t.behrendt/k_paperless
1
0
Fork 0
Code Issues 1 Pull Requests 2 Actions Activity

bootstrap (#1)
All checks were successful
Deploy / deploy (push) Successful in 11s
Details

Browse Source 
Reviewed-on: #1
Co-authored-by: Timo Behrendt <t.behrendt@t00n.de>
Co-committed-by: Timo Behrendt <t.behrendt@t00n.de>
This commit was merged in pull request #1.
This commit is contained in:
Timo Behrendt
2026-04-06 15:28:24 +02:00
committed by t.behrendt
parent a9935624e7
commit e822a0d53f
12 changed files with 229 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
.gitea/workflows/deploy.yaml
View File

@@ -4,31 +4,12 @@ on:
push: push:
branches: branches:
- main - main
paths:
- "k8s/**"
jobs: jobs:
check-changes:
runs-on: ubuntu-latest
outputs:
changes: ${{ steps.filter.outputs.k8s }}
helm: ${{ steps.filter.outputs.helm }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0
- uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1
id: filter
with:
filters: |
k8s:
- 'k8s/**'
helm:
- 'values/**'
- 'helmfile.yaml'
deploy: deploy:
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: check-changes
if: ${{ needs.check-changes.outputs.changes == 'true' || needs.check-changes.outputs.helm == 'true' }}
steps: steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: https://gitea.t000-n.de/t.behrendt/k_deploy_workflows/.gitea/actions/extract-namespace-from-repo-name@c373c34c836716e663e2d6379e686997bfd7746c # 0.0.6 - uses: https://gitea.t000-n.de/t.behrendt/k_deploy_workflows/.gitea/actions/extract-namespace-from-repo-name@c373c34c836716e663e2d6379e686997bfd7746c # 0.0.6
@@ -36,9 +17,6 @@ jobs:
with: with:
repo: ${{ github.repository }} repo: ${{ github.repository }}
- uses: azure/setup-kubectl@15650b3ad78fff148532a140b8a4c821796b2d7b # v5.0.0 - uses: azure/setup-kubectl@15650b3ad78fff148532a140b8a4c821796b2d7b # v5.0.0
- uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5
with:
version: "3.15.0"
- uses: azure/k8s-set-context@ae59a723ba9abe7a9655538854a025448dbab4aa # v4.0.2 - uses: azure/k8s-set-context@ae59a723ba9abe7a9655538854a025448dbab4aa # v4.0.2
with: with:
method: kubeconfig method: kubeconfig
@@ -56,6 +34,16 @@ jobs:
"restic_rest_password": "${{ secrets.RESTIC_REST_PASSWORD }}", "restic_rest_password": "${{ secrets.RESTIC_REST_PASSWORD }}",
"gotify_token": "${{ secrets.GOTIFY_TOKEN }}" "gotify_token": "${{ secrets.GOTIFY_TOKEN }}"
} }
- name: Create paperless secret
uses: azure/k8s-create-secret@6e0ba8047235646753f2a3a3b359b4d0006ff218 # v5.0.1
with:
namespace: ${{ steps.namespace.outputs.namespace }}
secret-name: paperless-secret
secret-type: generic
data: |
{
"PAPERLESS_SECRET_KEY": "${{ secrets.PAPERLESS_SECRET_KEY }}"
}
- name: Deploy - name: Deploy
uses: azure/k8s-deploy@c8cfec839dc09896b3b8cc40cd13d04792680771 # v5.1.0 uses: azure/k8s-deploy@c8cfec839dc09896b3b8cc40cd13d04792680771 # v5.1.0
with: with:
@@ -63,7 +51,3 @@ jobs:
manifests: "k8s/" manifests: "k8s/"
strategy: basic strategy: basic
namespace: ${{ steps.namespace.outputs.namespace }} namespace: ${{ steps.namespace.outputs.namespace }}
- name: Deploy helm
uses: helmfile/helmfile-action@d9fefe29b0d07e9ab187ecfe1d63eff91e0a070c # v2.4.1
with:
helmfile-args: apply

20
.gitea/workflows/run-backup.yaml Normal file
View File

@@ -0,0 +1,20 @@
name: Run Backup
on:
workflow_dispatch:
jobs:
run-renovate:
runs-on: ubuntu-latest
steps:
- uses: https://gitea.t000-n.de/t.behrendt/k_deploy_workflows/.gitea/actions/extract-namespace-from-repo-name@c41eeb249e8a47e009c5f070d71f167dd1d39760 # 0.0.7
id: namespace
with:
repo: ${{ github.repository }}
- uses: azure/setup-kubectl@15650b3ad78fff148532a140b8a4c821796b2d7b # v5.0.0
- uses: azure/k8s-set-context@ae59a723ba9abe7a9655538854a025448dbab4aa # v4.0.2
with:
method: kubeconfig
kubeconfig: ${{ secrets.KUBECONFIG }}
- run: |
kubectl -n ${{ steps.namespace.outputs.namespace }} create job --from=cronjob/backup backup-${{ github.run_id }}

7
.gitea/workflows/validate.yaml
View File

@@ -15,9 +15,6 @@ jobs:
with: with:
repo: ${{ github.repository }} repo: ${{ github.repository }}
- uses: azure/setup-kubectl@15650b3ad78fff148532a140b8a4c821796b2d7b # v5.0.0 - uses: azure/setup-kubectl@15650b3ad78fff148532a140b8a4c821796b2d7b # v5.0.0
- uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5
with:
version: "3.15.0"
- uses: azure/k8s-set-context@ae59a723ba9abe7a9655538854a025448dbab4aa # v4.0.2 - uses: azure/k8s-set-context@ae59a723ba9abe7a9655538854a025448dbab4aa # v4.0.2
with: with:
method: kubeconfig method: kubeconfig
@@ -28,7 +25,3 @@ jobs:
namespace: ${{ steps.namespace.outputs.namespace }} namespace: ${{ steps.namespace.outputs.namespace }}
lintType: dryrun lintType: dryrun
manifests: "k8s/" manifests: "k8s/"
- name: Validate Helm
uses: helmfile/helmfile-action@d9fefe29b0d07e9ab187ecfe1d63eff91e0a070c # v2.4.1
with:
helmfile-args: diff

16
README.md
View File

@@ -1,17 +1,9 @@
Template DoDos: # Kubernetes Deployment for Paperless
- Add KUBECONFIG secret to your repo Document management system.
- Place your k8s files in ./k8s/
- Replace \<service\> with the name of the service
- Replace \<url\> with the URL of the service
- Replace \<auth\> with the authentication method used
- Replace \<namespace\> with the namespace where the service is deployed in .github/workflows/deploy.yaml
- Provide a screenshot of the service in action in ./screenshot.png
# Kubernetes Deployment for \<service\> Deployed to: [paperless.t00n.de](https://paperless.t00n.de)
Deployed to: \<url\> Authentication: built-in
Authentication: \<auth\>
![Screenshot](screenshot.png) ![Screenshot](screenshot.png)

2
k8s/10_namespace.yaml
View File

@@ -1,4 +1,4 @@
apiVersion: v1 apiVersion: v1
kind: Namespace kind: Namespace
metadata: metadata:
name: <namespace> name: paperless

63
k8s/11_backup.yaml Normal file
View File

@@ -0,0 +1,63 @@
apiVersion: batch/v1
kind: CronJob
metadata:
name: backup
spec:
schedule: "0 20 */14 * *"
concurrencyPolicy: Forbid
successfulJobsHistoryLimit: 5
failedJobsHistoryLimit: 3
jobTemplate:
metadata:
labels:
t00n.de/restic-backup: "true"
spec:
backoffLimit: 3
activeDeadlineSeconds: 300
template:
spec:
nodeSelector:
kubernetes.io/hostname: k3sh0
restartPolicy: OnFailure
containers:
- name: backup-paperless
image: gitea.t000-n.de/t.behrendt/backupsidecar:6ff6e8759e827b9aa8ec7ecec4356cc04e4ca75a@sha256:f0841b9d74c6c9db8445d130b79c631a5526a2890ce34371859b3bb65f0ee5be
env:
- name: BACKUP_MODE
value: "directory"
- name: RESTIC_REPOSITORY
value: "rest:http://restserver.restic.svc.cluster.local:8000/paperless"
- name: RESTIC_PASSWORD
valueFrom:
secretKeyRef:
name: backup-secret
key: restic_password
- name: RESTIC_REST_USERNAME
valueFrom:
secretKeyRef:
name: backup-secret
key: restic_rest_username
- name: RESTIC_REST_PASSWORD
valueFrom:
secretKeyRef:
name: backup-secret
key: restic_rest_password
- name: GOTIFYHOST
value: "https://gotify.t000-n.de"
- name: GOTIFYTOKEN
valueFrom:
secretKeyRef:
name: backup-secret
key: gotify_token
- name: GOTIFYTOPIC
value: "Paperless Backup"
- name: SOURCEDIR
value: "/data"
volumeMounts:
- name: source-data
mountPath: /data
volumes:
- name: source-data
hostPath:
path: /mnt/longhorn1/svc/paperless/main
type: Directory

54
k8s/21_deployment_paperless.yaml Normal file
View File

@@ -0,0 +1,54 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: webserver
namespace: paperless
spec:
replicas: 1
selector:
matchLabels:
app: webserver
template:
metadata:
labels:
app: webserver
spec:
nodeSelector:
kubernetes.io/hostname: k3sh0
containers:
- name: webserver
image: ghcr.io/paperless-ngx/paperless-ngx:2.20.13@sha256:4b05bcd28e6923768000b5d247cbf2c66fd49bdc3f3b05955bd4f6790a638b01
ports:
- containerPort: 8000
env:
- name: PAPERLESS_REDIS
value: redis://broker.paperless.svc.cluster.local:6379
- name: PAPERLESS_URL
value: https://paperless.t00n.de
- name: PAPERLESS_SECRET_KEY
valueFrom:
secretKeyRef:
name: paperless-secret
key: PAPERLESS_SECRET_KEY
- name: PAPERLESS_TIME_ZONE
value: Europe/Amsterdam
- name: PAPERLESS_OCR_LANGUAGE
value: deu
volumeMounts:
- name: data
mountPath: /usr/src/paperless/data
- name: media
mountPath: /usr/src/paperless/media
resources:
limits:
cpu: 1000m
memory: 4096Mi
volumes:
- name: data
hostPath:
path: /mnt/longhorn1/svc/paperless/main/paperless/data
type: Directory
- name: media
hostPath:
path: /mnt/longhorn1/svc/paperless/main/paperless/media
type: Directory

11
k8s/22_service_paperless.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: v1
kind: Service
metadata:
name: webserver
namespace: paperless
spec:
selector:
app: webserver
ports:
- port: 8000
targetPort: 8000

18
k8s/23_ingress_paperless.yaml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
namespace: paperless
name: ingressroute
spec:
entryPoints:
- websecure
routes:
- kind: Rule
match: Host(`paperless.t00n.de`)
middlewares:
- name: localipfilter
namespace: kube-system
services:
- kind: Service
name: webserver
port: 8000

34
k8s/31_deployment_broker.yaml Normal file
View File

@@ -0,0 +1,34 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: broker
namespace: paperless
spec:
replicas: 1
selector:
matchLabels:
app: broker
template:
metadata:
labels:
app: broker
spec:
nodeSelector:
kubernetes.io/hostname: k3sh0
containers:
- name: redis
image: docker.io/library/redis:7
volumeMounts:
- name: data
mountPath: /data
ports:
- containerPort: 6379
resources:
limits:
cpu: 250m
memory: 512Mi
volumes:
- name: data
hostPath:
path: /mnt/longhorn1/svc/paperless/main/broker/data
type: Directory

12
k8s/32_service_broker.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: v1
kind: Service
metadata:
name: broker
namespace: paperless
spec:
selector:
app: broker
ports:
- protocol: TCP
port: 6379
targetPort: 6379

BIN
screenshot.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 581 KiB