admin/homelab-manifests
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e14360b4aa1db790961df5542f3183d1430edf94
homelab-manifests/outline-system/outline.yaml
T
admin 2f64d802a8 renamed minio domain
2026-02-04 21:37:29 +01:00

487 lines
13 KiB
YAML
Raw Blame History

---
apiVersion: v1
kind: Namespace
metadata:
name: outline-system
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/instance: outline
app.kubernetes.io/name: outline
app.kubernetes.io/version: 1.1.0
name: outline
namespace: outline-system
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/instance: outline
app.kubernetes.io/name: outline
strategy:
type: Recreate
template:
metadata:
labels:
app.kubernetes.io/instance: outline
app.kubernetes.io/name: outline
annotations:
match-regex.version-checker.io/outline: '^\d+\.\d+\.\d+$'
spec:
containers:
- name: outline
image: outlinewiki/outline:1.2.0
imagePullPolicy: IfNotPresent
env:
- name: NODE_ENV
value: production
- name: SECRET_KEY
valueFrom:
secretKeyRef:
name: outline-app
key: secret-key
- name: UTILS_SECRET
valueFrom:
secretKeyRef:
name: outline-app
key: utils-secret
- name: DB_USER
valueFrom:
secretKeyRef:
name: outline-db
key: username
- name: DB_PASS
valueFrom:
secretKeyRef:
name: outline-db
key: password
# Database - using shared PostgreSQL in database-system namespace
- name: DATABASE_URL
value: postgres://$(DB_USER):$(DB_PASS)@postgresql-rw.database-system.svc.cluster.local:5432/outline
- name: PGSSLMODE
value: disable
- name: REDIS_URL
value: redis://outline-redis:6379
- name: URL
value: https://outline.dooplex.hu
- name: PORT
value: "3000"
- name: FILE_STORAGE
value: s3
- name: AWS_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: outline-minio
key: root-user
- name: AWS_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: outline-minio
key: root-password
- name: AWS_REGION
value: us-east-1
- name: AWS_S3_UPLOAD_BUCKET_URL
value: https://minio.dooplex.hu
- name: AWS_S3_UPLOAD_BUCKET_NAME
value: outline
- name: AWS_S3_FORCE_PATH_STYLE
value: "true"
- name: AWS_S3_ACL
value: private
- name: OIDC_CLIENT_ID
valueFrom:
secretKeyRef:
name: outline-oidc
key: client-id
- name: OIDC_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: outline-oidc
key: client-secret
- name: OIDC_AUTH_URI
value: "https://authentik.dooplex.hu/application/o/authorize/"
- name: OIDC_TOKEN_URI
value: "https://authentik.dooplex.hu/application/o/token/"
- name: OIDC_USERINFO_URI
value: "https://authentik.dooplex.hu/application/o/userinfo/"
- name: OIDC_LOGOUT_URI
value: "https://authentik.dooplex.hu/application/o/outline/end-session/"
- name: OIDC_USERNAME_CLAIM
value: "preferred_username"
- name: OIDC_DISPLAY_NAME
value: "authentik"
- name: OIDC_SCOPES
value: "openid profile email offline_access"
# SMTP Configuration
- name: SMTP_HOST
valueFrom:
secretKeyRef:
name: smtp-credentials
key: host
- name: SMTP_PORT
valueFrom:
secretKeyRef:
name: smtp-credentials
key: port
- name: SMTP_USERNAME
valueFrom:
secretKeyRef:
name: smtp-credentials
key: username
- name: SMTP_PASSWORD
valueFrom:
secretKeyRef:
name: smtp-credentials
key: password
- name: SMTP_FROM_EMAIL
valueFrom:
secretKeyRef:
name: smtp-credentials
key: from-address
- name: SMTP_SECURE
value: "false"
- name: FORCE_HTTPS
value: "true"
- name: DEFAULT_LANGUAGE
value: en_US
ports:
- containerPort: 3000
name: http
protocol: TCP
livenessProbe:
httpGet:
path: /_health
port: http
initialDelaySeconds: 60
periodSeconds: 30
timeoutSeconds: 10
failureThreshold: 5
readinessProbe:
httpGet:
path: /_health
port: http
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
resources:
limits:
cpu: "1"
memory: 1Gi
requests:
cpu: 100m
memory: 256Mi
volumes: []
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/instance: outline
app.kubernetes.io/name: redis
name: outline-redis
namespace: outline-system
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/instance: outline
app.kubernetes.io/name: redis
strategy:
type: Recreate
template:
metadata:
labels:
app.kubernetes.io/instance: outline
app.kubernetes.io/name: redis
spec:
containers:
- name: redis
image: redis:7-alpine
imagePullPolicy: IfNotPresent
command:
- redis-server
- --appendonly
- "yes"
ports:
- containerPort: 6379
name: redis
protocol: TCP
livenessProbe:
exec:
command:
- sh
- -c
- redis-cli ping | grep PONG
initialDelaySeconds: 30
periodSeconds: 10
failureThreshold: 3
timeoutSeconds: 5
readinessProbe:
exec:
command:
- sh
- -c
- redis-cli ping | grep PONG
initialDelaySeconds: 5
periodSeconds: 10
failureThreshold: 3
timeoutSeconds: 5
resources:
limits:
cpu: 250m
memory: 256Mi
requests:
cpu: 50m
memory: 64Mi
volumeMounts:
- name: data
mountPath: /data
volumes:
- name: data
persistentVolumeClaim:
claimName: outline-redis
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/instance: outline
app.kubernetes.io/name: minio
name: outline-minio
namespace: outline-system
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/instance: outline
app.kubernetes.io/name: minio
strategy:
type: Recreate
template:
metadata:
labels:
app.kubernetes.io/instance: outline
app.kubernetes.io/name: minio
spec:
containers:
- name: minio
image: minio/minio:latest
imagePullPolicy: IfNotPresent
command:
- minio
- server
- /data
- --console-address
- ":9001"
env:
- name: MINIO_ROOT_USER
valueFrom:
secretKeyRef:
name: outline-minio
key: root-user
- name: MINIO_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: outline-minio
key: root-password
ports:
- containerPort: 9000
name: api
protocol: TCP
- containerPort: 9001
name: console
protocol: TCP
livenessProbe:
httpGet:
path: /minio/health/live
port: api
initialDelaySeconds: 30
periodSeconds: 30
timeoutSeconds: 10
failureThreshold: 3
readinessProbe:
httpGet:
path: /minio/health/ready
port: api
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 100m
memory: 128Mi
volumeMounts:
- name: data
mountPath: /data
volumes:
- name: data
hostPath:
path: /mnt/4_hdd/data/outline/minio
type: DirectoryOrCreate
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/instance: outline
app.kubernetes.io/name: outline
app.kubernetes.io/version: 1.1.0
name: outline
namespace: outline-system
spec:
type: ClusterIP
ports:
- name: http
port: 3000
protocol: TCP
targetPort: http
selector:
app.kubernetes.io/instance: outline
app.kubernetes.io/name: outline
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/instance: outline
app.kubernetes.io/name: redis
name: outline-redis
namespace: outline-system
spec:
type: ClusterIP
ports:
- name: redis
port: 6379
protocol: TCP
targetPort: redis
selector:
app.kubernetes.io/instance: outline
app.kubernetes.io/name: redis
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/instance: outline
app.kubernetes.io/name: minio
name: outline-minio
namespace: outline-system
spec:
type: ClusterIP
ports:
- name: api
port: 9000
protocol: TCP
targetPort: api
- name: console
port: 9001
protocol: TCP
targetPort: console
selector:
app.kubernetes.io/instance: outline
app.kubernetes.io/name: minio
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
external-dns.alpha.kubernetes.io/hostname: outline.dooplex.hu,outline.home
nginx.ingress.kubernetes.io/proxy-body-size: 100m
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/configuration-snippet: |
proxy_hide_header X-Frame-Options;
proxy_hide_header Content-Security-Policy;
add_header X-Frame-Options "ALLOW-FROM https://orsi.dooplex.hu" always;
set $geo_allowed 0;
if ($remote_addr ~ "^192\.168\.") { set $geo_allowed 1; }
if ($remote_addr ~ "^10\.") { set $geo_allowed 1; }
if ($geoip2_country_code = "HU") { set $geo_allowed 1; }
if ($geo_allowed = 0) {
return 403 "Access restricted to Hungary";
}
labels:
app.kubernetes.io/instance: outline
app.kubernetes.io/name: outline
name: outline
namespace: outline-system
spec:
ingressClassName: nginx-internal
rules:
- host: outline.dooplex.hu
http:
paths:
- backend:
service:
name: outline
port:
number: 3000
path: /
pathType: Prefix
- host: outline.home
http:
paths:
- backend:
service:
name: outline
port:
number: 3000
path: /
pathType: Prefix
tls:
- hosts:
- outline.dooplex.hu
secretName: outline-tls
---
# Add MinIO Ingress
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
nginx.ingress.kubernetes.io/proxy-body-size: 100m
labels:
app.kubernetes.io/instance: outline
app.kubernetes.io/name: minio
name: outline-minio
namespace: outline-system
spec:
ingressClassName: nginx-internal
rules:
- host: minio.dooplex.hu
http:
paths:
- backend:
service:
name: outline-minio
port:
number: 9000
path: /
pathType: Prefix
tls:
- hosts:
- minio.dooplex.hu
secretName: outline-minio-tls
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
app.kubernetes.io/instance: outline
app.kubernetes.io/name: redis
name: outline-redis
namespace: outline-system
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
storageClassName: longhorn
Reference in New Issue View Git Blame Copy Permalink