imfreedom/k8s-cluster
Clone
Summary
Browse
Changes
Graph
Move the xmpp hosts to the main ingress so the cert is created properly, also tweak a few more things in the prosody config.
2020-01-27, Gary Kramlich
6b927366e97d
Move the xmpp hosts to the main ingress so the cert is created properly, also tweak a few more things in the prosody config.
---
apiVersion
:
extensions/v1beta1
kind
:
Ingress
metadata
:
namespace
:
imfreedom
name
:
keep
annotations
:
cert-manager.io/issuer
:
letsencrypt
nginx.ingress.kubernetes.io/configuration-snippet
:
|
more_set_headers "X-Frame-Options: SAMEORIGIN";
labels
:
app
:
keep
spec
:
rules
:
-
host
:
keep.imfreedom.org
http
:
paths
:
-
backend
:
serviceName
:
keep-http
servicePort
:
8080
path
:
/
tls
:
-
hosts
:
-
keep.imfreedom.org
secretName
:
keep-tls
---
apiVersion
:
v1
kind
:
Service
metadata
:
namespace
:
imfreedom
labels
:
app
:
hgkeeper
name
:
keep-http
spec
:
ports
:
-
port
:
8080
protocol
:
TCP
selector
:
app
:
hgkeeper
---
apiVersion
:
v1
kind
:
Service
metadata
:
namespace
:
imfreedom
labels
:
app
:
hgkeeper
name
:
keep
spec
:
ports
:
-
port
:
22222
protocol
:
TCP
selector
:
app
:
hgkeeper
---
apiVersion
:
v1
kind
:
ConfigMap
metadata
:
name
:
keep-configmap
namespace
:
imfreedom
data
:
admin-pubkey
:
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP/mCAuMfKq4ukgGufiERyddsPIj2/KNXzB+gDTjHBGl grim@spectre
---
apiVersion
:
networking.k8s.io/v1
kind
:
NetworkPolicy
metadata
:
namespace
:
imfreedom
name
:
keep
labels
:
app
:
hgkeeper
spec
:
podSelector
:
matchLabels
:
app
:
hgkeeper
ingress
:
-
from
:
-
namespaceSelector
:
matchLabels
:
name
:
kube-public
podSelector
:
matchLabels
:
app
:
ingress
role
:
controller
ports
:
-
port
:
8080
protocol
:
TCP
-
port
:
22222
protocol
:
TCP
---
apiVersion
:
apps/v1
kind
:
Deployment
metadata
:
namespace
:
imfreedom
name
:
keep
labels
:
app
:
hgkeeper
spec
:
replicas
:
1
selector
:
matchLabels
:
app
:
hgkeeper
strategy
:
type
:
Recreate
template
:
metadata
:
labels
:
app
:
hgkeeper
spec
:
initContainers
:
-
name
:
setup
image
:
docker.io/rwgrim/hgkeeper:latest
imagePullPolicy
:
Always
command
:
[
"sh"
,
"-c"
,
"test
-d
/repos/hgkeeper
||
hgkeeper
setup"
]
env
:
-
name
:
HGK_ADMIN_USERNAME
value
:
grim
-
name
:
HGK_ADMIN_PUBKEY
value
:
/config/admin-pubkey
-
name
:
HGK_REPOS_PATH
value
:
/repos
volumeMounts
:
-
mountPath
:
/repos
name
:
keep
readOnly
:
false
subPath
:
repos
-
mountPath
:
/config
name
:
keep-configmap
readOnly
:
true
containers
:
-
name
:
hgkeeper
image
:
docker.io/rwgrim/hgkeeper:latest
imagePullPolicy
:
Always
command
:
[
"hgkeeper"
,
"serve"
]
env
:
-
name
:
TMPDIR
value
:
/tmp
-
name
:
HGK_REPOS_PATH
value
:
/repos
-
name
:
HGK_SSH_HOST_KEYS_PATH
value
:
/host-keys
ports
:
-
containerPort
:
8080
-
containerPort
:
22222
resources
:
limits
:
cpu
:
1000m
memory
:
512Mi
requests
:
cpu
:
500m
memory
:
128Mi
volumeMounts
:
-
mountPath
:
/repos
name
:
keep
readOnly
:
false
subPath
:
repos
-
mountPath
:
/host-keys
name
:
keep-ssh-host-keys
readOnly
:
true
-
mountPath
:
/tmp
name
:
keep-tmp
readOnly
:
false
securityContext
:
fsGroup
:
22271
runAsUser
:
22271
volumes
:
-
name
:
keep
persistentVolumeClaim
:
claimName
:
keep
-
name
:
keep-configmap
configMap
:
name
:
keep-configmap
-
name
:
keep-ssh-host-keys
secret
:
secretName
:
keep
-
name
:
keep-tmp
emptyDir
:
{}
---
apiVersion
:
v1
kind
:
PersistentVolumeClaim
metadata
:
namespace
:
imfreedom
name
:
keep
labels
:
app
:
hgkeeper
spec
:
accessModes
:
-
ReadWriteOnce
resources
:
requests
:
storage
:
30Gi
---