kind: PersistentVolumeClaim apiVersion: v1 metadata: name: grist namespace: grist spec: accessModes: - ReadWriteOnce resources: requests: storage: 5Gi --- apiVersion: v1 kind: Secret metadata: name: grist-auth namespace: grist annotations: kube-1password: mr6spkkx7n3memkbute6ojaarm kube-1password/vault: Kubernetes type: Opaque --- apiVersion: v1 kind: Service metadata: name: grist namespace: grist spec: type: ClusterIP ports: - port: 80 targetPort: web name: web selector: app: grist --- apiVersion: apps/v1 kind: Deployment metadata: name: grist namespace: grist labels: app: grist spec: replicas: 1 strategy: type: Recreate selector: matchLabels: app: grist template: metadata: labels: app: grist spec: containers: - args: - --cookie-secure=false - --provider=oidc - --provider-display-name=Auth0 - --upstream=http://localhost:8484 - --http-address=$(HOST_IP):8000 - --redirect-url=https://grist.cluster.fun/oauth2/callback - --email-domain=marcusnoble.co.uk - --pass-basic-auth=false - --pass-access-token=false - --oidc-issuer-url=https://marcusnoble.eu.auth0.com/ - --cookie-secret=KDGD6rrK6cBmryyZ4wcJ9xAUNW9AQNFT - --cookie-expire=336h0m0s env: - name: HOST_IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.podIP - name: OAUTH2_PROXY_CLIENT_ID valueFrom: secretKeyRef: key: username name: grist-auth - name: OAUTH2_PROXY_CLIENT_SECRET valueFrom: secretKeyRef: key: password name: grist-auth image: quay.io/oauth2-proxy/oauth2-proxy:v7.2.1 name: oauth-proxy ports: - containerPort: 8000 protocol: TCP name: proxy resources: limits: memory: 50Mi requests: memory: 50Mi - name: web image: gristlabs/grist:latest imagePullPolicy: Always ports: - containerPort: 8484 name: web env: - name: APP_HOME_URL value: "https://grist.cluster.fun/" - name: APP_DOC_URL value: "https://grist.cluster.fun/" - name: GRIST_MAX_UPLOAD_ATTACHMENT_MB value: "0" - name: GRIST_MAX_UPLOAD_IMPORT_MB value: "0" - name: PORT value: "8484" - name: DEBUG value: "1" - name: GRIST_SINGLE_ORG value: "docs" - name: GRIST_DEFAULT_EMAIL value: "grist@marcusnoble.co.uk" - name: REDIS_URL value: "redis://localhost:6379" command: - sh - -c - | yarn add connect-redis@3.4.0 yarn run start:prod volumeMounts: - name: storage mountPath: /persist - name: redis image: redis:6 imagePullPolicy: IfNotPresent ports: - containerPort: 6379 name: redis volumes: - name: storage persistentVolumeClaim: claimName: grist --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: grist namespace: grist annotations: cert-manager.io/cluster-issuer: letsencrypt nginx.ingress.kubernetes.io/force-ssl-redirect: "true" spec: tls: - hosts: - grist.cluster.fun secretName: grist-ingress rules: - host: grist.cluster.fun http: paths: - path: / pathType: ImplementationSpecific backend: service: name: grist port: number: 80