From b813ca0a1bfddd2405a4ae0add63996c1c6ff63f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=A3=8E=E8=B5=B7?= <326lisan@gmail.com> Date: Thu, 9 Apr 2026 12:56:47 +0800 Subject: [PATCH] main --- env.yaml | 32 +++++++++++++++ pod.yaml | 123 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 155 insertions(+) create mode 100644 env.yaml create mode 100644 pod.yaml diff --git a/env.yaml b/env.yaml new file mode 100644 index 0000000..2baeb11 --- /dev/null +++ b/env.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: ocis-config +data: + OCIS_URL: "https://ocis.example.com" + PROXY_HTTP_ADDR: "0.0.0.0:9200" + PROXY_TLS: "false" + WEB_UI_ASSET_SERVER_URL: "https://cdn.jsdelivr.net/npm/@ownclouders/web-client@^5.0.0/dist/assets" + OCIS_ASKS4UCAN_SKIP: "true" + OCIS_CONFIG_DIR: /etc/ocis + OCIS_DATA_DIR: /var/lib/ocis + OCIS_DB_TYPE: postgres + OCIS_DB_DSN: "postgres://ocis:ocis@localhost:5432/ocis?sslmode=disable" + OCIS_CACHE_STORE: redis + OCIS_CACHE_NODES: "localhost:6379" + OCIS_ADMIN_USER_ID: "admin" + POSTGRES_DB: ocis + POSTGRES_USER: ocis + +--- +apiVersion: v1 +kind: Secret +metadata: + name: ocis-secret +type: Opaque +stringData: + POSTGRES_PASSWORD: ocis + OCIS_CACHE_PASSWORD: ocis + OCIS_ADMIN_USER_PASSWORD: "admin" + OCIS_MACHINE_AUTH_API_KEY: "change-me-in-production" diff --git a/pod.yaml b/pod.yaml new file mode 100644 index 0000000..ff8d692 --- /dev/null +++ b/pod.yaml @@ -0,0 +1,123 @@ +# ocis-pod.yaml +--- +apiVersion: v1 +kind: Pod +metadata: + name: ocis +spec: + containers: + # ── PostgreSQL 数据库 ── + - name: ocis-db + image: docker.io/postgres:17-alpine + envFrom: + - configMapRef: + name: ocis-config + - secretRef: + name: ocis-secret + ports: + - containerPort: 5432 + hostPort: 5432 + securityContext: + readOnlyRootFilesystem: false + volumeMounts: + - name: ocis-db-data + mountPath: /var/lib/postgresql/data + resources: + limits: + memory: 512M + requests: + memory: 128M + + # ── Redis 缓存 ── + - name: ocis-redis + image: docker.io/redis:latest + command: + - redis-server + - --requirepass + - $(OCIS_CACHE_PASSWORD) + ports: + - containerPort: 6379 + hostPort: 6379 + envFrom: + - secretRef: + name: ocis-secret + securityContext: + readOnlyRootFilesystem: false + resources: + limits: + memory: 128M + requests: + memory: 32M + + # ── oCIS 主服务 ── + - name: ocis + image: docker.io/owncloud/ocis:latest + envFrom: + - configMapRef: + name: ocis-config + - secretRef: + name: ocis-secret + ports: + - containerPort: 9200 + hostPort: 9200 + securityContext: + readOnlyRootFilesystem: false + volumeMounts: + - name: ocis-config + mountPath: /etc/ocis + - name: ocis-data + mountPath: /var/lib/ocis + dependsOn: + - ocis-db + - ocis-redis + resources: + limits: + memory: 1G + requests: + memory: 256M + + # ── 持久卷 ── + volumes: + - name: ocis-db-data + persistentVolumeClaim: + claimName: ocis-db-data + - name: ocis-config + persistentVolumeClaim: + claimName: ocis-config + - name: ocis-data + persistentVolumeClaim: + claimName: ocis-data + +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: ocis-db-data +spec: + resources: + requests: + storage: 10Gi + accessModes: + - ReadWriteOnce +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: ocis-config +spec: + resources: + requests: + storage: 1Gi + accessModes: + - ReadWriteOnce +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: ocis-data +spec: + resources: + requests: + storage: 50Gi + accessModes: + - ReadWriteOnce