forked from k-space/kube
		
	- posts and user list manually exported - not in argo - outdated version - e-mail is broken - nobody has accessed in 6mo - no posts, apart from the initial admin
		
			
				
	
	
		
			383 lines
		
	
	
		
			10 KiB
		
	
	
	
		
			YAML
		
	
	
	
	
	
			
		
		
	
	
			383 lines
		
	
	
		
			10 KiB
		
	
	
	
		
			YAML
		
	
	
	
	
	
| apiVersion: networking.k8s.io/v1
 | |
| kind: Ingress
 | |
| metadata:
 | |
|   name: discourse
 | |
|   annotations:
 | |
|     external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
 | |
|     traefik.ingress.kubernetes.io/router.entrypoints: websecure
 | |
|     traefik.ingress.kubernetes.io/router.tls: "true"
 | |
| spec:
 | |
|   tls:
 | |
|     - hosts:
 | |
|         - "*.k-space.ee"
 | |
|       secretName: 
 | |
|   rules:
 | |
|     - host: "discourse.k-space.ee"
 | |
|       http:
 | |
|         paths:
 | |
|           - path: /
 | |
|             pathType: Prefix
 | |
|             backend:
 | |
|               service:
 | |
|                 name: discourse
 | |
|                 port:
 | |
|                   name: http
 | |
| 
 | |
| ---
 | |
| apiVersion: v1
 | |
| kind: Service
 | |
| metadata:
 | |
|   name: discourse
 | |
| spec:
 | |
|   type: ClusterIP
 | |
|   ipFamilyPolicy: SingleStack
 | |
|   ports:
 | |
|     - name: http
 | |
|       port: 80
 | |
|       protocol: TCP
 | |
|       targetPort: http
 | |
|   selector:
 | |
|     app.kubernetes.io/instance: discourse
 | |
|     app.kubernetes.io/name: discourse
 | |
| ---
 | |
| apiVersion: v1
 | |
| kind: ServiceAccount
 | |
| metadata:
 | |
|   name: discourse
 | |
| ---
 | |
| apiVersion: apps/v1
 | |
| kind: Deployment
 | |
| metadata:
 | |
|   name: discourse
 | |
|   annotations:
 | |
|     reloader.stakater.com/auto: "true"   
 | |
| spec:
 | |
|   replicas: 1
 | |
|   selector:
 | |
|     matchLabels:
 | |
|       app.kubernetes.io/instance: discourse
 | |
|       app.kubernetes.io/name: discourse
 | |
|   strategy:
 | |
|     type: Recreate
 | |
|   template:
 | |
|     metadata:
 | |
|       labels:
 | |
|         app.kubernetes.io/instance: discourse
 | |
|         app.kubernetes.io/name: discourse
 | |
|     spec:
 | |
|       serviceAccountName: discourse
 | |
|       securityContext:
 | |
|         fsGroup: 0
 | |
|         fsGroupChangePolicy: Always
 | |
|       initContainers:
 | |
|       containers:
 | |
|         - name: discourse
 | |
|           image: docker.io/bitnami/discourse:3.3.2-debian-12-r0
 | |
|           imagePullPolicy: "IfNotPresent"
 | |
|           securityContext:
 | |
|             allowPrivilegeEscalation: false
 | |
|             capabilities:
 | |
|               add:
 | |
|               - CHOWN
 | |
|               - SYS_CHROOT
 | |
|               - FOWNER
 | |
|               - SETGID
 | |
|               - SETUID
 | |
|               - DAC_OVERRIDE
 | |
|               drop:
 | |
|               - ALL
 | |
|             privileged: false
 | |
|             readOnlyRootFilesystem: false
 | |
|             runAsGroup: 0
 | |
|             runAsNonRoot: false
 | |
|             runAsUser: 0
 | |
|             seLinuxOptions: {}
 | |
|             seccompProfile:
 | |
|               type: RuntimeDefault
 | |
|           env:
 | |
|             - name: BITNAMI_DEBUG
 | |
|               value: "true"
 | |
|             - name: DISCOURSE_USERNAME
 | |
|               valueFrom:
 | |
|                 secretKeyRef:
 | |
|                   name: discourse-password
 | |
|                   key: username                                         
 | |
|             - name: DISCOURSE_PASSWORD
 | |
|               valueFrom:
 | |
|                 secretKeyRef:
 | |
|                   name: discourse-password
 | |
|                   key: password
 | |
|             - name: DISCOURSE_PORT_NUMBER
 | |
|               value: "8080"
 | |
|             - name: DISCOURSE_EXTERNAL_HTTP_PORT_NUMBER
 | |
|               value: "80"
 | |
|             - name: DISCOURSE_DATABASE_PASSWORD
 | |
|               valueFrom:
 | |
|                 secretKeyRef:
 | |
|                   name: discourse-postgresql
 | |
|                   key: password
 | |
|             - name: POSTGRESQL_CLIENT_CREATE_DATABASE_PASSWORD
 | |
|               valueFrom:
 | |
|                 secretKeyRef:
 | |
|                   name: discourse-postgres-superuser
 | |
|                   key: password
 | |
|             - name: POSTGRESQL_CLIENT_POSTGRES_PASSWORD
 | |
|               valueFrom:
 | |
|                 secretKeyRef:
 | |
|                   name: discourse-postgres-superuser
 | |
|                   key: password
 | |
|             - name: REDIS_PASSWORD
 | |
|               valueFrom:
 | |
|                 secretKeyRef:
 | |
|                   name: discourse-redis
 | |
|                   key: redis-password
 | |
|           envFrom:
 | |
|             - configMapRef:
 | |
|                 name: discourse              
 | |
|             - secretRef:
 | |
|                 name: discourse-email   
 | |
|           ports:
 | |
|             - name: http
 | |
|               containerPort: 8080
 | |
|               protocol: TCP
 | |
|           livenessProbe:
 | |
|             tcpSocket:
 | |
|               port: http
 | |
|             initialDelaySeconds: 500
 | |
|             periodSeconds: 10
 | |
|             timeoutSeconds: 5
 | |
|             successThreshold: 1
 | |
|             failureThreshold: 6
 | |
|           readinessProbe:
 | |
|             httpGet:
 | |
|               path: /srv/status
 | |
|               port: http
 | |
|             initialDelaySeconds: 100
 | |
|             periodSeconds: 10
 | |
|             timeoutSeconds: 5
 | |
|             successThreshold: 1
 | |
|             failureThreshold: 6
 | |
|           resources:
 | |
|             limits:
 | |
|               cpu: "6.0"
 | |
|               ephemeral-storage: 2Gi
 | |
|               memory: 12288Mi
 | |
|             requests:
 | |
|               cpu: "1.0"
 | |
|               ephemeral-storage: 50Mi
 | |
|               memory: 3072Mi
 | |
|           volumeMounts:
 | |
|             - name: discourse-data
 | |
|               mountPath: /bitnami/discourse
 | |
|               subPath: discourse
 | |
|         - name: sidekiq
 | |
|           image: docker.io/bitnami/discourse:3.3.2-debian-12-r0
 | |
|           imagePullPolicy: "IfNotPresent"
 | |
|           securityContext:
 | |
|             allowPrivilegeEscalation: false
 | |
|             capabilities:
 | |
|               add:
 | |
|               - CHOWN
 | |
|               - SYS_CHROOT
 | |
|               - FOWNER
 | |
|               - SETGID
 | |
|               - SETUID
 | |
|               - DAC_OVERRIDE
 | |
|               drop:
 | |
|               - ALL
 | |
|             privileged: false
 | |
|             readOnlyRootFilesystem: false
 | |
|             runAsGroup: 0
 | |
|             runAsNonRoot: false
 | |
|             runAsUser: 0
 | |
|             seLinuxOptions: {}
 | |
|             seccompProfile:
 | |
|               type: RuntimeDefault
 | |
|           command:
 | |
|             - /opt/bitnami/scripts/discourse/entrypoint.sh
 | |
|           args:
 | |
|             - /opt/bitnami/scripts/discourse-sidekiq/run.sh
 | |
|           env:
 | |
|             - name: BITNAMI_DEBUG
 | |
|               value: "true"
 | |
|             - name: DISCOURSE_USERNAME
 | |
|               valueFrom:
 | |
|                 secretKeyRef:
 | |
|                   name: discourse-password
 | |
|                   key: username              
 | |
|             - name: DISCOURSE_PASSWORD
 | |
|               valueFrom:
 | |
|                 secretKeyRef:
 | |
|                   name: discourse-password
 | |
|                   key: password
 | |
|             - name: DISCOURSE_DATABASE_PASSWORD
 | |
|               valueFrom:
 | |
|                 secretKeyRef:
 | |
|                   name: discourse-postgresql
 | |
|                   key: password                  
 | |
|             - name: DISCOURSE_POSTGRESQL_PASSWORD
 | |
|               valueFrom:
 | |
|                 secretKeyRef:
 | |
|                   name: discourse-postgres-superuser
 | |
|                   key: password
 | |
|             - name: REDIS_PASSWORD
 | |
|               valueFrom:
 | |
|                 secretKeyRef:
 | |
|                   name: discourse-redis
 | |
|                   key: redis-password
 | |
|           envFrom:
 | |
|             - configMapRef:
 | |
|                 name: discourse              
 | |
|             - secretRef:
 | |
|                 name: discourse-email     
 | |
|           livenessProbe:
 | |
|             exec:
 | |
|               command: ["/bin/sh", "-c", "pgrep -f ^sidekiq"]
 | |
|             initialDelaySeconds: 500
 | |
|             periodSeconds: 10
 | |
|             timeoutSeconds: 5
 | |
|             successThreshold: 1
 | |
|             failureThreshold: 6
 | |
|           readinessProbe:
 | |
|             exec:
 | |
|               command: ["/bin/sh", "-c", "pgrep -f ^sidekiq"]
 | |
|             initialDelaySeconds: 30
 | |
|             periodSeconds: 10
 | |
|             timeoutSeconds: 5
 | |
|             successThreshold: 1
 | |
|             failureThreshold: 6
 | |
|           resources:
 | |
|             limits:
 | |
|               cpu: 750m
 | |
|               ephemeral-storage: 2Gi
 | |
|               memory: 768Mi
 | |
|             requests:
 | |
|               cpu: 500m
 | |
|               ephemeral-storage: 50Mi
 | |
|               memory: 512Mi
 | |
|           volumeMounts:
 | |
|             - name: discourse-data
 | |
|               mountPath: /bitnami/discourse
 | |
|               subPath: discourse
 | |
|       volumes:
 | |
|         - name: discourse-data
 | |
|           persistentVolumeClaim:
 | |
|             claimName: discourse-data
 | |
| ---
 | |
| kind: PersistentVolumeClaim
 | |
| apiVersion: v1
 | |
| metadata:
 | |
|   name: discourse-data
 | |
|   namespace: discourse
 | |
| spec:
 | |
|   accessModes:
 | |
|     - "ReadWriteOnce"
 | |
|   resources:
 | |
|     requests:
 | |
|       storage: "3Gi"
 | |
|   storageClassName: "proxmox-nas"
 | |
| ---
 | |
| apiVersion: v1
 | |
| kind: ConfigMap
 | |
| metadata:
 | |
|   name: discourse
 | |
|   namespace: discourse
 | |
| data:
 | |
|   DISCOURSE_HOST: "discourse.k-space.ee"
 | |
|   DISCOURSE_SKIP_INSTALL: "yes"
 | |
|   DISCOURSE_PRECOMPILE_ASSETS: "no"
 | |
|   DISCOURSE_SITE_NAME: "K-Space Discourse"
 | |
|   DISCOURSE_USERNAME: "k-space"
 | |
|   DISCOURSE_EMAIL: "dos4dev@k-space.ee"
 | |
|   DISCOURSE_REDIS_HOST: "discourse-redis"
 | |
|   DISCOURSE_REDIS_PORT_NUMBER: "6379"
 | |
|   DISCOURSE_DATABASE_HOST: "discourse-postgres-rw"
 | |
|   DISCOURSE_DATABASE_PORT_NUMBER: "5432"
 | |
|   DISCOURSE_DATABASE_NAME: "discourse"
 | |
|   DISCOURSE_DATABASE_USER: "discourse"
 | |
|   POSTGRESQL_CLIENT_DATABASE_HOST: "discourse-postgres-rw"
 | |
|   POSTGRESQL_CLIENT_DATABASE_PORT_NUMBER: "5432"
 | |
|   POSTGRESQL_CLIENT_POSTGRES_USER: "postgres"
 | |
|   POSTGRESQL_CLIENT_CREATE_DATABASE_NAME: "discourse"
 | |
|   POSTGRESQL_CLIENT_CREATE_DATABASE_EXTENSIONS: "hstore,pg_trgm"
 | |
| ---
 | |
| apiVersion: codemowers.cloud/v1beta1
 | |
| kind: OIDCClient
 | |
| metadata:
 | |
|   name: discourse
 | |
|   namespace: discourse
 | |
| spec:
 | |
|   displayName: Discourse
 | |
|   uri: https://discourse.k-space.ee
 | |
|   redirectUris:
 | |
|     - https://discourse.k-space.ee/auth/oidc/callback
 | |
|   allowedGroups:
 | |
|     - k-space:floor
 | |
|     - k-space:friends
 | |
|   grantTypes:
 | |
|     - authorization_code
 | |
|     - refresh_token
 | |
|   responseTypes:
 | |
|     - code
 | |
|   availableScopes:
 | |
|     - openid
 | |
|     - profile
 | |
|   pkce: false
 | |
| ---
 | |
| apiVersion: codemowers.cloud/v1beta1
 | |
| kind: SecretClaim
 | |
| metadata:
 | |
|   name: discourse-redis
 | |
|   namespace: discourse
 | |
| spec:
 | |
|   size: 32
 | |
|   mapping:
 | |
|     - key: redis-password
 | |
|       value: "%(plaintext)s"
 | |
|     - key: REDIS_URI
 | |
|       value: "redis://:%(plaintext)s@discourse-redis"
 | |
| ---
 | |
| apiVersion: dragonflydb.io/v1alpha1
 | |
| kind: Dragonfly
 | |
| metadata:
 | |
|   name: discourse-redis
 | |
|   namespace: discourse
 | |
| spec:
 | |
|   authentication:
 | |
|     passwordFromSecret:
 | |
|       key: redis-password
 | |
|       name: discourse-redis
 | |
|   replicas: 3
 | |
|   resources:
 | |
|     limits:
 | |
|       cpu: 1000m
 | |
|       memory: 1Gi
 | |
|   topologySpreadConstraints:
 | |
|     - maxSkew: 1
 | |
|       topologyKey: topology.kubernetes.io/zone
 | |
|       whenUnsatisfiable: DoNotSchedule
 | |
|       labelSelector:
 | |
|         matchLabels:
 | |
|           app: discourse-redis
 | |
|           app.kubernetes.io/part-of: dragonfly              
 | |
| ---
 | |
| apiVersion: postgresql.cnpg.io/v1
 | |
| kind: Cluster
 | |
| metadata:
 | |
|   name: discourse-postgres
 | |
|   namespace: discourse
 | |
| spec:
 | |
|   instances: 1
 | |
|   enableSuperuserAccess: true
 | |
|   bootstrap:
 | |
|     initdb:
 | |
|       database: discourse
 | |
|       owner: discourse
 | |
|       secret:
 | |
|         name: discourse-postgresql
 | |
|       dataChecksums: true
 | |
|       encoding: 'UTF8'
 | |
|   storage:
 | |
|     size: 10Gi
 | |
|     storageClass: postgres
 |