apiVersion: v1 kind: Namespace metadata: name: zipline-system --- apiVersion: v1 kind: ConfigMap metadata: name: zipline-config namespace: zipline-system data: CORE_DEFAULT_DOMAIN: "zipline.dooplex.hu" CORE_RETURN_HTTPS_URLS: "true" CORE_TRUST_PROXY: "true" DATASOURCE_TYPE: "local" DATASOURCE_LOCAL_DIRECTORY: "/zipline/uploads" FEATURES_OAUTH_REGISTRATION: "true" FEATURES_USER_REGISTRATION: "true" OAUTH_BYPASS_LOCAL_LOGIN: "true" OAUTH_LOGIN_ONLY: "true" OAUTH_OIDC_AUTHORIZE_URL: "https://authentik.dooplex.hu/application/o/authorize/" OAUTH_OIDC_TOKEN_URL: "https://authentik.dooplex.hu/application/o/token/" OAUTH_OIDC_USERINFO_URL: "https://authentik.dooplex.hu/application/o/userinfo/" OAUTH_OIDC_REDIRECT_URI: "https://zipline.dooplex.hu/api/auth/oauth/oidc" --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: zipline-data namespace: zipline-system labels: recurring-job-group.longhorn.io/needbackup: enabled recurring-job.longhorn.io/source: enabled spec: accessModes: - ReadWriteOnce storageClassName: longhorn-hdd resources: requests: storage: 10Gi --- apiVersion: apps/v1 kind: Deployment metadata: name: zipline namespace: zipline-system spec: replicas: 1 strategy: type: Recreate selector: matchLabels: app: zipline template: metadata: labels: app: zipline spec: containers: - name: zipline image: ghcr.io/diced/zipline:latest ports: - containerPort: 3000 envFrom: - configMapRef: name: zipline-config env: - name: CORE_SECRET valueFrom: secretKeyRef: name: zipline-secrets key: CORE_SECRET - name: OAUTH_OIDC_CLIENT_ID valueFrom: secretKeyRef: name: zipline-secrets key: OAUTH_OIDC_CLIENT_ID - name: OAUTH_OIDC_CLIENT_SECRET valueFrom: secretKeyRef: name: zipline-secrets key: OAUTH_OIDC_CLIENT_SECRET - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: name: zipline-secrets key: POSTGRES_PASSWORD - name: DATABASE_URL value: "postgresql://zipline:$(POSTGRES_PASSWORD)@postgresql-rw.database-system.svc.cluster.local:5432/zipline" volumeMounts: - name: zipline-data mountPath: /zipline/uploads readinessProbe: httpGet: path: /api/healthcheck port: 3000 initialDelaySeconds: 15 periodSeconds: 10 livenessProbe: httpGet: path: /api/healthcheck port: 3000 initialDelaySeconds: 45 periodSeconds: 20 volumes: - name: zipline-data persistentVolumeClaim: claimName: zipline-data --- apiVersion: v1 kind: Service metadata: name: zipline namespace: zipline-system spec: selector: app: zipline ports: - name: http port: 80 targetPort: 3000 --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: zipline namespace: zipline-system annotations: cert-manager.io/cluster-issuer: letsencrypt-prod external-dns.alpha.kubernetes.io/hostname: zipline.dooplex.hu,zipline.home nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/proxy-body-size: "100m" spec: ingressClassName: nginx-internal tls: - hosts: - zipline.dooplex.hu secretName: zipline-tls rules: - host: zipline.dooplex.hu http: paths: - path: / pathType: Prefix backend: service: name: zipline port: number: 80 - host: zipline.home http: paths: - path: / pathType: Prefix backend: service: name: zipline port: number: 80