bootstrap (#1)

Reviewed-on: #1
Co-authored-by: Timo Behrendt <t.behrendt@t00n.de>
Co-committed-by: Timo Behrendt <t.behrendt@t00n.de>

k8s/10_namespace.yaml

@@ -1,4 +1,4 @@
 apiVersion: v1
 kind: Namespace
 metadata:
-  name: <namespace>
+  name: paperless

k8s/11_backup.yaml

@@ -0,0 +1,63 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: backup
+spec:
+  schedule: "0 20 */14 * *"
+  concurrencyPolicy: Forbid
+  successfulJobsHistoryLimit: 5
+  failedJobsHistoryLimit: 3
+  jobTemplate:
+    metadata:
+      labels:
+        t00n.de/restic-backup: "true"
+    spec:
+      backoffLimit: 3
+      activeDeadlineSeconds: 300
+      template:
+        spec:
+          nodeSelector:
+            kubernetes.io/hostname: k3sh0
+          restartPolicy: OnFailure
+          containers:
+            - name: backup-paperless
+              image: gitea.t000-n.de/t.behrendt/backupsidecar:6ff6e8759e827b9aa8ec7ecec4356cc04e4ca75a@sha256:f0841b9d74c6c9db8445d130b79c631a5526a2890ce34371859b3bb65f0ee5be
+              env:
+                - name: BACKUP_MODE
+                  value: "directory"
+                - name: RESTIC_REPOSITORY
+                  value: "rest:http://restserver.restic.svc.cluster.local:8000/paperless"
+                - name: RESTIC_PASSWORD
+                  valueFrom:
+                    secretKeyRef:
+                      name: backup-secret
+                      key: restic_password
+                - name: RESTIC_REST_USERNAME
+                  valueFrom:
+                    secretKeyRef:
+                      name: backup-secret
+                      key: restic_rest_username
+                - name: RESTIC_REST_PASSWORD
+                  valueFrom:
+                    secretKeyRef:
+                      name: backup-secret
+                      key: restic_rest_password
+                - name: GOTIFYHOST
+                  value: "https://gotify.t000-n.de"
+                - name: GOTIFYTOKEN
+                  valueFrom:
+                    secretKeyRef:
+                      name: backup-secret
+                      key: gotify_token
+                - name: GOTIFYTOPIC
+                  value: "Paperless Backup"
+                - name: SOURCEDIR
+                  value: "/data"
+              volumeMounts:
+                - name: source-data
+                  mountPath: /data
+          volumes:
+            - name: source-data
+              hostPath:
+                path: /mnt/longhorn1/svc/paperless/main
+                type: Directory

k8s/21_deployment_paperless.yaml

@@ -0,0 +1,54 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: webserver
+  namespace: paperless
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: webserver
+  template:
+    metadata:
+      labels:
+        app: webserver
+    spec:
+      nodeSelector:
+        kubernetes.io/hostname: k3sh0
+      containers:
+        - name: webserver
+          image: ghcr.io/paperless-ngx/paperless-ngx:2.20.13@sha256:4b05bcd28e6923768000b5d247cbf2c66fd49bdc3f3b05955bd4f6790a638b01
+          ports:
+            - containerPort: 8000
+          env:
+            - name: PAPERLESS_REDIS
+              value: redis://broker.paperless.svc.cluster.local:6379
+            - name: PAPERLESS_URL
+              value: https://paperless.t00n.de
+            - name: PAPERLESS_SECRET_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: paperless-secret
+                  key: PAPERLESS_SECRET_KEY
+            - name: PAPERLESS_TIME_ZONE
+              value: Europe/Amsterdam
+            - name: PAPERLESS_OCR_LANGUAGE
+              value: deu
+          volumeMounts:
+            - name: data
+              mountPath: /usr/src/paperless/data
+            - name: media
+              mountPath: /usr/src/paperless/media
+          resources:
+            limits:
+              cpu: 1000m
+              memory: 4096Mi
+      volumes:
+        - name: data
+          hostPath:
+            path: /mnt/longhorn1/svc/paperless/main/paperless/data
+            type: Directory
+        - name: media
+          hostPath:
+            path: /mnt/longhorn1/svc/paperless/main/paperless/media
+            type: Directory

k8s/22_service_paperless.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: webserver
+  namespace: paperless
+spec:
+  selector:
+    app: webserver
+  ports:
+    - port: 8000
+      targetPort: 8000

k8s/23_ingress_paperless.yaml

@@ -0,0 +1,18 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  namespace: paperless
+  name: ingressroute
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: Host(`paperless.t00n.de`)
+      middlewares:
+        - name: localipfilter
+          namespace: kube-system
+      services:
+        - kind: Service
+          name: webserver
+          port: 8000

k8s/31_deployment_broker.yaml

@@ -0,0 +1,34 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: broker
+  namespace: paperless
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: broker
+  template:
+    metadata:
+      labels:
+        app: broker
+    spec:
+      nodeSelector:
+        kubernetes.io/hostname: k3sh0
+      containers:
+        - name: redis
+          image: docker.io/library/redis:7
+          volumeMounts:
+            - name: data
+              mountPath: /data
+          ports:
+            - containerPort: 6379
+          resources:
+            limits:
+              cpu: 250m
+              memory: 512Mi
+      volumes:
+        - name: data
+          hostPath:
+            path: /mnt/longhorn1/svc/paperless/main/broker/data
+            type: Directory

k8s/32_service_broker.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: broker
+  namespace: paperless
+spec:
+  selector:
+    app: broker
+  ports:
+    - protocol: TCP
+      port: 6379
+      targetPort: 6379