Sienna Meridian Satterwhite
ccfe8b877a
- Add Messages (email) service: backend, frontend, MTA in/out, MPA, SOCKS proxy, worker, DKIM config, and theme customization - Add Collabora deployment for document collaboration - Add Drive frontend nginx config and values - Add buildkitd namespace for in-cluster container builds - Add SeaweedFS remote sync and additional S3 buckets - Update vault secrets across namespaces (devtools, lasuite, media, monitoring, ory, storage) with expanded credential management - Update monitoring: rename grafana→metrics OAuth2Client, add Prometheus remote write and additional scrape configs - Update local/production overlays with resource patches - Remove stale login-ui resource patch from production overlay
55 lines
1.5 KiB
YAML
55 lines
1.5 KiB
YAML
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: collabora
|
|
namespace: lasuite
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: collabora
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: collabora
|
|
spec:
|
|
containers:
|
|
- name: collabora
|
|
image: collabora/code:latest
|
|
ports:
|
|
- containerPort: 9980
|
|
env:
|
|
# Regex of allowed WOPI host origins (Drive's public URL). Escape the dot.
|
|
- name: aliasgroup1
|
|
value: "https://drive\\.DOMAIN_SUFFIX:443"
|
|
# Public hostname — Collabora uses this in self-referencing URLs.
|
|
- name: server_name
|
|
value: "docs.DOMAIN_SUFFIX"
|
|
# TLS is terminated at Pingora; disable Collabora's built-in TLS.
|
|
- name: extra_params
|
|
value: "--o:ssl.enable=false --o:ssl.termination=true"
|
|
- name: dictionaries
|
|
value: "en_US fr_FR"
|
|
- name: username
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: collabora-credentials
|
|
key: username
|
|
- name: password
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: collabora-credentials
|
|
key: password
|
|
securityContext:
|
|
capabilities:
|
|
add:
|
|
- SYS_CHROOT
|
|
- SYS_ADMIN
|
|
resources:
|
|
limits:
|
|
memory: 1Gi
|
|
cpu: 1000m
|
|
requests:
|
|
memory: 512Mi
|
|
cpu: 100m
|