diff options
Diffstat (limited to 'roles/apps/onlyoffice/templates')
-rw-r--r-- | roles/apps/onlyoffice/templates/pod-spec.yml.j2 | 33 |
1 files changed, 28 insertions, 5 deletions
diff --git a/roles/apps/onlyoffice/templates/pod-spec.yml.j2 b/roles/apps/onlyoffice/templates/pod-spec.yml.j2 index 3ceb5244..74fb1ab6 100644 --- a/roles/apps/onlyoffice/templates/pod-spec.yml.j2 +++ b/roles/apps/onlyoffice/templates/pod-spec.yml.j2 @@ -1,14 +1,21 @@ -{# +{# TODO: securityContext: allowPrivilegeEscalation: false #} terminationGracePeriodSeconds: 120 containers: +{# TODO: only listen to localhost #} - name: documentserver image: "onlyoffice/documentserver:{{ item.value.version }}" resources: limits: memory: "4Gi" +{# TODO: + securityContext: + allowPrivilegeEscalation: false + runAsUser: {{ onlyoffice_amqp_uid }} + runAsGroup: {{ onlyoffice_amqp_gid }} +#} env: - name: "DB_TYPE" value: "postgres" @@ -26,6 +33,12 @@ containers: value: "rabbitmq" - name: "AMQP_URI" value: "amqp://onlyoffice:{{ item.value.amqp.password }}@127.0.0.1:5672" +{% if 'jwt_secret' in item.value %} + - name: "JWT_ENABLED" + value: "true" + - name: "JWT_SECRET" + value: "{{ item.value.jwt_secret }}" +{% endif %} ports: - containerPort: 80 hostPort: {{ item.value.port }} @@ -55,6 +68,12 @@ containers: {# TODO: only listen to localhost #} - name: rabbitmq image: "rabbitmq:{{ item.value.amqp.version }}" +{# TODO: + securityContext: + allowPrivilegeEscalation: false + runAsUser: {{ onlyoffice_amqp_uid }} + runAsGroup: {{ onlyoffice_amqp_gid }} +#} env: - name: "RABBITMQ_NODENAME" value: "rabbit@localhost" @@ -64,18 +83,22 @@ containers: value: "onlyoffice" - name: "RABBITMQ_DEFAULT_PASS" value: "{{ item.value.amqp.password }}" +{# TODO: AQMP config? volumeMounts: - name: rabbitmq mountPath: /etc/rabbitmq/conf.d/k8s.conf subPath: config readOnly: true +#} volumes: -- name: rabbitmq - hostPath: - path: "{{ onlyoffice_base_path }}/{{ item.key }}/rabbitmq" - type: Directory - name: postgres hostPath: path: "{{ onlyoffice_base_path }}/{{ item.key }}/postgres" type: Directory +{# TODO: AQMP config? +- name: rabbitmq + hostPath: + path: "{{ onlyoffice_base_path }}/{{ item.key }}/rabbitmq" + type: Directory +#} |