celoman/k9casca2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
ecb65e5f29
k9casca2/serveis/crypad/cryptpad-k8s/cryptpad.yml
torrella ecb65e5f29 first commit
2025-04-08 09:54:04 +02:00

175 lines
4.0 KiB
YAML
Raw Blame History

---
apiVersion: v1
kind: Namespace
metadata:
name: cryptpad
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: cryptpad
namespace: cryptpad
spec:
selector:
matchLabels:
app: cryptpad
template:
metadata:
labels:
app: cryptpad
spec:
volumes:
- name: config
configMap:
name: config
- name: cryptpad
persistentVolumeClaim:
claimName: cryptpad
containers:
- name: cryptpad
image: quay.io/ffddorf/cryptpad:4.8.0
resources:
limits:
memory: "512Mi"
cpu: "500m"
ports:
- containerPort: 3000
volumeMounts:
- name: config
mountPath: /cryptpad/config
- name: cryptpad
mountPath: /cryptpad/data
---
apiVersion: v1
kind: ConfigMap
metadata:
name: config
namespace: cryptpad
data:
config.js: |
module.exports = {
adminKeys: [
"[nomaster@pad.freifunk-duesseldorf.de/WUdnwywXbKnT6QsT6OuZXQqJOQCZwiZDz2y3492oGpw=]",
],
adminEmail: 'kontakt@freifunk-duesseldorf.de',
allowSubscriptions: false,
archivePath: './data/archive',
blobPath: './data/blob',
blobStagingPath: './data/blobstage',
blockPath: './data/block',
filePath: './data/store',
httpAddress: '::',
httpPort: 3000,
httpSafeOrigin: 'https://cryptpad.freifunk-duesseldorf.de/',
httpUnsafeOrigin: 'https://pad.freifunk-duesseldorf.de/',
logFeedback: false,
logLevel: 'info',
logToStdout: true,
noSubscriptionButton: true,
pinPath: './data/pins',
removeDonateButton: true,
supportMailboxPublicKey: 'bLZQjf8j/kQnV3LLT64ROORvJjzJzz7FQRLWh1DV6B4=',
taskPath: './data/tasks',
verbose: false,
};
---
apiVersion: v1
kind: Service
metadata:
name: cryptpad
namespace: cryptpad
spec:
selector:
app: cryptpad
ports:
- port: 3000
targetPort: 3000
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: security
namespace: cryptpad
spec:
headers:
stsSeconds: 63072000
customResponseHeaders:
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
---
kind: Ingress
apiVersion: networking.k8s.io/v1
metadata:
name: cryptpad
namespace: cryptpad
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
traefik.ingress.kubernetes.io/router.middlewares: cryptpad-security@kubernetescrd
spec:
tls:
- hosts:
- cryptpad.freifunk-duesseldorf.de
- pad.freifunk-duesseldorf.de
secretName: cryptpad-tls-prod
rules:
- host: cryptpad.freifunk-duesseldorf.de
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: cryptpad
port:
number: 3000
- host: pad.freifunk-duesseldorf.de
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: cryptpad
port:
number: 3000
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: cryptpad
namespace: cryptpad
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 3Gi
volumeName: cryptpad
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: cryptpad
spec:
capacity:
storage: 4Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: local-path
local:
path: /data/cryptpad/cryptpad
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- k3s1
Reference in New Issue View Git Blame Copy Permalink