alois/Verso
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
60d48ae5326514c053121a701940ea2b21e1588d
Verso/server-ce/k8s/verso-prod-app.yaml
T
claude c249d6a6e9
Build and Deploy Verso / deploy (push) Successful in 1m19s
Details
Build and Deploy Verso (prod) / deploy (push) Successful in 1m9s
Details
Prod: load SMTP env via envFrom secretRef (flat, paste-proof) 
Replace the six nested secretKeyRef env entries with a single
'envFrom: - secretRef: { name: verso-smtp, optional: true }' in both the
standalone app manifest and the prod workflow. Avoids the deep nesting that
tripped strict server-side decoding, and is simpler to edit. The secret's keys
must now be named exactly like the env vars (OVERLEAF_EMAIL_*).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-03 12:40:07 +00:00

109 lines
3.6 KiB
YAML
Raw Blame History

# App tier for the prod (verso namespace) instance: the Verso Deployment and
# Service. Matches what the deploy workflow applies, except OVERLEAF_NAV_TITLE
# is a static "Verso Alpha" here — the workflow overwrites it with the build
# number ("Verso V0.<n> Alpha") on each deploy.
#
# The image registry.alocoq.fr/verso:stable is produced by the prod workflow
# (push to the `prod` branch). If you apply this file before the first prod
# build, the pod will sit in ImagePullBackOff until that image exists — that's
# expected.
#
# kubectl apply -f server-ce/k8s/verso-prod-app.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: verso
namespace: verso
spec:
replicas: 1
# RWO data volume → can't run two pods at once; recreate on update.
strategy:
type: Recreate
selector:
matchLabels:
app: verso
template:
metadata:
labels:
app: verso
spec:
securityContext:
# App runs as www-data (uid/gid 33); make the data volume
# group-writable by it.
fsGroup: 33
initContainers:
- name: init-data-perms
image: busybox:latest
command: ["sh", "-c"]
args:
- |
set -eux
mkdir -p /data/template_files /data/user_files \
/data/compiles /data/cache /data/output /data/published
chown -R 33:33 /data
volumeMounts:
- name: verso-data
mountPath: /data
containers:
- name: verso
image: registry.alocoq.fr/verso:stable
# :stable is a fixed tag, so force a pull on every rollout to pick up
# the freshly built image.
imagePullPolicy: Always
ports:
- containerPort: 80
env:
- name: OVERLEAF_MONGO_URL
value: mongodb://mongo:27017/sharelatex?replicaSet=rs0
- name: OVERLEAF_REDIS_HOST
value: redis
- name: REDIS_HOST
value: redis
- name: OVERLEAF_APP_NAME
value: Verso
- name: OVERLEAF_NAV_TITLE
value: "Verso Alpha"
- name: OVERLEAF_SITE_URL
value: https://verso.alocoq.fr
- name: OVERLEAF_SITE_LANGUAGE
value: fr
# Allow anonymous visitors so public published-presentation links
# and read-only share links work without login.
- name: OVERLEAF_ALLOW_PUBLIC_ACCESS
value: "true"
# NB: anonymous read-AND-write sharing is intentionally NOT enabled
# (compiles are unsandboxed → only trusted accounts may trigger
# them). Public self-registration is also off (CE default).
- name: OVERLEAF_ENABLE_PROJECT_PYTHON_VENV
value: "true"
# SMTP for password-reset / invite emails. All OVERLEAF_EMAIL_* vars
# are loaded from the optional 'verso-smtp' Secret — its keys must be
# named exactly like these env vars (see the kubectl create secret
# command in the docs). Optional, so the app still boots before the
# secret exists; email just stays off.
envFrom:
- secretRef:
name: verso-smtp
optional: true
volumeMounts:
- name: verso-data
mountPath: /var/lib/overleaf/data
volumes:
- name: verso-data
persistentVolumeClaim:
claimName: verso-data
---
apiVersion: v1
kind: Service
metadata:
name: verso
namespace: verso
spec:
selector:
app: verso
ports:
- name: http
port: 80
targetPort: 80
Reference in New Issue View Git Blame Copy Permalink