--- apiVersion: apps/v1 kind: Deployment metadata: name: {{ .Release.Name }}-postgres spec: selector: matchLabels: app: {{ .Release.Name }}-postgres replicas: 1 template: metadata: labels: app: {{ .Release.Name }}-postgres spec: containers: - name: postgres image: postgres:14 ports: - containerPort: 5432 envFrom: - secretRef: name: {{ tpl .Values.identifier . }}-postgres-config volumeMounts: - name: postgres-data mountPath: "/var/lib/postgresql/data" subPath: postgres resources: requests: memory: "64Mi" cpu: "100m" limits: memory: "256Mi" cpu: "400m" volumes: - name: postgres-data persistentVolumeClaim: claimName: {{ tpl .Values.identifier . }}-postgres-data --- apiVersion: apps/v1 kind: Deployment metadata: name: {{ .Release.Name }}-elasticsearch spec: selector: matchLabels: app: {{ .Release.Name }}-elasticsearch replicas: 1 template: metadata: labels: app: {{ .Release.Name }}-elasticsearch spec: containers: - name: elasticsearch image: zammad/zammad-docker-compose:zammad-elasticsearch-{{ .Chart.AppVersion }} env: - name: discovery.type value: "single-node" securityContext: capabilities: add: ["SYS_CHROOT"] # Required, because elasticsearch is using chroot() ports: - containerPort: 9200 resources: requests: memory: "1.2Gi" cpu: "400m" limits: memory: "3Gi" cpu: "2000m" --- apiVersion: v1 kind: Service metadata: name: {{ .Release.Name }}-elasticsearch labels: app: {{ .Release.Name }}-elasticsearch spec: type: ClusterIP ports: - port: 9200 name: elasticsearch selector: app: {{ .Release.Name }}-elasticsearch --- apiVersion: v1 kind: Service metadata: name: {{ .Release.Name }}-postgres labels: app: {{ .Release.Name }}-postgres spec: type: ClusterIP ports: - port: 5432 name: postgres selector: app: {{ .Release.Name }}-postgres --- apiVersion: apps/v1 kind: Deployment metadata: name: {{ .Release.Name }}-zammad spec: selector: matchLabels: app: {{ .Release.Name }}-zammad replicas: 1 template: metadata: labels: app: {{ .Release.Name }}-zammad annotations: checksum/config: {{ include (print $.Template.BasePath "/nginxconf.yaml") . | sha256sum }} spec: initContainers: # - name: wait-for-cert # image: busybox # command: # - sh # - -c # - until ls /etc/letsencrypt/live/{{ tpl .Values.fqdn . }}/fullchain.pem; do sleep 5; done # volumeMounts: # - name: etcletsencrypt # mountPath: "/etc/letsencrypt" - name: change-permissions image: busybox command: - sh - -c - chown 1000:0000 /opt/zammad volumeMounts: - name: zammad-data mountPath: "/opt/zammad" - name: zammad-init image: zammad/zammad-docker-compose:zammad-{{ .Chart.AppVersion }} command: - /docker-entrypoint.sh - zammad-init env: - name: POSTGRESQL_HOST value: {{ .Release.Name }}-postgres - name: POSTGRESQL_USER valueFrom: secretKeyRef: name: {{ tpl .Values.identifier . }}-postgres-config key: POSTGRES_USER - name: POSTGRESQL_PASS valueFrom: secretKeyRef: name: {{ tpl .Values.identifier . }}-postgres-config key: POSTGRES_PASSWORD - name: POSTGRESQL_DB valueFrom: secretKeyRef: name: {{ tpl .Values.identifier . }}-postgres-config key: POSTGRES_DB - name: ELASTICSEARCH_HOST value: "{{ .Release.Name }}-elasticsearch" volumeMounts: - name: zammad-data mountPath: "/opt/zammad" containers: - name: nginx image: ungleich/ungleich-certbot:0.2.0 ports: - containerPort: 443 name: https - containerPort: 80 name: http env: - name: DOMAIN value: "{{ tpl .Values.fqdn . }}" - name: EMAIL value: "{{ .Values.email }}" - name: NGINX value: "yes" {{ if eq .Values.letsencryptStaging "no" }} - name: STAGING value: "no" {{ end }} volumeMounts: - name: nginx-config mountPath: "/etc/nginx/conf.d/" - name: etcletsencrypt mountPath: "/etc/letsencrypt" - name: zammad-data mountPath: "/opt/zammad" # # Is it ready to work? # readinessProbe: # tcpSocket: # port: 443 # initialDelaySeconds: 5 # periodSeconds: 10 # # Is it still working? # livenessProbe: # tcpSocket: # port: 443 # initialDelaySeconds: 15 # periodSeconds: 20 - name: memcached image: memcached:1.6.12-alpine resources: requests: memory: "64Mi" cpu: "100m" limits: memory: "128Mi" cpu: "500m" ports: - containerPort: 11211 - name: redis image: redis:6.2.6-alpine # resources: # requests: # memory: "64Mi" # cpu: "100m" # limits: # memory: "128Mi" # cpu: "500m" ports: - containerPort: 6379 - name: zammad-railsserver image: zammad/zammad-docker-compose:zammad-{{ .Chart.AppVersion }} command: - /docker-entrypoint.sh - zammad-railsserver resources: requests: memory: "256Mi" cpu: "100m" limits: memory: "512Mi" cpu: "500m" # Wait for 10 minutes to get ready # startupProbe: # httpGet: # path: /ocs/v2.php/apps/serverinfo/api/v1/info # port: fpm # failureThreshold: 20 # periodSeconds: 30 # Dead if failing for 1 minute # livenessProbe: # httpGet: # path: /ocs/v2.php/apps/serverinfo/api/v1/info # port: fpm # failureThreshold: 6 # periodSeconds: 10 # readinessProbe: # httpGet: # path: /ocs/v2.php/apps/serverinfo/api/v1/info # port: fpm # failureThreshold: 3 # periodSeconds: 30 ports: - containerPort: 3000 name: rails env: - name: POSTGRESQL_HOST value: {{ .Release.Name }}-postgres - name: POSTGRESQL_USER valueFrom: secretKeyRef: name: {{ tpl .Values.identifier . }}-postgres-config key: POSTGRES_USER - name: POSTGRESQL_PASS valueFrom: secretKeyRef: name: {{ tpl .Values.identifier . }}-postgres-config key: POSTGRES_PASSWORD - name: POSTGRESQL_DB valueFrom: secretKeyRef: name: {{ tpl .Values.identifier . }}-postgres-config key: POSTGRES_DB - name: REDIS_URL value: "redis://localhost:6379" - name: MEMCACHE_SERVERS value: "localhost:11211" - name: ELASTICSEARCH_HOST value: "{{ .Release.Name }}-elasticsearch" # - name: ZAMMAD_TRUSTED_DOMAINS # value: "{{ tpl .Values.fqdn . }}" # - name: ZAMMAD_ADMIN_USER # valueFrom: # secretKeyRef: # name: {{ tpl .Values.identifier . }}-zammad # key: USERNAME # - name: ZAMMAD_ADMIN_PASSWORD # valueFrom: # secretKeyRef: # name: {{ tpl .Values.identifier . }}-zammad # key: PASSWORD volumeMounts: - name: zammad-data mountPath: "/opt/zammad" - name: zammad-scheduler image: zammad/zammad-docker-compose:zammad-{{ .Chart.AppVersion }} command: - /docker-entrypoint.sh - zammad-scheduler env: - name: POSTGRESQL_HOST value: {{ .Release.Name }}-postgres - name: POSTGRESQL_USER valueFrom: secretKeyRef: name: {{ tpl .Values.identifier . }}-postgres-config key: POSTGRES_USER - name: POSTGRESQL_PASS valueFrom: secretKeyRef: name: {{ tpl .Values.identifier . }}-postgres-config key: POSTGRES_PASSWORD - name: POSTGRESQL_DB valueFrom: secretKeyRef: name: {{ tpl .Values.identifier . }}-postgres-config key: POSTGRES_DB - name: REDIS_URL value: "redis://localhost:6379" - name: MEMCACHE_SERVERS value: "localhost:11211" - name: ELASTICSEARCH_HOST value: "{{ .Release.Name }}-elasticsearch" volumeMounts: - name: zammad-data mountPath: "/opt/zammad" resources: requests: memory: "256Mi" cpu: "100m" limits: memory: "512Mi" cpu: "500m" - name: zammad-websocket image: zammad/zammad-docker-compose:zammad-{{ .Chart.AppVersion }} command: - sh - -c - "cd /opt/zammad && bundle exec script/websocket-server.rb -b :: -p 6042 start" env: - name: POSTGRESQL_HOST value: {{ .Release.Name }}-postgres - name: POSTGRESQL_USER valueFrom: secretKeyRef: name: {{ tpl .Values.identifier . }}-postgres-config key: POSTGRES_USER - name: POSTGRESQL_PASS valueFrom: secretKeyRef: name: {{ tpl .Values.identifier . }}-postgres-config key: POSTGRES_PASSWORD - name: POSTGRESQL_DB valueFrom: secretKeyRef: name: {{ tpl .Values.identifier . }}-postgres-config key: POSTGRES_DB - name: REDIS_URL value: "redis://localhost:6379" - name: MEMCACHE_SERVERS value: "localhost:11211" - name: ELASTICSEARCH_HOST value: "{{ .Release.Name }}-elasticsearch" # - name: ZAMMAD_TRUSTED_DOMAINS # value: "{{ tpl .Values.fqdn . }}" # - name: ZAMMAD_ADMIN_USER # valueFrom: # secretKeyRef: # name: {{ tpl .Values.identifier . }}-zammad # key: USERNAME # - name: ZAMMAD_ADMIN_PASSWORD # valueFrom: # secretKeyRef: # name: {{ tpl .Values.identifier . }}-zammad # key: PASSWORD volumeMounts: - name: zammad-data mountPath: "/opt/zammad" ports: - containerPort: 6042 name: websocket resources: requests: memory: "256Mi" cpu: "100m" limits: memory: "512Mi" cpu: "500m" volumes: - name: etcletsencrypt persistentVolumeClaim: claimName: {{ tpl .Values.identifier . }}-letsencrypt-certs - name: zammad-data persistentVolumeClaim: claimName: {{ tpl .Values.identifier . }}-data - name: postgres-data persistentVolumeClaim: claimName: {{ tpl .Values.identifier . }}-postgres-data - name: nginx-config configMap: name: {{ tpl .Values.identifier . }}-nginx-config --- apiVersion: v1 kind: Service metadata: name: {{ tpl .Values.identifier . }} labels: app: {{ tpl .Values.identifier . }} spec: type: ClusterIP ports: # Required for letsencrypt - port: 80 name: http - port: 443 name: https selector: app: {{ .Release.Name }}-zammad --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: {{ tpl .Values.identifier . }}-letsencrypt-certs spec: accessModes: - ReadWriteMany resources: requests: storage: 50Mi storageClassName: rook-cephfs --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: {{ tpl .Values.identifier . }}-data spec: accessModes: - ReadWriteOnce resources: requests: storage: {{ .Values.datasizeingb }}Gi storageClassName: rook-ceph-block --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: {{ tpl .Values.identifier . }}-postgres-data spec: accessModes: - ReadWriteOnce resources: requests: storage: {{ .Values.dbsizeingb }}Gi storageClassName: rook-ceph-block --- apiVersion: v1 kind: Secret metadata: name: {{ tpl .Values.identifier . }}-postgres-config annotations: secret-generator.v1.mittwald.de/autogenerate: POSTGRES_PASSWORD stringData: POSTGRES_USER: "postgres" POSTGRES_DB: "zammad" --- apiVersion: v1 kind: Secret metadata: name: {{ tpl .Values.identifier . }}-zammad annotations: secret-generator.v1.mittwald.de/autogenerate: PASSWORD stringData: USERNAME: "zammad"