diff --git a/_apps/docspell.yaml b/_apps/docspell.yaml new file mode 100644 index 0000000..ffd1dab --- /dev/null +++ b/_apps/docspell.yaml @@ -0,0 +1,26 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: docspell + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + destination: + namespace: docspell + server: https://kubernetes.default.svc + project: apps + source: + path: docspell + repoURL: https://git.tbrnt.ch/tobru/gitops-tbrnt.git + targetRevision: HEAD + directory: + recurse: true + syncPolicy: + automated: + prune: true +--- +apiVersion: v1 +kind: Namespace +metadata: + name: docspell diff --git a/docspell/configmap-docspellconf.yaml b/docspell/configmap-docspellconf.yaml new file mode 100644 index 0000000..0aa1e52 --- /dev/null +++ b/docspell/configmap-docspellconf.yaml @@ -0,0 +1,58 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: docspell-config + namespace: docspell +data: + docspell.conf: | + docspell.server { + app-id = ${HOSTNAME} + base-url = "https://"${BASE_URL} + bind { + address = "0.0.0.0" + } + integration-endpoint { + enabled = true + http-header { + enabled = true + header-value = ${?DOCSPELL_HEADER_VALUE} + } + } + # Configuration of the full-text search engine. + full-text-search { + enabled = true + solr = { + url = "http://solrtcp:8983/solr/docspell" + } + recreate-key = ${SOLR_RECREATE_KEY} + } + backend { + jdbc { + url = "jdbc:"${DB_TYPE}"://"${DB_HOST}":"${DB_PORT}"/"${DB_NAME} + user = ${DB_USER} + password = ${DB_PASS} + } + } + } + + docspell.joex { + app-id = "joex-"${HOSTNAME} + base-url = "http://joex:7878" + bind { + address = "0.0.0.0" + } + jdbc { + url = "jdbc:"${DB_TYPE}"://"${DB_HOST}":"${DB_PORT}"/"${DB_NAME} + user = ${DB_USER} + password = ${DB_PASS} + } + full-text-search { + enabled = true + solr = { + url = "http://solrtcp:8983/solr/docspell" + } + } + scheduler { + pool-size = 1 + } + } diff --git a/docspell/configmap-env.yaml b/docspell/configmap-env.yaml new file mode 100644 index 0000000..5c703b1 --- /dev/null +++ b/docspell/configmap-env.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: docspell-env + namespace: docspell +data: + TZ: Europe/Berlin + DB_TYPE: postgresql + DB_HOST: postgres + DB_PORT: "5432" + BASE_URL: docs.tobru.ch + diff --git a/docspell/joex/deployment.yaml b/docspell/joex/deployment.yaml new file mode 100644 index 0000000..cf12a50 --- /dev/null +++ b/docspell/joex/deployment.yaml @@ -0,0 +1,37 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: joex + name: joex + namespace: docspell +spec: + replicas: 1 + selector: + matchLabels: + app: joex + strategy: {} + template: + metadata: + labels: + app: joex + spec: + containers: + - image: docker.io/eikek0/docspell:joex-LATEST + name: joex + args: + - /etc/docspell/docspell.conf + envFrom: + - configMapRef: + name: docspell-env + - secretRef: + name: docspell + ports: + - containerPort: 7878 + volumeMounts: + - name: config-volume + mountPath: /etc/docspell + volumes: + - name: config-volume + configMap: + name: docspell-config diff --git a/docspell/joex/service.yaml b/docspell/joex/service.yaml new file mode 100644 index 0000000..71ade60 --- /dev/null +++ b/docspell/joex/service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: joex + name: joex + namespace: docspell +spec: + ports: + - name: "7878" + port: 7878 + protocol: TCP + targetPort: 7878 + selector: + app: joex + type: ClusterIP diff --git a/docspell/postgres/service.yaml b/docspell/postgres/service.yaml new file mode 100644 index 0000000..9301434 --- /dev/null +++ b/docspell/postgres/service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: postgres + name: postgres + namespace: docspell +spec: + ports: + - name: "5432" + port: 5432 + protocol: TCP + targetPort: 5432 + selector: + app: postgres + type: ClusterIP diff --git a/docspell/postgres/statefulset.yaml b/docspell/postgres/statefulset.yaml new file mode 100644 index 0000000..e0a5201 --- /dev/null +++ b/docspell/postgres/statefulset.yaml @@ -0,0 +1,64 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: postgres + namespace: docspell +spec: + updateStrategy: + type: RollingUpdate + selector: + matchLabels: + app: postgres + serviceName: postgres + replicas: 1 + template: + metadata: + labels: + app: postgres + spec: + terminationGracePeriodSeconds: 10 + containers: + - name: postgres + image: docker.io/postgres:13.1 + imagePullPolicy: IfNotPresent + ports: + - name: postgres + containerPort: 5432 + protocol: TCP + resources: + requests: + cpu: 100m + memory: 256Mi + env: + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + name: docspell + key: DB_USER + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: docspell + key: DB_PASS + - name: POSTGRES_DB + valueFrom: + secretKeyRef: + name: docspell + key: DB_NAME + - name: PGUSER + value: postgres + - name: PGDATA + value: /var/lib/postgresql/data/pgdata + volumeMounts: + - mountPath: /var/lib/postgresql/data/pgdata + name: postgres + subPath: postgres-db + volumeClaimTemplates: + - metadata: + name: postgres + spec: + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 1Gi + diff --git a/docspell/restserver/deployment.yaml b/docspell/restserver/deployment.yaml new file mode 100644 index 0000000..9632962 --- /dev/null +++ b/docspell/restserver/deployment.yaml @@ -0,0 +1,49 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: restserver + name: restserver + namespace: docspell +spec: + replicas: 1 + selector: + matchLabels: + app: restserver + strategy: {} + template: + metadata: + labels: + app: restserver + spec: + containers: + - image: docker.io/eikek0/docspell:restserver-LATEST + name: docspell + args: + - /etc/docspell/docspell.conf + envFrom: + - configMapRef: + name: docspell-env + - secretRef: + name: docspell + ports: + - containerPort: 7880 + livenessProbe: + httpGet: + path: / + port: 7880 + initialDelaySeconds: 15 + periodSeconds: 10 + readinessProbe: + httpGet: + path: / + port: 7880 + initialDelaySeconds: 15 + periodSeconds: 10 + volumeMounts: + - name: config-volume + mountPath: /etc/docspell + volumes: + - name: config-volume + configMap: + name: docspell-config diff --git a/docspell/restserver/ingress.yaml b/docspell/restserver/ingress.yaml new file mode 100644 index 0000000..9891095 --- /dev/null +++ b/docspell/restserver/ingress.yaml @@ -0,0 +1,25 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + ingress.kubernetes.io/ssl-redirect: "true" + name: restserver + namespace: docspell +spec: + rules: + - host: docs.tobru.ch + http: + paths: + - path: / + backend: + service: + name: restserver + port: + number: 7880 + pathType: Exact + tls: + - hosts: + - docs.tobru.ch + secretName: docs-tobru-ch-cert + diff --git a/docspell/restserver/service.yaml b/docspell/restserver/service.yaml new file mode 100644 index 0000000..9ca5363 --- /dev/null +++ b/docspell/restserver/service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: restserver + name: restserver + namespace: docspell +spec: + ports: + - name: "7880" + port: 7880 + protocol: TCP + targetPort: 7880 + selector: + app: restserver + type: ClusterIP diff --git a/docspell/secret.yaml b/docspell/secret.yaml new file mode 100644 index 0000000..d256bc9 --- /dev/null +++ b/docspell/secret.yaml @@ -0,0 +1,20 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: docspell + namespace: docspell +spec: + encryptedData: + DB_NAME: AgCuZef2CVCeoMshAa6JzqpuS+hYWraAGJwWBagUpwoGxOplD8OBgsKC5BVd/lqB7M881/bty7J+OZ68C2Xxv034ZQOIKEya56HEU9QEimRqpbozKhR86fJEzn18J/BHSPvEOmgqjrvCcTgzUSiVyHoQQyHLfTbH8KwNe2vjoa8Lqmr4NwjPHRXPz9KjHKo2OHu9f9Lp/NL5oO0kFxt1Q/tk3//7FHKzl4FszbGPnuw1DSKVHHHH1CKotQR5l6ULsVMSAyjTQm0QNxlXzRgDVeMIu5CgnYITHD3u9UUMUTtPS6fMEPG93EZTJ7eXLlxkzez6bJDrwx+IXrkekv5HAPNKL4JS5J7Tiun0Bw/Z7oX75FfJvkZ6DzuJOC3elIJ6RdfMjGCBWyy1r7lN07UH1SxwTao49FPa48wfAS30UXO6yG2N3mtlop2XU1D2VYG7bVB0dmZIv6tAbAgS7o9h4E5utSXnxwQmh7WJKyJBdQ7nKCFgPq4JmJ72fxZZe+kGUKlmfztNFuuEIBRQZz8A8CBpVJeJiahfcKhwyBlZGBZY5Gfnxk5djdFzVcNkeUrgZMWMgatbpff1lxL5WNm4AGZbmF1RnMFeL2AG7jCAzEI3qWstI1vMduQzyyO6lGq0AfLAa1taCS3koiMKEc1JnprXl8UkLwOQn1n2017D5n2/bKz2yCbMWT+5701tDt8J6HgrPaADcG4usQ== + DB_PASS: AgC0kIi43XQARwbLDcaklzjIZnRs9sCgmK4SdxQT8KOGgKfzSrquh51z4sYWBNG39eo/nASP80vtpxcS86DqJT5eS8PqQSJdXDZpMybMPjddily2+HPoASCUz3q82xB/yb4KcHtp1GSjgRLW9/2rN+gCJWJIfnwjKuh6xrYinCx1wf4P8YKYBvmfztqjb3rgyFN0RXOXnPDbwmc17U7V4IuWZ/PMOlmasprZ1tLf+HdB1fiGuaOPOoMVJRV9jR7XZbh63iNZexFrCYWm5Y+OhNOPr+kI8ajObqissr8X2TerObCzE+aTjIhDQgn16RWsWGRUKCc9jiDPY8hd+kUN3B07MMf/kVHeVd/I53Oa/OvJK/QzhiER7iPliJsD1d5ycx349nIoeODNGxCHm7ysXwzTU7aUOXZLLjHxiHHL5W9mMloTMS0fXiuShVoLT4Jp36C8uaXN+4JUKTsR30Y+68EVDPZSa8967T+M9uxGS4fOnwE3IzjVyhf8AvJ8E5e4WbZPlfeUX0wh+zKp1OUrHk2Lf8C/FtWaixX0MjM8ine8aEnMTwcWYtgd0SAsKXJ8nM5X1bIrcsHUyiEEGBE3ExDH86oKgzAApadpwlmMAzZKlSoYNm0K/HSOnutMho1dRjfEUoh6ZP4CRWezWOjaTpkzEvYTluF6BwR0kPzklaE9U+MIUBxpbjYHDH7bWXawUTZtNCPLN+xgYCk+jyn7EZi51taooLvSeWlMisORJyS/Pg== + DB_USER: AgBcYPQsxnO/s5NALHQLHpehIr6stQ87NuXm/6oIDdD+NStWlhpql5QFznjuQ30R7VxwXP8W643cLqMldayJGHS5aXWREL7RRDwjqR+jsGSVKsj1iHAox7Yuc/kplvvutonITzlxQRt1NdFm8GLwtoWYWI5/h+coNT742UNnsKEyaGoiWfGFQqz/PJptrASQKqsKBNpx+Vk2eSo1w+xlboXNpmcnMk0ImkADblBFEBhonY/JeY83318Ssnl7b4584+3auEz+BwS8sWkI0lKPaxrdYMHbi+XMk0pQSrGmhDD+QhybVbEwKr0EwgsD2TxLDeraSHhu+B+goLjmo7Mrs+2TnYr/3Owlsj0b/sTcfYeamtkhB51BBKGmKwMFc1Ku9dwbZVAelyc0fVHHDOq/S0Tz7K0jIJdr0rKKL9cUau9bj3HwEBXFkjlzk9vxw7tXlC1g+W6SUsk5WVQAA7lEL6wRZnPoZaEiYEXwYrcdHbBb/m+42raKbW1OYqOYKNB+f9MeZS1TcLwX+FmKimbqJkIX2jXeEnaDsyjREfiULJ7e4iGTgY8j1ZDQATKy1E29lPfmy1kjF6MZJgAfYw+xoppXQ5LAql2M1CVaWk7S8MyFVzG6ezL3Jt7J+3ARhbsP2yaQVytrn99QOZZO9kc2tr2I8r2G9mnfFrN90R1ZTeUA3BlSP2a+wMnyXc7znhd/MWcjEHYO+KBrmA== + DOCSPELL_HEADER_VALUE: AgCdXA3UvgHjrhC+ybdLQ+6PkLimdnF2Lw76PvwasVGfuvPmMB5THuBHlxlSxB34JFwhxus7peuvE2h15fobO//U8OLcnS0AuKxDiY6XGFyqNr6byq54Dm7DOywZQy0K/c7YwBUAHmISB9jmC8g+4pWfsZZ3leLsRKD2odkVmOtbjzlQX8oihJH9rypmuZzOlob3xGARak/bMNPnzVqirOPzVY2qLqXRzvhezJJsWtJPlojRyihRWYluCITp3iiUX1e5dkyY6mAwzB+lPWyl0DUdoaFfRYQUDeefGGomKf9YhVscz0Ql31Qw4mQ1SEMNVS30aM6kzNokEQFWIh7rwYk2Aob+QDQNuyoqpcnjh11b5/qpanGEwU9hvq4ACZpPmydXEN6oYcyAiGxuxDFCSOPcfON0wuPDJ1+9E7CxyqGUJl75fa9SRO0uMLUtg9mod1CIFF89czFB6x/MfBTcTgrn9JmBDfD3RtM0mmgzDlEMo0drvC6HrnzkTpt2BzJUI/FVFU3eDEj3jSFw23Ihq2IzkNpfUgz1htBstkiv32uYDsVrsq48NEDcucb/XHAT2LmebkvRWqfzk++b3q21nxQXTbV9cyJ8VUFgO9IfDpPOmnM2REHs38yNNUmutnvcDKdG5GUrerPP16a8uros2Xf0FrGvtYr0+pyRpTqtFb4DsSIchMDCoOHtmfSD7Pc5AQuHyryyHMzKxSAMOYaav9CsPPamH++lb0KPncr0qX2+8Q== + SOLR_RECREATE_KEY: AgCTFZJSNjCkeo9Sxb9IZxVrVB8itrNLm/2KInulf8bvGcQMHkQo+HjK0x+L/IZpyaMCmi5cP5ExSu7Fs+WMdtXK9oPs7x6WL8WBbvwXo0BzvfeF+uB6gVnRkyF94CHhd6Sv/6VC69xo7TmhKWev/UDl9voZfxFJqSQ/8oMR5r1za6hMBhl92zdZqtYJn8PTS49hPJsRRgUcsGNUTG/b6k0PMr2QNtpAwkGiJTa9xxT2dF9SLos+NMt+gyPZoJrm9QO78YEAgDm1rt7EkLZnp5nbf8tNmz3eFATqCbI7FLMbnt6V126M76mTl++/Dbzpf4DNiHJoWj7dm0emY47zCpvtcj7ZS0twNhzUV13IrU5bR5bqjI3292xQSMhUaDMkSlWp+61mC+tsa4JiQsNWLPUhoCz4AtbrKzi2v3L/l45IvLBUWnjtBTc24M12i4rqSUToI73n4+GYvEnV86H1TL8S4s6ysgYSbsj+7cw0+0CRZdmahs+nQ+GPUOH9TRQdodCzi5+kBAbtT3FGepYQE4ltb2JvWSMHovJ3yuTQnF2Lkx5qCWRu9Ns2NUS2M8MUShnOvAhV9CzkfMRzrQvuH/+TrafMY6y3uUsOzWLagjRNNOwJhIQHl6UeCn5S8eMH2N7YWZsLZYxh8BcPSundjzKqqH+PR3CKA4K+oQLtrta9mbV03vusj1cJo7K5Di8NZfdBrDKHhYUzDq1tAN3bRL7KAW4qi5F9FzopKJqbFF40iA== + template: + metadata: + creationTimestamp: null + name: docspell + namespace: docspell + type: Opaque + diff --git a/docspell/solr/service.yaml b/docspell/solr/service.yaml new file mode 100644 index 0000000..afbcaa7 --- /dev/null +++ b/docspell/solr/service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: solr + name: solrtcp + namespace: docspell +spec: + ports: + - name: "8983" + port: 8983 + protocol: TCP + targetPort: 8983 + selector: + app: solr + type: ClusterIP diff --git a/docspell/solr/statefulset.yaml b/docspell/solr/statefulset.yaml new file mode 100644 index 0000000..70be9dd --- /dev/null +++ b/docspell/solr/statefulset.yaml @@ -0,0 +1,61 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: solr + namespace: docspell +spec: + updateStrategy: + type: RollingUpdate + selector: + matchLabels: + app: solr + serviceName: solr + replicas: 1 + template: + metadata: + labels: + app: solr + spec: + terminationGracePeriodSeconds: 10 + containers: + - name: solr + image: docker.io/solr:8 + imagePullPolicy: IfNotPresent + command: + - solr-precreate + - docspell + ports: + - name: solr + containerPort: 8983 + protocol: TCP + livenessProbe: + httpGet: + path: /solr/docspell/admin/ping + port: 8983 + initialDelaySeconds: 30 + periodSeconds: 60 + timeoutSeconds: 10 + readinessProbe: + httpGet: + path: /solr/docspell/admin/ping + port: 8983 + initialDelaySeconds: 30 + periodSeconds: 60 + timeoutSeconds: 10 + resources: + requests: + cpu: 100m + memory: 256Mi + volumeMounts: + - mountPath: /var/solr + name: solr + subPath: solr-db + volumeClaimTemplates: + - metadata: + name: solr + spec: + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 1Gi +