roles/apps/onlyoffice/templates/pod-spec.yml.j2


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104

{# TODO:
securityContext:
  allowPrivilegeEscalation: false
#}
terminationGracePeriodSeconds: 120
containers:
{# TODO: only listen to localhost #}
- name: documentserver
  image: "onlyoffice/documentserver:{{ item.value.version }}"
  resources:
    limits:
      memory: "4Gi"
{# TODO:
  securityContext:
    allowPrivilegeEscalation: false
    runAsUser: {{ onlyoffice_amqp_uid }}
    runAsGroup: {{ onlyoffice_amqp_gid }}
#}
  env:
  - name: "DB_TYPE"
    value: "postgres"
  - name: "DB_HOST"
    value: "127.0.0.1"
  - name: "DB_PORT"
    value: "5432"
  - name: "DB_NAME"
    value: "onlyoffice"
  - name: "DB_USER"
    value: "onlyoffice"
  - name: "DB_PWD"
    value: "{{ item.value.database.password }}"
  - name: "AMQP_TYPE"
    value: "rabbitmq"
  - name: "AMQP_URI"
    value: "amqp://onlyoffice:{{ item.value.amqp.password }}@127.0.0.1:5672"
{% if 'jwt_secret' in item.value %}
  - name: "JWT_ENABLED"
    value: "true"
  - name: "JWT_SECRET"
    value: "{{ item.value.jwt_secret }}"
{% endif %}
  ports:
  - containerPort: 80
    hostPort: {{ item.value.port }}
    hostIP: 127.0.0.1

- name: postgresql
  image: "postgres:{{ item.value.database.version }}"
  args:
  - postgres
  - -c
  - listen_addresses=127.0.0.1
  securityContext:
    allowPrivilegeEscalation: false
    runAsUser: {{ onlyoffice_db_uid }}
    runAsGroup: {{ onlyoffice_db_gid }}
  env:
  - name: "POSTGRES_DB"
    value: "onlyoffice"
  - name: "POSTGRES_USER"
    value: "onlyoffice"
  - name: "POSTGRES_PASSWORD"
    value: "{{ item.value.database.password }}"
  volumeMounts:
  - name: postgres
    mountPath: /var/lib/postgresql/data

{# TODO: only listen to localhost #}
- name: rabbitmq
  image: "rabbitmq:{{ item.value.amqp.version }}"
{# TODO:
  securityContext:
    allowPrivilegeEscalation: false
    runAsUser: {{ onlyoffice_amqp_uid }}
    runAsGroup: {{ onlyoffice_amqp_gid }}
#}
  env:
  - name: "RABBITMQ_NODENAME"
    value: "rabbit@localhost"
  - name: "RABBITMQ_NODE_IP_ADDRESS"
    value: "127.0.0.1"
  - name: "RABBITMQ_DEFAULT_USER"
    value: "onlyoffice"
  - name: "RABBITMQ_DEFAULT_PASS"
    value: "{{ item.value.amqp.password }}"
{# TODO: AQMP config?
  volumeMounts:
  - name: rabbitmq
    mountPath: /etc/rabbitmq/conf.d/k8s.conf
    subPath: config
    readOnly: true
#}

volumes:
- name: postgres
  hostPath:
    path: "{{ onlyoffice_base_path }}/{{ item.key }}/postgres"
    type: Directory
{# TODO: AQMP config?
- name: rabbitmq
  hostPath:
    path: "{{ onlyoffice_base_path }}/{{ item.key }}/rabbitmq"
    type: Directory
#}