From 7d27d74e54c96a8f76f582d1488391eee1f96789 Mon Sep 17 00:00:00 2001 From: Jonathan Leech-Pepin Date: Fri, 31 Jan 2025 10:33:46 -0500 Subject: [PATCH] Deployed paperless --- kustomize/deployservice/deployment.yaml | 11 ++ kustomize/deployservice/kustomization.yaml | 11 ++ kustomize/deployservice/service.yaml | 11 ++ .../apps/paperless/extra/deploy-sync.yaml | 56 +++++++++ namespaces/apps/paperless/extra/pv-sftp.yaml | 25 ++++ .../apps/paperless/extra/pvc-consume.yaml | 13 ++ namespaces/apps/paperless/extra/pvc-sftp.yaml | 14 +++ namespaces/apps/paperless/kustomization.yaml | 116 ++++++++++++++++++ .../apps/paperless/patches/deployment.yaml | 87 +++++++++++++ namespaces/apps/paperless/patches/pvc.yaml | 8 ++ 10 files changed, 352 insertions(+) create mode 100644 kustomize/deployservice/deployment.yaml create mode 100644 kustomize/deployservice/kustomization.yaml create mode 100644 kustomize/deployservice/service.yaml create mode 100644 namespaces/apps/paperless/extra/deploy-sync.yaml create mode 100644 namespaces/apps/paperless/extra/pv-sftp.yaml create mode 100644 namespaces/apps/paperless/extra/pvc-consume.yaml create mode 100644 namespaces/apps/paperless/extra/pvc-sftp.yaml create mode 100644 namespaces/apps/paperless/kustomization.yaml create mode 100644 namespaces/apps/paperless/patches/deployment.yaml create mode 100644 namespaces/apps/paperless/patches/pvc.yaml diff --git a/kustomize/deployservice/deployment.yaml b/kustomize/deployservice/deployment.yaml new file mode 100644 index 0000000..d275155 --- /dev/null +++ b/kustomize/deployservice/deployment.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: app +spec: + replicas: 1 + strategy: + type: Recreate + template: + spec: diff --git a/kustomize/deployservice/kustomization.yaml b/kustomize/deployservice/kustomization.yaml new file mode 100644 index 0000000..fea759f --- /dev/null +++ b/kustomize/deployservice/kustomization.yaml @@ -0,0 +1,11 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +# Define resources: +resources: + - deployment.yaml + - service.yaml + +labels: + - includeSelectors: true + pairs: + app.kubernetes.io/managed-by: kustomize diff --git a/kustomize/deployservice/service.yaml b/kustomize/deployservice/service.yaml new file mode 100644 index 0000000..2d0c61a --- /dev/null +++ b/kustomize/deployservice/service.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Service +metadata: + name: svc +spec: + type: ClusterIP + ports: + - port: 80 + name: test + targetPort: test + protocol: TCP diff --git a/namespaces/apps/paperless/extra/deploy-sync.yaml b/namespaces/apps/paperless/extra/deploy-sync.yaml new file mode 100644 index 0000000..d676bde --- /dev/null +++ b/namespaces/apps/paperless/extra/deploy-sync.yaml @@ -0,0 +1,56 @@ +# Sync pod that runs on blackstaff +apiVersion: apps/v1 +kind: Deployment +metadata: + name: sync + namespace: apps +spec: + replicas: 1 + selector: + matchLabels: + name: paperless-sync + template: + metadata: + labels: + name: paperless-sync + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/hostname + operator: In + values: + - blackstaff + containers: + - name: sync + image: alpine:latest + command: + - /bin/sh + - -c + - | + apk add --no-cache inotify-tools + WATCH_DIR=/sftp + DEST_DIR=/consume/scanner + while true; do + inotifywait --monitor --quiet -e close_write $WATCH_DIR | + while read -r directory action file; do + new=$(echo $file | sed 's/^\([0-9]\{2\}\)\([0-9]\{2\}\)\([0-9]\{4\}\)_\([0-9]\{2\}\)\([0-9]\{2\}\)\([0-9]\{2\}\)_/\1-\2-\3_\4:\5:\6_/') + cp -v ${directory}${file} ${DEST_DIR}/${new} + rm -v ${directory}${file} + done + done + volumeMounts: + - name: sftp-volume + mountPath: /sftp + - name: consume-volume + mountPath: /consume + subPath: consume + volumes: + - name: sftp-volume + persistentVolumeClaim: + claimName: paperless-sftp + - name: consume-volume + persistentVolumeClaim: + claimName: paperless-consume diff --git a/namespaces/apps/paperless/extra/pv-sftp.yaml b/namespaces/apps/paperless/extra/pv-sftp.yaml new file mode 100644 index 0000000..2f8107c --- /dev/null +++ b/namespaces/apps/paperless/extra/pv-sftp.yaml @@ -0,0 +1,25 @@ +--- +# PV for the SFTP directory - must be on blackstaff +apiVersion: v1 +kind: PersistentVolume +metadata: + name: sftp +spec: + claimRef: + namespace: apps + name: paperless-sftp + storageClassName: local-path + capacity: + storage: 5Gi + accessModes: + - ReadWriteMany + hostPath: + path: /srv/brotherscan/incoming + nodeAffinity: + required: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/hostname + operator: In + values: + - blackstaff diff --git a/namespaces/apps/paperless/extra/pvc-consume.yaml b/namespaces/apps/paperless/extra/pvc-consume.yaml new file mode 100644 index 0000000..a265f85 --- /dev/null +++ b/namespaces/apps/paperless/extra/pvc-consume.yaml @@ -0,0 +1,13 @@ +# PVC for the Longhorn consume directory +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: consume + namespace: apps +spec: + storageClassName: longhorn-private + accessModes: + - ReadWriteMany + resources: + requests: + storage: 5Gi diff --git a/namespaces/apps/paperless/extra/pvc-sftp.yaml b/namespaces/apps/paperless/extra/pvc-sftp.yaml new file mode 100644 index 0000000..9bd9cb2 --- /dev/null +++ b/namespaces/apps/paperless/extra/pvc-sftp.yaml @@ -0,0 +1,14 @@ +# PVC for the SFTP directory +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: sftp + namespace: apps +spec: + volumeName: paperless-sftp + storageClassName: local-path + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi diff --git a/namespaces/apps/paperless/kustomization.yaml b/namespaces/apps/paperless/kustomization.yaml new file mode 100644 index 0000000..d1e806a --- /dev/null +++ b/namespaces/apps/paperless/kustomization.yaml @@ -0,0 +1,116 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +transformers: + - |- + apiVersion: builtin + kind: NamespaceTransformer + metadata: + name: notImportantHere + namespace: apps + unsetOnly: true + +namePrefix: paperless- +resources: + - ../../../kustomize/public-oidc/ + - extra/deploy-sync.yaml + - extra/pvc-consume.yaml + - extra/pvc-sftp.yaml + - extra/pv-sftp.yaml + +replacements: + - source: + kind: Service + name: svc + targets: + - select: + kind: HTTPRoute + options: + create: true + fieldPaths: + - spec.rules.0.backendRefs.0.name + - source: + kind: Deployment + name: app + fieldPath: metadata.labels.[app.kubernetes.io/appName] + targets: + - select: + kind: HTTPRoute + options: + create: true + delimiter: "." + index: 0 + fieldPaths: + - spec.hostnames.0 + - select: + kind: InfisicalSecret + options: + delimiter: "-" + index: 0 + fieldPaths: + - spec.managedSecretReference.secretName + - select: + kind: InfisicalSecret + options: + delimiter: "/" + index: 2 + fieldPaths: + - spec.authentication.universalAuth.secretsScope.secretsPath + - select: + kind: Service + fieldPaths: + - spec.ports.0.name + - spec.ports.0.targetPort + - source: + kind: Deployment + name: app + fieldPath: metadata.labels.[app.kubernetes.io/appNamespace] + targets: + - select: + kind: InfisicalSecret + fieldPaths: + - spec.managedSecretReference.secretNamespace + +patches: + - path: patches/deployment.yaml + target: + kind: Deployment + name: app + - path: patches/pvc.yaml + target: + kind: PersistentVolumeClaim + name: pvc + +labels: + - includeSelectors: true + pairs: + app.kubernetes.io/appName: paperless + - pairs: + app.kubernetes.io/appNamespace: apps + +configMapGenerator: + - name: config + literals: + - PAPERLESS_REDIS=redis://redis.core.svc.cluster.local + - PAPERLESS_DBHOST=postgres.core.svc.cluster.local + - PAPERLESS_DBUSER=paperless + - PAPERLESS_DBNAME=paperlessdb + - PAPERLESS_TIKA_ENABLED="1" + - PAPERLESS_TIKA_ENDPOINT="http://tika-svc.apps:9998" + - PAPERLESS_TIKA_GOTENBURG_ENDPOINT="http://gotenburg-svc.apps:3000" + - PAPERLESS_USE_X_FORWARD_HOST="1" + - PAPERLESS_TIME_ZONE="America/New_York" + - PAPERLESS_URL="https://paperless.leechpepin.com" + - PAPERLESS_CONSUMER_RECURSIVE="1" + - PAPERLESS_FILENAME_DATE_ORDER=MDY + - PAPERLESS_FILENAME_FORMAT="{{created_year}}/{{created_month}}/{{created_day}}/{{title}}" + - PAPERLESS_PORT="8000" + - PAPERLESS_BIND_ADDR="[::]" + - PAPERLESS_CONSUMER_POLLING="30" + # Setup SMTP + - PAPERLESS_EMAIL_HOST=blizzard.mxrouting.net + - PAPERLESS_EMAIL_PORT="465" + - PAPERLESS_EMAIL_HOST_USER=homelab@leechpepin.com + - PAPERLESS_EMAIL_USE_SSL="true" + # OIDC + - PAPERLESS_APPS=allauth.socialaccount.providers.openid_connect diff --git a/namespaces/apps/paperless/patches/deployment.yaml b/namespaces/apps/paperless/patches/deployment.yaml new file mode 100644 index 0000000..849d478 --- /dev/null +++ b/namespaces/apps/paperless/patches/deployment.yaml @@ -0,0 +1,87 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: app +spec: + template: + spec: + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + preference: + matchExpressions: + - key: kubernetes.io/hostname + operator: In + values: + - arthur + containers: + - name: paperless + image: ghcr.io/paperless-ngx/paperless-ngx:latest + volumeMounts: + - name: consume-volume + mountPath: /usr/src/paperless/consume + subPath: consume + - name: data-volume + mountPath: /usr/src/paperless/data + subPath: data/data + - name: data-volume + mountPath: /usr/src/paperless/media + subPath: data/media + - name: data-volume + mountPath: /usr/src/paperless/export + subPath: data/export + envFrom: + - configMapRef: + name: paperless-config + env: + - name: PAPERLESS_DBPASS + valueFrom: + secretKeyRef: + name: paperless-secrets + key: PAPERLESS_DBPASSWORD + - name: PAPERLESS_SECRET_KEY + valueFrom: + secretKeyRef: + name: paperless-secrets + key: PAPERLESS_SECRET_KEY + - name: PAPERLESS_EMAIL_HOST_PASSWORD + valueFrom: + secretKeyRef: + name: smtp-secrets + key: SMTP_PASSWORD + - name: PAPERLESS_SOCIALACCOUNT_PROVIDERS + valueFrom: + secretKeyRef: + name: paperless-secrets + key: PAPERLESS_SOCIALACCOUNT_PROVIDERS + ports: + - containerPort: 8000 + name: paperless + protocol: TCP + livenessProbe: + httpGet: + scheme: HTTP + path: / + port: paperless + initialDelaySeconds: 60 + periodSeconds: 10 + readinessProbe: + httpGet: + scheme: HTTP + path: / + port: paperless + initialDelaySeconds: 30 + periodSeconds: 10 + startupProbe: + httpGet: + scheme: HTTP + path: / + port: paperless + volumes: + - name: consume-volume + persistentVolumeClaim: + claimName: paperless-consume + - name: data-volume + persistentVolumeClaim: + claimName: paperless-pvc diff --git a/namespaces/apps/paperless/patches/pvc.yaml b/namespaces/apps/paperless/patches/pvc.yaml new file mode 100644 index 0000000..fd1a58e --- /dev/null +++ b/namespaces/apps/paperless/patches/pvc.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: pvc +spec: + resources: + requests: + storage: 50Gi