Feature: k8s self-contained

deploy/kubernetes/self-contained/drawio-deployment.yaml

@@ -0,0 +1,33 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: drawio
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: draw.io
+  template:
+    metadata:
+      labels:
+        app: draw.io
+    spec:
+      containers:
+        - envFrom:
+          - secretRef:
+              name: drawio-env
+          image: jgraph/drawio
+          imagePullPolicy: IfNotPresent
+          name: drawio
+          ports:
+            - containerPort: 8443
+            - containerPort: 8080
+          resources:
+            limits:
+              cpu: 200m
+              memory: 512Mi
+            requests:
+              cpu: 50m
+              memory: 128Mi
+      restartPolicy: Always

deploy/kubernetes/self-contained/drawio-env-secret.yaml

@@ -0,0 +1,48 @@
+# see https://github.com/jgraph/docker-drawio/blob/dev/main/docker-entrypoint.sh
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: drawio-env
+type: Opaque
+data:
+  # TLS certificates
+  LETS_ENCRYPT_ENABLED: false
+  # PUBLIC_DNS: 
+  # ORGANISATION_UNIT: 
+  # ORGANISATION: 
+  # CITY: 
+  # STATE: 
+  # COUNTRY_CODE: 
+  # KEYSTORE_PASS: 
+  # KEY_PASS: 
+
+  # DrawIO configuration
+	DRAWIO_SELF_CONTAINED: "1"
+	DRAWIO_PUSHER_MODE: "2"
+	DRAWIO_BASE_URL: "http://drawio.localhost:8080"
+	DRAWIO_LIGHTBOX_URL: "http://drawio.localhost:8080"
+	DRAWIO_VIEWER_URL: "http://drawio.localhost:8080"
+	EXPORT_URL: http://image-export:8000/
+	PLANTUML_URL: http://plantuml-server:8080/
+  DRAWIO_CSP_HEADER: default-src '\self\'; script-src '\self\' https://storage.googleapis.com https://apis.google.com https://docs.google.com https://code.jquery.com \'unsafe-inline\'; connect-src '\self\' https://*.dropboxapi.com https://api.trello.com https://api.github.com https://raw.githubusercontent.com https://*.googleapis.com https://*.googleusercontent.com https://graph.microsoft.com https://*.1drv.com https://*.sharepoint.com https://gitlab.com https://*.google.com https://fonts.gstatic.com https://fonts.googleapis.com; img-src * data:; media-src * data:; font-src * about:; style-src '\self\' \'unsafe-inline\' https://fonts.googleapis.com; frame-src '\self\' https://*.google.com https://*.googleapis.com https://*.googleusercontent.com https://*.gstatic.com;
+  # DRAWIO_CACHE_DOMAIN
+  # DRAWIO_CLOUD_CONVERT_APIKEY
+  # DRAWIO_CONFIG
+  # DRAWIO_GITLAB_ID
+  # DRAWIO_GITLAB_SECRET
+  # DRAWIO_GITLAB_URL
+  # DRAWIO_GOOGLE_APP_ID
+  # DRAWIO_GOOGLE_CLIENT_ID
+  # DRAWIO_GOOGLE_CLIENT_SECRET
+  # DRAWIO_GOOGLE_VIEWER_APP_ID
+  # DRAWIO_GOOGLE_VIEWER_CLIENT_ID
+  # DRAWIO_GOOGLE_VIEWER_CLIENT_SECRET
+  # DRAWIO_IOT_CERT_PEM
+  # DRAWIO_IOT_ENDPOINT
+  # DRAWIO_IOT_PRIVATE_KEY
+  # DRAWIO_IOT_ROOT_CA
+  # DRAWIO_MEMCACHED_ENDPOINT
+  # DRAWIO_MSGRAPH_CLIENT_ID
+  # DRAWIO_MSGRAPH_CLIENT_SECRET
+  # DRAWIO_MXPUSHER_ENDPOINT

deploy/kubernetes/self-contained/drawio-service.yaml

@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+  creationTimestamp: null
+  labels:
+    app: draw.io
+  name: drawio
+spec:
+  ports:
+    - name: "8443"
+      port: 8443
+      targetPort: 8443
+    - name: "8080"
+      port: 8080
+      targetPort: 8080
+  selector:
+    app: draw.io
+status:
+  loadBalancer: {}

deploy/kubernetes/self-contained/fonts-volume-persistentvolumeclaim.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  creationTimestamp: null
+  labels:
+    app: fonts-volume
+  name: fonts-volume
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 100Mi
+status: {}

deploy/kubernetes/self-contained/image-export-deployment.yaml

@@ -0,0 +1,39 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  annotations:
+  creationTimestamp: null
+  labels:
+    app: image-export
+  name: image-export
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: image-export
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      annotations:
+      creationTimestamp: null
+      labels:
+        app: image-export
+    spec:
+      containers:
+        - env:
+            - name: DRAWIO_SERVER_URL
+          image: jgraph/export-server
+          name: image-export
+          ports:
+            - containerPort: 8000
+          resources: {}
+          volumeMounts:
+            - mountPath: /usr/share/fonts/drawio
+              name: fonts-volume
+      restartPolicy: Always
+      volumes:
+        - name: fonts-volume
+          persistentVolumeClaim:
+            claimName: fonts-volume
+status: {}

deploy/kubernetes/self-contained/image-export-service.yaml

@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+  creationTimestamp: null
+  labels:
+    app: image-export
+  name: image-export
+spec:
+  ports:
+    - name: "8000"
+      port: 8000
+      targetPort: 8000
+  selector:
+    app: image-export
+status:
+  loadBalancer: {}

deploy/kubernetes/self-contained/ingress.yaml

@@ -0,0 +1,20 @@
+---
+# apiVersion: networking.k8s.io/v1beta1 # for k8s < v1.19
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: drawio
+  annotations:
+    traefik.ingress.kubernetes.io/router.tls: true
+spec:
+  rules:
+    - host: drawio.127-0-0-1.sslip.io
+      http:
+        paths:
+        - path: /
+          pathType: Prefix
+          backend:
+            service:
+              name: drawio
+              port:
+                number: 8080

deploy/kubernetes/self-contained/kustomization.yaml

@@ -0,0 +1,16 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: drawio
+
+resources:
+  - namespace.yaml
+  - fonts-volume-persistentvolumeclaim.yaml
+  - drawio-env-secret.yaml
+  - drawio-deployment.yaml
+  - drawio-service.yaml
+  - image-export-deployment.yaml
+  - image-export-service.yaml
+  - plantuml-server-deployment.yaml
+  - plantuml-server-service.yaml
+  - ingress.yaml

deploy/kubernetes/self-contained/namespace.yaml

@@ -0,0 +1,8 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: drawio
+  labels:
+    app: draw.io
+---

deploy/kubernetes/self-contained/plantuml-server-deployment.yaml

@@ -0,0 +1,37 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  annotations:
+  creationTimestamp: null
+  labels:
+    app: plantuml-server
+  name: plantuml-server
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: plantuml-server
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      annotations:
+      creationTimestamp: null
+      labels:
+        app: plantuml-server
+    spec:
+      containers:
+        - image: jgraph/plantuml-server
+          name: plantuml-server
+          ports:
+            - containerPort: 8080
+          resources: {}
+          volumeMounts:
+            - mountPath: /usr/share/fonts/drawio
+              name: fonts-volume
+      restartPolicy: Always
+      volumes:
+        - name: fonts-volume
+          persistentVolumeClaim:
+            claimName: fonts-volume
+status: {}

deploy/kubernetes/self-contained/plantuml-server-service.yaml

@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+  creationTimestamp: null
+  labels:
+    app: plantuml-server
+  name: plantuml-server
+spec:
+  ports:
+    - name: "8080"
+      port: 8080
+      targetPort: 8080
+  selector:
+    app: plantuml-server
+status:
+  loadBalancer: {}