--- apiVersion: apps/v1 kind: Deployment metadata: name: {{ .Release.Name }}-etherpad spec: selector: matchLabels: app: {{ .Release.Name }}-etherpad replicas: 1 template: metadata: labels: app: {{ .Release.Name }}-etherpad use-as-service: {{ .Release.Name }} spec: initContainers: - name: wait-for-cert image: busybox command: - sh - -c - until ls /etc/letsencrypt/live/{{ tpl .Values.fqdn . }}/fullchain.pem; do sleep 5; done containers: - name: etherpad image: etherpad/etherpad:1.8.13 ports: - containerPort: 9001 volumeMounts: - name: etherpadconfig mountPath: "/opt/etherpad-lite/settings.json" subPath: settings.json - name: etcletsencrypt mountPath: "/etc/letsencrypt" - name: data mountPath: "/data" volumes: - name: etcletsencrypt persistentVolumeClaim: claimName: {{ .Release.Name }}-letsencrypt-certs - name: data persistentVolumeClaim: claimName: {{ .Release.Name }}-data - name: etherpadconfig configMap: name: {{ .Release.Name }}-etherpadconfig --- apiVersion: v1 kind: Service metadata: name: {{ tpl .Values.identifier . }} labels: app: {{ tpl .Values.identifier . }} spec: type: ClusterIP ports: - port: 80 name: http - port: 443 targetPort: 9001 name: https selector: use-as-service: {{ .Release.Name }} --- apiVersion: v1 kind: ConfigMap metadata: name: {{ tpl .Values.identifier . }}-etherpadconfig data: {{ tpl (.Files.Glob "etherpad/*").AsConfig . | indent 2 }} --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: {{ tpl .Values.identifier . }}-letsencrypt-certs spec: accessModes: - ReadWriteMany resources: requests: storage: 50Mi storageClassName: rook-cephfs --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: {{ tpl .Values.identifier . }}-data spec: accessModes: - ReadWriteMany resources: requests: storage: 100Mi storageClassName: rook-cephfs --- apiVersion: batch/v1 kind: Job metadata: name: {{ tpl .Values.identifier . }}-getcert spec: template: metadata: labels: app: certbot-letsencrypt-getcert use-as-service: {{ .Release.Name }} spec: restartPolicy: Never containers: - name: certbot image: ungleich/ungleich-certbot ports: - containerPort: 80 env: - name: DOMAIN value: "{{ tpl .Values.fqdn . }}" - name: EMAIL value: "{{ .Values.email }}" {{ if eq .Values.letsencryptStaging "no" }} - name: STAGING value: "no" {{ end }} volumeMounts: - name: etcletsencrypt mountPath: "/etc/letsencrypt" volumes: - name: etcletsencrypt persistentVolumeClaim: claimName: {{ tpl .Values.identifier . }}-letsencrypt-certs backoffLimit: 3