imfreedom/k8s-cluster
Clone
Summary
Browse
Changes
Graph
make traefik our first port as that's what's going to be used for health checks on the load balancer and there's multiple pods for it
2021-06-17, Gary Kramlich
68bfde843f14
make traefik our first port as that's what's going to be used for health checks on the load balancer and there's multiple pods for it
# Prosody is an xmpp server. This manifest creates a deployment for it. It
# handles virtualhosts for adium.im, imfreedom.org, as well as pidgin.im.
---
apiVersion
:
traefik.containo.us/v1alpha1
kind
:
IngressRoute
metadata
:
name
:
xmpp-imfreedom-http
namespace
:
roost
spec
:
entryPoints
:
-
http
routes
:
-
match
:
Host(`xmpp.imfreedom.org`) || Host(`conference.imfreedom.org`)
kind
:
Rule
services
:
-
name
:
prosody
port
:
5280
middlewares
:
-
name
:
https-redirect
---
apiVersion
:
traefik.containo.us/v1alpha1
kind
:
IngressRoute
metadata
:
name
:
xmpp-imfreedom
namespace
:
roost
spec
:
entryPoints
:
-
https
routes
:
-
match
:
Host(`xmpp.imfreedom.org`) || Host(`conference.imfreedom.org`)
kind
:
Rule
services
:
-
name
:
prosody
port
:
5280
tls
:
secretName
:
imfreedom-tls
---
apiVersion
:
traefik.containo.us/v1alpha1
kind
:
IngressRoute
metadata
:
name
:
xmpp-pidgin-http
namespace
:
roost
spec
:
entryPoints
:
-
http
routes
:
-
match
:
Host(`xmpp.pidgin.im`) || Host(`conference.pidgin.im`)
kind
:
Rule
services
:
-
name
:
prosody
port
:
5280
middlewares
:
-
name
:
https-redirect
---
apiVersion
:
traefik.containo.us/v1alpha1
kind
:
IngressRoute
metadata
:
name
:
xmpp-pidgin
namespace
:
roost
spec
:
entryPoints
:
-
https
routes
:
-
match
:
Host(`xmpp.pidgin.im`) || Host(`conference.pidgin.im`)
kind
:
Rule
services
:
-
name
:
prosody
port
:
5280
tls
:
secretName
:
pidgin-tls
---
apiVersion
:
traefik.containo.us/v1alpha1
kind
:
IngressRouteTCP
metadata
:
name
:
prosody-c2s
namespace
:
roost
spec
:
entryPoints
:
-
xmpp-c2s
routes
:
-
match
:
HostSNI(`*`)
kind
:
Rule
services
:
-
name
:
prosody
port
:
5222
---
apiVersion
:
traefik.containo.us/v1alpha1
kind
:
IngressRouteTCP
metadata
:
name
:
prosody-s2s
namespace
:
roost
spec
:
entryPoints
:
-
xmpp-s2s
routes
:
-
match
:
HostSNI(`*`)
kind
:
Rule
services
:
-
name
:
prosody
port
:
5269
---
apiVersion
:
v1
kind
:
Service
metadata
:
namespace
:
roost
labels
:
app
:
prosody
role
:
app
name
:
prosody
spec
:
ports
:
-
name
:
c2s
port
:
5222
protocol
:
TCP
-
name
:
s2s
port
:
5269
protocol
:
TCP
-
name
:
http
port
:
5280
protocol
:
TCP
-
name
:
https
port
:
5281
protocol
:
TCP
selector
:
app
:
prosody
role
:
app
---
apiVersion
:
networking.k8s.io/v1
kind
:
NetworkPolicy
metadata
:
namespace
:
roost
name
:
prosody
labels
:
app
:
prosody
role
:
app
spec
:
podSelector
:
matchLabels
:
app
:
prosody
role
:
app
ingress
:
-
from
:
-
namespaceSelector
:
matchLabels
:
name
:
kube-public
podSelector
:
matchLabels
:
app
:
traefik
role
:
controller
ports
:
-
port
:
5222
protocol
:
TCP
-
port
:
5269
protocol
:
TCP
-
port
:
5280
protocol
:
TCP
-
from
:
-
namespaceSelector
:
matchLabels
:
name
:
monitoring
podSelector
:
matchLabels
:
app
:
prometheus
ports
:
-
port
:
5280
protocol
:
TCP
---
apiVersion
:
v1
kind
:
ConfigMap
metadata
:
name
:
prosody-config
namespace
:
roost
data
:
imfreedom.cfg.lua
:
|
VirtualHost "imfreedom.org"
certificate = "imfreedom/tls.crt"
jetbrains_hub_groups = { "IMF Board Member", "IMF Officer", "IMF XMPP" }
http_host = "xmpp.imfreedom.org"
http_interfaces = {"*"}
http_external_url = "https://xmpp.imfreedom.org/"
ssl = {
certificate = "certs/imfreedom/tls.crt";
key = "certs/imfreedom/tls.key";
}
Component "conference.imfreedom.org" "muc"
name = "Instant Messaging Freedom MUC"
modules_enabled = { "muc_badge", "muc_mam", "muc_mam_hints", "muc_moderation", "muc_occupant_id", "vcard_muc" }
http_host = "conference.imfreedom.org"
http_external_url = "https://conference.imfreedom.org/"
ssl = {
certificate = "certs/imfreedom/tls.crt";
key = "certs/imfreedom/tls.key";
}
restrict_room_creation = "local"
Component "xmpp.imfreedom.org" "http"
http_external_url = "https://xmpp.imfreedom.org/"
http_host = "xmpp.imfreedom.org"
modules_enabled = {"bosh"}
pidgin.cfg.lua
:
|
VirtualHost "pidgin.im"
certificate = "pidgin/tls.crt"
jetbrains_hub_groups = { "Pidgin Admin", "Pidgin Contributor", "Pidgin XMPP" }
http_host = "xmpp.pidgin.im"
http_interfaces = {"*"}
http_external_url = "https://xmpp.pidgin.im/"
ssl = {
certificate = "certs/pidgin/tls.crt";
key = "certs/pidgin/tls.key";
}
Component "conference.pidgin.im" "muc"
name = "Pidgin Internet Messaging MUC"
modules_enabled = { "muc_badge", "muc_mam", "muc_mam_hints", "muc_moderation", "muc_occupant_id", "vcard_muc" }
http_host = "conference.pidgin.im"
http_external_url = "https://conference.pidgin.im/"
ssl = {
certificate = "certs/pidgin/tls.crt";
key = "certs/pidgin/tls.key";
}
restrict_room_creation = "local"
Component "xmpp.pidgin.im" "http"
http_external_url = "https://xmpp.pidgin.im/"
http_host = "xmpp.pidgin.im"
modules_enabled = {"bosh"}
pidginchat.com.cfg.lua
:
|
VirtualHost "pidginchat.com"
modules_disabled = {"s2s"}
certificate = "pidginchat/tls.crt"
jetbrains_hub_groups = { "pidginchat.com XMPP" }
http_host = "pidginchat.com"
http_interfaces = {"*"}
http_external_url = "https://pidginchat.com/"
ssl = {
certificate = "certs/pidginchat/tls.crt";
key = "certs/pidginchat/tls.key";
}
---
apiVersion
:
policy/v1beta1
kind
:
PodDisruptionBudget
metadata
:
namespace
:
roost
name
:
prosody
spec
:
maxUnavailable
:
1
selector
:
matchLabels
:
app
:
prosody
role
:
app
---
apiVersion
:
apps/v1
kind
:
Deployment
metadata
:
namespace
:
roost
name
:
prosody
labels
:
app
:
prosody
role
:
app
spec
:
replicas
:
1
selector
:
matchLabels
:
app
:
prosody
role
:
app
strategy
:
type
:
Recreate
template
:
metadata
:
labels
:
app
:
prosody
role
:
app
spec
:
containers
:
-
name
:
prosody
image
:
docker.io/rwgrim/prosody:latest
imagePullPolicy
:
Always
ports
:
-
containerPort
:
5222
name
:
c2s
-
containerPort
:
5269
name
:
s2s
-
containerPort
:
5280
name
:
http
-
containerPort
:
5281
name
:
https
-
containerPort
:
5582
name
:
telnet
resources
:
limits
:
cpu
:
100m
memory
:
128Mi
requests
:
cpu
:
50m
memory
:
64Mi
volumeMounts
:
-
mountPath
:
/var/lib/prosody
name
:
homedir
readOnly
:
false
subPath
:
home
-
mountPath
:
/etc/prosody/secrets.d/
name
:
secrets
readOnly
:
true
-
mountPath
:
/etc/prosody/conf.d/
name
:
config
readOnly
:
true
-
mountPath
:
/etc/prosody/certs/imfreedom/
name
:
imfreedom-tls
readOnly
:
true
-
mountPath
:
/etc/prosody/certs/pidgin/
name
:
pidgin-tls
readOnly
:
true
-
mountPath
:
/etc/prosody/certs/pidginchat/
name
:
pidginchat-tls
readOnly
:
true
securityContext
:
fsGroup
:
101
runAsUser
:
101
volumes
:
-
name
:
homedir
persistentVolumeClaim
:
claimName
:
prosody
-
name
:
secrets
secret
:
secretName
:
prosody
-
name
:
config
configMap
:
name
:
prosody-config
-
name
:
imfreedom-tls
secret
:
secretName
:
imfreedom-tls
-
name
:
pidgin-tls
secret
:
secretName
:
pidgin-tls
-
name
:
pidginchat-tls
secret
:
secretName
:
pidginchat-tls
---
apiVersion
:
v1
kind
:
PersistentVolumeClaim
metadata
:
namespace
:
roost
name
:
prosody
labels
:
app
:
prosody
role
:
app
spec
:
accessModes
:
-
ReadWriteOnce
resources
:
requests
:
storage
:
2Gi
volumeName
:
pvc-415a206e-5484-4cf0-a655-908d18339f62
---
apiVersion
:
gemini.fairwinds.com/v1beta1
kind
:
SnapshotGroup
metadata
:
namespace
:
roost
name
:
prosody
spec
:
persistentVolumeClaim
:
claimName
:
prosody
schedule
:
-
every
:
12 hours
keep
:
2
---
apiVersion
:
monitoring.coreos.com/v1
kind
:
ServiceMonitor
metadata
:
namespace
:
roost
name
:
prosody
labels
:
app
:
prosody
spec
:
selector
:
matchLabels
:
app
:
prosody
endpoints
:
-
port
:
https
interval
:
15s
---
apiVersion
:
monitoring.coreos.com/v1
kind
:
ServiceMonitor
metadata
:
namespace
:
roost
name
:
prosody
labels
:
app
:
prosody
prometheus
:
cluster-wide
spec
:
selector
:
matchLabels
:
app
:
prosody
endpoints
:
-
port
:
http
interval
:
15s
---