summaryrefslogtreecommitdiff
path: root/roles/apps/onlyoffice/templates/pod-spec.yml.j2
diff options
context:
space:
mode:
Diffstat (limited to 'roles/apps/onlyoffice/templates/pod-spec.yml.j2')
-rw-r--r--roles/apps/onlyoffice/templates/pod-spec.yml.j233
1 files changed, 28 insertions, 5 deletions
diff --git a/roles/apps/onlyoffice/templates/pod-spec.yml.j2 b/roles/apps/onlyoffice/templates/pod-spec.yml.j2
index 3ceb5244..74fb1ab6 100644
--- a/roles/apps/onlyoffice/templates/pod-spec.yml.j2
+++ b/roles/apps/onlyoffice/templates/pod-spec.yml.j2
@@ -1,14 +1,21 @@
-{#
+{# TODO:
securityContext:
allowPrivilegeEscalation: false
#}
terminationGracePeriodSeconds: 120
containers:
+{# TODO: only listen to localhost #}
- name: documentserver
image: "onlyoffice/documentserver:{{ item.value.version }}"
resources:
limits:
memory: "4Gi"
+{# TODO:
+ securityContext:
+ allowPrivilegeEscalation: false
+ runAsUser: {{ onlyoffice_amqp_uid }}
+ runAsGroup: {{ onlyoffice_amqp_gid }}
+#}
env:
- name: "DB_TYPE"
value: "postgres"
@@ -26,6 +33,12 @@ containers:
value: "rabbitmq"
- name: "AMQP_URI"
value: "amqp://onlyoffice:{{ item.value.amqp.password }}@127.0.0.1:5672"
+{% if 'jwt_secret' in item.value %}
+ - name: "JWT_ENABLED"
+ value: "true"
+ - name: "JWT_SECRET"
+ value: "{{ item.value.jwt_secret }}"
+{% endif %}
ports:
- containerPort: 80
hostPort: {{ item.value.port }}
@@ -55,6 +68,12 @@ containers:
{# TODO: only listen to localhost #}
- name: rabbitmq
image: "rabbitmq:{{ item.value.amqp.version }}"
+{# TODO:
+ securityContext:
+ allowPrivilegeEscalation: false
+ runAsUser: {{ onlyoffice_amqp_uid }}
+ runAsGroup: {{ onlyoffice_amqp_gid }}
+#}
env:
- name: "RABBITMQ_NODENAME"
value: "rabbit@localhost"
@@ -64,18 +83,22 @@ containers:
value: "onlyoffice"
- name: "RABBITMQ_DEFAULT_PASS"
value: "{{ item.value.amqp.password }}"
+{# TODO: AQMP config?
volumeMounts:
- name: rabbitmq
mountPath: /etc/rabbitmq/conf.d/k8s.conf
subPath: config
readOnly: true
+#}
volumes:
-- name: rabbitmq
- hostPath:
- path: "{{ onlyoffice_base_path }}/{{ item.key }}/rabbitmq"
- type: Directory
- name: postgres
hostPath:
path: "{{ onlyoffice_base_path }}/{{ item.key }}/postgres"
type: Directory
+{# TODO: AQMP config?
+- name: rabbitmq
+ hostPath:
+ path: "{{ onlyoffice_base_path }}/{{ item.key }}/rabbitmq"
+ type: Directory
+#}
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-08 03:19:43 +0000