diff options
Diffstat (limited to 'roles/apps/onlyoffice/templates/pod-spec.yml.j2')
-rw-r--r-- | roles/apps/onlyoffice/templates/pod-spec.yml.j2 | 104 |
1 files changed, 104 insertions, 0 deletions
diff --git a/roles/apps/onlyoffice/templates/pod-spec.yml.j2 b/roles/apps/onlyoffice/templates/pod-spec.yml.j2 new file mode 100644 index 00000000..74fb1ab6 --- /dev/null +++ b/roles/apps/onlyoffice/templates/pod-spec.yml.j2 @@ -0,0 +1,104 @@ +{# TODO: +securityContext: + allowPrivilegeEscalation: false +#} +terminationGracePeriodSeconds: 120 +containers: +{# TODO: only listen to localhost #} +- name: documentserver + image: "onlyoffice/documentserver:{{ item.value.version }}" + resources: + limits: + memory: "4Gi" +{# TODO: + securityContext: + allowPrivilegeEscalation: false + runAsUser: {{ onlyoffice_amqp_uid }} + runAsGroup: {{ onlyoffice_amqp_gid }} +#} + env: + - name: "DB_TYPE" + value: "postgres" + - name: "DB_HOST" + value: "127.0.0.1" + - name: "DB_PORT" + value: "5432" + - name: "DB_NAME" + value: "onlyoffice" + - name: "DB_USER" + value: "onlyoffice" + - name: "DB_PWD" + value: "{{ item.value.database.password }}" + - name: "AMQP_TYPE" + value: "rabbitmq" + - name: "AMQP_URI" + value: "amqp://onlyoffice:{{ item.value.amqp.password }}@127.0.0.1:5672" +{% if 'jwt_secret' in item.value %} + - name: "JWT_ENABLED" + value: "true" + - name: "JWT_SECRET" + value: "{{ item.value.jwt_secret }}" +{% endif %} + ports: + - containerPort: 80 + hostPort: {{ item.value.port }} + hostIP: 127.0.0.1 + +- name: postgresql + image: "postgres:{{ item.value.database.version }}" + args: + - postgres + - -c + - listen_addresses=127.0.0.1 + securityContext: + allowPrivilegeEscalation: false + runAsUser: {{ onlyoffice_db_uid }} + runAsGroup: {{ onlyoffice_db_gid }} + env: + - name: "POSTGRES_DB" + value: "onlyoffice" + - name: "POSTGRES_USER" + value: "onlyoffice" + - name: "POSTGRES_PASSWORD" + value: "{{ item.value.database.password }}" + volumeMounts: + - name: postgres + mountPath: /var/lib/postgresql/data + +{# TODO: only listen to localhost #} +- name: rabbitmq + image: "rabbitmq:{{ item.value.amqp.version }}" +{# TODO: + securityContext: + allowPrivilegeEscalation: false + runAsUser: {{ onlyoffice_amqp_uid }} + runAsGroup: {{ onlyoffice_amqp_gid }} +#} + env: + - name: "RABBITMQ_NODENAME" + value: "rabbit@localhost" + - name: "RABBITMQ_NODE_IP_ADDRESS" + value: "127.0.0.1" + - name: "RABBITMQ_DEFAULT_USER" + value: "onlyoffice" + - name: "RABBITMQ_DEFAULT_PASS" + value: "{{ item.value.amqp.password }}" +{# TODO: AQMP config? + volumeMounts: + - name: rabbitmq + mountPath: /etc/rabbitmq/conf.d/k8s.conf + subPath: config + readOnly: true +#} + +volumes: +- name: postgres + hostPath: + path: "{{ onlyoffice_base_path }}/{{ item.key }}/postgres" + type: Directory +{# TODO: AQMP config? +- name: rabbitmq + hostPath: + path: "{{ onlyoffice_base_path }}/{{ item.key }}/rabbitmq" + type: Directory +#} |