main

env.yaml

@@ -0,0 +1,32 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: ocis-config
+data:
+  OCIS_URL: "https://ocis.example.com"
+  PROXY_HTTP_ADDR: "0.0.0.0:9200"
+  PROXY_TLS: "false"
+  WEB_UI_ASSET_SERVER_URL: "https://cdn.jsdelivr.net/npm/@ownclouders/web-client@^5.0.0/dist/assets"
+  OCIS_ASKS4UCAN_SKIP: "true"
+  OCIS_CONFIG_DIR: /etc/ocis
+  OCIS_DATA_DIR: /var/lib/ocis
+  OCIS_DB_TYPE: postgres
+  OCIS_DB_DSN: "postgres://ocis:ocis@localhost:5432/ocis?sslmode=disable"
+  OCIS_CACHE_STORE: redis
+  OCIS_CACHE_NODES: "localhost:6379"
+  OCIS_ADMIN_USER_ID: "admin"
+  POSTGRES_DB: ocis
+  POSTGRES_USER: ocis
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: ocis-secret
+type: Opaque
+stringData:
+  POSTGRES_PASSWORD: ocis
+  OCIS_CACHE_PASSWORD: ocis
+  OCIS_ADMIN_USER_PASSWORD: "admin"
+  OCIS_MACHINE_AUTH_API_KEY: "change-me-in-production"

pod.yaml

@@ -0,0 +1,123 @@
+# ocis-pod.yaml
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: ocis
+spec:
+  containers:
+    # ── PostgreSQL 数据库 ──
+    - name: ocis-db
+      image: docker.io/postgres:17-alpine
+      envFrom:
+        - configMapRef:
+            name: ocis-config
+        - secretRef:
+            name: ocis-secret
+      ports:
+        - containerPort: 5432
+          hostPort: 5432
+      securityContext:
+        readOnlyRootFilesystem: false
+      volumeMounts:
+        - name: ocis-db-data
+          mountPath: /var/lib/postgresql/data
+      resources:
+        limits:
+          memory: 512M
+        requests:
+          memory: 128M
+
+    # ── Redis 缓存 ──
+    - name: ocis-redis
+      image: docker.io/redis:latest
+      command:
+        - redis-server
+        - --requirepass
+        - $(OCIS_CACHE_PASSWORD)
+      ports:
+        - containerPort: 6379
+          hostPort: 6379
+      envFrom:
+        - secretRef:
+            name: ocis-secret
+      securityContext:
+        readOnlyRootFilesystem: false
+      resources:
+        limits:
+          memory: 128M
+        requests:
+          memory: 32M
+
+    # ── oCIS 主服务 ──
+    - name: ocis
+      image: docker.io/owncloud/ocis:latest
+      envFrom:
+        - configMapRef:
+            name: ocis-config
+        - secretRef:
+            name: ocis-secret
+      ports:
+        - containerPort: 9200
+          hostPort: 9200
+      securityContext:
+        readOnlyRootFilesystem: false
+      volumeMounts:
+        - name: ocis-config
+          mountPath: /etc/ocis
+        - name: ocis-data
+          mountPath: /var/lib/ocis
+      dependsOn:
+        - ocis-db
+        - ocis-redis
+      resources:
+        limits:
+          memory: 1G
+        requests:
+          memory: 256M
+
+  # ── 持久卷 ──
+  volumes:
+    - name: ocis-db-data
+      persistentVolumeClaim:
+        claimName: ocis-db-data
+    - name: ocis-config
+      persistentVolumeClaim:
+        claimName: ocis-config
+    - name: ocis-data
+      persistentVolumeClaim:
+        claimName: ocis-data
+
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: ocis-db-data
+spec:
+  resources:
+    requests:
+      storage: 10Gi
+  accessModes:
+    - ReadWriteOnce
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: ocis-config
+spec:
+  resources:
+    requests:
+      storage: 1Gi
+  accessModes:
+    - ReadWriteOnce
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: ocis-data
+spec:
+  resources:
+    requests:
+      storage: 50Gi
+  accessModes:
+    - ReadWriteOnce