283 lines
6.9 KiB
YAML
283 lines
6.9 KiB
YAML
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: koha
|
|
namespace: koha
|
|
labels:
|
|
app: koha
|
|
component: plack
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: koha
|
|
component: plack
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: koha
|
|
component: plack
|
|
spec:
|
|
containers:
|
|
- name: koha
|
|
image: {{ .Values.docker.registry }}:{{ .Values.docker.tag }}
|
|
securityContext:
|
|
runAsUser: 0 # Set root user
|
|
allowPrivilegeEscalation: true
|
|
privileged: true
|
|
seccompProfile:
|
|
type: Unconfined
|
|
capabilities:
|
|
add:
|
|
- SETUID
|
|
- SETGID
|
|
- SYS_ADMIN
|
|
env:
|
|
- name: USE_PLACK
|
|
value: "1"
|
|
- name: USE_BACKEND
|
|
value: "1"
|
|
envFrom:
|
|
- configMapRef:
|
|
name: koha-map
|
|
optional: false
|
|
volumeMounts:
|
|
- name: koha-pv
|
|
mountPath: /var/lib/koha
|
|
subPath: koha
|
|
- name: koha-pv
|
|
mountPath: /etc/koha/sites
|
|
subPath: sites
|
|
- name: koha-pv
|
|
mountPath: /tmp/libshare
|
|
subPath: lib
|
|
volumes:
|
|
- name: koha-pv
|
|
persistentVolumeClaim:
|
|
claimName: koha-pvc
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: koha-apache
|
|
namespace: koha
|
|
labels:
|
|
app: koha
|
|
component: apache
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: koha
|
|
component: apache
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: koha
|
|
component: apache
|
|
spec:
|
|
initContainers:
|
|
- name: init-wait
|
|
image: alpine
|
|
command: ["sh", "-c", "for i in $(seq 1 300); do nc -zvw1 koha 5000 && exit 0 || sleep 3; done; exit 1"]
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
runAsNonRoot: true
|
|
runAsUser: 1000 # Set a non-root user
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
containers:
|
|
- name: apache
|
|
image: {{ .Values.docker.registry }}:{{ .Values.docker.tag }}
|
|
securityContext:
|
|
runAsUser: 0 # Set root user
|
|
#fsGroup: 1000 # www-data group
|
|
allowPrivilegeEscalation: true
|
|
privileged: true
|
|
seccompProfile:
|
|
type: Unconfined
|
|
capabilities:
|
|
add:
|
|
- SETUID
|
|
- SETGID
|
|
- SYS_ADMIN
|
|
env:
|
|
- name: USE_APACHE2
|
|
value: "1"
|
|
- name: USE_BACKEND
|
|
value: "0"
|
|
envFrom:
|
|
- configMapRef:
|
|
name: koha-map
|
|
volumeMounts:
|
|
- name: koha-pv
|
|
mountPath: /etc/koha/sites
|
|
subPath: sites
|
|
- name: koha-pv
|
|
mountPath: /tmp/libshare
|
|
subPath: lib
|
|
# ports:
|
|
# - containerPort: {{ .Values.opac.port }}
|
|
# - containerPort: {{ .Values.staff.port }}
|
|
volumes:
|
|
- name: koha-pv
|
|
persistentVolumeClaim:
|
|
claimName: koha-pvc
|
|
{{ if not .Values.db.external }}
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: koha-mysql
|
|
namespace: koha
|
|
labels:
|
|
app: koha
|
|
component: db
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: koha
|
|
component: db
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: koha
|
|
component: db
|
|
spec:
|
|
securityContext:
|
|
runAsUser: 999
|
|
fsGroup: 999
|
|
containers:
|
|
- name: db
|
|
image: mariadb:10.3
|
|
securityContext:
|
|
runAsUser: 999 # Set root user
|
|
allowPrivilegeEscalation: true
|
|
privileged: true
|
|
seccompProfile:
|
|
type: Unconfined
|
|
capabilities:
|
|
add:
|
|
- SETUID
|
|
- SETGID
|
|
- SYS_ADMIN
|
|
envFrom:
|
|
- configMapRef:
|
|
name: koha-map
|
|
ports:
|
|
- containerPort: 3306
|
|
volumeMounts:
|
|
- name: koha-mysql-pv
|
|
mountPath: /var/lib/mysql
|
|
volumes:
|
|
- name: koha-mysql-pv
|
|
persistentVolumeClaim:
|
|
claimName: koha-mysql-pvc
|
|
{{ end }}
|
|
{{ if and .Values.elasticsearch.enabled (not .Values.elasticsearch.external) }}
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: koha-es
|
|
namespace: koha
|
|
labels:
|
|
app: koha
|
|
component: es
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: koha
|
|
component: es
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: koha
|
|
component: es
|
|
spec:
|
|
containers:
|
|
- name: es
|
|
image: koha/elasticsearch-icu
|
|
securityContext:
|
|
runAsUser: 0 # Set root user
|
|
allowPrivilegeEscalation: true
|
|
privileged: true
|
|
seccompProfile:
|
|
type: Unconfined
|
|
capabilities:
|
|
add:
|
|
- SETUID
|
|
- SETGID
|
|
- SYS_ADMIN
|
|
env:
|
|
- name: cluster.name
|
|
value: "docker-cluster"
|
|
- name: bootstrap.memory_lock
|
|
value: "true"
|
|
- name: xpack.security.enabled
|
|
value: "false"
|
|
- name: ES_JAVA_OPTS
|
|
value: "-Xms1g -Xmx1g"
|
|
- name: SET_ULIMIT
|
|
value: "1"
|
|
initContainers:
|
|
- name: set-max-map-count
|
|
image: alpine
|
|
securityContext:
|
|
runAsUser: 0 # Set root user
|
|
allowPrivilegeEscalation: true
|
|
privileged: true
|
|
seccompProfile:
|
|
type: Unconfined
|
|
capabilities:
|
|
add:
|
|
- SETUID
|
|
- SETGID
|
|
- SYS_ADMIN
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
command: ["sh", "-c", "sysctl -w vm.max_map_count=262144 && sysctl -w fs.file-max=65536"]
|
|
{{ end }}
|
|
{{ if and .Values.memcached.enabled (not .Values.memcached.external) }}
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: koha-memcached
|
|
namespace: koha
|
|
labels:
|
|
app: koha
|
|
component: memcached
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: koha
|
|
component: memcached
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: koha
|
|
component: memcached
|
|
spec:
|
|
containers:
|
|
- name: memcached
|
|
image: memcached
|
|
securityContext:
|
|
runAsUser: 497 # Set root user
|
|
allowPrivilegeEscalation: true
|
|
privileged: true
|
|
seccompProfile:
|
|
type: Unconfined
|
|
capabilities:
|
|
add:
|
|
- SETUID
|
|
- SETGID
|
|
- SYS_ADMIN
|
|
command: [ "memcached", "-m", "64m" ]
|
|
{{ end }} |