--- apiVersion: v1 kind: Namespace metadata: name: outline-system --- apiVersion: apps/v1 kind: Deployment metadata: labels: app.kubernetes.io/instance: outline app.kubernetes.io/name: outline app.kubernetes.io/version: 1.1.0 name: outline namespace: outline-system spec: replicas: 1 selector: matchLabels: app.kubernetes.io/instance: outline app.kubernetes.io/name: outline strategy: type: Recreate template: metadata: labels: app.kubernetes.io/instance: outline app.kubernetes.io/name: outline annotations: match-regex.version-checker.io/outline: '^\d+\.\d+\.\d+$' spec: containers: - name: outline image: outlinewiki/outline:1.2.0 imagePullPolicy: IfNotPresent env: - name: NODE_ENV value: production - name: SECRET_KEY valueFrom: secretKeyRef: name: outline-app key: secret-key - name: UTILS_SECRET valueFrom: secretKeyRef: name: outline-app key: utils-secret - name: DB_USER valueFrom: secretKeyRef: name: outline-db key: username - name: DB_PASS valueFrom: secretKeyRef: name: outline-db key: password # Database - using shared PostgreSQL in database-system namespace - name: DATABASE_URL value: postgres://$(DB_USER):$(DB_PASS)@postgresql-rw.database-system.svc.cluster.local:5432/outline - name: PGSSLMODE value: disable - name: REDIS_URL value: redis://outline-redis:6379 - name: URL value: https://outline.dooplex.hu - name: PORT value: "3000" - name: FILE_STORAGE value: s3 - name: AWS_ACCESS_KEY_ID valueFrom: secretKeyRef: name: outline-minio key: root-user - name: AWS_SECRET_ACCESS_KEY valueFrom: secretKeyRef: name: outline-minio key: root-password - name: AWS_REGION value: us-east-1 - name: AWS_S3_UPLOAD_BUCKET_URL value: https://outline-minio.dooplex.hu/outline # Changed from http://outline-minio:9000 - name: AWS_S3_UPLOAD_BUCKET_NAME value: outline - name: AWS_S3_FORCE_PATH_STYLE value: "true" - name: AWS_S3_ACL value: private - name: OIDC_CLIENT_ID valueFrom: secretKeyRef: name: outline-oidc key: client-id - name: OIDC_CLIENT_SECRET valueFrom: secretKeyRef: name: outline-oidc key: client-secret - name: OIDC_AUTH_URI value: "https://authentik.dooplex.hu/application/o/authorize/" - name: OIDC_TOKEN_URI value: "https://authentik.dooplex.hu/application/o/token/" - name: OIDC_USERINFO_URI value: "https://authentik.dooplex.hu/application/o/userinfo/" - name: OIDC_LOGOUT_URI value: "https://authentik.dooplex.hu/application/o/outline/end-session/" - name: OIDC_USERNAME_CLAIM value: "preferred_username" - name: OIDC_DISPLAY_NAME value: "authentik" - name: OIDC_SCOPES value: "openid profile email offline_access" # SMTP Configuration - name: SMTP_HOST valueFrom: secretKeyRef: name: smtp-credentials key: host - name: SMTP_PORT valueFrom: secretKeyRef: name: smtp-credentials key: port - name: SMTP_USERNAME valueFrom: secretKeyRef: name: smtp-credentials key: username - name: SMTP_PASSWORD valueFrom: secretKeyRef: name: smtp-credentials key: password - name: SMTP_FROM_EMAIL valueFrom: secretKeyRef: name: smtp-credentials key: from-address - name: SMTP_SECURE value: "false" - name: FORCE_HTTPS value: "true" - name: DEFAULT_LANGUAGE value: en_US ports: - containerPort: 3000 name: http protocol: TCP livenessProbe: httpGet: path: /_health port: http initialDelaySeconds: 60 periodSeconds: 30 timeoutSeconds: 10 failureThreshold: 5 readinessProbe: httpGet: path: /_health port: http initialDelaySeconds: 30 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 3 resources: limits: cpu: "1" memory: 1Gi requests: cpu: 100m memory: 256Mi volumes: [] --- apiVersion: apps/v1 kind: Deployment metadata: labels: app.kubernetes.io/instance: outline app.kubernetes.io/name: redis name: outline-redis namespace: outline-system spec: replicas: 1 selector: matchLabels: app.kubernetes.io/instance: outline app.kubernetes.io/name: redis strategy: type: Recreate template: metadata: labels: app.kubernetes.io/instance: outline app.kubernetes.io/name: redis spec: containers: - name: redis image: redis:7-alpine imagePullPolicy: IfNotPresent command: - redis-server - --appendonly - "yes" ports: - containerPort: 6379 name: redis protocol: TCP livenessProbe: exec: command: - sh - -c - redis-cli ping | grep PONG initialDelaySeconds: 30 periodSeconds: 10 failureThreshold: 3 timeoutSeconds: 5 readinessProbe: exec: command: - sh - -c - redis-cli ping | grep PONG initialDelaySeconds: 5 periodSeconds: 10 failureThreshold: 3 timeoutSeconds: 5 resources: limits: cpu: 250m memory: 256Mi requests: cpu: 50m memory: 64Mi volumeMounts: - name: data mountPath: /data volumes: - name: data persistentVolumeClaim: claimName: outline-redis --- apiVersion: apps/v1 kind: Deployment metadata: labels: app.kubernetes.io/instance: outline app.kubernetes.io/name: minio name: outline-minio namespace: outline-system spec: replicas: 1 selector: matchLabels: app.kubernetes.io/instance: outline app.kubernetes.io/name: minio strategy: type: Recreate template: metadata: labels: app.kubernetes.io/instance: outline app.kubernetes.io/name: minio spec: containers: - name: minio image: minio/minio:latest imagePullPolicy: IfNotPresent command: - minio - server - /data - --console-address - ":9001" env: - name: MINIO_ROOT_USER valueFrom: secretKeyRef: name: outline-minio key: root-user - name: MINIO_ROOT_PASSWORD valueFrom: secretKeyRef: name: outline-minio key: root-password ports: - containerPort: 9000 name: api protocol: TCP - containerPort: 9001 name: console protocol: TCP livenessProbe: httpGet: path: /minio/health/live port: api initialDelaySeconds: 30 periodSeconds: 30 timeoutSeconds: 10 failureThreshold: 3 readinessProbe: httpGet: path: /minio/health/ready port: api initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 3 resources: limits: cpu: 500m memory: 512Mi requests: cpu: 100m memory: 128Mi volumeMounts: - name: data mountPath: /data volumes: - name: data hostPath: path: /mnt/4_hdd/data/outline/minio type: DirectoryOrCreate --- apiVersion: v1 kind: Service metadata: labels: app.kubernetes.io/instance: outline app.kubernetes.io/name: outline app.kubernetes.io/version: 1.1.0 name: outline namespace: outline-system spec: type: ClusterIP ports: - name: http port: 3000 protocol: TCP targetPort: http selector: app.kubernetes.io/instance: outline app.kubernetes.io/name: outline --- apiVersion: v1 kind: Service metadata: labels: app.kubernetes.io/instance: outline app.kubernetes.io/name: redis name: outline-redis namespace: outline-system spec: type: ClusterIP ports: - name: redis port: 6379 protocol: TCP targetPort: redis selector: app.kubernetes.io/instance: outline app.kubernetes.io/name: redis --- apiVersion: v1 kind: Service metadata: labels: app.kubernetes.io/instance: outline app.kubernetes.io/name: minio name: outline-minio namespace: outline-system spec: type: ClusterIP ports: - name: api port: 9000 protocol: TCP targetPort: api - name: console port: 9001 protocol: TCP targetPort: console selector: app.kubernetes.io/instance: outline app.kubernetes.io/name: minio --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: cert-manager.io/cluster-issuer: letsencrypt-prod external-dns.alpha.kubernetes.io/hostname: outline.dooplex.hu,outline.home nginx.ingress.kubernetes.io/proxy-body-size: 100m nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/configuration-snippet: | proxy_hide_header X-Frame-Options; proxy_hide_header Content-Security-Policy; add_header X-Frame-Options "ALLOW-FROM https://orsi.dooplex.hu" always; set $geo_allowed 0; if ($remote_addr ~ "^192\.168\.") { set $geo_allowed 1; } if ($remote_addr ~ "^10\.") { set $geo_allowed 1; } if ($geoip2_country_code = "HU") { set $geo_allowed 1; } if ($geo_allowed = 0) { return 403 "Access restricted to Hungary"; } labels: app.kubernetes.io/instance: outline app.kubernetes.io/name: outline name: outline namespace: outline-system spec: ingressClassName: nginx-internal rules: - host: outline.dooplex.hu http: paths: - backend: service: name: outline port: number: 3000 path: / pathType: Prefix - host: outline.home http: paths: - backend: service: name: outline port: number: 3000 path: / pathType: Prefix tls: - hosts: - outline.dooplex.hu secretName: outline-tls --- # Add MinIO Ingress apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: cert-manager.io/cluster-issuer: letsencrypt-prod nginx.ingress.kubernetes.io/proxy-body-size: 100m labels: app.kubernetes.io/instance: outline app.kubernetes.io/name: minio name: outline-minio namespace: outline-system spec: ingressClassName: nginx-internal rules: - host: outline-minio.dooplex.hu http: paths: - backend: service: name: outline-minio port: number: 9000 path: / pathType: Prefix tls: - hosts: - outline-minio.dooplex.hu secretName: outline-minio-tls --- apiVersion: v1 kind: PersistentVolumeClaim metadata: labels: app.kubernetes.io/instance: outline app.kubernetes.io/name: redis name: outline-redis namespace: outline-system spec: accessModes: - ReadWriteOnce resources: requests: storage: 1Gi storageClassName: longhorn