eikek/docspell#2502 Started work on a helm chart for docspell including postgres and solr.

kubernetes/helm/docspell/templates/_configs.tpl

@@ -0,0 +1,28 @@
+{{/*JDBC Connection*/}}
+{{- define "docspell.secrets.JDBC" -}}
+{{- if .context.Values.postgresql.enabled -}}
+{{- $envPrefix := "DOCSPELL_SERVER_BACKEND_JDBC" -}}
+{{- if eq .type "joex" -}}
+{{- $envPrefix = "DOCSPELL_JOEX_JDBC" -}}
+{{- end }}
+{{ $envPrefix }}_USER: {{ .context.Values.postgresql.global.postgresql.auth.username }}
+{{ $envPrefix }}_PASSWORD: {{ .context.Values.postgresql.global.postgresql.auth.password }}
+{{ $envPrefix }}_URL: {{ include "postgresql.jdbcUrl" .context }}
+{{- end -}}
+{{- end -}}
+
+{{/*Full Text Search ettings*/}}
+{{- define "docspell.config.fullTextSearch" -}}
+{{- if .context.Values.docspell.fullTextSearch.enabled -}}
+{{- $envPrefix := "DOCSPELL_SERVER_FULL__TEXT__SEARCH" -}}
+{{- if eq .type "joex" -}}
+{{- $envPrefix = "DOCSPELL_JOEX_FULL__TEXT__SEARCH" -}}
+{{- end -}}
+{{ printf "%s_ENABLED: %s" $envPrefix ( .context.Values.docspell.fullTextSearch.enabled | quote) }}
+{{ printf "%s_SOLR_URL: http://%s-solr:%s/solr/docspell" $envPrefix (include "docspell.fullname" .context) ( .context.Values.solr.service.port | toString )}}
+{{ printf "%s_SOLR_COMMIT__WITHIN: %s" $envPrefix ( .context.Values.docspell.fullTextSearch.solr.commitWithin | quote) }}
+{{ printf "%s_SOLR_LOG__VERBOSE: %s" $envPrefix ( .context.Values.docspell.fullTextSearch.solr.logVerbose | quote ) }}
+{{ printf "%s_SOLR_DEF__TYPE: %s" $envPrefix ( .context.Values.docspell.fullTextSearch.solr.defType | quote) }}
+{{ printf "%s_SOLR_Q_OP: %s" $envPrefix ( .context.Values.docspell.fullTextSearch.solr.qOp | quote) }}
+{{- end }}
+{{- end }}

kubernetes/helm/docspell/templates/_helpers.tpl

@@ -0,0 +1,84 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "docspell.name" -}}
+{{- .Chart.Name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "docspell.fullname" -}}
+{{- $name := .Chart.Name }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "docspell.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Docker Image Registry Secret Names evaluating values as templates
+*/}}
+{{- define "docspell.images.pullSecrets" -}}
+{{- $pullSecrets := .Values.global.imagePullSecrets -}}
+{{- range .Values.global.imagePullSecrets -}}
+    {{- $pullSecrets = append $pullSecrets (dict "name" .) -}}
+{{- end -}}
+{{- if (not (empty $pullSecrets)) -}}
+imagePullSecrets:
+{{ toYaml $pullSecrets }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "docspell.labels" -}}
+helm.sh/chart: {{ include "docspell.chart" . }}
+{{ include "docspell.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "docspell.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "docspell.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Postgres Access
+*/}}
+
+{{- define "postgresql.jdbcUrl" -}}
+{{- if (index .Values "postgresql").enabled -}}
+{{- $port := .Values.postgresql.global.postgresql.service.postgresql | toString -}}
+{{- $database := .Values.postgresql.global.postgresql.auth.database -}}
+{{- printf "jdbc:postgresql://%s-postgresql:%s/%s" .Release.Name $port $database -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "docspell.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "docspell.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}

kubernetes/helm/docspell/templates/db-secret.yaml

@@ -0,0 +1,10 @@
+kind: Secret
+apiVersion: v1
+metadata:
+  name: {{ include "docspell.fullname" . }}-db-secret
+  labels:
+    {{- include "docspell.labels" . | nindent 4 }}
+stringData:
+  postgres-database: {{ .Values.postgresql.global.postgresql.auth.database }}
+  postgres-username: {{ .Values.postgresql.global.postgresql.auth.username }}
+  postgres-password: {{ .Values.postgresql.global.postgresql.auth.password }}

kubernetes/helm/docspell/templates/ingress.yaml

@@ -0,0 +1,43 @@
+{{- if .Values.ingress.enabled -}}
+{{- $fullname := include "docspell.fullname" . -}}
+{{- $context := . -}}
+apiVersion: {{ default "networking.k8s.io/v1" .Values.ingress.apiVersion }}
+kind: Ingress
+metadata:
+  name: {{ $fullname }}
+  labels:
+    {{- include "docspell.labels" . | nindent 4 }}
+  annotations:
+    {{- range $key, $value := .Values.ingress.annotations }}
+      {{ $key }}: {{ $value | quote }}
+    {{- end }}
+spec:
+{{- if .Values.ingress.className }}
+  ingressClassName: {{ .Values.ingress.className }}
+{{- end }}
+{{- if .Values.ingress.tls }}
+  tls:
+  {{- range .Values.ingress.tls }}
+  - host:
+    {{- range .hosts }}
+      - {{ tpl . $ | quote }}
+    {{- end }}
+    secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+  rules:
+    {{- range .Values.ingress.hosts }}
+    - host: {{ tpl .host $ | quote }}
+      http:
+        paths:
+          {{- range .paths }}
+          - path: {{ .path }}
+            pathType: {{ .pathType }}
+            backend:
+              service:
+                name: {{ include "docspell.fullname" $context }}-restserver
+                port:
+                  name: http
+          {{- end }}
+    {{- end }}
+{{- end }}

kubernetes/helm/docspell/templates/joex/_configs.tpl

@@ -0,0 +1,125 @@
+{{/*App ID*/}}
+{{- define "docspell.joex.config.appId" -}}
+{{- $appId := .Values.docspell.joex.appId | default (printf "%s-joex" (include "docspell.fullname" .)) -}}
+{{- print $appId -}}
+{{- end -}}
+
+{{/*
+Base URL
+*/}}
+{{- define "docspell.joex.config.baseUrl" -}}
+{{- $service := printf "%s-joex" (include "docspell.fullname" .) -}}
+{{- $port := .Values.joex.service.port | toString -}}
+{{- printf "http://%s:%s" $service $port -}}
+{{- end -}}
+
+{{/*Bind Config*/}}
+{{- define "docspell.joex.config.bind" -}}
+{{- if not (eq .Values.joex.service.port .Values.docspell.joex.bind.port) -}}
+{{- fail "Joex and it's service don't have to use the same port, no connection will be possible." -}}
+{{- end -}}
+{{- $envPrefix := "DOCSPELL_JOEX_BIND" -}}
+{{ $envPrefix }}_ADDRESS: {{ .Values.docspell.joex.bind.address | quote }}
+{{ $envPrefix }}_PORT: {{ .Values.docspell.joex.bind.port | quote }}
+{{- end -}}
+
+{{/*Logging Config*/}}
+{{- define "docspell.joex.config.logging" -}}
+{{- $envPrefix := "DOCSPELL_JOEX_LOGGING" -}}
+{{ $envPrefix }}_FORMAT: {{ .Values.docspell.joex.logging.format }}
+{{ $envPrefix }}_MINIMUM__LEVEL: {{ .Values.docspell.joex.logging.minimumLevel }}
+{{- end -}}
+
+{{/*JDBC Connection*/}}
+{{- define "docspell.joex.config.JDBC" -}}
+{{- $envPrefix := "DOCSPELL_JOEX_JDBC" -}}
+{{ $envPrefix }}_USER: {{ .Values.postgresql.global.postgresql.auth.username }}
+{{ $envPrefix }}_PASSWORD: {{ .Values.postgresql.global.postgresql.auth.password }}
+{{ $envPrefix }}_URL: {{ include "postgresql.jdbcUrl" . }}
+{{- end -}}
+
+{{/*Database Schema Settings*/}}
+{{- define "docspell.joex.config.databaseSchema" -}}
+{{- $envPrefix := "DOCSPELL_JOEX_DATABASE__SCHEMA" -}}
+{{ $envPrefix }}_RUN__MAIN__MIGRATIONS: {{ .Values.docspell.joex.databaseSchema.runMainMigrations | quote }}
+{{ $envPrefix }}_RUN__FIXUP__MIGRATIONS: {{ .Values.docspell.joex.databaseSchema.runFixupMigrations | quote }}
+{{ $envPrefix }}_REPAIR__SCHEMA: {{ .Values.docspell.joex.databaseSchema.repairSchema | quote }}
+{{- end -}}
+
+{{/*Scheduler Settings*/}}
+{{- define "docspell.joex.config.scheduler" -}}
+{{- $envPrefix := "DOCSPELL_JOEX_SCHEDULER" -}}
+{{ $envPrefix }}_NAME: {{ default (include "docspell.joex.config.appId" .) .Values.docspell.joex.scheduler.name }}
+{{ $envPrefix }}_POOL__SIZE: {{ .Values.docspell.joex.scheduler.poolSize | quote }}
+{{ $envPrefix }}_COUNTING__SCHEME: {{ .Values.docspell.joex.scheduler.countingScheme | quote }}
+{{ $envPrefix }}_RETRIES: {{ .Values.docspell.joex.scheduler.retries | quote }}
+{{ $envPrefix }}_RETRY__DELAY: {{ .Values.docspell.joex.scheduler.retryDelay | quote }}
+{{ $envPrefix }}_LOG__BUFFER__SIZE: {{ .Values.docspell.joex.scheduler.logBufferSize | quote }}
+{{ $envPrefix }}_WAKEUP__PERIOD: {{ .Values.docspell.joex.scheduler.wakeupPeriod | quote }}
+{{- end -}}
+
+{{/*PeriodScheduler Settings*/}}
+{{- define "docspell.joex.config.periodicScheduler" -}}
+{{- $envPrefix := "DOCSPELL_JOEX_PERIODIC__SCHEDULER" -}}
+{{ $envPrefix }}_NAME: {{ default (include "docspell.joex.config.appId" .) .Values.docspell.joex.periodicScheduler.name }}
+{{ $envPrefix }}_WAKEUP__PERIOD: {{ .Values.docspell.joex.periodicScheduler.wakeupPeriod | quote }}
+{{- end -}}
+
+{{/*User Tasks Settings*/}}
+{{- define "docspell.joex.config.userTasks" -}}
+{{- $envPrefix := "DOCSPELL_JOEX_USER__TASKS_SCAN__MAILBOX" -}}
+{{ $envPrefix }}_MAX__FOLDERS: {{ .Values.docspell.joex.userTasks.scanMailbox.maxFolders | quote }}
+{{ $envPrefix }}_MAIL__CHUNK__SIZE: {{ .Values.docspell.joex.userTasks.scanMailbox.mailChunkSize | quote }}
+{{ $envPrefix }}_MAX__MAILS: {{ .Values.docspell.joex.userTasks.scanMailbox.maxMails | quote }}
+{{- end -}}
+
+{{/*House Keeping Settings*/}}
+{{- define "docspell.joex.config.houseKeeping" -}}
+{{- $envPrefix := "DOCSPELL_JOEX_HOUSE__KEEPING" -}}
+{{ $envPrefix }}_SCHEDULE: {{ .Values.docspell.joex.houseKeeping.schedule | quote }}
+{{ $envPrefix }}_CLEANUP__INVITES_ENABLED: {{ .Values.docspell.joex.houseKeeping.cleanupInvites.enabled | quote }}
+{{ $envPrefix }}_CLEANUP__INVITES_OLDER__THAN: {{ .Values.docspell.joex.houseKeeping.cleanupInvites.olderThan | quote }}
+{{ $envPrefix }}_CLEANUP__REMEMBER__ME_ENABLED: {{ .Values.docspell.joex.houseKeeping.cleanupRememberMe.enabled | quote }}
+{{ $envPrefix }}_CLEANUP__REMEMBER__ME_OLDER__THAN: {{ .Values.docspell.joex.houseKeeping.cleanupRememberMe.olderThan | quote }}
+{{ $envPrefix }}_CLEANUP__JOBS_ENABLED: {{ .Values.docspell.joex.houseKeeping.cleanupJobs.enabled | quote }}
+{{ $envPrefix }}_CLEANUP__JOBS_OLDER__THAN: {{ .Values.docspell.joex.houseKeeping.cleanupJobs.olderThan | quote }}
+{{ $envPrefix }}_CLEANUP__JOBS_DELETE__BATCH: {{ .Values.docspell.joex.houseKeeping.cleanupJobs.deleteBatch | quote }}
+{{ $envPrefix }}_CLEANUP__DOWNLOADS_ENABLED: {{ .Values.docspell.joex.houseKeeping.cleanupDownloads.enabled | quote }}
+{{ $envPrefix }}_CLEANUP__DOWNLOADS_OLDER__THAN: {{ .Values.docspell.joex.houseKeeping.cleanupDownloads.olderThan | quote }}
+{{ $envPrefix }}_CLEANUP__NODES_ENABLED: {{ .Values.docspell.joex.houseKeeping.cleanupNodes.enabled | quote }}
+{{ $envPrefix }}_CLEANUP__NODES_MIN__NOT__FOUND: {{ .Values.docspell.joex.houseKeeping.cleanupNodes.minNotFound |quote }}
+{{ $envPrefix }}_INTEGRITY__CHECK_ENABLED: {{ .Values.docspell.joex.houseKeeping.integrityCheck.enabled | quote }}
+{{- end -}}
+
+{{/*Update Check Settings*/}}
+{{- define "docspell.joex.config.updateCheck" -}}
+{{- if and .Values.docspell.joex.updateCheck.enabled (not .Values.docspell.joex.updateCheck.recipients) -}}
+{{- fail "Update check recipients have to be set when enabling update check" -}}
+{{- end -}}
+{{- $envPrefix := "DOCSPELL_JOEX_UPDATE__CHECK" -}}
+{{ $envPrefix }}_ENABLED: {{ .Values.docspell.joex.updateCheck.enabled | quote }}
+{{ $envPrefix }}_TEST__RUN: {{ .Values.docspell.joex.updateCheck.testRun | quote }}
+{{ $envPrefix }}_SCHEDULE: {{ .Values.docspell.joex.updateCheck.schedule | quote }}
+{{- if .Values.docspell.joex.updateCheck.senderAccount }}
+{{ $envPrefix }}_SENDER__ACOUNT: {{ .Values.docspell.joex.updateCheck.senderAccount }}
+{{ $envPrefix }}_SMTP__ID: {{ .Values.docspell.joex.updateCheck.smtpId }}
+{{- end }}
+{{- range $index, $recipient := .Values.docspell.joex.updateCheck.recipients }}
+{{ $envPrefix }}_RECIPIENTS_{{ $index }}: {{ $recipient }}
+{{- end }}
+{{ $envPrefix }}_SUBJECT: {{ .Values.docspell.joex.updateCheck.subject }}
+{{ $envPrefix }}_BODY: | {{ .Values.docspell.joex.updateCheck.body | nindent 4 }}
+{{- end -}}
+
+{{/*Convert Settings*/}}
+{{- define "docspell.joex.config.convert" -}}
+{{- $envPrefix := "DOCSPELL_JOEX_CONVERT" -}}
+{{ $envPrefix }}_HTML__CONVERTER: {{ .Values.docspell.joex.convert.htmlConverter }}
+{{- end -}}
+
+{{/*Full Text Search Settings*/}}
+{{- define "docspell.joex.config.fullTextSearch" -}}
+{{- if .Values.docspell.fullTextSearch.enabled -}}
+DOCSPELL_JOEX_FULL__TEXT__SEARCH_MIGRATION_INDEX__ALL__CHUNK: {{ .Values.docspell.joex.fullTextSearch.migration.indexAllChink | quote }}
+{{- end -}}
+{{- end -}}

kubernetes/helm/docspell/templates/joex/_helpers.tpl

@@ -0,0 +1,35 @@
+{{/*
+Common labels
+*/}}
+{{- define "joex.labels" -}}
+helm.sh/chart: {{ include "docspell.chart" . }}
+app: {{ include "docspell.name" . }}-joex
+{{ include "joex.selectorLabels" . }}
+app.kubernetes.io/version: {{ .Values.joex.image.tag | default .Chart.AppVersion | quote }}
+version: {{ .Values.joex.image.tag | default .Chart.AppVersion | quote }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "joex.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "docspell.name" . }}-joex
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create joex image name and tag used by the deployment
+*/}}
+{{- define "joex.image" -}}
+{{- $registry := .Values.global.imageRegistry | default .Values.joex.image.registry -}}
+{{- $repository := .Values.joex.image.repository -}}
+{{- $separator := ":" -}}
+{{- $tag := .Values.joex.image.tag | default .Chart.AppVersion -}}
+{{- if $registry -}}
+    {{- printf "%s/%s%s%s" $registry $repository $separator $tag -}}
+{{- else -}}
+    {{- printf "%s%s%s" $repository $separator $tag -}}
+{{- end -}}
+{{- end -}}
+

kubernetes/helm/docspell/templates/joex/config.yaml

@@ -0,0 +1,23 @@
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: {{ include "docspell.fullname" . }}-joex
+  labels:
+    {{- include "joex.labels" . | nindent 4 }}
+data:
+    DOCSPELL_JOEX_APP__ID: {{ include "docspell.joex.config.appId" . }}
+    DOCSPELL_JOEX_BASE__URL: {{ include "docspell.joex.config.baseUrl" . }}
+    {{- include "docspell.joex.config.bind" . | nindent 4 }}
+    {{- include "docspell.joex.config.logging" . | nindent 4 }}
+    DOCSPELL_JOEX_MAIL__DEBUG: {{ .Values.docspell.joex.mailDebug | quote }}
+    {{- include "docspell.joex.config.databaseSchema" . | nindent 4 }}
+    {{- include "docspell.joex.config.scheduler" . | nindent 4 }}
+    {{- include "docspell.joex.config.periodicScheduler" . | nindent 4 }}
+    {{- include "docspell.joex.config.userTasks" . | nindent 4 }}
+    {{- include "docspell.joex.config.houseKeeping" . | nindent 4 }}
+    {{- include "docspell.joex.config.updateCheck" . | nindent 4 }}
+    {{- include "docspell.joex.config.convert" . | nindent 4 }}
+    {{- if .Values.docspell.fullTextSearch.enabled -}}
+    {{- include "docspell.config.fullTextSearch" (dict "context" . "type" "joex") | nindent 4 }}
+    {{- include "docspell.joex.config.fullTextSearch" . | nindent 4}}
+    {{- end }}

kubernetes/helm/docspell/templates/joex/deployment.yaml

@@ -0,0 +1,60 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "docspell.fullname" . }}-joex
+  annotations:
+  {{- if .Values.joex.deployment.annotations }}
+  {{- toYaml .Values.joex.deployment.annotations | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "joex.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.joex.replicaCount }}
+  strategy:
+    type: {{ .Values.joex.strategy.type }}
+    {{- if eq .Values.joex.strategy.type "RollingUpdate" }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.joex.strategy.rollingUpdate.maxUnavailable }}
+      maxSurge: {{ .Values.joex.strategy.rollingUpdate.maxSurge }}
+    {{- end }}
+  selector:
+    matchLabels:
+      {{- include "joex.selectorLabels" . | nindent 6 }}
+      {{- if .Values.joex.deployment.labels }}
+      {{- toYaml .Values.joex.deployment.labels | nindent 6 }}
+      {{- end }}
+  template:
+    metadata:
+      annotations:
+        checksum/config: {{ include (print $.Template.BasePath "/joex/config.yaml") . | sha256sum }}
+        {{- with .Values.joex.podAnnotations }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+      labels:
+        {{- include "joex.labels" . | nindent 8 }}
+        {{- if .Values.joex.deployment.labels }}
+        {{- toYaml .Values.joex.deployment.labels | nindent 8 }}
+        {{- end }}
+    spec:
+      {{- if or .Values.serviceAccount.create .Values.serviceAccount.name }}
+      serviceAccountName: {{ include "docspell.serviceAccountName" . }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.joex.deployment.terminationGracePeriodSeconds }}
+      containers:
+        - name: joex
+          image: "{{ include "joex.image" . }}"
+          imagePullPolicy: {{ .Values.joex.image.pullPolicy }}
+          {{- with .Values.joex.additionalArgs }}
+          args:
+          {{- toYaml . | nindent 10 }}
+          {{- end }}
+          ports:
+          - containerPort: {{ .Values.joex.service.port }}
+            name: http
+          envFrom:
+          - configMapRef:
+              name: {{ include "docspell.fullname" . }}-joex
+          - secretRef:
+              name: {{ include "docspell.fullname" . }}-joex-secret
+          resources:
+            {{- toYaml .Values.joex.resources | nindent 12 }}

kubernetes/helm/docspell/templates/joex/secret.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "docspell.fullname" . }}-joex-secret
+  labels:
+    {{- include "joex.labels" . | nindent 4}}
+type: Opaque
+stringData:
+    {{- include "docspell.secrets.JDBC" (dict "context" . "type" "joex") | nindent 4 -}}

kubernetes/helm/docspell/templates/joex/service.yaml

@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "docspell.fullname" . }}-joex
+  labels:
+    {{- include "joex.labels" . | nindent 4 }}
+    {{- if .Values.joex.service.labels }}
+    {{- toYaml .Values.joex.serivce.labels | nindent 4 }}
+    {{- end }}
+  annotations:
+    {{- toYaml .Values.joex.service.annotations | nindent 4 }}
+spec:
+  type: {{ .Values.joex.service.type }}
+  ports:
+  - port: {{ .Values.joex.service.port }}
+    targetPort: {{ .Values.joex.service.targetPort | default .Values.joex.service.port }}
+    protocol: TCP
+    name: http
+  selector:
+    {{- include "joex.selectorLabels" . | nindent 6 -}}

kubernetes/helm/docspell/templates/restserver/_configs.tpl

@@ -0,0 +1,147 @@
+{{/*App ID*/}}
+{{- define "docspell.server.config.appId" -}}
+{{- $appId := .Values.docspell.server.appId | default (printf "%s-restserver" (include "docspell.fullname" .)) -}}
+{{- print $appId -}}
+{{- end -}}
+
+{{/*Logging Config*/}}
+{{- define "docspell.server.config.logging" -}}
+{{- $envPrefix := "DOCSPELL_SERVER_LOGGING" -}}
+{{ $envPrefix }}_FORMAT: {{ .Values.docspell.server.logging.format }}
+{{ $envPrefix }}_MINIMUM__LEVEL: {{ .Values.docspell.server.logging.minimumLevel }}
+{{- end -}}
+
+{{/*Bind Config*/}}
+{{- define "docspell.server.config.bind" -}}
+{{- if not (eq .Values.restserver.service.port .Values.docspell.server.bind.port) -}}
+{{- fail "The restserver and it's service don't have to use the same port, no connection will be possible." -}}
+{{- end -}}
+{{- $envPrefix := "DOCSPELL_SERVER_BIND" -}}
+{{ $envPrefix }}_ADDRESS: {{ .Values.docspell.server.bind.address | quote }}
+{{ $envPrefix }}_PORT: {{ .Values.docspell.server.bind.port | quote }}
+{{- end -}}
+
+{{/*Auth Config*/}}
+{{- define "docspell.server.config.auth" -}}
+{{- $envPrefix := "DOCSPELL_SERVER_AUTH" -}}
+{{ $envPrefix }}_SESSION__VALID: {{ .Values.docspell.server.auth.sessionValid | quote }}
+{{ $envPrefix }}_REMEMBER__ME_ENABLED: {{ .Values.docspell.server.auth.rememberMe.enabled | quote }}
+{{ $envPrefix }}_REMEMBER__ME_VALID: {{ .Values.docspell.server.auth.rememberMe.valid | quote }}
+{{ $envPrefix }}_ON__ACCOUNT__SOURCE__CONFLICT: {{ .Values.docspell.server.auth.onAccountSourceConflict }}
+{{- end -}}
+
+{{/*Auth Secrets*/}}
+{{- define "docspell.server.secrets.auth" -}}
+{{- with .Values.docspell.server.auth.serverSecret }}
+DOCSPELL_SERVER_AUTH_SERVER__SECRET: {{ . }}
+{{- end }}
+{{- end -}}
+
+{{/*Download Config*/}}
+{{- define "docspell.server.config.donwload" -}}
+{{- $envPrefix := "DOCSPELL_SERVER_DOWNLOAD__ALL" -}}
+{{ $envPrefix }}_MAX__FILES: {{ .Values.docspell.server.donwloadAll.maxFiles | quote }}
+{{ $envPrefix }}_MAX__SIZE: {{ .Values.docspell.server.donwloadAll.maxSize }}
+{{- end -}}
+
+{{/*OpenID Config*/}}
+{{- define "docspell.server.config.openid" -}}
+{{- $envPrefix := "DOCSPELL_SERVER_OPENID" -}}
+{{- range $index, $entry := .Values.docspell.server.openid -}}
+{{- if $entry.enabled -}}
+{{ $envPrefix }}_{{ $index }}_DISPLAY: {{ $entry.display }}
+{{ $envPrefix }}_{{ $index }}_ENABLED: {{ $entry.enabled | quote }}
+{{ $envPrefix }}_{{ $index }}_COLLECTIVE__KEY: {{ $entry.collectiveKey }}
+{{ $envPrefix }}_{{ $index }}_USER__KEY: {{ $entry.userKey }}
+{{- $envPrefix = printf "%s_%s_PROVIDER" $envPrefix ($index | toString) }}
+{{ $envPrefix }}_PROVIDER__ID: {{ $entry.provider.providerId }}
+{{ $envPrefix }}_SCOPE: {{ $entry.provider.scope }}
+{{ $envPrefix }}_AUTHORIZE__URL: {{ $entry.provider.authorizeUrl }}
+{{ $envPrefix }}_TOKEN__URL: {{ $entry.provider.tokenUrl }}
+{{- with $entry.provider.userUrl }}
+{{ $envPrefix }}_USER__URL: {{ . }}
+{{- end }}
+{{ $envPrefix }}_LOGOUT__URL: {{ $entry.provider.logoutUrl }}
+{{ $envPrefix }}_SIG__ALGO: {{ $entry.provider.sigAlgo }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*OpenID Secrets*/}}
+{{- define "docspell.server.secrets.openid" -}}
+{{- $envPrefix := "DOCSPELL_SERVER_OPENID" -}}
+{{- range $index, $entry := .Values.docspell.server.openid -}}
+{{- if $entry.enabled -}}
+{{- $envPrefix = printf "%s_%s_PROVIDER" $envPrefix ($index | toString) }}
+{{ $envPrefix }}_CLIENT__ID: {{ $entry.provider.clientId }}
+{{ $envPrefix }}_CLIENT__SECRET: {{ $entry.provider.clientSecret }}
+{{ $envPrefix }}_SIGN__KEY: {{ $entry.provider.signKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*Database Schema Settings*/}}
+{{- define "docspell.server.config.databaseSchema" -}}
+{{- $envPrefix := "DOCSPELL_SERVER_BACKEND_DATABASE__SCHEMA" -}}
+{{ $envPrefix }}_RUN__MAIN__MIGRATIONS: {{ .Values.docspell.server.backend.databaseSchema.runMainMigrations | quote }}
+{{ $envPrefix }}_RUN__FIXUP__MIGRATIONS: {{ .Values.docspell.server.backend.databaseSchema.runFixupMigrations | quote }}
+{{ $envPrefix }}_REPAIR__SCHEMA: {{ .Values.docspell.server.backend.databaseSchema.repairSchema | quote }}
+{{- end -}}
+
+{{/*Integration Endpoint Settings*/}}
+{{- define "docspell.server.config.integrationEndpoint" -}}
+{{- $envPrefix := "DOCSPELL_SERVER_INTEGRATION__ENDPOINT" -}}
+{{ $envPrefix }}_ENABLED: {{ .Values.docspell.server.integrationEndpoint.enabled | quote }}
+{{ $envPrefix }}_PRIORITY: {{ .Values.docspell.server.integrationEndpoint.priority }}
+{{ $envPrefix }}_SOURCE__NAME: {{ .Values.docspell.server.integrationEndpoint.sourceName }}
+{{- if .Values.docspell.server.integrationEndpoint.allowedIps.enabed }}
+{{ $envPrefix }}_ALLOWED__IPS_ENABLED: {{ .Values.docspell.server.integrationEndpoint.allowedIps.enabed }}
+{{- range $index, $ip := .Values.docspell.server.integrationEndpoint.allowedIps.ips }}
+{{ $envPrefix }}_ALLOWED__IPS_IPS_{{ $index}}: {{ $ip }}
+{{- end }}
+{{- end }}
+{{- if .Values.docspell.server.integrationEndpoint.httpBasic.enabled | quote }}
+{{ $envPrefix }}_HTTP__BASIC_ENABLED: {{ .Values.docspell.server.integrationEndpoint.httpBasic.enabled | quote }}
+{{- end }}
+{{- if .Values.docspell.server.integrationEndpoint.httpHeader.enabled | quote }}
+{{ $envPrefix }}_HTTP__HEADER_ENABLED: {{ .Values.docspell.server.integrationEndpoint.httpHeader.enabled | quote }}
+{{- end }}
+{{- end }}
+
+{{/*Integration Endpoint Secrets*/}}
+{{- define "docspell.server.secrets.integrationEndpoint" -}}
+{{- if .Values.docspell.server.integrationEndpoint.httpBasic.enabled | quote -}}
+{{- $envPrefix := "DOCSPELL_SERVER_INTEGRATION__ENDPOINT__HTTP__BASIC" -}}
+{{ $envPrefix}}_REALM: {{ .Values.docspell.server.integrationEndpoint.httpBasic.realm }}
+{{ $envPrefix}}_USER: {{ .Values.docspell.server.integrationEndpoint.httpBasic.user }}
+{{ $envPrefix}}_PASSWORD: {{ .Values.docspell.server.integrationEndpoint.httpBasic.password }}
+{{- end }}
+{{- if .Values.docspell.server.integrationEndpoint.httpHeader.enabled | quote -}}
+{{ $envPrefix := "DOCSPELL_SERVER_INTEGRATION__ENDPOINT__HTTP__HEADER" }}
+{{ $envPrefix }}_HEADER__NAME: {{ .Values.docspell.server.integrationEndpoint.httpHeader.headerName }}
+{{ $envPrefix }}_HEADER__VALUE: {{ .Values.docspell.server.integrationEndpoint.httpHeader.headerValue }}
+{{- end }}
+{{- end -}}
+
+{{/*Admin Endpoint Secrets*/}}
+{{- define "docspell.server.secrets.adminEndpoint" -}}
+{{- with .Values.docspell.server.adminEndpoint.secret }}
+DOCSPELL_SERVER_ADMIN__ENDPOINT_SECRET: {{ . }}
+{{- end }}
+{{- end -}}
+
+{{/*Signup Settings*/}}
+{{- define "docspell.server.config.signup" -}}
+{{- $envPrefix := "DOCSPELL_SERVER_BACKEND_SIGNUP" -}}
+{{ $envPrefix }}_MODE: {{ .Values.docspell.server.backend.signup.mode }}
+{{- if eq .Values.docspell.server.backend.signup.mode "invite" }}
+{{ $envPrefix }}_INVITE__TIME: {{ .Values.docspell.server.backend.signup.inviteTime }}
+{{- end -}}
+{{- end -}}
+
+{{/*Signup Secrets*/}}
+{{- define "docspell.server.secrets.signup" -}}
+{{- if eq .Values.docspell.server.backend.signup.mode "invite" }}
+DOCSPELL_SERVER_BACKEND_SIGNUP_NEW__INVITE__PASSWORD: {{ .Values.docspell.server.backend.signup.newInvitePassword }}
+{{- end -}}
+{{- end -}}

kubernetes/helm/docspell/templates/restserver/_helpers.tpl

@@ -0,0 +1,34 @@
+{{/*
+Common labels
+*/}}
+{{- define "restserver.labels" -}}
+helm.sh/chart: {{ include "docspell.chart" . }}
+app: {{ include "docspell.name" . }}-restserver
+{{ include "restserver.selectorLabels" . }}
+app.kubernetes.io/version: {{ .Values.restserver.image.tag | default .Chart.AppVersion | quote }}
+version: {{ .Values.restserver.image.tag | default .Chart.AppVersion | quote }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "restserver.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "docspell.name" . }}-restserver
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create restserver image name and tag used by the deployment
+*/}}
+{{- define "restserver.image" -}}
+{{- $registry := .Values.global.imageRegistry | default .Values.restserver.image.registry -}}
+{{- $repository := .Values.restserver.image.repository -}}
+{{- $separator := ":" -}}
+{{- $tag := .Values.restserver.image.tag | default .Chart.AppVersion -}}
+{{- if $registry -}}
+    {{- printf "%s/%s%s%s" $registry $repository $separator $tag -}}
+{{- else -}}
+    {{- printf "%s%s%s" $repository $separator $tag -}}
+{{- end -}}
+{{- end -}}

kubernetes/helm/docspell/templates/restserver/config.yaml

@@ -0,0 +1,27 @@
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: {{ include "docspell.fullname" . }}-restserver
+  labels:
+    {{- include "restserver.labels" . | nindent 4 }}
+data:
+    DOCSPELL_SERVER_APP__NAME: {{ .Values.docspell.server.appName }}
+    DOCSPELL_SERVER_APP__ID: {{ include "docspell.server.config.appId" . }}
+    DOCSPELL_SERVER_INTERNAL__URL: http://{{ include "docspell.fullname" . }}-restserver:{{ .Values.restserver.service.port }}
+    {{- include "docspell.server.config.logging" . | nindent 4 }}
+    {{- include "docspell.server.config.bind" . |nindent 4 }}
+    DOCSPELL_SERVER_MAX__ITEM__PAGE__SIZE: {{ .Values.docspell.server.maxItemPageSize | quote }}
+    DOCSPELL_SERVER_MAX__NOTE_LENGTH: {{ .Values.docspell.server.maxNoteLength | quote }}
+    DOCSPELL_SERVER_SHOW__CLASSIFICATION__SETTINGS: {{ .Values.docspell.server.showClassificationSettings | quote }}
+    {{- include "docspell.server.config.auth" . | nindent 4 }}
+    {{- include "docspell.server.config.donwload" . | nindent 4 }}
+    {{- include "docspell.server.config.openid" . | nindent 4 }}
+    {{- if .Values.docspell.server.integrationEndpoint.enabled -}}
+    {{- include "docspell.server.config.integrationEndpoint" . | nindent 4 }}
+    {{- end }}
+    {{- if .Values.docspell.fullTextSearch.enabled -}}
+    {{ include "docspell.config.fullTextSearch" (dict "context" . "type" "server") | nindent 4 }}
+    {{- end }}
+    DOCSPELL_SERVER_BACKEND_MAIL__DEBUG: {{ .Values.docspell.server.backend.mailDebug | quote }}
+    {{- include "docspell.server.config.databaseSchema" . | nindent 4 }}
+    {{- include "docspell.server.config.signup" . | nindent 4 }}

kubernetes/helm/docspell/templates/restserver/deployment.yaml

@@ -0,0 +1,56 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "docspell.fullname" . }}-restserver
+  annotations:
+  {{- if .Values.restserver.deployment.annotations }}
+  {{- toYaml .Values.restserver.deployment.annotations | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "restserver.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.restserver.replicaCount }}
+  strategy:
+    type: {{ .Values.restserver.strategy.type }}
+    {{- if eq .Values.restserver.strategy.type "RollingUpdate" }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.restserver.strategy.rollingUpdate.maxUnavailable }}
+      maxSurge: {{ .Values.restserver.strategy.rollingUpdate.maxSurge }}
+    {{- end }}
+  selector:
+    matchLabels:
+      {{- include "restserver.selectorLabels" . | nindent 6 }}
+      {{- if .Values.restserver.deployment.labels }}
+      {{- toYaml .Values.restserver.deployment.labels | nindent 6 }}
+      {{- end }}
+  template:
+    metadata:
+      annotations:
+        checksum/config: {{ include (print $.Template.BasePath "/restserver/config.yaml") . | sha256sum }}
+        {{- with .Values.restserver.podAnnotations }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+      labels:
+        {{- include "restserver.labels" . | nindent 8 }}
+        {{- if .Values.restserver.deployment.labels }}
+        {{- toYaml .Values.restserver.deployment.labels | nindent 8 }}
+        {{- end }}
+    spec:
+      {{- if (or .Values.serviceAccount.create .Values.serviceAccount.name) }}
+      serviceAccountName: {{ include "docspell.serviceAccountName" . }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.restserver.deployment.terminationGracePeriodSeconds }}
+      containers:
+        - name: restserver
+          image: "{{ include "restserver.image" . }}"
+          imagePullPolicy: {{ .Values.restserver.image.pullPolicy }}
+          ports:
+          - containerPort: {{ .Values.restserver.service.port }}
+            name: http
+          envFrom:
+          - configMapRef:
+              name: {{ include "docspell.fullname" . }}-restserver
+          - secretRef:
+              name: {{ include "docspell.fullname" . }}-restserver-secret
+          resources:
+            {{- toYaml .Values.restserver.resources | nindent 12 }}

kubernetes/helm/docspell/templates/restserver/secret.yaml

@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "docspell.fullname" . }}-restserver-secret
+  labels:
+    {{- include "restserver.labels" . | nindent 4 }}
+type: Opaque
+stringData:
+    assertions:
+      {{- if and (gt .Values.restserver.replicaCount 1.0) (not .Values.docspell.server.auth.serverSecret) -}}
+      {{- fail "If multiple replicas are running of the rest server, the server secret has to be fixed." -}}
+      {{- end -}}
+      {{- if and (eq .Values.docspell.server.backend.signup.mode "invite") (not .Values.docspell.server.backend.signup.newInvitePassword) -}}
+      {{- fail "Invite password has to be set, when using signup mode 'invite'" -}}
+      {{- end -}}
+    {{- include "docspell.server.secrets.auth" . | nindent 4 }}
+    {{- include "docspell.server.secrets.openid" . | nindent 4 }}
+    {{- include "docspell.server.secrets.integrationEndpoint" . | nindent 4 }}
+    {{- include "docspell.server.secrets.adminEndpoint" . | nindent 4 }}
+    {{- include "docspell.secrets.JDBC" (dict "context" . "type" "server") | nindent 4 -}}
+    {{- include "docspell.server.secrets.signup" . | nindent 4 -}}

kubernetes/helm/docspell/templates/restserver/service.yaml

@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "docspell.fullname" . }}-restserver
+  labels:
+    {{- include "restserver.labels" . | nindent 4 }}
+    {{- if .Values.restserver.service.labels }}
+    {{- toYaml .Values.restserver.serivce.labels | nindent 4 }}
+    {{- end }}
+  annotations:
+    {{- toYaml .Values.restserver.service.annotations | nindent 4 }}
+spec:
+  type: {{ .Values.restserver.service.type }}
+  ports:
+  - port: {{ .Values.restserver.service.port }}
+    targetPort: {{ .Values.restserver.service.targetPort | default .Values.restserver.service.port }}
+    protocol: TCP
+    name: http
+  selector:
+    {{- include "restserver.selectorLabels" . | nindent 6 -}}

kubernetes/helm/docspell/templates/serviceaccount.yaml

@@ -0,0 +1,20 @@
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+    name: {{ include "docspell.serviceAccountName" . }}
+    namespace: {{ .Release.Namespace | quote }}
+    labels:
+        {{- include "docspell.labels" . | nindent 4 }}
+        {{- with .Values.serviceAccount.labels }}
+        {{- . | toYaml | nindent 4 }}
+        {{- end }}
+        {{- with .Values.serviceAccount.annotations }}
+        {{- . | toYaml | nindent 4 }}
+        {{- end }}
+automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
+{{- with .Values.serviceAccount.imagePullSecrets }}
+imagePullSecrets:
+    {{- . | toYaml | nindent 2 }}
+{{- end }}
+{{- end }}

kubernetes/helm/docspell/templates/solr/_helpers.tpl

@@ -0,0 +1,53 @@
+{{/*
+Common labels
+*/}}
+{{- define "solr.labels" -}}
+helm.sh/chart: {{ include "docspell.chart" . }}
+app: {{ include "docspell.name" . }}-solr
+{{ include "solr.selectorLabels" . }}
+app.kubernetes.io/version: {{ .Values.solr.image.tag | quote }}
+version: {{ .Values.solr.image.tag | quote }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "solr.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "docspell.name" . }}-solr
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create solr image name and tag used by the deployment
+*/}}
+{{- define "solr.image" -}}
+{{- $registry := .Values.global.imageRegistry | default .Values.solr.image.registry -}}
+{{- $repository := .Values.solr.image.repository -}}
+{{- $separator := ":" -}}
+{{- $tag := .Values.solr.image.tag | default .Chart.AppVersion -}}
+{{- if $registry -}}
+    {{- printf "%s/%s%s%s" $registry $repository $separator $tag -}}
+{{- else -}}
+    {{- printf "%s%s%s" $repository $separator $tag -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Connection URL
+*/}}
+{{- define "solr.url" -}}
+{{- $port := .Values.solr.service.port | toString -}}
+{{- $service := printf "%s-solr" (include "docspell.fullname" .) -}}
+{{- printf "http://%s:%s/solr/docspell" $service $port -}}
+{{- end }}
+
+{{/*
+Storage Class
+*/}}
+{{- define "solr.persistence.storageClass" -}}
+{{- $storageClass := .Values.solr.persistence.storageClass | default .Values.global.storageClass -}}
+{{- if $storageClass -}}
+storageClassName: {{ $storageClass | quote }}
+{{- end -}}
+{{- end -}}

kubernetes/helm/docspell/templates/solr/pvc.yaml

@@ -0,0 +1,21 @@
+{{- if and .Values.solr.enabled .Values.solr.persistence.enabled -}}
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: {{ .Values.solr.persistence.claimName }}
+  namespace: {{ $.Release.Namespace }}
+  annotations:
+{{ .Values.solr.persistence.annotations | toYaml | indent 4}}
+spec:
+  accessModes:
+  {{- .Values.solr.persistence.accessModes | toYaml | nindent 4 }}
+  volumeMode: Filesystem
+  {{- include "solr.persistence.storageClass" . | nindent 2 }}
+  {{- with .Values.solr.persistence.volumeName }}
+  volumeName: {{ . }}
+  {{- end }}
+  resources:
+    requests:
+      storage: {{ .Values.solr.persistence.size }}
+{{- end }}
+

kubernetes/helm/docspell/templates/solr/service.yaml

@@ -0,0 +1,22 @@
+{{- if .Values.solr.enabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "docspell.fullname" . }}-solr
+  labels:
+    {{- include "solr.labels" . | nindent 4 }}
+    {{- if .Values.solr.service.labels }}
+    {{- toYaml .Values.solr.serivce.labels | nindent 4 }}
+    {{- end }}
+  annotations:
+    {{- toYaml .Values.solr.service.annotations | nindent 4 }}
+spec:
+  type: {{ .Values.solr.service.type }}
+  ports:
+  - port: {{ .Values.solr.service.port }}
+    targetPort: {{ .Values.solr.service.targetPort | default .Values.solr.service.port }}
+    protocol: TCP
+    name: solr
+  selector:
+    {{- include "solr.selectorLabels" . | nindent 4 }}
+{{- end -}}

kubernetes/helm/docspell/templates/solr/statefulset.yaml

@@ -0,0 +1,98 @@
+{{- if .Values.solr.enabled -}}
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ include "docspell.fullname" . }}-solr
+  annotations:
+  {{- if .Values.solr.statefulSet.annotations }}
+  {{- toYaml .Values.solr.statefulSet.annotations | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "solr.labels" . | nindent 4 }}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      {{- include "solr.selectorLabels" . | nindent 6 }}
+      {{- if .Values.solr.statefulSet.labels }}
+      {{- toYaml .Values.solr.statefulSet.labels | nindent 6 }}
+      {{- end }}
+  serviceName: {{ include "docspell.fullname" . }}-solr
+  template:
+    metadata:
+      annotations:
+        {{- with .Values.solr.podAnnotations }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+      labels:
+        {{- include "solr.labels" . | nindent 8 }}
+        {{- if .Values.solr.statefulSet.labels }}
+        {{- toYaml .Values.solr.statefulSet.labels | nindent 8 }}
+        {{- end }}
+        app: solr
+    spec:
+      {{- if (or .Values.serviceAccount.create .Values.serviceAccount.name) }}
+      serviceAccontName: {{ include "docspell.serviceAccountName" . }}
+      {{- end }}
+      initContainers:
+        - name: solr-fix-permissions
+          image: busybox
+          command:
+            - sh
+            - -c
+            - chown -R 8983:8983 /var/solr
+          volumeMounts:
+            - name: solr-data
+              mountPath: /var/solr
+          resources:
+            {{- toYaml .Values.solr.initContainers.resources | nindent 12 }}
+      terminationGracePeriodSeconds: {{ .Values.solr.statefulSet.terminationGracePeriodSeconds }}
+      containers:
+      - name: solr
+        image: "{{ include "solr.image" . }}"
+        imagePullPolicy: {{ .Values.solr.image.pullPolicy }}
+        env:
+          - name: SOLR_OPTS
+            value: -Dsolr.modules=analysis-extras
+        command:
+        - docker-entrypoint.sh
+        - solr-precreate
+        - docspell
+        ports:
+        - containerPort: {{ .Values.solr.service.port }}
+          name: solr
+        {{- if .Values.solr.livenessProbe.enabled }}
+        livenessProbe:
+          {{- toYaml (omit .Values.solr.livenessProbe "enabled") | nindent 10 }}
+        {{- end }}
+        {{- if .Values.solr.readinessProbe.enabled }}
+        readinessProbe:
+          {{- toYaml (omit .Values.solr.readinessProbe "enabled") | nindent 10 }}
+        {{- end }}
+        resources:
+          {{- toYaml .Values.solr.resources | nindent 10 }}
+        volumeMounts:
+        - name: solr-data
+          mountPath: /var/solr
+      {{- with .Values.global.hostAliases }}
+      hostAliases:
+      {{- toYaml . | nindent 6 }}
+      {{- with .Values.solr.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 6 }}
+      {{- end }}
+      {{- with .Values.solr.affinity }}
+      affinity:
+        {{- toYaml . | nindent 6 }}
+      {{- end }}
+      {{- end }}
+      volumes:
+      {{- if .Values.solr.persistence.enabled }}
+      - name: solr-data
+        persistentVolumeClaim:
+          claimName: {{ .Values.solr.persistence.claimName }}
+      {{- else if not .Values.solr.persistence.enabled }}
+      - name: solr-data
+        emptyDir: {}
+      {{- end }}
+{{- end -}}