├── .gitignore ├── README.md ├── install.sh ├── team-chat ├── .helmignore ├── Chart.yaml ├── templates │ ├── 01-role.yml │ ├── 02_service.yaml │ ├── 03-storage.yaml │ ├── 05-ingress.yaml │ ├── _helpers.tpl │ ├── deploy_chat.yaml │ └── deploy_database.yaml └── values.yaml ├── team-nextcloud ├── .helmignore ├── Chart.yaml ├── templates │ ├── 02_service.yaml │ ├── 03-storage.yaml │ ├── 05-ingress.yaml │ ├── 08-secret.yaml │ ├── _helpers.tpl │ ├── deploy_database.yaml │ └── deploy_nextcloud.yaml └── values.yaml ├── team-openslides ├── .helmignore ├── Chart.yaml ├── templates │ ├── 02_service.yaml │ ├── 03-storage.yaml │ ├── 05-ingress.yaml │ ├── _helpers.tpl │ └── deploy_openslides.yaml └── values.yaml ├── team-setup ├── .helmignore ├── Chart.yaml ├── crds │ └── traefik-crds.yaml ├── templates │ ├── _helpers.tpl │ ├── ingress │ │ ├── 01-role.yml │ │ ├── 02-service.yaml │ │ ├── 03-storage.yaml │ │ ├── 04-deployment.yml │ │ ├── 05-global-ingress.yml │ │ └── 06-middleware.yaml │ └── landingpage │ │ ├── ingress.yaml │ │ ├── landingpage.yaml │ │ └── service.yaml └── values.yaml ├── team-share ├── .helmignore ├── Chart.yaml ├── templates │ ├── 02_service.yaml │ ├── 03-storage.yaml │ ├── 05-ingress.yaml │ ├── _helpers.tpl │ └── deploy_share.yaml └── values.yaml ├── team-video ├── .helmignore ├── Chart.yaml ├── templates │ ├── 02_service.yaml │ ├── 05-ingress.yaml │ ├── _helpers.tpl │ ├── deploy_jicofo.yaml │ ├── deploy_jvb.yaml │ ├── deploy_prosody.yaml │ └── deploy_web.yaml └── values.yaml ├── values-chat.yaml ├── values-nextcloud.yaml ├── values-openslides.yaml ├── values-setup.yaml ├── values-share.yaml └── values-video.yaml /.gitignore: -------------------------------------------------------------------------------- 1 | docker/.DS_Store 2 | upload.sh 3 | .DS_Store -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # team-container 2 | 3 | Team-container is a collection of containers that set up your own collaboration server. This setup is meant to be used in conjunction with a magazine article in c't magazine. See (https://www.heise.de/select/ct/2020/9/2007712573850503640). The article is behind a paywall, but the setup works without the article. 4 | 5 | ## Tools in this collection 6 | 7 | * [Træfik Router](https://docs.traefik.io) 8 | * [Nextcloud](https://nextcloud.com) 9 | * [Rocket.Chat](https://rocket.chat) 10 | * [Jitsi Meet](https://jitsi.org) 11 | * [Openslides](https://openslides.com) 12 | * [Plik](https://github.com/root-gg/plik) 13 | 14 | 15 | # Goal, Prerequisites and Architecture 16 | 17 | The goal is to provide a private collaboration server for a small to medium sized team that provides essential services while leaving you in control of where the data are stored. The services are: 18 | * *Nextcloud* for sharing documents and calendars 19 | * *Rocket.Chat* for well organized browser based text chat. Apps for mobile platforms are available. 20 | * *Jitsi Meet* for browser based video conferencing. Apps for mobile platforms are available. 21 | * *Openslides* for management of assemblies for clubs and organizations 22 | * *Plik* is a scalable & friendly temporary file upload system (like wetransfer). 23 | 24 | 25 | All you need is 26 | * A linux server, prefarably running Ubuntu 18.04 LTS or another Debian GNU/Linux derivate. There is a [compatibility list for some hosting providers](https://github.com/ct-Open-Source/team-container/wiki/Compatibility) in the wiki. 27 | * A domain name, e.g. example.org and four subdomains pointing to your server, i.e. www.example.org, cloud.example.org, chat.example.org and video.example.org 28 | * basic experience with the linux terminal 29 | 30 | Knowledge of container technology or other typical linux admin topics is not required. 31 | 32 | The first container ((Kubernetes, Rancher, helm) you install contains Traefik. Traefik routes incoming traffic to either the web server nginx or one of the other three containers you will install subsequently. Each of those containers runs an instance of Nextloud, Rocket.Chat or Jitsi Meet. The routing decision is based on the server name specified when setting up the containers. All four servers should have the same domain name. 33 | 34 | # Roadmap / Contribute 35 | 36 | A lot of improvements are on our agenda. Have a look at the [Project board at GitHub](https://github.com/ct-Open-Source/team-container/projects/1) and feel free to create an issue or PR! 37 | 38 | # Getting started 39 | 40 | * prepare a server with a current version of Linux server (tested with Ubuntu Server 18.04 LTS) 41 | * setup four dns entries for your server (e.g. www.example.org, cloud.example.org, chat.example.org, video.example.org) 42 | * clone this repository: `git clone https://github.com/ct-open-source/team-container` 43 | * navigate into the folder team-container 44 | * run `sudo install.sh` 45 | * open "values-setup.yaml". Enter your e-Mail address, set production to true, enter the main server name (e.g. www) and domain name. 46 | * install Traefik, the router: `helm install setup team-setup --values values-setup.yaml` 47 | * wait a few minutes - until https://yourserver.example.com returns the nginx welcome page using a valid Let's Encrypt TLS certificate. Traefik and nginx are now functional. 48 | 49 | ## Install Nextcloud 50 | * open "values-nextcloud.yaml". Enter server name (e.g. cloud), domain name (e.g. example.org), a name for the Nextcloud administrator and the initial password for the Nextcloud administrator. 51 | * install Nextcloud: `helm install nextcloud team-nextcloud --values values-nextcloud.yaml` 52 | * After a few minutes your own Nextcloud server will be up and running under https://cloud.example.org. You can log in as the administrator with the password you provided in the last step. Proceed and add regular users. Or 53 | 54 | ## Install Rocket.Chat 55 | * open "values-chat.yaml". Enter server name (e.g. chat), domain name (e.g. example.org), a name for the Rocket.Chat administrator, the initial password for the Rocket.Chat administrator and his e-mail adress. 56 | * install Rocket.Chat: `helm install chat team-chat --values values-chat.yaml` 57 | * after a few minutes your own Rocket.Chat server will be up and running under https://chat.example.org. You can log in as the administrator with the password you provided in the last step. Proceed and add regular users. 58 | 59 | ## Install Jitsi Meet 60 | * open "values-video.yaml". Enter server name (e.g. video) and domain name (e.g. example.org) 61 | * install Jitsi Meet: `helm install video team-video --values values-video.yaml` 62 | * after a few minutes your own Jitsi Meet video chat server will be up and running under https://video.example.org. 63 | * please refer to the above mentioned project web sites for help on using the services. 64 | 65 | ## Install Openslides (software for assemblies) 66 | * open "values-openslides.yaml". Enter server name (e.g. club) and domain name (e.g. example.org) 67 | * install Openslides: `helm install openslides team-openslides --values values-openslides.yaml` 68 | * after a few minutes your own Openslides server will be up and running under https://club.example.org. 69 | * please refer to the above mentioned project web sites for help on using the services. 70 | 71 | # To do / Known issues 72 | 73 | * not working with IPv6 (problems with certificate generation) 74 | -------------------------------------------------------------------------------- /install.sh: -------------------------------------------------------------------------------- 1 | # Install and run K3S 2 | curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC="--disable traefik --write-kubeconfig-mode 644" sh - 3 | 4 | # Install helm 5 | curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash 6 | 7 | export KUBECONFIG=/etc/rancher/k3s/k3s.yaml 8 | export HELM_EXPERIMENTAL_OCI=1 9 | 10 | echo "KUBECONFIG=/etc/rancher/k3s/k3s.yaml">>/etc/environment 11 | echo "HELM_EXPERIMENTAL_OCI=1">>/etc/environment 12 | echo "Kubernetes is ready for teamcloud. Please reboot your machine." 13 | -------------------------------------------------------------------------------- /team-chat/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /team-chat/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: team-chat 3 | description: Rocket.Chat for team-container 4 | 5 | type: application 6 | 7 | version: 0.0.1 8 | appVersion: 0.0.1 -------------------------------------------------------------------------------- /team-chat/templates/01-role.yml: -------------------------------------------------------------------------------- 1 | kind: ClusterRole 2 | apiVersion: rbac.authorization.k8s.io/v1beta1 3 | metadata: 4 | name: mongo-controller 5 | 6 | rules: 7 | - apiGroups: 8 | - "" 9 | resources: 10 | - pods 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | --- 16 | kind: ClusterRoleBinding 17 | apiVersion: rbac.authorization.k8s.io/v1beta1 18 | metadata: 19 | name: mongo-controller 20 | 21 | roleRef: 22 | apiGroup: rbac.authorization.k8s.io 23 | kind: ClusterRole 24 | name: mongo-controller 25 | subjects: 26 | - kind: ServiceAccount 27 | name: mongo-controller 28 | namespace: default 29 | --- 30 | apiVersion: v1 31 | kind: ServiceAccount 32 | metadata: 33 | namespace: default 34 | name: mongo-controller -------------------------------------------------------------------------------- /team-chat/templates/02_service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "team-chat.fullname" . }}-rc 5 | namespace: default 6 | spec: 7 | ports: 8 | - protocol: TCP 9 | name: web 10 | port: 3000 11 | targetPort: 3000 12 | selector: 13 | app: {{ include "team-chat.fullname" . }}-rc 14 | --- 15 | apiVersion: v1 16 | kind: Service 17 | metadata: 18 | name: {{ include "team-chat.fullname" . }}-mongo 19 | namespace: default 20 | spec: 21 | ports: 22 | - protocol: TCP 23 | name: mongo 24 | port: 27017 25 | targetPort: 27017 26 | selector: 27 | environment: {{ include "team-chat.fullname" . }}-mongo -------------------------------------------------------------------------------- /team-chat/templates/03-storage.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: 4 | name: {{ include "team-chat.fullname" . }}-rc-data 5 | spec: 6 | accessModes: 7 | - ReadWriteOnce 8 | storageClassName: local-path 9 | resources: 10 | requests: 11 | storage: {{ .Values.storage.limits.data }} 12 | --- 13 | apiVersion: v1 14 | kind: PersistentVolumeClaim 15 | metadata: 16 | name: {{ include "team-chat.fullname" . }}-rc-tmp 17 | spec: 18 | accessModes: 19 | - ReadWriteOnce 20 | storageClassName: local-path 21 | resources: 22 | requests: 23 | storage: 128Mi 24 | --- 25 | apiVersion: v1 26 | kind: PersistentVolumeClaim 27 | metadata: 28 | name: {{ include "team-chat.fullname" . }}-mongo-data 29 | spec: 30 | accessModes: 31 | - ReadWriteOnce 32 | storageClassName: local-path 33 | resources: 34 | requests: 35 | storage: {{ .Values.storage.limits.database }} 36 | --- 37 | apiVersion: v1 38 | kind: PersistentVolumeClaim 39 | metadata: 40 | name: {{ include "team-chat.fullname" . }}-mongo-backup 41 | spec: 42 | accessModes: 43 | - ReadWriteOnce 44 | storageClassName: local-path 45 | resources: 46 | requests: 47 | storage: {{ .Values.storage.limits.database }} 48 | --- -------------------------------------------------------------------------------- /team-chat/templates/05-ingress.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: traefik.containo.us/v1alpha1 3 | kind: IngressRoute 4 | metadata: 5 | name: ingressroute-{{ include "team-chat.fullname" . }} 6 | namespace: default 7 | spec: 8 | entryPoints: 9 | - websecure 10 | routes: 11 | - match: Host(`{{ .Values.app.name }}.{{ .Values.app.domain }}`) 12 | kind: Rule 13 | services: 14 | - name: {{ include "team-chat.fullname" . }}-rc 15 | port: 3000 16 | tls: 17 | certResolver: default 18 | -------------------------------------------------------------------------------- /team-chat/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "team-chat.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "team-chat.fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "team-chat.chart" -}} 31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | 34 | {{/* 35 | Common labels 36 | */}} 37 | {{- define "team-chat.labels" -}} 38 | helm.sh/chart: {{ include "team-chat.chart" . }} 39 | {{ include "team-chat.selectorLabels" . }} 40 | {{- if .Chart.AppVersion }} 41 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 42 | {{- end }} 43 | app.kubernetes.io/managed-by: {{ .Release.Service }} 44 | {{- end -}} 45 | 46 | {{/* 47 | Selector labels 48 | */}} 49 | {{- define "team-chat.selectorLabels" -}} 50 | app.kubernetes.io/name: {{ include "team-chat.name" . }} 51 | app.kubernetes.io/instance: {{ .Release.Name }} 52 | {{- end -}} 53 | 54 | {{/* 55 | Create the name of the service account to use 56 | */}} 57 | {{- define "team-chat.serviceAccountName" -}} 58 | {{- if .Values.serviceAccount.create -}} 59 | {{ default (include "team-chat.fullname" .) .Values.serviceAccount.name }} 60 | {{- else -}} 61 | {{ default "default" .Values.serviceAccount.name }} 62 | {{- end -}} 63 | {{- end -}} 64 | -------------------------------------------------------------------------------- /team-chat/templates/deploy_chat.yaml: -------------------------------------------------------------------------------- 1 | kind: Deployment 2 | apiVersion: apps/v1 3 | metadata: 4 | namespace: default 5 | name: {{ include "team-chat.fullname" . }}-rc 6 | labels: 7 | app: {{ include "team-chat.fullname" . }}-rc 8 | spec: 9 | replicas: 1 10 | selector: 11 | matchLabels: 12 | app: {{ include "team-chat.fullname" . }}-rc 13 | template: 14 | metadata: 15 | labels: 16 | app: {{ include "team-chat.fullname" . }}-rc 17 | annotations: 18 | timestamp: "{{ now | unixEpoch }}" 19 | spec: 20 | volumes: 21 | - name: rc-uploads-vol 22 | persistentVolumeClaim: 23 | claimName: {{ include "team-chat.fullname" . }}-rc-data 24 | - name: rc-tmp-vol 25 | persistentVolumeClaim: 26 | claimName: {{ include "team-chat.fullname" . }}-rc-tmp 27 | restartPolicy: Always 28 | containers: 29 | - name: chat 30 | image: rocketchat/rocket.chat:latest 31 | imagePullPolicy: Always 32 | command: 33 | - bash 34 | - -c 35 | - > 36 | for i in `seq 1 30`; do 37 | node main.js && 38 | s=$$? && break || s=$$?; 39 | echo \"Tried to connect $$i times. Waiting 5 secs...\"; 40 | sleep 5; 41 | done; (exit $$s) 42 | volumeMounts: 43 | - name: rc-uploads-vol 44 | mountPath: "/app/uploads" 45 | - name: rc-tmp-vol 46 | mountPath: "/tmp" 47 | ports: 48 | - name: web 49 | containerPort: 3000 50 | env: 51 | - name: INSTANCE_IP 52 | valueFrom: 53 | fieldRef: 54 | fieldPath: status.podIP 55 | - name: ROOT_URL 56 | value: "https://{{ .Values.app.name }}.{{ .Values.app.domain }}" 57 | - name: PORT 58 | value: "3000" 59 | - name: MONGO_URL 60 | value: 'mongodb://{{ include "team-chat.fullname" . }}-mongo/rocketchat' 61 | - name: MONGO_OPLOG_URL 62 | value: 'mongodb://{{ include "team-chat.fullname" . }}-mongo.default.svc.cluster.local:27017/local' 63 | - name: ADMIN_USERNAME 64 | value: {{ .Values.admin.name }} 65 | - name: ADMIN_PASS 66 | value: {{ .Values.admin.password }} 67 | - name: ADMIN_EMAIL 68 | value: {{ .Values.admin.mail }} -------------------------------------------------------------------------------- /team-chat/templates/deploy_database.yaml: -------------------------------------------------------------------------------- 1 | kind: ReplicationController 2 | apiVersion: v1 3 | metadata: 4 | namespace: default 5 | name: {{ include "team-chat.fullname" . }}-mongo 6 | labels: 7 | app: {{ include "team-chat.fullname" . }}-mongo 8 | spec: 9 | replicas: 1 10 | selector: 11 | name: {{ include "team-chat.fullname" . }}-mongo 12 | role: mongo 13 | environment: {{ include "team-chat.fullname" . }}-mongo 14 | template: 15 | metadata: 16 | labels: 17 | name: {{ include "team-chat.fullname" . }}-mongo 18 | role: mongo 19 | environment: {{ include "team-chat.fullname" . }}-mongo 20 | app: {{ include "team-chat.fullname" . }}-mongo 21 | spec: 22 | serviceAccountName: mongo-controller 23 | volumes: 24 | - name: team-mongo-vol 25 | persistentVolumeClaim: 26 | claimName: {{ include "team-chat.fullname" . }}-mongo-data 27 | - name: team-mongo-backups-vol 28 | persistentVolumeClaim: 29 | claimName: {{ include "team-chat.fullname" . }}-mongo-backup 30 | containers: 31 | - name: mongo-node-1 32 | image: mongo:4 33 | command: 34 | - mongod 35 | - "--replSet" 36 | - rs0 37 | - "--bind_ip_all" 38 | volumeMounts: 39 | - name: team-mongo-vol 40 | mountPath: "/data/db" 41 | - name: team-mongo-backups-vol 42 | mountPath: "/dump" 43 | ports: 44 | - name: mongo 45 | containerPort: 27017 46 | - name: mongo-sidecar 47 | image: cvallance/mongo-k8s-sidecar 48 | env: 49 | - name: MONGO_SIDECAR_POD_LABELS 50 | value: "role=mongo,environment={{ include "team-chat.fullname" . }}-mongo" -------------------------------------------------------------------------------- /team-chat/values.yaml: -------------------------------------------------------------------------------- 1 | # Domain and subdomain for this service: 2 | app: 3 | name: chat 4 | domain: example.org 5 | 6 | # Set a username and password for the first administrator account: 7 | admin: 8 | name: admin 9 | password: secret 10 | mail: admin@example.org 11 | 12 | # Storage limit for files and database (no need to change): 13 | storage: 14 | limits: 15 | data: 128Gi 16 | database: 128Gi -------------------------------------------------------------------------------- /team-nextcloud/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /team-nextcloud/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: team-nextcloud 3 | description: Nextcloud for team-container 4 | 5 | type: application 6 | 7 | version: 0.0.1 8 | appVersion: 0.0.1 9 | -------------------------------------------------------------------------------- /team-nextcloud/templates/02_service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "team-nextcloud.fullname" . }}-nc 5 | namespace: default 6 | spec: 7 | ports: 8 | - protocol: TCP 9 | name: web 10 | port: 80 11 | selector: 12 | app: {{ include "team-nextcloud.fullname" . }}-nc 13 | --- 14 | apiVersion: v1 15 | kind: Service 16 | metadata: 17 | name: {{ include "team-nextcloud.fullname" . }}-db 18 | namespace: default 19 | spec: 20 | ports: 21 | - protocol: TCP 22 | name: sql 23 | port: 3306 24 | selector: 25 | app: {{ include "team-nextcloud.fullname" . }}-db 26 | --- 27 | apiVersion: v1 28 | kind: Service 29 | metadata: 30 | name: {{ include "team-nextcloud.fullname" . }}-redis 31 | namespace: default 32 | spec: 33 | ports: 34 | - protocol: TCP 35 | name: redis 36 | port: 6379 37 | selector: 38 | app: {{ include "team-nextcloud.fullname" . }}-redis -------------------------------------------------------------------------------- /team-nextcloud/templates/03-storage.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: 4 | name: {{ include "team-nextcloud.fullname" . }}-nc-data 5 | spec: 6 | accessModes: 7 | - ReadWriteOnce 8 | storageClassName: local-path 9 | resources: 10 | requests: 11 | storage: {{ .Values.storage.limits.data }} 12 | --- 13 | apiVersion: v1 14 | kind: PersistentVolumeClaim 15 | metadata: 16 | name: {{ include "team-nextcloud.fullname" . }}-nc-db 17 | spec: 18 | accessModes: 19 | - ReadWriteOnce 20 | storageClassName: local-path 21 | resources: 22 | requests: 23 | storage: {{ .Values.storage.limits.database }} 24 | --- -------------------------------------------------------------------------------- /team-nextcloud/templates/05-ingress.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: traefik.containo.us/v1alpha1 3 | kind: Middleware 4 | metadata: 5 | name: nextcloud-service-discovery 6 | spec: 7 | redirectRegex: 8 | permanent: true 9 | regex: /.well-known/(card|cal)dav 10 | replacement: /remote.php/dav/ 11 | 12 | --- 13 | apiVersion: traefik.containo.us/v1alpha1 14 | kind: Middleware 15 | metadata: 16 | name: nextcloud-headers 17 | spec: 18 | headers: 19 | stsSeconds: 15552000 20 | stsIncludeSubdomains: true 21 | 22 | --- 23 | apiVersion: traefik.containo.us/v1alpha1 24 | kind: IngressRoute 25 | metadata: 26 | name: ingressroute-{{ include "team-nextcloud.fullname" . }} 27 | namespace: default 28 | spec: 29 | entryPoints: 30 | - websecure 31 | routes: 32 | - match: Host(`{{ .Values.app.name }}.{{ .Values.app.domain }}`) 33 | kind: Rule 34 | services: 35 | - name: {{ include "team-nextcloud.fullname" . }}-nc 36 | port: 80 37 | middlewares: 38 | - name: nextcloud-service-discovery 39 | - name: nextcloud-headers 40 | tls: 41 | certResolver: default 42 | -------------------------------------------------------------------------------- /team-nextcloud/templates/08-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: {{ include "team-nextcloud.fullname" . }}-secret 5 | type: Opaque 6 | stringData: 7 | password: {{ .Values.database.password }} 8 | rootpassword: {{ .Values.database.root_password }} -------------------------------------------------------------------------------- /team-nextcloud/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "team-nextcloud.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "team-nextcloud.fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "team-nextcloud.chart" -}} 31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | 34 | {{/* 35 | Common labels 36 | */}} 37 | {{- define "team-nextcloud.labels" -}} 38 | helm.sh/chart: {{ include "team-nextcloud.chart" . }} 39 | {{ include "team-nextcloud.selectorLabels" . }} 40 | {{- if .Chart.AppVersion }} 41 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 42 | {{- end }} 43 | app.kubernetes.io/managed-by: {{ .Release.Service }} 44 | {{- end -}} 45 | 46 | {{/* 47 | Selector labels 48 | */}} 49 | {{- define "team-nextcloud.selectorLabels" -}} 50 | app.kubernetes.io/name: {{ include "team-nextcloud.name" . }} 51 | app.kubernetes.io/instance: {{ .Release.Name }} 52 | {{- end -}} 53 | 54 | {{/* 55 | Create the name of the service account to use 56 | */}} 57 | {{- define "team-nextcloud.serviceAccountName" -}} 58 | {{- if .Values.serviceAccount.create -}} 59 | {{ default (include "team-nextcloud.fullname" .) .Values.serviceAccount.name }} 60 | {{- else -}} 61 | {{ default "default" .Values.serviceAccount.name }} 62 | {{- end -}} 63 | {{- end -}} 64 | -------------------------------------------------------------------------------- /team-nextcloud/templates/deploy_database.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: Deployment 3 | apiVersion: apps/v1 4 | metadata: 5 | namespace: default 6 | name: {{ include "team-nextcloud.fullname" . }}-db 7 | labels: 8 | app: {{ include "team-nextcloud.fullname" . }}-db 9 | spec: 10 | replicas: 1 11 | selector: 12 | matchLabels: 13 | app: {{ include "team-nextcloud.fullname" . }}-db 14 | strategy: 15 | type: Recreate 16 | template: 17 | metadata: 18 | labels: 19 | app: {{ include "team-nextcloud.fullname" . }}-db 20 | annotations: 21 | timestamp: "{{ now | unixEpoch }}" 22 | spec: 23 | volumes: 24 | - name: team-db-vol 25 | persistentVolumeClaim: 26 | claimName: {{ include "team-nextcloud.fullname" . }}-nc-db 27 | containers: 28 | - name: {{ include "team-nextcloud.fullname" . }}-db 29 | image: mariadb 30 | imagePullPolicy: Always 31 | volumeMounts: 32 | - name: team-db-vol 33 | mountPath: "/var/lib/mysql" 34 | ports: 35 | - containerPort: 3306 36 | name: mysql 37 | env: 38 | - name: MYSQL_ROOT_PASSWORD 39 | valueFrom: 40 | secretKeyRef: 41 | name: {{ include "team-nextcloud.fullname" . }}-secret 42 | key: rootpassword 43 | - name: MYSQL_PASSWORD 44 | valueFrom: 45 | secretKeyRef: 46 | name: {{ include "team-nextcloud.fullname" . }}-secret 47 | key: password 48 | - name: MYSQL_DATABASE 49 | value: "nextcloud" 50 | - name: MYSQL_USER 51 | value: "nextcloud" 52 | - name: MYSQL_INITDB_SKIP_TZINFO 53 | value: "1" 54 | --- 55 | kind: Deployment 56 | apiVersion: apps/v1 57 | metadata: 58 | namespace: default 59 | name: {{ include "team-nextcloud.fullname" . }}-redis 60 | labels: 61 | app: {{ include "team-nextcloud.fullname" . }}-redis 62 | spec: 63 | replicas: 1 64 | selector: 65 | matchLabels: 66 | app: {{ include "team-nextcloud.fullname" . }}-redis 67 | strategy: 68 | type: Recreate 69 | template: 70 | metadata: 71 | labels: 72 | app: {{ include "team-nextcloud.fullname" . }}-redis 73 | annotations: 74 | timestamp: "{{ now | unixEpoch }}" 75 | spec: 76 | containers: 77 | - name: {{ include "team-nextcloud.fullname" . }}-redis 78 | image: redis:alpine 79 | imagePullPolicy: Always 80 | ports: 81 | - containerPort: 6379 82 | name: redis -------------------------------------------------------------------------------- /team-nextcloud/templates/deploy_nextcloud.yaml: -------------------------------------------------------------------------------- 1 | kind: Deployment 2 | apiVersion: apps/v1 3 | metadata: 4 | namespace: default 5 | name: {{ include "team-nextcloud.fullname" . }}-nc 6 | labels: 7 | app: {{ include "team-nextcloud.fullname" . }}-nc 8 | spec: 9 | replicas: 1 10 | selector: 11 | matchLabels: 12 | app: {{ include "team-nextcloud.fullname" . }}-nc 13 | template: 14 | metadata: 15 | labels: 16 | app: {{ include "team-nextcloud.fullname" . }}-nc 17 | annotations: 18 | timestamp: "{{ now | unixEpoch }}" 19 | spec: 20 | volumes: 21 | - name: nc-data-vol 22 | persistentVolumeClaim: 23 | claimName: {{ include "team-nextcloud.fullname" . }}-nc-data 24 | containers: 25 | - name: cron 26 | image: nextcloud:stable 27 | imagePullPolicy: Always 28 | command: 29 | - /cron.sh 30 | volumeMounts: 31 | - name: nc-data-vol 32 | mountPath: "/var/www/html" 33 | - name: web 34 | image: nextcloud:stable 35 | imagePullPolicy: Always 36 | volumeMounts: 37 | - name: nc-data-vol 38 | mountPath: "/var/www/html" 39 | ports: 40 | - name: web 41 | containerPort: 80 42 | env: 43 | - name: REDIS_HOST 44 | value: {{ include "team-nextcloud.fullname" . }}-redis 45 | - name: MYSQL_HOST 46 | value: {{ include "team-nextcloud.fullname" . }}-db 47 | - name: NEXTCLOUD_TRUSTED_DOMAINS 48 | value: {{ .Values.app.name }}.{{ .Values.app.domain }} 49 | - name: MYSQL_DATABASE 50 | value: nextcloud 51 | - name: MYSQL_USER 52 | value: nextcloud 53 | - name: MYSQL_PASSWORD 54 | value: {{ .Values.database.password }} 55 | - name: NEXTCLOUD_ADMIN_USER 56 | value: {{ .Values.admin.name }} 57 | - name: NEXTCLOUD_ADMIN_PASSWORD 58 | value: {{ .Values.admin.password }} 59 | - name: APACHE_DISABLE_REWRITE_IP 60 | value: "1" 61 | - name: TRUSTED_PROXIES 62 | value: "10.0.0.0/8" 63 | -------------------------------------------------------------------------------- /team-nextcloud/values.yaml: -------------------------------------------------------------------------------- 1 | # Domain and subdomain for this service: 2 | app: 3 | name: cloud 4 | domain: example.org 5 | 6 | # Set a username and password for the first administrator account: 7 | admin: 8 | name: admin 9 | password: secret 10 | 11 | # Storage limit for nextcloud files and database: 12 | storage: 13 | limits: 14 | data: 128Gi 15 | database: 128Gi 16 | 17 | # No need to change these values. For internal database account only: 18 | database: 19 | password: "secret#password" 20 | root_password: "very123secret#passWord!" 21 | -------------------------------------------------------------------------------- /team-openslides/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /team-openslides/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: team-openslides 3 | description: Open Slides for team container 4 | 5 | type: application 6 | 7 | version: 0.0.1 8 | appVersion: 0.0.1 9 | -------------------------------------------------------------------------------- /team-openslides/templates/02_service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "team-openslides.fullname" . }}-web 5 | namespace: default 6 | spec: 7 | ports: 8 | - protocol: TCP 9 | name: web 10 | port: 80 11 | targetPort: 8000 12 | selector: 13 | app: {{ include "team-openslides.fullname" . }}-web -------------------------------------------------------------------------------- /team-openslides/templates/03-storage.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: 4 | name: {{ include "team-openslides.fullname" . }}-data 5 | spec: 6 | accessModes: 7 | - ReadWriteOnce 8 | storageClassName: local-path 9 | resources: 10 | requests: 11 | storage: {{ .Values.storage.limits.data }} -------------------------------------------------------------------------------- /team-openslides/templates/05-ingress.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: traefik.containo.us/v1alpha1 3 | kind: IngressRoute 4 | metadata: 5 | name: {{ include "team-openslides.fullname" . }}-ingressroute 6 | namespace: default 7 | spec: 8 | entryPoints: 9 | - websecure 10 | routes: 11 | - match: Host(`{{ .Values.app.name }}.{{ .Values.app.domain }}`) 12 | kind: Rule 13 | priority: 100 14 | services: 15 | - name: {{ include "team-openslides.fullname" . }}-web 16 | port: 80 17 | tls: 18 | certResolver: default 19 | -------------------------------------------------------------------------------- /team-openslides/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "team-openslides.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "team-openslides.fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "team-openslides.chart" -}} 31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | 34 | {{/* 35 | Common labels 36 | */}} 37 | {{- define "team-openslides.labels" -}} 38 | helm.sh/chart: {{ include "team-openslides.chart" . }} 39 | {{ include "team-openslides.selectorLabels" . }} 40 | {{- if .Chart.AppVersion }} 41 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 42 | {{- end }} 43 | app.kubernetes.io/managed-by: {{ .Release.Service }} 44 | {{- end -}} 45 | 46 | {{/* 47 | Selector labels 48 | */}} 49 | {{- define "team-openslides.selectorLabels" -}} 50 | app.kubernetes.io/name: {{ include "team-openslides.name" . }} 51 | app.kubernetes.io/instance: {{ .Release.Name }} 52 | {{- end -}} 53 | 54 | {{/* 55 | Create the name of the service account to use 56 | */}} 57 | {{- define "team-openslides.serviceAccountName" -}} 58 | {{- if .Values.serviceAccount.create -}} 59 | {{ default (include "team-openslides.fullname" .) .Values.serviceAccount.name }} 60 | {{- else -}} 61 | {{ default "default" .Values.serviceAccount.name }} 62 | {{- end -}} 63 | {{- end -}} 64 | -------------------------------------------------------------------------------- /team-openslides/templates/deploy_openslides.yaml: -------------------------------------------------------------------------------- 1 | kind: Deployment 2 | apiVersion: apps/v1 3 | metadata: 4 | namespace: default 5 | name: {{ include "team-openslides.fullname" . }}-web 6 | labels: 7 | app: {{ include "team-openslides.fullname" . }}-web 8 | spec: 9 | replicas: 1 10 | selector: 11 | matchLabels: 12 | app: {{ include "team-openslides.fullname" . }}-web 13 | template: 14 | metadata: 15 | labels: 16 | app: {{ include "team-openslides.fullname" . }}-web 17 | annotations: 18 | timestamp: "{{ now | unixEpoch }}" 19 | spec: 20 | volumes: 21 | - name: os-data-vol 22 | persistentVolumeClaim: 23 | claimName: {{ include "team-openslides.fullname" . }}-data 24 | containers: 25 | - name: openslides 26 | image: jamct/openslides 27 | imagePullPolicy: {{ .Values.app.pullpolicy }} 28 | volumeMounts: 29 | - name: os-data-vol 30 | mountPath: "/root/.local/share/openslides" 31 | ports: 32 | - containerPort: 8000 33 | env: 34 | - name: TZ 35 | value: Europe/Paris 36 | - name: OPENSLIDES_SECRET 37 | value: {{ .Values.secrets.python }} -------------------------------------------------------------------------------- /team-openslides/values.yaml: -------------------------------------------------------------------------------- 1 | app: 2 | name: club 3 | domain: example.org 4 | pullpolicy: IfNotPresent 5 | 6 | # Storage limit for files 7 | storage: 8 | limits: 9 | data: 128Gi 10 | database: 128Gi 11 | 12 | # optional changes below this line. 13 | secrets: 14 | python: "U@pP6%rQap@YT6yn4@N4" -------------------------------------------------------------------------------- /team-setup/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /team-setup/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: team-setup 3 | description: Ingress router for teamcloud 4 | 5 | type: application 6 | 7 | version: 0.0.1 8 | appVersion: 0.0.1 9 | -------------------------------------------------------------------------------- /team-setup/crds/traefik-crds.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1beta1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | name: ingressroutes.traefik.containo.us 5 | 6 | spec: 7 | group: traefik.containo.us 8 | version: v1alpha1 9 | names: 10 | kind: IngressRoute 11 | plural: ingressroutes 12 | singular: ingressroute 13 | scope: Namespaced 14 | 15 | --- 16 | apiVersion: apiextensions.k8s.io/v1beta1 17 | kind: CustomResourceDefinition 18 | metadata: 19 | name: ingressroutetcps.traefik.containo.us 20 | 21 | spec: 22 | group: traefik.containo.us 23 | version: v1alpha1 24 | names: 25 | kind: IngressRouteTCP 26 | plural: ingressroutetcps 27 | singular: ingressroutetcp 28 | scope: Namespaced 29 | 30 | --- 31 | apiVersion: apiextensions.k8s.io/v1beta1 32 | kind: CustomResourceDefinition 33 | metadata: 34 | name: middlewares.traefik.containo.us 35 | 36 | spec: 37 | group: traefik.containo.us 38 | version: v1alpha1 39 | names: 40 | kind: Middleware 41 | plural: middlewares 42 | singular: middleware 43 | scope: Namespaced 44 | 45 | --- 46 | apiVersion: apiextensions.k8s.io/v1beta1 47 | kind: CustomResourceDefinition 48 | metadata: 49 | name: tlsoptions.traefik.containo.us 50 | spec: 51 | group: traefik.containo.us 52 | version: v1alpha1 53 | names: 54 | kind: TLSOption 55 | plural: tlsoptions 56 | singular: tlsoption 57 | scope: Namespaced 58 | --- 59 | apiVersion: apiextensions.k8s.io/v1beta1 60 | kind: CustomResourceDefinition 61 | metadata: 62 | name: traefikservices.traefik.containo.us 63 | spec: 64 | group: traefik.containo.us 65 | version: v1alpha1 66 | names: 67 | kind: TraefikService 68 | plural: traefikservices 69 | singular: traefikservice 70 | scope: Namespaced 71 | --- 72 | apiVersion: apiextensions.k8s.io/v1beta1 73 | kind: CustomResourceDefinition 74 | metadata: 75 | name: tlsstores.traefik.containo.us 76 | 77 | spec: 78 | group: traefik.containo.us 79 | version: v1alpha1 80 | names: 81 | kind: TLSStore 82 | plural: tlsstores 83 | singular: tlsstore 84 | scope: Namespaced 85 | --- 86 | apiVersion: apiextensions.k8s.io/v1beta1 87 | kind: CustomResourceDefinition 88 | metadata: 89 | name: ingressrouteudps.traefik.containo.us 90 | spec: 91 | group: traefik.containo.us 92 | version: v1alpha1 93 | names: 94 | kind: IngressRouteUDP 95 | plural: ingressrouteudps 96 | singular: ingressrouteudp 97 | scope: Namespaced 98 | -------------------------------------------------------------------------------- /team-setup/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "team-setup.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "team-setup.fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "team-setup.chart" -}} 31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | 34 | {{/* 35 | Common labels 36 | */}} 37 | {{- define "team-setup.labels" -}} 38 | helm.sh/chart: {{ include "team-setup.chart" . }} 39 | {{ include "team-setup.selectorLabels" . }} 40 | {{- if .Chart.AppVersion }} 41 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 42 | {{- end }} 43 | app.kubernetes.io/managed-by: {{ .Release.Service }} 44 | {{- end -}} 45 | 46 | {{/* 47 | Selector labels 48 | */}} 49 | {{- define "team-setup.selectorLabels" -}} 50 | app.kubernetes.io/name: {{ include "team-setup.name" . }} 51 | app.kubernetes.io/instance: {{ .Release.Name }} 52 | {{- end -}} 53 | 54 | {{/* 55 | Create the name of the service account to use 56 | */}} 57 | {{- define "team-setup.serviceAccountName" -}} 58 | {{- if .Values.serviceAccount.create -}} 59 | {{ default (include "team-setup.fullname" .) .Values.serviceAccount.name }} 60 | {{- else -}} 61 | {{ default "default" .Values.serviceAccount.name }} 62 | {{- end -}} 63 | {{- end -}} 64 | -------------------------------------------------------------------------------- /team-setup/templates/ingress/01-role.yml: -------------------------------------------------------------------------------- 1 | kind: ClusterRole 2 | apiVersion: rbac.authorization.k8s.io/v1beta1 3 | metadata: 4 | name: traefik-ingress-controller 5 | rules: 6 | - apiGroups: 7 | - "" 8 | resources: 9 | - services 10 | - endpoints 11 | - secrets 12 | verbs: 13 | - get 14 | - list 15 | - watch 16 | - apiGroups: 17 | - extensions 18 | resources: 19 | - ingresses 20 | verbs: 21 | - get 22 | - list 23 | - watch 24 | - apiGroups: 25 | - extensions 26 | resources: 27 | - ingresses/status 28 | verbs: 29 | - update 30 | - apiGroups: 31 | - traefik.containo.us 32 | resources: 33 | - middlewares 34 | - ingressroutes 35 | - traefikservices 36 | - ingressroutetcps 37 | - ingressrouteudps 38 | - tlsoptions 39 | - tlsstores 40 | verbs: 41 | - get 42 | - list 43 | - watch 44 | --- 45 | kind: ClusterRoleBinding 46 | apiVersion: rbac.authorization.k8s.io/v1beta1 47 | metadata: 48 | name: traefik-ingress-controller 49 | 50 | roleRef: 51 | apiGroup: rbac.authorization.k8s.io 52 | kind: ClusterRole 53 | name: traefik-ingress-controller 54 | subjects: 55 | - kind: ServiceAccount 56 | name: traefik-ingress-controller 57 | namespace: default 58 | --- 59 | apiVersion: v1 60 | kind: ServiceAccount 61 | metadata: 62 | namespace: default 63 | name: traefik-ingress-controller 64 | -------------------------------------------------------------------------------- /team-setup/templates/ingress/02-service.yaml: -------------------------------------------------------------------------------- 1 | # Servive for Ingress-Traefik 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: traefik 6 | spec: 7 | ports: 8 | - protocol: TCP 9 | name: web 10 | port: 80 11 | targetPort: 80 12 | - protocol: TCP 13 | name: websecure 14 | port: 443 15 | targetPort: 443 16 | selector: 17 | app: traefik 18 | type: LoadBalancer 19 | -------------------------------------------------------------------------------- /team-setup/templates/ingress/03-storage.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: 4 | name: traefik-cert 5 | spec: 6 | accessModes: 7 | - ReadWriteOnce 8 | storageClassName: local-path 9 | resources: 10 | requests: 11 | storage: 128Mi -------------------------------------------------------------------------------- /team-setup/templates/ingress/04-deployment.yml: -------------------------------------------------------------------------------- 1 | kind: Deployment 2 | apiVersion: apps/v1 3 | metadata: 4 | namespace: default 5 | name: traefik 6 | labels: 7 | app: traefik 8 | spec: 9 | replicas: 1 10 | selector: 11 | matchLabels: 12 | app: traefik 13 | template: 14 | metadata: 15 | labels: 16 | app: traefik 17 | spec: 18 | serviceAccountName: traefik-ingress-controller 19 | volumes: 20 | - name: cert-vol 21 | persistentVolumeClaim: 22 | claimName: traefik-cert 23 | containers: 24 | - name: traefik 25 | image: traefik:v2.2 26 | imagePullPolicy: Always 27 | volumeMounts: 28 | - name: cert-vol 29 | mountPath: "/data" 30 | args: 31 | - --api.insecure 32 | - --accesslog 33 | - --entrypoints.web.Address=:80 34 | - --entrypoints.websecure.Address=:443 35 | - --providers.kubernetescrd 36 | - --certificatesresolvers.default.acme.tlschallenge 37 | - --certificatesresolvers.default.acme.email={{ .Values.acme.mail }} 38 | - --certificatesresolvers.default.acme.storage=/data/acme.json 39 | {{ if eq .Values.acme.production false }} 40 | - --certificatesresolvers.default.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory 41 | {{ end }} 42 | ports: 43 | - name: web 44 | containerPort: 80 45 | - name: websecure 46 | containerPort: 443 -------------------------------------------------------------------------------- /team-setup/templates/ingress/05-global-ingress.yml: -------------------------------------------------------------------------------- 1 | # global https redirect 2 | apiVersion: traefik.containo.us/v1alpha1 3 | kind: Middleware 4 | metadata: 5 | name: global-redirect-http 6 | spec: 7 | redirectScheme: 8 | scheme: https 9 | --- 10 | apiVersion: traefik.containo.us/v1alpha1 11 | kind: IngressRoute 12 | metadata: 13 | name: ingressroute-allredirect 14 | namespace: default 15 | spec: 16 | entryPoints: 17 | - web 18 | routes: 19 | - match: PathPrefix(`/`) 20 | kind: Rule 21 | services: 22 | - name: landingpage 23 | port: 80 24 | middlewares: 25 | - name: global-redirect-http -------------------------------------------------------------------------------- /team-setup/templates/ingress/06-middleware.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Combines all middlewares 3 | apiVersion: traefik.containo.us/v1alpha1 4 | kind: Middleware 5 | metadata: 6 | name: traefik-middlewares 7 | spec: 8 | chain: 9 | middlewares: 10 | - name: traefik-cleanheaders 11 | --- 12 | # clean headers 13 | apiVersion: traefik.containo.us/v1alpha1 14 | kind: Middleware 15 | metadata: 16 | name: traefik-cleanheaders 17 | spec: 18 | headers: 19 | customResponseHeaders: 20 | x-powered-by: "" 21 | server: "" -------------------------------------------------------------------------------- /team-setup/templates/landingpage/ingress.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: traefik.containo.us/v1alpha1 3 | kind: IngressRoute 4 | metadata: 5 | name: ingressroute-landingpage 6 | namespace: default 7 | spec: 8 | entryPoints: 9 | - websecure 10 | routes: 11 | - match: Host(`{{ .Values.app.name }}.{{ .Values.app.domain }}`) && Path(`/`) 12 | kind: Rule 13 | priority: 1 14 | services: 15 | - name: landingpage 16 | port: 80 17 | middlewares: 18 | - name: traefik-middlewares 19 | tls: 20 | certResolver: default -------------------------------------------------------------------------------- /team-setup/templates/landingpage/landingpage.yaml: -------------------------------------------------------------------------------- 1 | kind: Deployment 2 | apiVersion: apps/v1 3 | metadata: 4 | namespace: default 5 | name: landingpage 6 | labels: 7 | app: landingpage 8 | spec: 9 | replicas: 1 10 | selector: 11 | matchLabels: 12 | app: landingpage 13 | template: 14 | metadata: 15 | labels: 16 | app: landingpage 17 | annotations: 18 | timestamp: "{{ now | unixEpoch }}" 19 | spec: 20 | containers: 21 | - name: landingpage 22 | image: nginx:alpine 23 | imagePullPolicy: Always 24 | ports: 25 | - name: web 26 | containerPort: 80 27 | -------------------------------------------------------------------------------- /team-setup/templates/landingpage/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: landingpage 5 | spec: 6 | ports: 7 | - protocol: TCP 8 | name: web 9 | port: 80 10 | selector: 11 | app: landingpage 12 | -------------------------------------------------------------------------------- /team-setup/values.yaml: -------------------------------------------------------------------------------- 1 | acme: 2 | mail: user@example.org 3 | production: false 4 | 5 | app: 6 | name: cloud 7 | domain: example.org -------------------------------------------------------------------------------- /team-share/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /team-share/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: team-share 3 | description: Plik for team-container 4 | 5 | type: application 6 | 7 | version: 0.0.1 8 | appVersion: 0.0.1 9 | -------------------------------------------------------------------------------- /team-share/templates/02_service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "team-share.fullname" . }}-rc 5 | namespace: default 6 | spec: 7 | ports: 8 | - protocol: TCP 9 | name: web 10 | port: 8080 11 | targetPort: 8080 12 | selector: 13 | app: {{ include "team-share.fullname" . }}-rc 14 | -------------------------------------------------------------------------------- /team-share/templates/03-storage.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: 4 | name: {{ include "team-share.fullname" . }}-rc-data 5 | spec: 6 | accessModes: 7 | - ReadWriteOnce 8 | storageClassName: local-path 9 | resources: 10 | requests: 11 | storage: {{ .Values.storage.limits.data }} 12 | -------------------------------------------------------------------------------- /team-share/templates/05-ingress.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: traefik.containo.us/v1alpha1 3 | kind: IngressRoute 4 | metadata: 5 | name: ingressroute-{{ include "team-share.fullname" . }} 6 | namespace: default 7 | spec: 8 | entryPoints: 9 | - websecure 10 | routes: 11 | - match: Host(`{{ .Values.app.name }}.{{ .Values.app.domain }}`) 12 | kind: Rule 13 | services: 14 | - name: {{ include "team-share.fullname" . }}-rc 15 | port: 8080 16 | tls: 17 | certResolver: default 18 | -------------------------------------------------------------------------------- /team-share/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "team-share.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "team-share.fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "team-share.chart" -}} 31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | 34 | {{/* 35 | Common labels 36 | */}} 37 | {{- define "team-share.labels" -}} 38 | helm.sh/chart: {{ include "team-share.chart" . }} 39 | {{ include "team-share.selectorLabels" . }} 40 | {{- if .Chart.AppVersion }} 41 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 42 | {{- end }} 43 | app.kubernetes.io/managed-by: {{ .Release.Service }} 44 | {{- end -}} 45 | 46 | {{/* 47 | Selector labels 48 | */}} 49 | {{- define "team-share.selectorLabels" -}} 50 | app.kubernetes.io/name: {{ include "team-share.name" . }} 51 | app.kubernetes.io/instance: {{ .Release.Name }} 52 | {{- end -}} 53 | 54 | {{/* 55 | Create the name of the service account to use 56 | */}} 57 | {{- define "team-share.serviceAccountName" -}} 58 | {{- if .Values.serviceAccount.create -}} 59 | {{ default (include "team-share.fullname" .) .Values.serviceAccount.name }} 60 | {{- else -}} 61 | {{ default "default" .Values.serviceAccount.name }} 62 | {{- end -}} 63 | {{- end -}} 64 | -------------------------------------------------------------------------------- /team-share/templates/deploy_share.yaml: -------------------------------------------------------------------------------- 1 | kind: Deployment 2 | apiVersion: apps/v1 3 | metadata: 4 | namespace: default 5 | name: {{ include "team-share.fullname" . }}-rc 6 | labels: 7 | app: {{ include "team-share.fullname" . }}-rc 8 | spec: 9 | replicas: 1 10 | selector: 11 | matchLabels: 12 | app: {{ include "team-share.fullname" . }}-rc 13 | template: 14 | metadata: 15 | labels: 16 | app: {{ include "team-share.fullname" . }}-rc 17 | annotations: 18 | timestamp: "{{ now | unixEpoch }}" 19 | spec: 20 | volumes: 21 | - name: rc-uploads-vol 22 | persistentVolumeClaim: 23 | claimName: {{ include "team-share.fullname" . }}-rc-data 24 | restartPolicy: Always 25 | containers: 26 | - name: share 27 | image: rootgg/plik:latest 28 | imagePullPolicy: Always 29 | command: 30 | volumeMounts: 31 | - name: rc-uploads-vol 32 | mountPath: "/home/plik/server/files" 33 | ports: 34 | - name: web 35 | containerPort: 8080 36 | env: 37 | - name: INSTANCE_IP 38 | valueFrom: 39 | fieldRef: 40 | fieldPath: status.podIP 41 | - name: ROOT_URL 42 | value: "https://{{ .Values.app.name }}.{{ .Values.app.domain }}" 43 | - name: PORT 44 | value: "8080" 45 | -------------------------------------------------------------------------------- /team-share/values.yaml: -------------------------------------------------------------------------------- 1 | # Domain and subdomain for this service: 2 | app: 3 | name: share 4 | domain: example.org 5 | 6 | 7 | # Storage limit for files and database (no need to change): 8 | storage: 9 | limits: 10 | data: 128Gi 11 | 12 | -------------------------------------------------------------------------------- /team-video/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /team-video/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: team-video 3 | description: Video meetings for teamcloud 4 | 5 | type: application 6 | 7 | version: 0.0.1 8 | appVersion: 0.0.1 9 | -------------------------------------------------------------------------------- /team-video/templates/02_service.yaml: -------------------------------------------------------------------------------- 1 | # Public service 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | labels: 6 | app: jitsi 7 | name: {{ include "team-video.fullname" . }}-jvb 8 | namespace: default 9 | spec: 10 | type: NodePort 11 | ports: 12 | - name: udp 13 | port: 30000 14 | nodePort: 30000 15 | protocol: UDP 16 | targetPort: 30000 17 | - name: tcp 18 | port: 30001 19 | nodePort: 30001 20 | protocol: TCP 21 | targetPort: 30001 22 | selector: 23 | app: {{ include "team-video.fullname" . }}-jvb 24 | --- 25 | apiVersion: v1 26 | kind: Service 27 | metadata: 28 | name: {{ include "team-video.fullname" . }}-web 29 | namespace: default 30 | spec: 31 | ports: 32 | - protocol: TCP 33 | name: web 34 | port: 80 35 | selector: 36 | app: {{ include "team-video.fullname" . }}-web 37 | --- 38 | apiVersion: v1 39 | kind: Service 40 | metadata: 41 | labels: 42 | service: {{ include "team-video.fullname" . }}-prosody 43 | name: {{ include "team-video.fullname" . }}-prosody 44 | namespace: default 45 | spec: 46 | ports: 47 | - name: "5222" 48 | port: 5222 49 | targetPort: 5222 50 | - name: "5280" 51 | port: 5280 52 | targetPort: 5280 53 | - name: "5347" 54 | port: 5347 55 | targetPort: 5347 56 | selector: 57 | app: {{ include "team-video.fullname" . }}-prosody 58 | status: 59 | loadBalancer: {} 60 | -------------------------------------------------------------------------------- /team-video/templates/05-ingress.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: traefik.containo.us/v1alpha1 3 | kind: IngressRoute 4 | metadata: 5 | name: {{ include "team-video.fullname" . }}-ingressroute 6 | namespace: default 7 | spec: 8 | entryPoints: 9 | - websecure 10 | routes: 11 | - match: Host(`{{ .Values.app.name }}.{{ .Values.app.domain }}`) 12 | kind: Rule 13 | priority: 100 14 | services: 15 | - name: {{ include "team-video.fullname" . }}-web 16 | port: 80 17 | tls: 18 | certResolver: default 19 | -------------------------------------------------------------------------------- /team-video/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "team-video.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "team-video.fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "team-video.chart" -}} 31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | 34 | {{/* 35 | Common labels 36 | */}} 37 | {{- define "team-video.labels" -}} 38 | helm.sh/chart: {{ include "team-video.chart" . }} 39 | {{ include "team-video.selectorLabels" . }} 40 | {{- if .Chart.AppVersion }} 41 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 42 | {{- end }} 43 | app.kubernetes.io/managed-by: {{ .Release.Service }} 44 | {{- end -}} 45 | 46 | {{/* 47 | Selector labels 48 | */}} 49 | {{- define "team-video.selectorLabels" -}} 50 | app.kubernetes.io/name: {{ include "team-video.name" . }} 51 | app.kubernetes.io/instance: {{ .Release.Name }} 52 | {{- end -}} 53 | 54 | {{/* 55 | Create the name of the service account to use 56 | */}} 57 | {{- define "team-video.serviceAccountName" -}} 58 | {{- if .Values.serviceAccount.create -}} 59 | {{ default (include "team-video.fullname" .) .Values.serviceAccount.name }} 60 | {{- else -}} 61 | {{ default "default" .Values.serviceAccount.name }} 62 | {{- end -}} 63 | {{- end -}} 64 | -------------------------------------------------------------------------------- /team-video/templates/deploy_jicofo.yaml: -------------------------------------------------------------------------------- 1 | kind: Deployment 2 | apiVersion: apps/v1 3 | metadata: 4 | namespace: default 5 | name: {{ include "team-video.fullname" . }}-jicofo 6 | labels: 7 | app: {{ include "team-video.fullname" . }}-jicofo 8 | spec: 9 | replicas: 1 10 | selector: 11 | matchLabels: 12 | app: {{ include "team-video.fullname" . }}-jicofo 13 | template: 14 | metadata: 15 | labels: 16 | app: {{ include "team-video.fullname" . }}-jicofo 17 | annotations: 18 | timestamp: "{{ now | unixEpoch }}" 19 | spec: 20 | containers: 21 | - name: jicofo 22 | image: jitsi/jicofo 23 | imagePullPolicy: {{ .Values.app.pullpolicy }} 24 | env: 25 | {{ if .Values.auth.enabled}} 26 | {{ if eq .Values.auth.type "ldap" }} 27 | - name: ENABLE_LDAP_AUTH 28 | value: "true" 29 | {{else}} 30 | - name: ENABLE_AUTH 31 | value: "true" 32 | - name: AUTH_TYPE 33 | value: {{ .Values.auth.type }} 34 | {{end}} 35 | {{end}} 36 | - name: XMPP_SERVER 37 | value: {{ include "team-video.fullname" . }}-prosody 38 | - name: XMPP_DOMAIN 39 | value: {{ .Values.app.name }}.{{ .Values.app.domain }} 40 | - name: XMPP_AUTH_DOMAIN 41 | value: auth.{{ .Values.app.name }}.{{ .Values.app.domain }} 42 | {{ if .Values.auth.guests}} 43 | - name: XMPP_GUEST_DOMAIN 44 | value: guest.{{ .Values.app.name }}.{{ .Values.app.domain }} 45 | {{end}} 46 | - name: JICOFO_COMPONENT_SECRET 47 | value: {{ .Values.secrets.jicofo.component }} 48 | - name: JICOFO_AUTH_USER 49 | value: focus 50 | - name: JICOFO_AUTH_PASSWORD 51 | value: {{ .Values.secrets.jicofo.auth }} 52 | - name: JVB_BREWERY_MUC 53 | value: jvbbrewery 54 | - name: XMPP_INTERNAL_MUC_DOMAIN 55 | value: internal-muc.{{ .Values.app.name }}.{{ .Values.app.domain }} 56 | - name: TZ 57 | value: Europe/Paris -------------------------------------------------------------------------------- /team-video/templates/deploy_jvb.yaml: -------------------------------------------------------------------------------- 1 | kind: Deployment 2 | apiVersion: apps/v1 3 | metadata: 4 | namespace: default 5 | name: {{ include "team-video.fullname" . }}-jvb 6 | labels: 7 | app: {{ include "team-video.fullname" . }}-jvb 8 | spec: 9 | replicas: 1 10 | selector: 11 | matchLabels: 12 | app: {{ include "team-video.fullname" . }}-jvb 13 | template: 14 | metadata: 15 | labels: 16 | app: {{ include "team-video.fullname" . }}-jvb 17 | annotations: 18 | timestamp: "{{ now | unixEpoch }}" 19 | spec: 20 | containers: 21 | - name: jvb 22 | image: jitsi/jvb 23 | imagePullPolicy: {{ .Values.app.pullpolicy }} 24 | ports: 25 | - containerPort: 30000 26 | protocol: UDP 27 | - containerPort: 30001 28 | resources: {} 29 | env: 30 | - name: XMPP_SERVER 31 | value: {{ include "team-video.fullname" . }}-prosody 32 | - name: DOCKER_HOST_ADDRESS 33 | valueFrom: 34 | fieldRef: 35 | fieldPath: status.hostIP 36 | - name: XMPP_DOMAIN 37 | value: {{ .Values.app.name }}.{{ .Values.app.domain }} 38 | - name: XMPP_AUTH_DOMAIN 39 | value: auth.{{ .Values.app.name }}.{{ .Values.app.domain }} 40 | - name: JVB_PORT 41 | value: "30000" 42 | - name: JVB_TCP_PORT 43 | value: "30001" 44 | - name: JVB_AUTH_USER 45 | value: jvb 46 | - name: JVB_AUTH_PASSWORD 47 | value: {{ .Values.secrets.jvb.auth }} 48 | - name: JVB_BREWERY_MUC 49 | value: jvbbrewery 50 | {{ if .Values.auth.guests}} 51 | - name: XMPP_GUEST_DOMAIN 52 | value: guest.{{ .Values.app.name }}.{{ .Values.app.domain }} 53 | {{end}} 54 | - name: XMPP_INTERNAL_MUC_DOMAIN 55 | value: internal-muc.{{ .Values.app.name }}.{{ .Values.app.domain }} 56 | - name: JVB_STUN_SERVERS 57 | {{ if .Values.stun.server}} 58 | value: {{ .Values.stun.server }} 59 | {{else}} 60 | value: stun.l.google.com:19302,stun1.l.google.com:19302,stun2.l.google.com:19302 61 | {{end}} 62 | - name: JICOFO_AUTH_USER 63 | value: focus 64 | - name: TZ 65 | value: Europe/Paris -------------------------------------------------------------------------------- /team-video/templates/deploy_prosody.yaml: -------------------------------------------------------------------------------- 1 | kind: Deployment 2 | apiVersion: apps/v1 3 | metadata: 4 | namespace: default 5 | name: {{ include "team-video.fullname" . }}-prosody 6 | labels: 7 | app: {{ include "team-video.fullname" . }}-prosody 8 | spec: 9 | replicas: 1 10 | selector: 11 | matchLabels: 12 | app: {{ include "team-video.fullname" . }}-prosody 13 | template: 14 | metadata: 15 | labels: 16 | app: {{ include "team-video.fullname" . }}-prosody 17 | annotations: 18 | timestamp: "{{ now | unixEpoch }}" 19 | spec: 20 | containers: 21 | - name: prosody 22 | ports: 23 | - containerPort: 5222 24 | - containerPort: 5280 25 | - containerPort: 5347 26 | resources: {} 27 | # restartPolicy: Always 28 | {{ if and .Values.auth.enabled (eq .Values.auth.type "internal") }} 29 | lifecycle: 30 | postStart: 31 | exec: 32 | command: ["/bin/bash", "-c", "sleep 60; prosodyctl --config /config/prosody.cfg.lua register {{ .Values.auth.admin.user }} {{ .Values.app.name }}.{{ .Values.app.domain }} {{ .Values.auth.admin.password }}"] 33 | {{end}} 34 | image: jitsi/prosody 35 | imagePullPolicy: {{ .Values.app.pullpolicy }} 36 | env: 37 | {{ if .Values.auth.enabled}} 38 | - name: ENABLE_AUTH 39 | value: "true" 40 | {{ if .Values.auth.guests}} 41 | - name: ENABLE_GUESTS 42 | value: "true" 43 | {{end}} 44 | - name: AUTH_TYPE 45 | value: {{ .Values.auth.type }} 46 | {{end}} 47 | - name: XMPP_DOMAIN 48 | value: {{ .Values.app.name }}.{{ .Values.app.domain }} 49 | {{ if .Values.auth.guests}} 50 | - name: XMPP_GUEST_DOMAIN 51 | value: guest.{{ .Values.app.name }}.{{ .Values.app.domain }} 52 | {{end}} 53 | - name: XMPP_AUTH_DOMAIN 54 | value: auth.{{ .Values.app.name }}.{{ .Values.app.domain }} 55 | - name: XMPP_MUC_DOMAIN 56 | value: muc.{{ .Values.app.name }}.{{ .Values.app.domain }} 57 | - name: JICOFO_COMPONENT_SECRET 58 | value: {{ .Values.secrets.jicofo.component }} 59 | - name: JVB_COMPONENT_SECRET 60 | value: {{ .Values.secrets.jvb.component }} 61 | - name: JICOFO_AUTH_USER 62 | value: focus 63 | - name: JICOFO_AUTH_PASSWORD 64 | value: {{ .Values.secrets.jicofo.auth }} 65 | - name: JVB_AUTH_USER 66 | value: jvb 67 | - name: JVB_AUTH_PASSWORD 68 | value: {{ .Values.secrets.jvb.auth }} 69 | - name: LOG_LEVEL 70 | value: {{ .Values.logLevel }} 71 | - name: XMPP_INTERNAL_MUC_DOMAIN 72 | value: internal-muc.{{ .Values.app.name }}.{{ .Values.app.domain }} 73 | - name: TZ 74 | value: Europe/Paris -------------------------------------------------------------------------------- /team-video/templates/deploy_web.yaml: -------------------------------------------------------------------------------- 1 | kind: Deployment 2 | apiVersion: apps/v1 3 | metadata: 4 | namespace: default 5 | name: {{ include "team-video.fullname" . }}-web 6 | labels: 7 | app: {{ include "team-video.fullname" . }}-web 8 | spec: 9 | replicas: 1 10 | selector: 11 | matchLabels: 12 | app: {{ include "team-video.fullname" . }}-web 13 | template: 14 | metadata: 15 | labels: 16 | app: {{ include "team-video.fullname" . }}-web 17 | annotations: 18 | timestamp: "{{ now | unixEpoch }}" 19 | spec: 20 | containers: 21 | - name: web 22 | image: jitsi/web 23 | imagePullPolicy: {{ .Values.app.pullpolicy }} 24 | ports: 25 | - name: web 26 | containerPort: 80 27 | {{if .Values.hideWelcomePage}} 28 | lifecycle: 29 | postStart: 30 | exec: 31 | command: ['/bin/bash', '-c', 'sleep 60; sed -i "s/enableWelcomePage: true,/enableWelcomePage: false,/g" /config/config.js'] 32 | {{end}} 33 | env: 34 | {{ if .Values.auth.enabled}} 35 | - name: ENABLE_AUTH 36 | value: "1" 37 | {{ if .Values.auth.guests}} 38 | - name: ENABLE_GUESTS 39 | value: "1" 40 | {{end}} 41 | {{ if .Values.auth.ldapauthmethod}} 42 | - name: LDAP_AUTH_METHOD 43 | value: {{ .Values.auth.ldapauthmethod}} 44 | {{end}} 45 | {{ if .Values.auth.ldapurl }} 46 | - name: LDAP_URL 47 | value: {{ .Values.auth.ldapurl }} 48 | {{end}} 49 | {{ if .Values.auth.ldapusetls }} 50 | - name: LDAP_USE_TLS 51 | value: {{ .Values.auth.ldapusetls }} 52 | {{end}} 53 | {{ if .Values.auth.ldapstarttls }} 54 | - name: LDAP_START_TLS 55 | value: {{ .Values.auth.ldapstarttls }} 56 | {{end}} 57 | {{ if .Values.auth.ldaptlscacertfile }} 58 | - name: LDAP_TLS_CACERT_FILE 59 | value: {{ .Values.auth.ldaptlscacertfile }} 60 | {{end}} 61 | {{ if .Values.auth.ldaptlscacertdir }} 62 | - name: LDAP_TLS_CACERT_DIR 63 | value: {{ .Values.auth.ldaptlscacertdir }} 64 | {{end}} 65 | {{ if .Values.auth.ldapcheckpeer }} 66 | - name: LDAP_TLS_CHECK_PEER 67 | value: {{ .Values.auth.ldapcheckpeer }} 68 | {{end}} 69 | {{ if .Values.auth.ldapbase }} 70 | - name: LDAP_BASE 71 | value: {{ .Values.auth.ldapbase }} 72 | {{end}} 73 | {{ if .Values.auth.ldapbinddn }} 74 | - name: LDAP_BINDDN 75 | value: {{ .Values.auth.ldapbinddn }} 76 | {{end}} 77 | {{ if .Values.auth.ldapbindpw }} 78 | - name: LDAP_BINDPW 79 | value: {{ .Values.auth.ldapbindpw }} 80 | {{end}} 81 | {{ if .Values.auth.ldapfilter }} 82 | - name: LDAP_FILTER 83 | value: {{ .Values.auth.ldapfilter }} 84 | {{end}} 85 | {{ if .Values.auth.ldapversion }} 86 | - name: LDAP_VERSION 87 | value: {{ .Values.auth.ldapversion }} 88 | {{end}} 89 | {{end}} 90 | - name: JICOFO_AUTH_USER 91 | value: focus 92 | - name: XMPP_DOMAIN 93 | value: {{ .Values.app.name }}.{{ .Values.app.domain }} 94 | - name: XMPP_AUTH_DOMAIN 95 | value: auth.{{ .Values.app.name }}.{{ .Values.app.domain }} 96 | {{ if .Values.auth.guests}} 97 | - name: XMPP_GUEST_DOMAIN 98 | value: guest.{{ .Values.app.name }}.{{ .Values.app.domain }} 99 | {{end}} 100 | - name: XMPP_BOSH_URL_BASE 101 | value: http://{{ include "team-video.fullname" . }}-prosody:5280 102 | - name: XMPP_MUC_DOMAIN 103 | value: muc.{{ .Values.app.name }}.{{ .Values.app.domain }} 104 | - name: TZ 105 | value: Europe/Paris 106 | - name: PUBLIC_URL 107 | value: "https://{{ .Values.app.name }}.{{ .Values.app.domain }}" 108 | - name: SHOW_JITSI_WATERMARK 109 | value: "false" 110 | - name: SHOW_WATERMARK_FOR_GUESTS 111 | value: "false" -------------------------------------------------------------------------------- /team-video/values.yaml: -------------------------------------------------------------------------------- 1 | app: 2 | name: video 3 | domain: example.org 4 | pullpolicy: IfNotPresent 5 | 6 | auth: 7 | enabled: false 8 | guests: true 9 | type: "internal" 10 | admin: 11 | user: admin 12 | password: "jitsiAdmin" 13 | 14 | logLevel: "info" 15 | hideWelcomePage: true 16 | 17 | stun: 18 | server: 19 | 20 | # optional changes below this line. 21 | secrets: 22 | jvb: 23 | component: "jsdjhjk623sxbnedrtg42315tr" 24 | auth: "srfddffgjsdf34342349988" 25 | jicofo: 26 | component: "s234sdffghbvjnndf!" 27 | auth: "sdfokjsdfkl123123123ghghg!" -------------------------------------------------------------------------------- /values-chat.yaml: -------------------------------------------------------------------------------- 1 | # Domain and subdomain for this service: 2 | app: 3 | name: chat 4 | domain: example.org 5 | 6 | # Set a username and password for the first administrator account: 7 | admin: 8 | name: admin 9 | password: secret 10 | mail: admin@example.org 11 | 12 | # Storage limit for files and database (no need to change): 13 | storage: 14 | limits: 15 | data: 128Gi 16 | database: 128Gi 17 | -------------------------------------------------------------------------------- /values-nextcloud.yaml: -------------------------------------------------------------------------------- 1 | app: 2 | name: cloud 3 | domain: example.org 4 | 5 | # Set a username and password for the first administrator account: 6 | admin: 7 | name: admin 8 | password: secret 9 | 10 | # storage limit for nextcloud files and database 11 | storage: 12 | limits: 13 | data: 128Gi 14 | database: 128Gi 15 | 16 | # no need to change these values. For internal databas account only 17 | database: 18 | password: "secret#password" 19 | root_password: "very123secret#passWord!" 20 | -------------------------------------------------------------------------------- /values-openslides.yaml: -------------------------------------------------------------------------------- 1 | app: 2 | name: club 3 | domain: example.org 4 | pullpolicy: IfNotPresent 5 | 6 | # Storage limit for files 7 | storage: 8 | limits: 9 | data: 128Gi 10 | database: 128Gi 11 | 12 | # optional changes below this line. 13 | secrets: 14 | python: "U@pP6%rQap@YT6yn4@N4" -------------------------------------------------------------------------------- /values-setup.yaml: -------------------------------------------------------------------------------- 1 | acme: 2 | mail: user@example.org 3 | production: false 4 | 5 | app: 6 | name: cloud 7 | domain: example.org 8 | -------------------------------------------------------------------------------- /values-share.yaml: -------------------------------------------------------------------------------- 1 | # Domain and subdomain for this service: 2 | app: 3 | name: share 4 | domain: example.org 5 | 6 | 7 | # Storage limit for files and database (no need to change): 8 | storage: 9 | limits: 10 | data: 128Gi 11 | 12 | -------------------------------------------------------------------------------- /values-video.yaml: -------------------------------------------------------------------------------- 1 | app: 2 | name: video 3 | domain: example.org 4 | pullpolicy: IfNotPresent # set to Always for auto updates 5 | 6 | auth: 7 | enabled: false 8 | guests: true 9 | # internal auth 10 | type: internal 11 | admin: 12 | user: admin 13 | password: "jitsiAdmin" 14 | # ldap auth - remove above "type: internal" auth to use it 15 | #type: ldap 16 | #ldapauthmethod: bind 17 | #ldapurl: ldap://LDAP_SERVER 18 | #ldapusetls: 1 19 | #ldapstarttls: 1 # needs LDAP_VERSIOn 3 20 | #ldaptlscacertfile: 21 | #ldaptlscacertdir: 22 | #ldaptlscheckpeer: 23 | #ldapbase: OU=users,DC=domain,DC=local 24 | #ldapbinddn: CN=ldap user,OU=svc_users,DC=domain,DC=local 25 | #ldapbindpw: VerySecretPassword 26 | #ldapfilter: (&(&(|(objectclass=person)))(|(samaccountname=%uid)(|(mailPrimaryAddress=%uid)(mail=%uid)))) 27 | #ldapversion: 3 # can break helm upgrade 28 | 29 | logLevel: "info" 30 | hideWelcomePage: true 31 | # Remove following # to use different stun servers 32 | # stun: 33 | # server: stun.stunprotocol.org:3478, stun.services.mozilla.com:3478 34 | --------------------------------------------------------------------------------