Bookstack
Manifiesto
✅ Namespace bookstack
✅ StatefulSet de MariaDB con PVC basado en StorageClass ceph-rbd
✅ Deployment escalable de BookStack con PVC basado en StorageClass ceph-rbd
✅ Service para la comunicación entre BookStack y MariaDB
✅ Ingress con nginx en https://bookstack.k8s.dominio.com
# Namespace
apiVersion: v1
kind: Namespace
metadata:
name: bookstack
---
# Secret para credenciales de MariaDB
apiVersion: v1
kind: Secret
metadata:
name: mariadb-secret
namespace: bookstack
type: Opaque
stringData:
MYSQL_ROOT_PASSWORD: bookstackrootpass
MYSQL_DATABASE: bookstack
MYSQL_USER: bookstack
MYSQL_PASSWORD: bookstackpass
---
# Secret para APP_KEY
apiVersion: v1
kind: Secret
metadata:
name: bookstack-secret
namespace: bookstack
type: Opaque
stringData:
APP_KEY: base64:iT19P7p4nStOV3LCxQ169Wg6KMFLesM2N50u8vFcJ2c=
---
# PVC para MariaDB
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mariadb-pvc
namespace: bookstack
spec:
accessModes:
- ReadWriteOnce
storageClassName: ceph-rbd
resources:
requests:
storage: 5Gi
---
# PVC para BookStack
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: bookstack-pvc
namespace: bookstack
spec:
accessModes:
- ReadWriteOnce
storageClassName: ceph-rbd
resources:
requests:
storage: 5Gi
---
# Deployment de MariaDB
apiVersion: apps/v1
kind: Deployment
metadata:
name: mariadb
namespace: bookstack
spec:
replicas: 1
selector:
matchLabels:
app: mariadb
template:
metadata:
labels:
app: mariadb
spec:
containers:
- name: mariadb
image: mariadb:10.6
envFrom:
- secretRef:
name: mariadb-secret
ports:
- containerPort: 3306
volumeMounts:
- name: mariadb-storage
mountPath: /var/lib/mysql
readinessProbe:
tcpSocket:
port: 3306
initialDelaySeconds: 10
periodSeconds: 5
volumes:
- name: mariadb-storage
persistentVolumeClaim:
claimName: mariadb-pvc
---
# Deployment de BookStack
apiVersion: apps/v1
kind: Deployment
metadata:
name: bookstack
namespace: bookstack
spec:
replicas: 1
selector:
matchLabels:
app: bookstack
template:
metadata:
labels:
app: bookstack
spec:
containers:
- name: bookstack
image: lscr.io/linuxserver/bookstack
env:
- name: PUID
value: "1000"
- name: PGID
value: "1000"
- name: MYSQL_HOST
value: mariadb.bookstack.svc.cluster.local
- name: MYSQL_DATABASE
valueFrom:
secretKeyRef:
name: mariadb-secret
key: MYSQL_DATABASE
- name: MYSQL_USER
valueFrom:
secretKeyRef:
name: mariadb-secret
key: MYSQL_USER
- name: MYSQL_PASSWORD
valueFrom:
secretKeyRef:
name: mariadb-secret
key: MYSQL_PASSWORD
- name: APP_URL
value: "https://bookstack.k8s.ictiberia.com"
- name: APP_KEY
valueFrom:
secretKeyRef:
name: bookstack-secret
key: APP_KEY
ports:
- containerPort: 80
volumeMounts:
- name: bookstack-storage
mountPath: /config
readinessProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 10
periodSeconds: 5
volumes:
- name: bookstack-storage
persistentVolumeClaim:
claimName: bookstack-pvc
---
# Servicio para MariaDB
apiVersion: v1
kind: Service
metadata:
name: mariadb
namespace: bookstack
spec:
selector:
app: mariadb
ports:
- port: 3306
targetPort: 3306
---
# Servicio para BookStack
apiVersion: v1
kind: Service
metadata:
name: bookstack
namespace: bookstack
spec:
selector:
app: bookstack
ports:
- port: 80
targetPort: 80
---
# Ingress TLS para BookStack
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: bookstack
namespace: bookstack
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
cert-manager.io/cluster-issuer: "letsencrypt-staging"
spec:
tls:
- hosts:
- bookstack.k8s.ictiberia.com
secretName: bookstack-tls
rules:
- host: bookstack.k8s.ictiberia.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: bookstack
port:
number: 80