diff --git a/.gitea/workflows/deploy.yaml b/.gitea/workflows/deploy.yaml index b546683..92c3ba8 100644 --- a/.gitea/workflows/deploy.yaml +++ b/.gitea/workflows/deploy.yaml @@ -4,31 +4,12 @@ on: push: branches: - main + paths: + - "k8s/**" jobs: - check-changes: - runs-on: ubuntu-latest - outputs: - changes: ${{ steps.filter.outputs.k8s }} - helm: ${{ steps.filter.outputs.helm }} - steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - with: - fetch-depth: 0 - - uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1 - id: filter - with: - filters: | - k8s: - - 'k8s/**' - helm: - - 'values/**' - - 'helmfile.yaml' - deploy: runs-on: ubuntu-latest - needs: check-changes - if: ${{ needs.check-changes.outputs.changes == 'true' || needs.check-changes.outputs.helm == 'true' }} steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: https://gitea.t000-n.de/t.behrendt/k_deploy_workflows/.gitea/actions/extract-namespace-from-repo-name@c373c34c836716e663e2d6379e686997bfd7746c # 0.0.6 @@ -36,9 +17,6 @@ jobs: with: repo: ${{ github.repository }} - uses: azure/setup-kubectl@15650b3ad78fff148532a140b8a4c821796b2d7b # v5.0.0 - - uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5 - with: - version: "3.15.0" - uses: azure/k8s-set-context@ae59a723ba9abe7a9655538854a025448dbab4aa # v4.0.2 with: method: kubeconfig @@ -56,6 +34,16 @@ jobs: "restic_rest_password": "${{ secrets.RESTIC_REST_PASSWORD }}", "gotify_token": "${{ secrets.GOTIFY_TOKEN }}" } + - name: Create paperless secret + uses: azure/k8s-create-secret@6e0ba8047235646753f2a3a3b359b4d0006ff218 # v5.0.1 + with: + namespace: ${{ steps.namespace.outputs.namespace }} + secret-name: paperless-secret + secret-type: generic + data: | + { + "PAPERLESS_SECRET_KEY": "${{ secrets.PAPERLESS_SECRET_KEY }}" + } - name: Deploy uses: azure/k8s-deploy@c8cfec839dc09896b3b8cc40cd13d04792680771 # v5.1.0 with: @@ -63,7 +51,3 @@ jobs: manifests: "k8s/" strategy: basic namespace: ${{ steps.namespace.outputs.namespace }} - - name: Deploy helm - uses: helmfile/helmfile-action@d9fefe29b0d07e9ab187ecfe1d63eff91e0a070c # v2.4.1 - with: - helmfile-args: apply diff --git a/.gitea/workflows/validate.yaml b/.gitea/workflows/validate.yaml index 36f9adc..7c21a72 100644 --- a/.gitea/workflows/validate.yaml +++ b/.gitea/workflows/validate.yaml @@ -15,9 +15,6 @@ jobs: with: repo: ${{ github.repository }} - uses: azure/setup-kubectl@15650b3ad78fff148532a140b8a4c821796b2d7b # v5.0.0 - - uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5 - with: - version: "3.15.0" - uses: azure/k8s-set-context@ae59a723ba9abe7a9655538854a025448dbab4aa # v4.0.2 with: method: kubeconfig @@ -28,7 +25,3 @@ jobs: namespace: ${{ steps.namespace.outputs.namespace }} lintType: dryrun manifests: "k8s/" - - name: Validate Helm - uses: helmfile/helmfile-action@d9fefe29b0d07e9ab187ecfe1d63eff91e0a070c # v2.4.1 - with: - helmfile-args: diff diff --git a/README.md b/README.md index 64d5f1d..d388528 100644 --- a/README.md +++ b/README.md @@ -1,17 +1,9 @@ -Template DoDos: +# Kubernetes Deployment for Paperless -- Add KUBECONFIG secret to your repo -- Place your k8s files in ./k8s/ -- Replace \ with the name of the service -- Replace \ with the URL of the service -- Replace \ with the authentication method used -- Replace \ with the namespace where the service is deployed in .github/workflows/deploy.yaml -- Provide a screenshot of the service in action in ./screenshot.png +Document management system. -# Kubernetes Deployment for \ +Deployed to: [paperless.t00n.de](https://paperless.t00n.de) -Deployed to: \ - -Authentication: \ +Authentication: built-in ![Screenshot](screenshot.png) diff --git a/k8s/10_namespace.yaml b/k8s/10_namespace.yaml index badbdd5..37ad102 100644 --- a/k8s/10_namespace.yaml +++ b/k8s/10_namespace.yaml @@ -1,4 +1,4 @@ apiVersion: v1 kind: Namespace metadata: - name: + name: paperless diff --git a/k8s/21_deployment_paperless.yaml b/k8s/21_deployment_paperless.yaml new file mode 100644 index 0000000..37790a6 --- /dev/null +++ b/k8s/21_deployment_paperless.yaml @@ -0,0 +1,54 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: webserver + namespace: paperless +spec: + replicas: 1 + selector: + matchLabels: + app: webserver + template: + metadata: + labels: + app: webserver + spec: + nodeSelector: + kubernetes.io/hostname: k3sh0 + containers: + - name: webserver + image: ghcr.io/paperless-ngx/paperless-ngx:2.20.13@sha256:4b05bcd28e6923768000b5d247cbf2c66fd49bdc3f3b05955bd4f6790a638b01 + ports: + - containerPort: 8000 + env: + - name: PAPERLESS_REDIS + value: redis://broker.paperless.svc.cluster.local:6379 + - name: PAPERLESS_URL + value: https://paperless.t00n.de + - name: PAPERLESS_SECRET_KEY + valueFrom: + secretKeyRef: + name: paperless-secret + key: PAPERLESS_SECRET_KEY + - name: PAPERLESS_TIME_ZONE + value: Europe/Amsterdam + - name: PAPERLESS_OCR_LANGUAGE + value: deu + volumeMounts: + - name: data + mountPath: /usr/src/paperless/data + - name: media + mountPath: /usr/src/paperless/media + resources: + limits: + cpu: 1000m + memory: 4096Mi + volumes: + - name: data + hostPath: + path: /mnt/longhorn1/svc/paperless/main/paperless/data + type: Directory + - name: media + hostPath: + path: /mnt/longhorn1/svc/paperless/main/paperless/media + type: Directory diff --git a/k8s/22_service_paperless.yaml b/k8s/22_service_paperless.yaml new file mode 100644 index 0000000..e8d48f7 --- /dev/null +++ b/k8s/22_service_paperless.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Service +metadata: + name: webserver + namespace: paperless +spec: + selector: + app: webserver + ports: + - port: 8000 + targetPort: 8000 diff --git a/k8s/23_ingress_paperless.yaml b/k8s/23_ingress_paperless.yaml new file mode 100644 index 0000000..708cd25 --- /dev/null +++ b/k8s/23_ingress_paperless.yaml @@ -0,0 +1,18 @@ +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + namespace: paperless + name: ingressroute +spec: + entryPoints: + - websecure + routes: + - kind: Rule + match: Host(`paperless.t00n.de`) + middlewares: + - name: localipfilter + namespace: kube-system + services: + - kind: Service + name: webserver + port: 8000 diff --git a/k8s/31_deployment_broker.yaml b/k8s/31_deployment_broker.yaml new file mode 100644 index 0000000..3b538cf --- /dev/null +++ b/k8s/31_deployment_broker.yaml @@ -0,0 +1,34 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: broker + namespace: paperless +spec: + replicas: 1 + selector: + matchLabels: + app: broker + template: + metadata: + labels: + app: broker + spec: + nodeSelector: + kubernetes.io/hostname: k3sh0 + containers: + - name: redis + image: docker.io/library/redis:7 + volumeMounts: + - name: data + mountPath: /data + ports: + - containerPort: 6379 + resources: + limits: + cpu: 250m + memory: 512Mi + volumes: + - name: data + hostPath: + path: /mnt/longhorn1/svc/paperless/main/broker/data + type: Directory diff --git a/k8s/32_service_broker.yaml b/k8s/32_service_broker.yaml new file mode 100644 index 0000000..269dbb0 --- /dev/null +++ b/k8s/32_service_broker.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: broker + namespace: paperless +spec: + selector: + app: broker + ports: + - protocol: TCP + port: 6379 + targetPort: 6379 diff --git a/screenshot.png b/screenshot.png new file mode 100644 index 0000000..42065e7 Binary files /dev/null and b/screenshot.png differ