imfreedom/k8s-cluster

Add the deployment for lists.imfreedom.org.

17 months ago, Gary Kramlich
22ca0a0280d4
Add the deployment for lists.imfreedom.org.

This is currently running at liststest.imfreedom.org until we are actually ready
to migrate the production stuff.
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: xmpp-imfreedom-http
spec:
entryPoints:
- http
routes:
- match: Host(`xmpp.imfreedom.org`) || Host(`conference.imfreedom.org`)
kind: Rule
services:
- name: prosody
port: 5280
middlewares:
- name: https-redirect
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: xmpp-imfreedom
spec:
entryPoints:
- https
routes:
- match: Host(`xmpp.imfreedom.org`) || Host(`conference.imfreedom.org`)
kind: Rule
services:
- name: prosody
port: 5280
tls:
secretName: imfreedom-tls
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: xmpp-pidgin-http
spec:
entryPoints:
- http
routes:
- match: Host(`xmpp.pidgin.im`) || Host(`conference.pidgin.im`)
kind: Rule
services:
- name: prosody
port: 5280
middlewares:
- name: https-redirect
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: xmpp-pidgin
spec:
entryPoints:
- https
routes:
- match: Host(`xmpp.pidgin.im`) || Host(`conference.pidgin.im`)
kind: Rule
services:
- name: prosody
port: 5280
tls:
secretName: pidgin-tls
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteTCP
metadata:
name: prosody-c2s
spec:
entryPoints:
- xmpp-c2s
routes:
- match: HostSNI(`*`)
kind: Rule
services:
- name: prosody
port: 5222
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteTCP
metadata:
name: prosody-s2s
spec:
entryPoints:
- xmpp-s2s
routes:
- match: HostSNI(`*`)
kind: Rule
services:
- name: prosody
port: 5269
---
apiVersion: v1
kind: Service
metadata:
labels:
app: prosody
role: app
name: prosody
spec:
ports:
- name: c2s
port: 5222
protocol: TCP
- name: s2s
port: 5269
protocol: TCP
- name: http
port: 5280
protocol: TCP
- name: https
port: 5281
protocol: TCP
selector:
app: prosody
role: app
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: prosody
labels:
app: prosody
role: app
spec:
podSelector:
matchLabels:
app: prosody
role: app
ingress:
- from:
- namespaceSelector:
matchLabels:
name: kube-public
podSelector:
matchLabels:
app: traefik
role: controller
ports:
- port: 5222
protocol: TCP
- port: 5269
protocol: TCP
- port: 5280
protocol: TCP
- from:
- namespaceSelector:
matchLabels:
name: monitoring
podSelector:
matchLabels:
app: prometheus
ports:
- port: 5280
protocol: TCP
---
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: prosody
spec:
maxUnavailable: 1
selector:
matchLabels:
app: prosody
role: app
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: prosody
labels:
app: prosody
role: app
spec:
replicas: 1
revisionHistoryLimit: 1
selector:
matchLabels:
app: prosody
role: app
strategy:
type: Recreate
template:
metadata:
labels:
app: prosody
role: app
spec:
containers:
- name: prosody
image: docker.io/rwgrim/prosody:latest
imagePullPolicy: Always
ports:
- containerPort: 5222
name: c2s
- containerPort: 5269
name: s2s
- containerPort: 5280
name: http
- containerPort: 5281
name: https
- containerPort: 5582
name: telnet
resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 50m
memory: 64Mi
volumeMounts:
- mountPath: /var/lib/prosody
name: homedir
readOnly: false
subPath: home
- mountPath: /etc/prosody/secrets.d/
name: secrets
readOnly: true
- mountPath: /etc/prosody/conf.d/
name: config
readOnly: true
- mountPath: /etc/prosody/certs/imfreedom/
name: imfreedom-tls
readOnly: true
- mountPath: /etc/prosody/certs/pidgin/
name: pidgin-tls
readOnly: true
- mountPath: /etc/prosody/certs/pidginchat/
name: pidginchat-tls
readOnly: true
securityContext:
fsGroup: 101
runAsUser: 101
volumes:
- name: homedir
persistentVolumeClaim:
claimName: prosody
- name: secrets
secret:
secretName: prosody
- name: config
configMap:
name: prosody-config
- name: imfreedom-tls
secret:
secretName: imfreedom-tls
- name: pidgin-tls
secret:
secretName: pidgin-tls
- name: pidginchat-tls
secret:
secretName: pidginchat-tls
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: prosody
labels:
app: prosody
role: app
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi
volumeName: pvc-415a206e-5484-4cf0-a655-908d18339f62
---
apiVersion: gemini.fairwinds.com/v1beta1
kind: SnapshotGroup
metadata:
name: prosody
spec:
persistentVolumeClaim:
claimName: prosody
schedule:
- every: 12 hours
keep: 2
---