apiVersion: v1 kind: Namespace metadata: name: paperless-ngx labels: app.kubernetes.io/instance: paperless-ngx --- apiVersion: v1 kind: ConfigMap metadata: name: paperless-cmd namespace: paperless-ngx labels: app.kubernetes.io/name: paperless_cmd.sh app.kubernetes.io/component: paperless-ngx app.kubernetes.io/instance: paperless-ngx app.kubernetes.io/part-of: paperless-ngx data: paperless_cmd.sh: |+ #!/bin/sh exec /usr/local/bin/supervisord -c /etc/supervisord.conf --user paperless --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: redis namespace: paperless-ngx labels: app.kubernetes.io/name: redis app.kubernetes.io/component: redis app.kubernetes.io/instance: paperless-ngx app.kubernetes.io/part-of: paperless-ngx spec: accessModes: - ReadWriteOnce resources: requests: storage: 2Gi --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: paperless-ngx namespace: paperless-ngx labels: app.kubernetes.io/name: data app.kubernetes.io/component: paperless-ngx app.kubernetes.io/instance: paperless-ngx app.kubernetes.io/part-of: paperless-ngx spec: accessModes: - ReadWriteOnce resources: requests: storage: 20Gi --- apiVersion: v1 kind: Service metadata: labels: app.kubernetes.io/name: redis app.kubernetes.io/component: redis app.kubernetes.io/instance: paperless-ngx app.kubernetes.io/part-of: paperless-ngx name: redis namespace: paperless-ngx spec: ports: - name: redis port: 6379 selector: app.kubernetes.io/name: redis app.kubernetes.io/component: redis app.kubernetes.io/instance: paperless-ngx type: ClusterIP --- apiVersion: v1 kind: Service metadata: labels: app.kubernetes.io/name: paperless-ngx app.kubernetes.io/component: paperless-ngx app.kubernetes.io/instance: paperless-ngx app.kubernetes.io/part-of: paperless-ngx name: paperless-ngx namespace: paperless-ngx spec: ports: - name: http port: 8000 selector: app.kubernetes.io/name: paperless-ngx app.kubernetes.io/component: paperless-ngx app.kubernetes.io/instance: paperless-ngx type: ClusterIP --- apiVersion: v1 kind: Service metadata: labels: app.kubernetes.io/name: gotenberg app.kubernetes.io/component: gotenberg app.kubernetes.io/instance: paperless-ngx app.kubernetes.io/part-of: paperless-ngx name: gotenberg namespace: paperless-ngx spec: ports: - name: gotenberg port: 3000 selector: app.kubernetes.io/name: gotenberg app.kubernetes.io/component: gotenberg app.kubernetes.io/instance: paperless-ngx type: ClusterIP --- apiVersion: v1 kind: Service metadata: labels: app.kubernetes.io/name: tika app.kubernetes.io/component: tika app.kubernetes.io/instance: paperless-ngx app.kubernetes.io/part-of: paperless-ngx name: tika namespace: paperless-ngx spec: ports: - name: tika port: 9998 selector: app.kubernetes.io/name: tika app.kubernetes.io/component: tika app.kubernetes.io/instance: paperless-ngx type: ClusterIP --- apiVersion: apps/v1 kind: StatefulSet metadata: name: redis namespace: paperless-ngx labels: app.kubernetes.io/name: redis app.kubernetes.io/component: redis app.kubernetes.io/instance: paperless-ngx app.kubernetes.io/part-of: paperless-ngx spec: serviceName: redis selector: matchLabels: app.kubernetes.io/name: redis app.kubernetes.io/component: redis app.kubernetes.io/instance: paperless-ngx template: metadata: labels: app.kubernetes.io/name: redis app.kubernetes.io/component: redis app.kubernetes.io/instance: paperless-ngx spec: containers: - name: redis image: docker.io/library/redis:7 imagePullPolicy: IfNotPresent ports: - name: redis containerPort: 6379 securityContext: runAsNonRoot: true readOnlyRootFilesystem: true runAsUser: 1000 runAsGroup: 1000 volumeMounts: - name: redisdata mountPath: /data subPath: data - name: tmp mountPath: /tmp securityContext: fsGroup: 1000 volumes: - name: redisdata persistentVolumeClaim: claimName: redis - name: tmp emptyDir: --- apiVersion: apps/v1 kind: StatefulSet metadata: name: paperless-ngx namespace: paperless-ngx labels: app.kubernetes.io/name: paperless-ngx app.kubernetes.io/component: paperless-ngx app.kubernetes.io/instance: paperless-ngx app.kubernetes.io/part-of: paperless-ngx spec: serviceName: paperless-ngx selector: matchLabels: app.kubernetes.io/name: paperless-ngx app.kubernetes.io/component: paperless-ngx app.kubernetes.io/instance: paperless-ngx template: metadata: labels: app.kubernetes.io/name: paperless-ngx app.kubernetes.io/component: paperless-ngx app.kubernetes.io/instance: paperless-ngx spec: containers: - name: paperless-ngx image: ghcr.io/paperless-ngx/paperless-ngx:1.11.3 imagePullPolicy: IfNotPresent env: - name: PAPERLESS_REDIS value: redis://redis:6379 - name: PAPERLESS_TIKA_ENABLED value: '1' - name: PAPERLESS_TIKA_GOTENBERG_ENDPOINT value: http://gotenberg:3000 - name: PAPERLESS_TIKA_ENDPOINT value: http://tika:9998 - name: PAPERLESS_ALLOWED_HOSTS value: '*' - name: PAPERLESS_ENABLE_HTTP_REMOTE_USER value: '1' ports: - name: http containerPort: 8000 startupProbe: httpGet: port: 8000 path: / failureThreshold: 30 timeoutSeconds: 3 periodSeconds: 3 initialDelaySeconds: 10 readinessProbe: httpGet: port: 8000 path: / failureThreshold: 5 timeoutSeconds: 10 periodSeconds: 30 securityContext: runAsNonRoot: true readOnlyRootFilesystem: true runAsUser: 1000 runAsGroup: 1000 volumeMounts: - name: cmd mountPath: /usr/local/bin/paperless_cmd.sh subPath: paperless_cmd.sh - name: data mountPath: /usr/src/paperless/data subPath: data - name: data mountPath: /usr/src/paperless/media subPath: media - name: data mountPath: /usr/src/paperless/export subPath: export - name: data mountPath: /usr/src/paperless/consume subPath: consume - name: tmp mountPath: /tmp - name: run mountPath: /run/supervisord - name: logs mountPath: /var/log/supervisord subPath: supervisord securityContext: fsGroup: 1000 volumes: - name: cmd configMap: name: paperless-cmd defaultMode: 0755 - name: data persistentVolumeClaim: claimName: paperless-ngx - name: logs empytDir: - name: tmp emptyDir: medium: Memory - name: run emptyDir: medium: Memory --- apiVersion: apps/v1 kind: Deployment metadata: name: gotenberg namespace: paperless-ngx labels: app.kubernetes.io/name: gotenberg app.kubernetes.io/component: gotenberg app.kubernetes.io/instance: paperless-ngx app.kubernetes.io/part-of: paperless-ngx spec: selector: matchLabels: app.kubernetes.io/name: gotenberg app.kubernetes.io/component: gotenberg app.kubernetes.io/instance: paperless-ngx template: metadata: labels: app.kubernetes.io/name: gotenberg app.kubernetes.io/component: gotenberg app.kubernetes.io/instance: paperless-ngx spec: containers: - name: gotenberg image: docker.io/gotenberg/gotenberg:7.5.4 imagePullPolicy: IfNotPresent command: - gotenberg - --chromium-disable-javascript=true - --chromium-allow-list=file:///tmp/.* securityContext: runAsNonRoot: true readOnlyRootFilesystem: true runAsUser: 1000 runAsGroup: 1000 volumeMounts: - name: tmp mountPath: /tmp securityContext: fsGroup: 1000 volumes: - name: tmp emptyDir: --- apiVersion: apps/v1 kind: Deployment metadata: name: tika namespace: paperless-ngx labels: app.kubernetes.io/name: tika app.kubernetes.io/component: tika app.kubernetes.io/instance: paperless-ngx app.kubernetes.io/part-of: paperless-ngx spec: selector: matchLabels: app.kubernetes.io/name: tika app.kubernetes.io/component: tika app.kubernetes.io/instance: paperless-ngx template: metadata: labels: app.kubernetes.io/name: tika app.kubernetes.io/component: tika app.kubernetes.io/instance: paperless-ngx spec: containers: - name: tika image: ghcr.io/paperless-ngx/tika:2.5.0-minimal imagePullPolicy: IfNotPresent securityContext: runAsNonRoot: true readOnlyRootFilesystem: true runAsUser: 1000 runAsGroup: 1000 volumeMounts: - name: tmp mountPath: /tmp securityContext: fsGroup: 1000 volumes: - name: tmp emptyDir: