Reorganized for new stable/waypoint versioning design.
This commit is contained in:
34
openproject/versions/16/README.md
Normal file
34
openproject/versions/16/README.md
Normal file
@@ -0,0 +1,34 @@
|
||||
# OpenProject
|
||||
|
||||
OpenProject is an open-source project management software that provides comprehensive features for project planning, tracking, and collaboration.
|
||||
|
||||
## Dependencies
|
||||
|
||||
- **PostgreSQL** - Database for storing project data
|
||||
- **Memcached** - Caching layer for improved performance
|
||||
|
||||
## Configuration
|
||||
|
||||
Key settings configured through your instance's `config.yaml`:
|
||||
|
||||
- **domain** - Where OpenProject will be accessible (default: `openproject.{your-cloud-domain}`)
|
||||
- **adminUserEmail** - Admin account email (defaults to your operator email)
|
||||
- **seedLocale** - Default language (default: `en`)
|
||||
- **storage** - Persistent volume size (default: `5Gi`)
|
||||
|
||||
## Access
|
||||
|
||||
After deployment, OpenProject will be available at:
|
||||
- `https://openproject.{your-cloud-domain}`
|
||||
|
||||
## First-Time Setup
|
||||
|
||||
1. Add and deploy the app:
|
||||
```bash
|
||||
wild app add openproject
|
||||
wild app deploy openproject
|
||||
```
|
||||
|
||||
2. Log in with the admin credentials (password reset will be required on first login)
|
||||
|
||||
3. Create your first project and invite team members
|
||||
23
openproject/versions/16/configmap_core.yaml
Normal file
23
openproject/versions/16/configmap_core.yaml
Normal file
@@ -0,0 +1,23 @@
|
||||
---
|
||||
# Source: openproject/templates/secret_core.yaml
|
||||
apiVersion: "v1"
|
||||
kind: "ConfigMap"
|
||||
metadata:
|
||||
name: "openproject-core"
|
||||
data:
|
||||
DATABASE_HOST: "{{ .db.host }}"
|
||||
DATABASE_PORT: "{{ .db.port }}"
|
||||
DATABASE_NAME: "{{ .db.name }}"
|
||||
DATABASE_USERNAME: "{{ .db.user }}"
|
||||
DATABASE_URL: "postgresql://{{ .db.user }}@{{ .db.host }}:{{ .db.port }}/{{ .db.name }}"
|
||||
OPENPROJECT_SEED_ADMIN_USER_PASSWORD_RESET: "true"
|
||||
OPENPROJECT_SEED_ADMIN_USER_NAME: "{{ .adminUserName }}"
|
||||
OPENPROJECT_SEED_ADMIN_USER_MAIL: "{{ .adminUserEmail }}"
|
||||
OPENPROJECT_HTTPS: "true"
|
||||
OPENPROJECT_SEED_LOCALE: "en"
|
||||
OPENPROJECT_HOST__NAME: "{{ .domain }}"
|
||||
OPENPROJECT_HSTS: "true"
|
||||
OPENPROJECT_RAILS__CACHE__STORE: "memcache"
|
||||
OPENPROJECT_RAILS__RELATIVE__URL__ROOT: ""
|
||||
POSTGRES_STATEMENT_TIMEOUT: "120s"
|
||||
...
|
||||
9
openproject/versions/16/configmap_memcached.yaml
Normal file
9
openproject/versions/16/configmap_memcached.yaml
Normal file
@@ -0,0 +1,9 @@
|
||||
---
|
||||
# Source: openproject/templates/secret_memcached.yaml
|
||||
apiVersion: "v1"
|
||||
kind: "ConfigMap"
|
||||
metadata:
|
||||
name: "openproject-memcached"
|
||||
data:
|
||||
OPENPROJECT_CACHE__MEMCACHE__SERVER: "{{ .memcached.host }}:{{ .memcached.port }}"
|
||||
...
|
||||
51
openproject/versions/16/db-init-job.yaml
Normal file
51
openproject/versions/16/db-init-job.yaml
Normal file
@@ -0,0 +1,51 @@
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: openproject-db-init
|
||||
labels:
|
||||
component: db-init
|
||||
spec:
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
component: db-init
|
||||
spec:
|
||||
containers:
|
||||
- name: db-init
|
||||
image: postgres:17
|
||||
command: ["/bin/bash", "-c"]
|
||||
args:
|
||||
- |
|
||||
PGPASSWORD=${POSTGRES_ADMIN_PASSWORD} psql -h ${DB_HOSTNAME} -U postgres <<EOF
|
||||
DO \$\$
|
||||
BEGIN
|
||||
IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = '${DB_USERNAME}') THEN
|
||||
CREATE USER ${DB_USERNAME} WITH ENCRYPTED PASSWORD '${DB_PASSWORD}';
|
||||
ELSE
|
||||
ALTER USER ${DB_USERNAME} WITH ENCRYPTED PASSWORD '${DB_PASSWORD}';
|
||||
END IF;
|
||||
END
|
||||
\$\$;
|
||||
|
||||
SELECT 'CREATE DATABASE ${DB_DATABASE_NAME}' WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = '${DB_DATABASE_NAME}')\gexec
|
||||
ALTER DATABASE ${DB_DATABASE_NAME} OWNER TO ${DB_USERNAME};
|
||||
GRANT ALL PRIVILEGES ON DATABASE ${DB_DATABASE_NAME} TO ${DB_USERNAME};
|
||||
EOF
|
||||
env:
|
||||
- name: POSTGRES_ADMIN_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: postgres-secrets
|
||||
key: password
|
||||
- name: DB_HOSTNAME
|
||||
value: "{{ .db.host }}"
|
||||
- name: DB_DATABASE_NAME
|
||||
value: "{{ .db.name }}"
|
||||
- name: DB_USERNAME
|
||||
value: "{{ .db.user }}"
|
||||
- name: DB_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: openproject-secrets
|
||||
key: dbPassword
|
||||
restartPolicy: OnFailure
|
||||
26
openproject/versions/16/ingress.yaml
Normal file
26
openproject/versions/16/ingress.yaml
Normal file
@@ -0,0 +1,26 @@
|
||||
---
|
||||
# Source: openproject/templates/ingress.yaml
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: openproject
|
||||
annotations:
|
||||
external-dns.alpha.kubernetes.io/target: {{ .externalDnsDomain }}
|
||||
external-dns.alpha.kubernetes.io/cloudflare-proxied: "false"
|
||||
spec:
|
||||
tls:
|
||||
- hosts:
|
||||
- "{{ .domain }}"
|
||||
secretName: "wildcard-wild-cloud-tls"
|
||||
rules:
|
||||
- host: "{{ .domain }}"
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: openproject
|
||||
port:
|
||||
name: http
|
||||
...
|
||||
21
openproject/versions/16/kustomization.yaml
Normal file
21
openproject/versions/16/kustomization.yaml
Normal file
@@ -0,0 +1,21 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
namespace: openproject
|
||||
labels:
|
||||
- includeSelectors: true
|
||||
pairs:
|
||||
app: openproject
|
||||
managedBy: kustomize
|
||||
partOf: wild-cloud
|
||||
resources:
|
||||
- namespace.yaml
|
||||
- serviceaccount.yaml
|
||||
- configmap_core.yaml
|
||||
- configmap_memcached.yaml
|
||||
- persistentvolumeclaim.yaml
|
||||
- service.yaml
|
||||
- db-init-job.yaml
|
||||
- web-deployment.yaml
|
||||
- worker-deployment.yaml
|
||||
- seeder-job.yaml
|
||||
- ingress.yaml
|
||||
25
openproject/versions/16/manifest.yaml
Normal file
25
openproject/versions/16/manifest.yaml
Normal file
@@ -0,0 +1,25 @@
|
||||
version: 16.1.1-1
|
||||
requires:
|
||||
- name: postgres
|
||||
- name: memcached
|
||||
defaultConfig:
|
||||
namespace: openproject
|
||||
externalDnsDomain: '{{ .cloud.domain }}'
|
||||
storage: 5Gi
|
||||
adminUserName: OpenProject Admin
|
||||
adminUserEmail: '{{ .operator.email }}'
|
||||
domain: openproject.{{ .cloud.domain }}
|
||||
tlsSecretName: wildcard-wild-cloud-tls
|
||||
db:
|
||||
host: '{{ .apps.postgres.host }}'
|
||||
port: '{{ .apps.postgres.port }}'
|
||||
name: openproject
|
||||
user: openproject
|
||||
memcached:
|
||||
host: '{{ .apps.memcached.host }}'
|
||||
port: '{{ .apps.memcached.port }}'
|
||||
defaultSecrets:
|
||||
- key: dbPassword
|
||||
- key: adminPassword
|
||||
requiredSecrets:
|
||||
- postgres.password
|
||||
4
openproject/versions/16/namespace.yaml
Normal file
4
openproject/versions/16/namespace.yaml
Normal file
@@ -0,0 +1,4 @@
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: "{{ .namespace }}"
|
||||
12
openproject/versions/16/persistentvolumeclaim.yaml
Normal file
12
openproject/versions/16/persistentvolumeclaim.yaml
Normal file
@@ -0,0 +1,12 @@
|
||||
---
|
||||
# Source: openproject/templates/persistentvolumeclaim.yaml
|
||||
apiVersion: "v1"
|
||||
kind: "PersistentVolumeClaim"
|
||||
metadata:
|
||||
name: openproject
|
||||
spec:
|
||||
accessModes: [ReadWriteMany]
|
||||
resources:
|
||||
requests:
|
||||
storage: "{{ .storage }}"
|
||||
...
|
||||
138
openproject/versions/16/seeder-job.yaml
Normal file
138
openproject/versions/16/seeder-job.yaml
Normal file
@@ -0,0 +1,138 @@
|
||||
---
|
||||
# Source: openproject/templates/seeder-job.yaml
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: openproject-seeder-1
|
||||
labels:
|
||||
component: seeder
|
||||
spec:
|
||||
ttlSecondsAfterFinished: 86400
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
component: seeder
|
||||
spec:
|
||||
securityContext:
|
||||
fsGroup: 1000
|
||||
volumes:
|
||||
- name: tmp
|
||||
# we can't use emptyDir due to the sticky bit issue
|
||||
# see: https://github.com/kubernetes/kubernetes/issues/110835
|
||||
ephemeral:
|
||||
volumeClaimTemplate:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
spec:
|
||||
accessModes: ["ReadWriteOnce"]
|
||||
resources:
|
||||
requests:
|
||||
storage: 2Gi
|
||||
- name: app-tmp
|
||||
# we can't use emptyDir due to the sticky bit / world writable issue
|
||||
# see: https://github.com/kubernetes/kubernetes/issues/110835
|
||||
ephemeral:
|
||||
volumeClaimTemplate:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
spec:
|
||||
accessModes: ["ReadWriteOnce"]
|
||||
resources:
|
||||
requests:
|
||||
storage: 2Gi
|
||||
- name: "data"
|
||||
persistentVolumeClaim:
|
||||
claimName: openproject
|
||||
initContainers:
|
||||
- name: check-db-ready
|
||||
image: "postgres:17"
|
||||
imagePullPolicy: Always
|
||||
command: [
|
||||
'sh',
|
||||
'-c',
|
||||
'until pg_isready -h $DATABASE_HOST -p $DATABASE_PORT -U openproject; do echo "waiting for database $DATABASE_HOST:$DATABASE_PORT"; sleep 2; done;'
|
||||
]
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: openproject-core
|
||||
- configMapRef:
|
||||
name: openproject-memcached
|
||||
env:
|
||||
- name: OPENPROJECT_DB_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: openproject-secrets
|
||||
key: dbPassword
|
||||
- name: OPENPROJECT_SEED_ADMIN_USER_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: openproject-secrets
|
||||
key: adminPassword
|
||||
resources:
|
||||
limits:
|
||||
memory: 200Mi
|
||||
requests:
|
||||
memory: 200Mi
|
||||
volumeMounts:
|
||||
- mountPath: /tmp
|
||||
name: tmp
|
||||
- mountPath: /app/tmp
|
||||
name: app-tmp
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 1000
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
containers:
|
||||
- name: seeder
|
||||
image: "openproject/openproject:16.1.1-slim"
|
||||
imagePullPolicy: Always
|
||||
args:
|
||||
- bash
|
||||
- /app/docker/prod/seeder
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: openproject-core
|
||||
- configMapRef:
|
||||
name: openproject-memcached
|
||||
env:
|
||||
- name: OPENPROJECT_DB_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: openproject-secrets
|
||||
key: dbPassword
|
||||
- name: OPENPROJECT_SEED_ADMIN_USER_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: openproject-secrets
|
||||
key: adminPassword
|
||||
resources:
|
||||
limits:
|
||||
memory: 512Mi
|
||||
requests:
|
||||
memory: 512Mi
|
||||
volumeMounts:
|
||||
- mountPath: /tmp
|
||||
name: tmp
|
||||
- mountPath: /app/tmp
|
||||
name: app-tmp
|
||||
- name: "data"
|
||||
mountPath: "/var/openproject/assets"
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 1000
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
restartPolicy: OnFailure
|
||||
16
openproject/versions/16/service.yaml
Normal file
16
openproject/versions/16/service.yaml
Normal file
@@ -0,0 +1,16 @@
|
||||
---
|
||||
# Source: openproject/templates/service.yaml
|
||||
apiVersion: "v1"
|
||||
kind: "Service"
|
||||
metadata:
|
||||
name: openproject
|
||||
spec:
|
||||
type: ClusterIP
|
||||
ports:
|
||||
- port: 8080
|
||||
targetPort: http
|
||||
protocol: TCP
|
||||
name: http
|
||||
selector:
|
||||
component: web
|
||||
...
|
||||
7
openproject/versions/16/serviceaccount.yaml
Normal file
7
openproject/versions/16/serviceaccount.yaml
Normal file
@@ -0,0 +1,7 @@
|
||||
---
|
||||
# Source: openproject/templates/serviceaccount.yaml
|
||||
apiVersion: "v1"
|
||||
kind: "ServiceAccount"
|
||||
metadata:
|
||||
name: openproject
|
||||
...
|
||||
184
openproject/versions/16/web-deployment.yaml
Normal file
184
openproject/versions/16/web-deployment.yaml
Normal file
@@ -0,0 +1,184 @@
|
||||
---
|
||||
# Source: openproject/templates/web-deployment.yaml
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: openproject-web
|
||||
labels:
|
||||
openproject/process: web
|
||||
spec:
|
||||
replicas: 1
|
||||
strategy:
|
||||
|
||||
type: Recreate
|
||||
selector:
|
||||
matchLabels:
|
||||
component: web
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
|
||||
# annotate pods with env value checksums so changes trigger re-deployments
|
||||
|
||||
checksum/env-core: f2b092f43e1c4c37ec21840d9fbca6bd40dc514094fce97e682a1ec202ba5e45
|
||||
checksum/env-memcached: ff6b5c8eeeea9c2c34b0799a614f9d252c79257f7cc1a89f56d5ee0fd5664fd4
|
||||
checksum/env-oidc: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
|
||||
checksum/env-s3: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
|
||||
checksum/env-environment: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
|
||||
labels:
|
||||
component: web
|
||||
spec:
|
||||
securityContext:
|
||||
fsGroup: 1000
|
||||
serviceAccountName: openproject
|
||||
volumes:
|
||||
- name: tmp
|
||||
# we can't use emptyDir due to the sticky bit issue
|
||||
# see: https://github.com/kubernetes/kubernetes/issues/110835
|
||||
ephemeral:
|
||||
volumeClaimTemplate:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
spec:
|
||||
accessModes: ["ReadWriteOnce"]
|
||||
resources:
|
||||
requests:
|
||||
storage: 2Gi
|
||||
- name: app-tmp
|
||||
# we can't use emptyDir due to the sticky bit / world writable issue
|
||||
# see: https://github.com/kubernetes/kubernetes/issues/110835
|
||||
ephemeral:
|
||||
volumeClaimTemplate:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
spec:
|
||||
accessModes: ["ReadWriteOnce"]
|
||||
resources:
|
||||
requests:
|
||||
storage: 2Gi
|
||||
- name: "data"
|
||||
persistentVolumeClaim:
|
||||
claimName: openproject
|
||||
initContainers:
|
||||
- name: wait-for-db
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 1000
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
image: postgres:17
|
||||
imagePullPolicy: Always
|
||||
command: [
|
||||
'sh',
|
||||
'-c',
|
||||
'until pg_isready -h $DATABASE_HOST -p $DATABASE_PORT -d $DATABASE_NAME -U $DATABASE_USERNAME; do echo "waiting for database $DATABASE_HOST:$DATABASE_PORT"; sleep 2; done; echo "Database is ready!"'
|
||||
]
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: openproject-core
|
||||
- configMapRef:
|
||||
name: openproject-memcached
|
||||
env:
|
||||
- name: OPENPROJECT_DB_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: openproject-secrets
|
||||
key: dbPassword
|
||||
- name: OPENPROJECT_SEED_ADMIN_USER_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: openproject-secrets
|
||||
key: adminPassword
|
||||
resources:
|
||||
limits:
|
||||
memory: 1Gi
|
||||
requests:
|
||||
memory: 512Mi
|
||||
volumeMounts:
|
||||
- mountPath: /tmp
|
||||
name: tmp
|
||||
- mountPath: /app/tmp
|
||||
name: app-tmp
|
||||
containers:
|
||||
- name: "openproject"
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 1000
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
image: openproject/openproject:16.1.1-slim
|
||||
imagePullPolicy: Always
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: openproject-core
|
||||
- configMapRef:
|
||||
name: openproject-memcached
|
||||
env:
|
||||
- name: OPENPROJECT_DB_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: openproject-secrets
|
||||
key: dbPassword
|
||||
- name: OPENPROJECT_SEED_ADMIN_USER_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: openproject-secrets
|
||||
key: adminPassword
|
||||
args:
|
||||
- /app/docker/prod/web
|
||||
volumeMounts:
|
||||
- mountPath: /tmp
|
||||
name: tmp
|
||||
- mountPath: /app/tmp
|
||||
name: app-tmp
|
||||
- name: "data"
|
||||
mountPath: "/var/openproject/assets"
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 8080
|
||||
protocol: TCP
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: "/health_checks/default"
|
||||
port: 8080
|
||||
httpHeaders:
|
||||
# required otherwise health check will return 404 because health check is done using the Pod IP, which may cause issues with downstream variants
|
||||
- name: Host
|
||||
value: localhost
|
||||
initialDelaySeconds: 120
|
||||
timeoutSeconds: 3
|
||||
periodSeconds: 30
|
||||
failureThreshold: 3
|
||||
successThreshold: 1
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: "/health_checks/default"
|
||||
port: 8080
|
||||
httpHeaders:
|
||||
# required otherwise health check will return 404 because health check is done using the Pod IP, which may cause issues with downstream variants
|
||||
- name: Host
|
||||
value: localhost
|
||||
initialDelaySeconds: 30
|
||||
timeoutSeconds: 3
|
||||
periodSeconds: 15
|
||||
failureThreshold: 30
|
||||
successThreshold: 1
|
||||
resources:
|
||||
limits:
|
||||
cpu: "4"
|
||||
memory: 4Gi
|
||||
requests:
|
||||
cpu: 250m
|
||||
memory: 512Mi
|
||||
153
openproject/versions/16/worker-deployment.yaml
Normal file
153
openproject/versions/16/worker-deployment.yaml
Normal file
@@ -0,0 +1,153 @@
|
||||
---
|
||||
# Source: openproject/templates/worker-deployment.yaml
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: openproject-worker-default
|
||||
labels:
|
||||
openproject/process: worker-default
|
||||
spec:
|
||||
replicas: 1
|
||||
strategy:
|
||||
|
||||
type: Recreate
|
||||
selector:
|
||||
matchLabels:
|
||||
component: worker
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
|
||||
# annotate pods with env value checksums so changes trigger re-deployments
|
||||
|
||||
checksum/env-core: f2b092f43e1c4c37ec21840d9fbca6bd40dc514094fce97e682a1ec202ba5e45
|
||||
checksum/env-memcached: ff6b5c8eeeea9c2c34b0799a614f9d252c79257f7cc1a89f56d5ee0fd5664fd4
|
||||
checksum/env-oidc: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
|
||||
checksum/env-s3: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
|
||||
checksum/env-environment: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
|
||||
labels:
|
||||
component: worker
|
||||
spec:
|
||||
securityContext:
|
||||
fsGroup: 1000
|
||||
serviceAccountName: openproject
|
||||
volumes:
|
||||
- name: tmp
|
||||
# we can't use emptyDir due to the sticky bit issue
|
||||
# see: https://github.com/kubernetes/kubernetes/issues/110835
|
||||
ephemeral:
|
||||
volumeClaimTemplate:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
spec:
|
||||
accessModes: ["ReadWriteOnce"]
|
||||
resources:
|
||||
requests:
|
||||
storage: 2Gi
|
||||
- name: app-tmp
|
||||
# we can't use emptyDir due to the sticky bit / world writable issue
|
||||
# see: https://github.com/kubernetes/kubernetes/issues/110835
|
||||
ephemeral:
|
||||
volumeClaimTemplate:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
spec:
|
||||
accessModes: ["ReadWriteOnce"]
|
||||
resources:
|
||||
requests:
|
||||
storage: 2Gi
|
||||
- name: "data"
|
||||
persistentVolumeClaim:
|
||||
claimName: openproject
|
||||
initContainers:
|
||||
- name: wait-for-db
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 1000
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
image: postgres:17
|
||||
imagePullPolicy: Always
|
||||
command: [
|
||||
'sh',
|
||||
'-c',
|
||||
'until pg_isready -h $DATABASE_HOST -p $DATABASE_PORT -d $DATABASE_NAME -U $DATABASE_USERNAME; do echo "waiting for database $DATABASE_HOST:$DATABASE_PORT"; sleep 2; done; echo "Database is ready!"'
|
||||
]
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: openproject-core
|
||||
- configMapRef:
|
||||
name: openproject-memcached
|
||||
env:
|
||||
- name: OPENPROJECT_DB_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: openproject-secrets
|
||||
key: dbPassword
|
||||
- name: OPENPROJECT_SEED_ADMIN_USER_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: openproject-secrets
|
||||
key: adminPassword
|
||||
resources:
|
||||
limits:
|
||||
memory: 1Gi
|
||||
requests:
|
||||
memory: 512Mi
|
||||
volumeMounts:
|
||||
- mountPath: /tmp
|
||||
name: tmp
|
||||
- mountPath: /app/tmp
|
||||
name: app-tmp
|
||||
containers:
|
||||
- name: "openproject"
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 1000
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
image: openproject/openproject:16.1.1-slim
|
||||
imagePullPolicy: Always
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: openproject-core
|
||||
- configMapRef:
|
||||
name: openproject-memcached
|
||||
args:
|
||||
- bash
|
||||
- /app/docker/prod/worker
|
||||
env:
|
||||
|
||||
- name: OPENPROJECT_DB_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: openproject-secrets
|
||||
key: dbPassword
|
||||
- name: "OPENPROJECT_GOOD_JOB_QUEUES"
|
||||
value: ""
|
||||
volumeMounts:
|
||||
- mountPath: /tmp
|
||||
name: tmp
|
||||
- mountPath: /app/tmp
|
||||
name: app-tmp
|
||||
- name: "data"
|
||||
mountPath: "/var/openproject/assets"
|
||||
resources:
|
||||
limits:
|
||||
cpu: "4"
|
||||
memory: 4Gi
|
||||
requests:
|
||||
cpu: 250m
|
||||
memory: 512Mi
|
||||
Reference in New Issue
Block a user