
- name: PAPERLESS_TIKA_ENDPOINT
|
|
value: http://tika:9998
|
|
- name: PAPERLESS_ALLOWED_HOSTS
|
|
value: '*'
|
|
- name: PAPERLESS_ENABLE_HTTP_REMOTE_USER
|
|
value: '1'
|
|
- name: PAPERLESS_ENABLE_FLOWER
|
|
value: 'true'
|
|
ports:
|
|
- name: http
|
|
containerPort: 8000
|
|
- name: flower
|
|
containerPort: 5555
|
|
startupProbe:
|
|
httpGet:
|
|
port: 8000
|
|
path: /
|
|
failureThreshold: 30
|
|
timeoutSeconds: 3
|
|
periodSeconds: 3
|
|
initialDelaySeconds: 10
|
|
readinessProbe:
|
|
httpGet:
|
|
port: 8000
|
|
path: /
|
|
failureThreshold: 5
|
|
timeoutSeconds: 10
|
|
periodSeconds: 30
|
|
securityContext:
|
|
runAsNonRoot: true
|
|
readOnlyRootFilesystem: true
|
|
runAsUser: 1000
|
|
runAsGroup: 1000
|
|
volumeMounts:
|
|
- name: cmd
|
|
mountPath: /usr/local/bin/paperless_cmd.sh
|
|
subPath: paperless_cmd.sh
|
|
- name: data
|
|
mountPath: /usr/src/paperless/data
|
|
subPath: data
|
|
- name: data
|
|
mountPath: /usr/src/paperless/media
|
|
subPath: media
|
|
- name: data
|
|
mountPath: /usr/src/paperless/export
|
|
subPath: export
|
|
- name: data
|
|
mountPath: /usr/src/paperless/consume
|
|
subPath: consume
|
|
- name: tmp
|
|
mountPath: /tmp
|
|
- name: run
|
|
mountPath: /run/supervisord
|
|
- name: logs
|
|
mountPath: /var/log/supervisord
|
|
subPath: supervisord
|
|
securityContext:
|
|
fsGroup: 1000
|
|
volumes:
|
|
- name: cmd
|
|
configMap:
|
|
name: paperless-cmd
|
|
defaultMode: 0755
|
|
- name: data
|
|
persistentVolumeClaim:
|
|
claimName: paperless-ngx
|
|
- name: logs
|
|
empytDir:
|
|
- name: tmp
|
|
emptyDir:
|
|
medium: Memory
|
|
- name: run
|
|
emptyDir:
|
|
medium: Memory
|
|
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: gotenberg
|
|
namespace: paperless-ngx
|
|
labels:
|
|
app.kubernetes.io/name: gotenberg
|
|
app.kubernetes.io/component: gotenberg
|
|
app.kubernetes.io/instance: paperless-ngx
|
|
app.kubernetes.io/part-of: paperless-ngx
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: gotenberg
|
|
app.kubernetes.io/component: gotenberg
|
|
app.kubernetes.io/instance: paperless-ngx
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: gotenberg
|
|
app.kubernetes.io/component: gotenberg
|
|
app.kubernetes.io/instance: paperless-ngx
|
|
spec:
|
|
containers:
|
|
- name: gotenberg
|
|
image: docker.io/gotenberg/gotenberg:7.5.4
|
|
imagePullPolicy: IfNotPresent
|
|
command:
|
|
- gotenberg
|
|
- --chromium-disable-javascript=true
|
|
- --chromium-allow-list=file:///tmp/.*
|
|
securityContext:
|
|
runAsNonRoot: true
|
|
readOnlyRootFilesystem: true
|
|
runAsUser: 1000
|
|
runAsGroup: 1000
|
|
volumeMounts:
|
|
- name: tmp
|
|
mountPath: /tmp
|
|
securityContext:
|
|
fsGroup: 1000
|
|
volumes:
|
|
- name: tmp
|
|
emptyDir:
|
|
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: tika
|
|
namespace: paperless-ngx
|
|
labels:
|
|
app.kubernetes.io/name: tika
|
|
app.kubernetes.io/component: tika
|
|
app.kubernetes.io/instance: paperless-ngx
|
|
app.kubernetes.io/part-of: paperless-ngx
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: tika
|
|
app.kubernetes.io/component: tika
|
|
app.kubernetes.io/instance: paperless-ngx
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: tika
|
|
app.kubernetes.io/component: tika
|
|
app.kubernetes.io/instance: paperless-ngx
|
|
spec:
|
|
containers:
|
|
- name: tika
|
|
image: ghcr.io/paperless-ngx/tika:2.5.0-minimal
|
|
imagePullPolicy: IfNotPresent
|
|
securityContext:
|
|
runAsNonRoot: true
|
|
readOnlyRootFilesystem: true
|
|
runAsUser: 1000
|
|
runAsGroup: 1000
|
|
volumeMounts:
|
|
- name: tmp
|
|
mountPath: /tmp
|
|
securityContext:
|
|
fsGroup: 1000
|
|
volumes:
|
|
- name: tmp
|
|
emptyDir:
|