admin/homelab-manifests
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
feat/pihole-2026.05.0
homelab-manifests/bookstack-system/bookstack.yaml
T
Renovate Bot 7ca41bb929
renovate/stability-days Updates have met minimum release age requirement
Details
Update linuxserver/bookstack Docker tag to v26
2026-06-06 07:52:52 +00:00

380 lines
9.8 KiB
YAML
Raw Permalink Blame History

---
# Namespace
apiVersion: v1
kind: Namespace
metadata:
name: bookstack-system
---
# Service Account
apiVersion: v1
kind: ServiceAccount
metadata:
name: default
namespace: bookstack-system
---
# PVC for MariaDB data
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: bookstack-mariadb
namespace: bookstack-system
labels:
app.kubernetes.io/instance: bookstack
app.kubernetes.io/name: mariadb
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn
resources:
requests:
storage: 5Gi
---
# PVC for Bookstack config
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: bookstack-config
namespace: bookstack-system
labels:
app.kubernetes.io/instance: bookstack
app.kubernetes.io/name: bookstack
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn
resources:
requests:
storage: 5Gi
---
# MariaDB Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: bookstack-mariadb
namespace: bookstack-system
labels:
app.kubernetes.io/instance: bookstack
app.kubernetes.io/name: mariadb
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app.kubernetes.io/instance: bookstack
app.kubernetes.io/name: mariadb
template:
metadata:
labels:
app.kubernetes.io/instance: bookstack
app.kubernetes.io/name: mariadb
spec:
containers:
- name: mariadb
image: mariadb:11
imagePullPolicy: IfNotPresent
env:
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: bookstack-db
key: root-password
- name: MYSQL_DATABASE
value: bookstackapp
- name: MYSQL_USER
valueFrom:
secretKeyRef:
name: bookstack-db
key: username
- name: MYSQL_PASSWORD
valueFrom:
secretKeyRef:
name: bookstack-db
key: password
ports:
- name: mysql
containerPort: 3306
protocol: TCP
resources:
limits:
cpu: "500m"
memory: 512Mi
requests:
cpu: 100m
memory: 128Mi
livenessProbe:
exec:
command:
- sh
- -c
- healthcheck.sh --connect --innodb_initialized
initialDelaySeconds: 60
periodSeconds: 10
timeoutSeconds: 5
readinessProbe:
exec:
command:
- sh
- -c
- healthcheck.sh --connect --innodb_initialized
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
volumeMounts:
- name: data
mountPath: /var/lib/mysql
volumes:
- name: data
persistentVolumeClaim:
claimName: bookstack-mariadb
---
# MariaDB Service
apiVersion: v1
kind: Service
metadata:
name: bookstack-mariadb
namespace: bookstack-system
labels:
app.kubernetes.io/instance: bookstack
app.kubernetes.io/name: mariadb
spec:
type: ClusterIP
ports:
- name: mysql
port: 3306
targetPort: mysql
protocol: TCP
selector:
app.kubernetes.io/instance: bookstack
app.kubernetes.io/name: mariadb
---
# Bookstack Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: bookstack
namespace: bookstack-system
labels:
app.kubernetes.io/instance: bookstack
app.kubernetes.io/name: bookstack
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app.kubernetes.io/instance: bookstack
app.kubernetes.io/name: bookstack
template:
metadata:
labels:
app.kubernetes.io/instance: bookstack
app.kubernetes.io/name: bookstack
annotations:
match-regex.version-checker.io/bookstack: '^[0-9]{1,2}\.[0-9]{1,2}\.[0-9]{1,2}$'
spec:
containers:
- name: bookstack
image: linuxserver/bookstack:26.05.20260601
imagePullPolicy: IfNotPresent
env:
# LinuxServer.io specific
- name: PUID
value: "1000"
- name: PGID
value: "1000"
- name: TZ
value: Europe/Budapest
# App URL
- name: APP_URL
value: https://bookstack.dooplex.hu
# Database
- name: DB_HOST
value: bookstack-mariadb
- name: DB_PORT
value: "3306"
- name: DB_DATABASE
value: bookstackapp
- name: DB_USERNAME
valueFrom:
secretKeyRef:
name: bookstack-db
key: username
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: bookstack-db
key: password
# App key for encryption
- name: APP_KEY
valueFrom:
secretKeyRef:
name: bookstack-app
key: app-key
# SMTP Configuration
- name: MAIL_DRIVER
value: smtp
- name: MAIL_HOST
valueFrom:
secretKeyRef:
name: smtp-credentials
key: host
- name: MAIL_PORT
valueFrom:
secretKeyRef:
name: smtp-credentials
key: port
- name: MAIL_USERNAME
valueFrom:
secretKeyRef:
name: smtp-credentials
key: username
- name: MAIL_PASSWORD
valueFrom:
secretKeyRef:
name: smtp-credentials
key: password
- name: MAIL_FROM
valueFrom:
secretKeyRef:
name: smtp-credentials
key: from-address
- name: MAIL_FROM_NAME
value: "BookStack"
- name: MAIL_ENCRYPTION
value: tls
- name: AUTH_METHOD
value: "oidc"
- name: AUTH_AUTO_INITIATE
value: "false"
- name: OIDC_NAME
value: "authentik"
- name: OIDC_DISPLAY_NAME_CLAIMS
value: "name"
- name: OIDC_CLIENT_ID
valueFrom:
secretKeyRef:
name: bookstack-oauth
key: client-id
- name: OIDC_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: bookstack-oauth
key: client-secret
- name: OIDC_ISSUER
value: "https://authentik.dooplex.hu/application/o/bookstack/"
- name: OIDC_ISSUER_DISCOVER
value: "true"
- name: OIDC_END_SESSION_ENDPOINT
value: "true"
ports:
- name: http
containerPort: 80
protocol: TCP
resources:
limits:
cpu: "1"
memory: 1Gi
requests:
cpu: 100m
memory: 256Mi
livenessProbe:
httpGet:
path: /status
port: http
initialDelaySeconds: 60
periodSeconds: 30
timeoutSeconds: 10
failureThreshold: 5
readinessProbe:
httpGet:
path: /status
port: http
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
volumeMounts:
- name: config
mountPath: /config
- name: data
mountPath: /data
volumes:
- name: config
persistentVolumeClaim:
claimName: bookstack-config
- name: data
hostPath:
path: /mnt/4_hdd/data/bookstack
type: DirectoryOrCreate
---
# Bookstack Service
apiVersion: v1
kind: Service
metadata:
name: bookstack
namespace: bookstack-system
labels:
app.kubernetes.io/instance: bookstack
app.kubernetes.io/name: bookstack
app.kubernetes.io/version: 25.12.3
spec:
type: ClusterIP
ports:
- name: http
port: 80
targetPort: http
protocol: TCP
selector:
app.kubernetes.io/instance: bookstack
app.kubernetes.io/name: bookstack
---
# Ingress
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: bookstack
namespace: bookstack-system
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
external-dns.alpha.kubernetes.io/hostname: bookstack.dooplex.hu,bookstack.home
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "50m"
nginx.ingress.kubernetes.io/configuration-snippet: |
set $geo_allowed 0;
if ($remote_addr ~ "^192\.168\.") { set $geo_allowed 1; }
if ($remote_addr ~ "^10\.") { set $geo_allowed 1; }
if ($geoip2_country_code = "HU") { set $geo_allowed 1; }
if ($geo_allowed = 0) {
return 403 "Access restricted to Hungary";
}
labels:
app.kubernetes.io/instance: bookstack
app.kubernetes.io/name: bookstack
spec:
ingressClassName: nginx-internal
rules:
- host: bookstack.dooplex.hu
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: bookstack
port:
number: 80
- host: bookstack.home
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: bookstack
port:
number: 80
tls:
- hosts:
- bookstack.dooplex.hu
secretName: bookstack-tls
Reference in New Issue View Git Blame Copy Permalink