seafile

Signed-off-by: Michael Thomson <michael@michaelthomson.dev>
2026-02-04 13:09:53 +00:00 · 2024-10-05 13:20:02 -04:00
parent cd57c90aa5
commit 21d3bb0467
14 changed files with 269 additions and 0 deletions
--- a/bootstrap/kustomizations/kustomization-seafile.yaml
+++ b/bootstrap/kustomizations/kustomization-seafile.yaml
@@ -0,0 +1,18 @@
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:
  name: seafile
  namespace: flux-system
 spec:
  interval: 15m
  path: ./seafile
  prune: true # remove any elements later removed from the above path
  timeout: 2m # if not set, this defaults to interval duration, which is 1h
  sourceRef:
    kind: GitRepository
    name: flux-system
  healthChecks:
    - apiVersion: apps/v1
      kind: Deployment
      name: seafile
      namespace: seafile
--- a/bootstrap/namespaces/namespace-seafile.yaml
+++ b/bootstrap/namespaces/namespace-seafile.yaml
@@ -0,0 +1,4 @@
 apiVersion: v1
 kind: Namespace
 metadata:
  name: seafile
--- a/seafile/dns-endpoint.yaml
+++ b/seafile/dns-endpoint.yaml
@@ -0,0 +1,15 @@
 apiVersion: externaldns.k8s.io/v1alpha1
 kind: DNSEndpoint
 metadata:
  name: seafile.michaelthomson.dev
  namespace: media
 spec:
  endpoints:
  - dnsName: seafile.michaelthomson.dev
    recordTTL: 180
    recordType: CNAME
    targets:
      - michaelthomson.ddns.net
    providerSpecific:
      - name: external-dns.alpha.kubernetes.io/cloudflare-proxied
        value: "true"
--- a/seafile/mariadb-deployment.yaml
+++ b/seafile/mariadb-deployment.yaml
@@ -0,0 +1,35 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: mariadb
  namespace: seafile
 spec:
  selector:
    matchLabels:
      app: mariadb
  replicas: 1
  template:
    metadata:
      labels:
        app: mariadb
    spec:
      containers:
        - name: mariadb
          image: mariadb:10.11
          env:
            - name: MARIADB_ROOT_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: mariadb-root-password
                  key: MARIADB_ROOT_PASSWORD
            - name: MARIADB_AUTO_UPGRADE
              value: "true"
          ports:
            - containerPort: 3306
          volumeMounts:
            - name: mariadb-data
              mountPath: /var/lib/mysql
      volumes:
        - name: mariadb-data
          persistentVolumeClaim:
            claimName: mariadb-data
--- a/seafile/mariadb-persistentvolumeclaim.yaml
+++ b/seafile/mariadb-persistentvolumeclaim.yaml
@@ -0,0 +1,11 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
  name: mariadb-data
  namespace: seafile
 spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 10Gi
--- a/seafile/mariadb-root-password.yaml
+++ b/seafile/mariadb-root-password.yaml
@@ -0,0 +1,21 @@
 {
  "kind": "SealedSecret",
  "apiVersion": "bitnami.com/v1alpha1",
  "metadata": {
    "name": "mariadb-root-password",
    "namespace": "seafile",
    "creationTimestamp": null
  },
  "spec": {
    "template": {
      "metadata": {
        "name": "mariadb-root-password",
        "namespace": "seafile",
        "creationTimestamp": null
      }
    },
    "encryptedData": {
      "MARIADB_ROOT_PASSWORD": "AgAV8kUGWkaCLj4ramUSiA6PenSUu11fH4cB00H9p+dD4NCaR4n6IV6nFGyKm38L/dB76jKjRQnyKL7AG8UcOFrjLypN3WoD20y0XCs3XWE+2rlDSinsYAyC6aYLS4sNY3hgErF9ZxTt4GICtjhQSV6eRpeHnqyTlcpKxQm1OMnig6Zmo3YmGEOazPWMFeFrSWPwQNO436OvNaxoDmAaf28TlTK8uRBn1+s24vzGUN31wK45AIJgOTJVW4BTStO6AhL36Row0BnVqw+B3osLuOo6rMvNXphJH7KxqyLM3xKNi5ZHZZ8LH0EaGL0qTZwx2FqYSHSEpQU6DFi14p4hu9ksCl44VQUfxTJ+i2XAZJ/XuH4Ay38zdbNpVGgHR62Nm0sA5X+/2UrKTMCFZi4Fm4GZOW50WayioYFcna983qSINhl+VFwyihPHkE+GqxLfSrsW2iBzkOGANI/5O5bRbLmVQGh+AdbcO+xl0PxVRwuWT49TJ/P/foGtUPpMIejoifgV0v89TzviTszMTmcfb19u7EAoha1MebFqdE8261fqz1KIB3b7wrnyfVQ5fo+YcpUFmSp2sUfgK4JhUoYBs3Hu5xVSRtF1Tbjj5yNPiGH+5tkaDOKZL9TxIoeyyrcw3qkrni1S+U4nxU9AAyuNWi9NFC6reNkG6nv3pK5XlqqMhBxlt/FIVglZ4rA13nKQdKXy5hfZKqyvJmXBZrYBTqNPK2uuY5hlJShroaDqjf0o8F6RQFCqZEAscPMKujV9DLHS"
    }
  }
 }
--- a/seafile/mariadb-service.yaml
+++ b/seafile/mariadb-service.yaml
@@ -0,0 +1,12 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: mariadb
  namespace: seafile
 spec:
  selector:
    app: mariadb
  ports:
    - protocol: TCP
      port: 3306
      targetPort: 3306
--- a/seafile/memchached-deployment.yaml
+++ b/seafile/memchached-deployment.yaml
@@ -0,0 +1,21 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: memcached
  namespace: seafile
 spec:
  replicas: 1
  selector:
    matchLabels:
      app: memcached
  template:
    metadata:
      labels:
        app: memcached
    spec:
      containers:
        - name: memcached
          image: memcached:1.6.18
          args: ["-m", "256"]
          ports:
            - containerPort: 11211
--- a/seafile/memchached-service.yaml
+++ b/seafile/memchached-service.yaml
@@ -0,0 +1,12 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: memcached
  namespace: seafile
 spec:
  selector:
    app: memcached
  ports:
    - protocol: TCP
      port: 11211
      targetPort: 11211
--- a/seafile/seafile-admin-password.yaml
+++ b/seafile/seafile-admin-password.yaml
@@ -0,0 +1,21 @@
 {
  "kind": "SealedSecret",
  "apiVersion": "bitnami.com/v1alpha1",
  "metadata": {
    "name": "seafile-admin-password",
    "namespace": "seafile",
    "creationTimestamp": null
  },
  "spec": {
    "template": {
      "metadata": {
        "name": "seafile-admin-password",
        "namespace": "seafile",
        "creationTimestamp": null
      }
    },
    "encryptedData": {
      "SEAFILE_ADMIN_PASSWORD": "AgC/vtj3zhMmOTHmOUEoxqYiGg8fXFTY8YYqj7cK8NDs2kIAENof52EiXRexBJCWT3yvIRV922W2y3OO0k+F7Cq6Q0mfmTQSMmxZWZjEi00cjWwg/JTx7xWNzU+SJUbGc6p0VubvIpngDM9j8Ygj75zA7XsidAd3S8Q6LMrhkryG+Z3HzOsrUbf2u9qWvaEyjHfg73njcS2GIPmPxtYxzXlGLg70/rYBGh3cp7raEWYjYNZlbId7e5D5k9Vm/jTo3XeEzIVHZOX/2+WSfU+ezf+ech7Uo5MFnbEMJa5PlMBRB1mFPRNyb60Ib/PSuiDO0Vqs4YHKXnk25g8zFPY2dNlqfnR6U26nW82Qlv0En7mGRukyemTkB1x1OUL9tXRGiym42GbfaiXgIM7CJNl9j3oM0wkY9wcPcY2GwcStmKBiPN2EKiLJvhmORvaGG4gL5pqFIOqvzpfORXXxegXDOMBmeGgzYX7L6Bk0aHI81ib3JRJGa8aeKyf1V+5lrJ2Jg6WzMmmcmoj2snhoh4XNHx7vvrrB3DvHkPW6AxpVlw5eK3K1OYH9b08jj7DmakcWdxhvIwgqCTJMdOBkTAc3UQmsbIdlVXxOahcWGfDHSeMx0MO/JHFea09+ANkEI3aLvgPX7zdjLv40s2EcGvbSIk6NONtG0CncqqpjbZg1AG59WyfunEfwd8l0MKKLQ76kV+xoLU+aNCawfMElffkc"
    }
  }
 }
--- a/seafile/seafile-deployment.yaml
+++ b/seafile/seafile-deployment.yaml
@@ -0,0 +1,50 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: seafile
  namespace: seafile
 spec:
  replicas: 1
  selector:
    matchLabels:
      app: seafile
  template:
    metadata:
      labels:
        app: seafile
    spec:
      containers:
        - name: seafile
          image: docker.seadrive.org/seafileltd/seafile-pro-mc:11.0-latest
          env:
            - name: DB_HOST
              value: "mariadb"
            - name: DB_ROOT_PASSWD
              valueFrom:
                secretKeyRef:
                  name: mariadb-root-password
                  key: MARIADB_ROOT_PASSWORD
            - name: TIME_ZONE
              value: "America/Toronto"
            - name: SEAFILE_ADMIN_EMAIL
              value: "seafile@michaelthomson.dev" #admin email
            - name: SEAFILE_ADMIN_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: seafile-admin-password
                  key: SEAFILE_ADMIN_PASSWORD
            - name: SEAFILE_SERVER_LETSENCRYPT
              value: "false"
            - name: SEAFILE_SERVER_HOSTNAME
              value: "seafile.michaelthomson.dev" #hostname
          ports:
            - containerPort: 80
              name: http
          volumeMounts:
            - name: seafile-data
              mountPath: /shared
      volumes:
        - name: seafile-data
          persistentVolumeClaim:
            claimName: seafile-data
      restartPolicy: Always
--- a/seafile/seafile-ingress.yaml
+++ b/seafile/seafile-ingress.yaml
@@ -0,0 +1,24 @@
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: seafile
  namespace: seafile
  annotations:
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
    traefik.ingress.kubernetes.io/router.tls: "true"
 spec:
  rules:
  - host: seafile.michaelthomson.dev
    http:
      paths:
      - pathType: ImplementationSpecific
        path: /
        backend:
          service:
            name: seafile
            port:
              name: http
  tls:
    - hosts:
        - seafile.michaelthomson.dev
      secretName: letsencrypt-wildcard-cert-michaelthomson.dev
--- a/seafile/seafile-persistentvolumeclaim.yaml
+++ b/seafile/seafile-persistentvolumeclaim.yaml
@@ -0,0 +1,12 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
  name: seafile-data
  namespace: seafile
 spec:
  accessModes:
    - ReadWriteOnce
  storageClassName: nfs-client
  resources:
    requests:
      storage: 14Ti
--- a/seafile/seafile-service.yaml
+++ b/seafile/seafile-service.yaml
@@ -0,0 +1,13 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: seafile
  namespace: seafile
 spec:
  selector:
    app: seafile
  ports:
    - protocol: TCP
      port: 80
      targetPort: http
      name: http