--- # Namespace apiVersion: v1 kind: Namespace metadata: name: bookstack-system --- # Service Account apiVersion: v1 kind: ServiceAccount metadata: name: default namespace: bookstack-system --- # PVC for MariaDB data apiVersion: v1 kind: PersistentVolumeClaim metadata: name: bookstack-mariadb namespace: bookstack-system labels: app.kubernetes.io/instance: bookstack app.kubernetes.io/name: mariadb spec: accessModes: - ReadWriteOnce storageClassName: longhorn resources: requests: storage: 5Gi --- # PVC for Bookstack config apiVersion: v1 kind: PersistentVolumeClaim metadata: name: bookstack-config namespace: bookstack-system labels: app.kubernetes.io/instance: bookstack app.kubernetes.io/name: bookstack spec: accessModes: - ReadWriteOnce storageClassName: longhorn resources: requests: storage: 2Gi --- # MariaDB Deployment apiVersion: apps/v1 kind: Deployment metadata: name: bookstack-mariadb namespace: bookstack-system labels: app.kubernetes.io/instance: bookstack app.kubernetes.io/name: mariadb spec: replicas: 1 strategy: type: Recreate selector: matchLabels: app.kubernetes.io/instance: bookstack app.kubernetes.io/name: mariadb template: metadata: labels: app.kubernetes.io/instance: bookstack app.kubernetes.io/name: mariadb spec: containers: - name: mariadb image: mariadb:11 imagePullPolicy: IfNotPresent env: - name: MYSQL_ROOT_PASSWORD valueFrom: secretKeyRef: name: bookstack-db key: root-password - name: MYSQL_DATABASE value: bookstackapp - name: MYSQL_USER valueFrom: secretKeyRef: name: bookstack-db key: username - name: MYSQL_PASSWORD valueFrom: secretKeyRef: name: bookstack-db key: password ports: - name: mysql containerPort: 3306 protocol: TCP resources: limits: cpu: "500m" memory: 512Mi requests: cpu: 100m memory: 128Mi livenessProbe: exec: command: - sh - -c - healthcheck.sh --connect --innodb_initialized initialDelaySeconds: 60 periodSeconds: 10 timeoutSeconds: 5 readinessProbe: exec: command: - sh - -c - healthcheck.sh --connect --innodb_initialized initialDelaySeconds: 30 periodSeconds: 10 timeoutSeconds: 5 volumeMounts: - name: data mountPath: /var/lib/mysql volumes: - name: data persistentVolumeClaim: claimName: bookstack-mariadb --- # MariaDB Service apiVersion: v1 kind: Service metadata: name: bookstack-mariadb namespace: bookstack-system labels: app.kubernetes.io/instance: bookstack app.kubernetes.io/name: mariadb spec: type: ClusterIP ports: - name: mysql port: 3306 targetPort: mysql protocol: TCP selector: app.kubernetes.io/instance: bookstack app.kubernetes.io/name: mariadb --- # Bookstack Deployment apiVersion: apps/v1 kind: Deployment metadata: name: bookstack namespace: bookstack-system labels: app.kubernetes.io/instance: bookstack app.kubernetes.io/name: bookstack app.kubernetes.io/version: 25.11.5 spec: replicas: 1 strategy: type: Recreate selector: matchLabels: app.kubernetes.io/instance: bookstack app.kubernetes.io/name: bookstack template: metadata: labels: app.kubernetes.io/instance: bookstack app.kubernetes.io/name: bookstack app.kubernetes.io/version: 25.11.5 spec: containers: - name: bookstack image: linuxserver/bookstack:25.11.5 imagePullPolicy: IfNotPresent env: # LinuxServer.io specific - name: PUID value: "1000" - name: PGID value: "1000" - name: TZ value: Europe/Budapest # App URL - name: APP_URL value: https://bookstack.dooplex.hu # Database - name: DB_HOST value: bookstack-mariadb - name: DB_PORT value: "3306" - name: DB_DATABASE value: bookstackapp - name: DB_USERNAME valueFrom: secretKeyRef: name: bookstack-db key: username - name: DB_PASSWORD valueFrom: secretKeyRef: name: bookstack-db key: password # App key for encryption - name: APP_KEY valueFrom: secretKeyRef: name: bookstack-app key: app-key # SMTP Configuration - name: MAIL_DRIVER value: smtp - name: MAIL_HOST valueFrom: secretKeyRef: name: smtp-credentials key: host - name: MAIL_PORT valueFrom: secretKeyRef: name: smtp-credentials key: port - name: MAIL_USERNAME valueFrom: secretKeyRef: name: smtp-credentials key: username - name: MAIL_PASSWORD valueFrom: secretKeyRef: name: smtp-credentials key: password - name: MAIL_FROM valueFrom: secretKeyRef: name: smtp-credentials key: from-address - name: MAIL_FROM_NAME value: "BookStack" - name: MAIL_ENCRYPTION value: tls ports: - name: http containerPort: 80 protocol: TCP resources: limits: cpu: "1" memory: 1Gi requests: cpu: 100m memory: 256Mi livenessProbe: httpGet: path: /status port: http initialDelaySeconds: 60 periodSeconds: 30 timeoutSeconds: 10 failureThreshold: 5 readinessProbe: httpGet: path: /status port: http initialDelaySeconds: 30 periodSeconds: 10 timeoutSeconds: 5 volumeMounts: - name: config mountPath: /config - name: data mountPath: /data volumes: - name: config persistentVolumeClaim: claimName: bookstack-config - name: data hostPath: path: /mnt/4_hdd/data/bookstack type: DirectoryOrCreate --- # Bookstack Service apiVersion: v1 kind: Service metadata: name: bookstack namespace: bookstack-system labels: app.kubernetes.io/instance: bookstack app.kubernetes.io/name: bookstack app.kubernetes.io/version: 25.11.5 spec: type: ClusterIP ports: - name: http port: 80 targetPort: http protocol: TCP selector: app.kubernetes.io/instance: bookstack app.kubernetes.io/name: bookstack --- # Ingress apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: bookstack namespace: bookstack-system annotations: cert-manager.io/cluster-issuer: letsencrypt-prod external-dns.alpha.kubernetes.io/hostname: bookstack.dooplex.hu,bookstack.home nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/proxy-body-size: "50m" labels: app.kubernetes.io/instance: bookstack app.kubernetes.io/name: bookstack spec: ingressClassName: nginx-internal rules: - host: bookstack.dooplex.hu http: paths: - path: / pathType: Prefix backend: service: name: bookstack port: number: 80 - host: bookstack.home http: paths: - path: / pathType: Prefix backend: service: name: bookstack port: number: 80 tls: - hosts: - bookstack.dooplex.hu secretName: bookstack-tls