apps(outline): Added outline to sekibanki
This commit is contained in:
29
apps/sekibanki/outline/configmap.yaml
Normal file
29
apps/sekibanki/outline/configmap.yaml
Normal file
@@ -0,0 +1,29 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
name: outline-config
|
||||||
|
data:
|
||||||
|
NODE_ENV: production
|
||||||
|
PGSSLMODE: disable
|
||||||
|
REDIS_URL: redis://127.0.0.1:6379
|
||||||
|
URL: https://wiki.prettysunflower.moe
|
||||||
|
PORT: "3000"
|
||||||
|
FILE_STORAGE: s3
|
||||||
|
FILE_STORAGE_UPLOAD_MAX_SIZE: "262144000"
|
||||||
|
AWS_REGION: auto
|
||||||
|
AWS_S3_UPLOAD_BUCKET_URL: https://t3.storage.dev
|
||||||
|
AWS_S3_UPLOAD_BUCKET_NAME: prettysunflower-wiki
|
||||||
|
AWS_S3_FORCE_PATH_STYLE: "true"
|
||||||
|
AWS_S3_ACL: private
|
||||||
|
OIDC_AUTH_URI: https://auth.remilia.ch/authorize
|
||||||
|
OIDC_TOKEN_URI: https://auth.remilia.ch/api/oidc/token
|
||||||
|
OIDC_USERINFO_URI: https://auth.remilia.ch/api/oidc/userinfo
|
||||||
|
OIDC_LOGOUT_URI: https://auth.remilia.ch/api/oidc/end-session
|
||||||
|
OIDC_USERNAME_CLAIM: preferred_username
|
||||||
|
OIDC_DISPLAY_NAME: Auth prettysunflower
|
||||||
|
OIDC_SCOPES: openid profile email
|
||||||
|
DEFAULT_LANGUAGE: en_US
|
||||||
|
RATE_LIMITER_ENABLED: "true"
|
||||||
|
RATE_LIMITER_REQUESTS: "1000"
|
||||||
|
RATE_LIMITER_DURATION_WINDOW: "60"
|
||||||
|
FORCE_HTTPS: "false"
|
64
apps/sekibanki/outline/deployment.yaml
Normal file
64
apps/sekibanki/outline/deployment.yaml
Normal file
@@ -0,0 +1,64 @@
|
|||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: outline
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: outline
|
||||||
|
spec:
|
||||||
|
replicas: 1
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app.kubernetes.io/name: outline
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: outline
|
||||||
|
spec:
|
||||||
|
hostAliases:
|
||||||
|
- ip: "100.113.193.5"
|
||||||
|
hostnames:
|
||||||
|
- "mail.prettysunflower.moe"
|
||||||
|
volumes:
|
||||||
|
- name: valkey-data
|
||||||
|
persistentVolumeClaim:
|
||||||
|
claimName: valkey-outline-pvc
|
||||||
|
containers:
|
||||||
|
- name: outline
|
||||||
|
image: docker.getoutline.com/outlinewiki/outline:0.85.1
|
||||||
|
ports:
|
||||||
|
- containerPort: 3000
|
||||||
|
name: http
|
||||||
|
envFrom:
|
||||||
|
- configMapRef:
|
||||||
|
name: outline-config
|
||||||
|
- secretRef:
|
||||||
|
name: outline-secret
|
||||||
|
securityContext:
|
||||||
|
runAsUser: 1000
|
||||||
|
runAsGroup: 1000
|
||||||
|
runAsNonRoot: true
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
capabilities:
|
||||||
|
drop:
|
||||||
|
- ALL
|
||||||
|
seccompProfile:
|
||||||
|
type: RuntimeDefault
|
||||||
|
- image: valkey/valkey:8.1.3-alpine
|
||||||
|
name: valkey
|
||||||
|
command: ["valkey-server"]
|
||||||
|
ports:
|
||||||
|
- containerPort: 6379
|
||||||
|
protocol: TCP
|
||||||
|
securityContext:
|
||||||
|
runAsUser: 1000
|
||||||
|
runAsGroup: 1000
|
||||||
|
runAsNonRoot: true
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
capabilities:
|
||||||
|
drop:
|
||||||
|
- ALL
|
||||||
|
seccompProfile:
|
||||||
|
type: RuntimeDefault
|
||||||
|
volumeMounts:
|
||||||
|
- name: valkey-data
|
||||||
|
mountPath: "/data"
|
6
apps/sekibanki/outline/kustomization.yaml
Normal file
6
apps/sekibanki/outline/kustomization.yaml
Normal file
@@ -0,0 +1,6 @@
|
|||||||
|
resources:
|
||||||
|
- deployment.yaml
|
||||||
|
- configmap.yaml
|
||||||
|
- secrets.yaml
|
||||||
|
- svc.yaml
|
||||||
|
- pvc.yaml
|
11
apps/sekibanki/outline/pvc.yaml
Normal file
11
apps/sekibanki/outline/pvc.yaml
Normal file
@@ -0,0 +1,11 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: PersistentVolumeClaim
|
||||||
|
metadata:
|
||||||
|
name: valkey-outline-pvc
|
||||||
|
spec:
|
||||||
|
accessModes:
|
||||||
|
- ReadWriteOnce
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
storage: 5Gi
|
||||||
|
storageClassName: nfs-csi
|
28
apps/sekibanki/outline/secrets.sops.yaml
Normal file
28
apps/sekibanki/outline/secrets.sops.yaml
Normal file
@@ -0,0 +1,28 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: outline-secret
|
||||||
|
type: Opaque
|
||||||
|
stringData:
|
||||||
|
SECRET_KEY: ENC[AES256_GCM,data:zoadiee6r+eBUnt/b0hh25P9QZfjHy7ayAif6jdXO9LDNbakeoM+g4GDavioDkFY0NJLaXIBllwjHYJm8jzufg==,iv:oTIJMcFAPlpcVYBHa8grkSeyz9tv2/VZtlO7YhlxE/4=,tag:SLPBQKYwEcJdBn9/gedjUw==,type:str]
|
||||||
|
UTILS_SECRET: ENC[AES256_GCM,data:q6spGJkw3KINizrBFn9XdMqpBCmeWG9pUWHDnhXWfRG3H2ZWwBEqc8DVvIEfjnETtMh0adHh9FP+zi+BKjBegg==,iv:h7sMjSO/hQBT/tmqd+It3wxPgO6fUQ4RGQmT3JeNnAE=,tag:m04+dAX2q20QeDwXoTatog==,type:str]
|
||||||
|
DATABASE_URL: ENC[AES256_GCM,data:gkT46vh0OPga38NULb9dG6z33IsJ2r76qkYs3f4C+HaZPRvTlRer4Xve5fXCM7VY44KVtviKo+Yw+Q==,iv:DxsMqNmHFGyhqleleUE8jlBglQtF76J9s3cziskBiIg=,tag:bFUErLHP2jEOB9ZTq85Uxw==,type:str]
|
||||||
|
AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:klyyWd1mDCti8O/WmsugF1WdJhoIRoYCIlzWjko8+zbIVzYkP3UiC5Ol3luf6pGkNwK9V1Ke,iv:4fShu8gnUGfsTw7ZjN0lro59/YyzbARpm24+N+0W2tU=,tag:SB5xVD/ZZ5AibiT2DWIUhQ==,type:str]
|
||||||
|
AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:xPbpQgFUwGXyzWOPS83OnblEa/962keAMJ5Rgc4YJccqpaFc+h0TTz1KYr2Kx/jMt8VEyd+WTVxHlkOdIK9Czkwika1CR0CYwzlS,iv:M4/+5RFEmhq7W7eUEigX+369cxTZKPmxxV9zQPT0EGE=,tag:Llc9+UsZpDQfXAguzsjiCg==,type:str]
|
||||||
|
OIDC_CLIENT_ID: ENC[AES256_GCM,data:MVfKjQgTy28mb4DsE/JyuWuu5A9nrN3bg0ECx+zdbGDWPvmZ,iv:sU8j7EePuYzpJ7bwQmAjGKD1mlJFFI4OtFf66MfoSWs=,tag:0Pg1ZruZNV1XYwo1D9WULQ==,type:str]
|
||||||
|
OIDC_CLIENT_SECRET: ENC[AES256_GCM,data:1hPq1s2LTQmN/THsgVfZntqCx8YrLXFFEXHW0m0JnfM=,iv:eNLlJcUkOLjbbouamA+y7T2d/BGXgEkoS7GYEoVGi/w=,tag:UxDhthu9jaUpRGvZsfbXVw==,type:str]
|
||||||
|
sops:
|
||||||
|
age:
|
||||||
|
- recipient: age1r0tjhg6uexyj0p7fp0ftv5h7r7e3ptzkk2797pznfvrvsm576u0s37yyaw
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCc2pFK0pNZjhrU0lVK041
|
||||||
|
QUFBT01sMHFyZnNldUFCU20xMUVaT0ZhMFJrCjZrWmllQWQ5Tjc1TVFuSDF1cmgr
|
||||||
|
OGdYQkI3TDFOd2kxL3pqelM4WjdYNTgKLS0tICsxNVN2emY4azBvZnM0ZDFMMXJL
|
||||||
|
OTQ1YmU1RFByeTM3ckFXS3JnRGphVU0K5F14e9Yja6tNHp1iiN6DNX57bokZIKjC
|
||||||
|
WosPe865F+Lie6GBv1hRzRKQuR0scl1Q7p3kC9tFgNbV52s4wFASHg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2025-08-01T15:14:39Z"
|
||||||
|
mac: ENC[AES256_GCM,data:OeuEllidHzi6FsLgqH+CI60FUlHshF593L0cRrz7EvnCRzVDqwuBophXjMp0NWWc4fwheLEmkI2v4oCBfyYzf21Bnk02DPeJBGd30BpCmjIcc3b9iHEo6KlBLPFzveUHOBBQ5S2IWX8EBeBrwu29x5IhgQcpttXKtmqCditGTz0=,iv:Ganr6VovP8bM9mVC7wFo/KSkwrHFXigK8riEuX3F6vM=,tag:l01vl0e0wUiDY1SkX8xXhw==,type:str]
|
||||||
|
encrypted_regex: ^(data|stringData)$
|
||||||
|
version: 3.10.2
|
13
apps/sekibanki/outline/svc.yaml
Normal file
13
apps/sekibanki/outline/svc.yaml
Normal file
@@ -0,0 +1,13 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: outline
|
||||||
|
spec:
|
||||||
|
type: ClusterIP
|
||||||
|
selector:
|
||||||
|
app.kubernetes.io/name: outline
|
||||||
|
ports:
|
||||||
|
- protocol: TCP
|
||||||
|
port: 80
|
||||||
|
targetPort: http
|
||||||
|
name: http
|
Reference in New Issue
Block a user