Bookstack
Manifiesto
✅ Namespace bookstack
✅ StatefulSet de MariaDB con PVC basado en StorageClass ceph-rbd
✅ Deployment escalable de BookStack con PVC basado en StorageClass ceph-rbd
✅ Service para la comunicación entre BookStack y MariaDB
✅ Ingress con nginx en https://bookstack.k8s.dominio.com
# Namespace
apiVersion: v1
kind: Namespace
metadata:
name: bookstack
---
# Secret para credenciales de MariaDB
apiVersion: v1
kind: Secret
metadata:
name: mariadb-secret
namespace: bookstack
type: Opaque
stringData:
MYSQL_ROOT_PASSWORD: bookstackrootpass
MYSQL_DATABASE: bookstack
MYSQL_USER: bookstack
MYSQL_PASSWORD: bookstackpass
---
# PVC para MariaDB
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mariadb-pvc
namespace: bookstack
spec:
accessModes:
- ReadWriteOnce
storageClassName: ceph-rbd
resources:
requests:
storage: 5Gi
---
# PVC para BookStack
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: bookstack-pvc
namespace: bookstack
spec:
accessModes:
- ReadWriteOnce
storageClassName: ceph-rbd
resources:
requests:
storage: 5Gi
---
# StatefulSet de MariaDB
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: mariadb
namespace: bookstack
spec:
serviceName: mariadb
replicas: 1
selector:
matchLabels:
app: mariadb
template:
metadata:
labels:
app: mariadb
spec:
containers:
- name: mariadb
image: mariadb:10.6
env:
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: mariadb-secret
key: MYSQL_ROOT_PASSWORD
- name: MYSQL_DATABASE
valueFrom:
secretKeyRef:
name: mariadb-secret
key: MYSQL_DATABASE
- name: MYSQL_USER
valueFrom:
secretKeyRef:
name: mariadb-secret
key: MYSQL_USER
- name: MYSQL_PASSWORD
valueFrom:
secretKeyRef:
name: mariadb-secret
key: MYSQL_PASSWORD
- name: APP_URL
value: "https://bookstack.k8s.ictiberia.com"
ports:
- containerPort: 3306
volumeMounts:
- name: mariadb-storage
mountPath: /var/lib/mysql
volumeClaimTemplates:
- metadata:
name: mariadb-storage
spec:
accessModes: ["ReadWriteOnce"]
storageClassName: ceph-rbd
resources:
requests:
storage: 5Gi
---
# Deployment de BookStack
apiVersion: apps/v1
kind: Deployment
metadata:
name: bookstack
namespace: bookstack
spec:
replicas: 1
selector:
matchLabels:
app: bookstack
template:
metadata:
labels:
app: bookstack
spec:
containers:
- name: bookstack
image: lscr.io/linuxserver/bookstack:latest
env:
- name: PUID
value: "1000"
- name: PGID
value: "1000"
- name: DB_HOST
value: mariadb.bookstack.svc.cluster.local
- name: DB_USER
valueFrom:
secretKeyRef:
name: mariadb-secret
key: MYSQL_USER
- name: DB_PASS
valueFrom:
secretKeyRef:
name: mariadb-secret
key: MYSQL_PASSWORD
- name: DB_DATABASE
valueFrom:
secretKeyRef:
name: mariadb-secret
key: MYSQL_DATABASE
ports:
- containerPort: 80
volumeMounts:
- name: bookstack-storage
mountPath: /config
volumes:
- name: bookstack-storage
persistentVolumeClaim:
claimName: bookstack-pvc
---
# Servicio para MariaDB
apiVersion: v1
kind: Service
metadata:
name: mariadb
namespace: bookstack
spec:
selector:
app: mariadb
ports:
- port: 3306
targetPort: 3306
---
# Servicio para BookStack
apiVersion: v1
kind: Service
metadata:
name: bookstack
namespace: bookstack
spec:
selector:
app: bookstack
ports:
- port: 80
targetPort: 80
---
# Ingress TLS para BookStack
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: bookstack
namespace: bookstack
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "true"
cert-manager.io/cluster-issuer: "letsencrypt-staging" # Cambiar a letsencrypt-prod en producción
spec:
tls:
- hosts:
- bookstack.k8s.ictiberia.com
secretName: bookstack-tls
rules:
- host: bookstack.k8s.ictiberia.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: bookstack
port:
number: 80