apiVersion: v1 kind: Namespace metadata: name: passbolt --- apiVersion: v1 kind: Secret metadata: name: passbolt-secrets namespace: passbolt type: Opaque stringData: DATASOURCES_DEFAULT_PASSWORD: "change-me-db-password" DATASOURCES_DEFAULT_USERNAME: "passbolt" DATASOURCES_DEFAULT_DATABASE: "passbolt" MYSQL_ROOT_PASSWORD: "change-me-root-password" MYSQL_PASSWORD: "change-me-db-password" MYSQL_USER: "passbolt" MYSQL_DATABASE: "passbolt" --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: mariadb-pvc namespace: passbolt spec: accessModes: - ReadWriteOnce storageClassName: local-path resources: requests: storage: 5Gi --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: passbolt-gpg-pvc namespace: passbolt spec: accessModes: - ReadWriteOnce storageClassName: local-path resources: requests: storage: 1Gi --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: passbolt-jwt-pvc namespace: passbolt spec: accessModes: - ReadWriteOnce storageClassName: local-path resources: requests: storage: 1Gi --- apiVersion: apps/v1 kind: Deployment metadata: name: mariadb namespace: passbolt spec: replicas: 1 selector: matchLabels: app: mariadb template: metadata: labels: app: mariadb spec: containers: - name: mariadb image: mariadb:10.11 envFrom: - secretRef: name: passbolt-secrets ports: - containerPort: 3306 volumeMounts: - name: mariadb-data mountPath: /var/lib/mysql volumes: - name: mariadb-data persistentVolumeClaim: claimName: mariadb-pvc --- apiVersion: v1 kind: Service metadata: name: mariadb namespace: passbolt spec: selector: app: mariadb ports: - port: 3306 targetPort: 3306 --- apiVersion: apps/v1 kind: Deployment metadata: name: passbolt namespace: passbolt spec: replicas: 1 selector: matchLabels: app: passbolt template: metadata: labels: app: passbolt spec: containers: - name: passbolt image: passbolt/passbolt:latest-ce env: - name: APP_FULL_BASE_URL value: "https://pb.roysland.net" - name: DATASOURCES_DEFAULT_HOST value: "mariadb" - name: DATASOURCES_DEFAULT_PORT value: "3306" - name: DATASOURCES_DEFAULT_USERNAME valueFrom: secretKeyRef: name: passbolt-secrets key: DATASOURCES_DEFAULT_USERNAME - name: DATASOURCES_DEFAULT_PASSWORD valueFrom: secretKeyRef: name: passbolt-secrets key: DATASOURCES_DEFAULT_PASSWORD - name: DATASOURCES_DEFAULT_DATABASE valueFrom: secretKeyRef: name: passbolt-secrets key: DATASOURCES_DEFAULT_DATABASE - name: PASSBOLT_SSL_FORCE value: "true" ports: - containerPort: 80 - containerPort: 443 volumeMounts: - name: gpg-data mountPath: /etc/passbolt/gpg - name: jwt-data mountPath: /etc/passbolt/jwt volumes: - name: gpg-data persistentVolumeClaim: claimName: passbolt-gpg-pvc - name: jwt-data persistentVolumeClaim: claimName: passbolt-jwt-pvc --- apiVersion: v1 kind: Service metadata: name: passbolt namespace: passbolt spec: selector: app: passbolt ports: - port: 80 targetPort: 80 --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: passbolt namespace: passbolt annotations: cert-manager.io/cluster-issuer: letsencrypt spec: ingressClassName: traefik tls: - hosts: - pb.roysland.net secretName: passbolt-tls rules: - host: pb.roysland.net http: paths: - path: / pathType: Prefix backend: service: name: passbolt port: number: 80