imfreedom/k8s-cluster

Move the xmpp hosts to the main ingress so the cert is created properly, also tweak a few more things in the prosody config.

2020-01-27, Gary Kramlich
6b927366e97d
Move the xmpp hosts to the main ingress so the cert is created properly, also tweak a few more things in the prosody config.
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
namespace: reaperworld
name: www
annotations:
cert-manager.io/issuer: letsencrypt
nginx.ingress.kubernetes.io/configuration-snippet: |
more_set_headers "X-Frame-Options: SAMEORIGIN";
labels:
app: www
spec:
rules:
- host: reaperworld.com
http:
paths:
- backend:
serviceName: www
servicePort: 3000
path: /
- host: www.reaperworld.com
http:
paths:
- backend:
serviceName: www
servicePort: 3000
path: /
tls:
- hosts:
- reaperworld.com
- www.reaperworld.com
secretName: www-tls
---
apiVersion: v1
kind: Service
metadata:
namespace: reaperworld
name: www
labels:
app: www
spec:
ports:
- port: 3000
protocol: TCP
selector:
app: www
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
namespace: reaperworld
name: www
labels:
app: www
spec:
podSelector:
matchLabels:
app: www
ingress:
- from:
- namespaceSelector:
matchLabels:
name: kube-public
podSelector:
matchLabels:
app: ingress
role: controller
ports:
- port: 3000
protocol: TCP
---
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: reaperworld
name: www
labels:
app: www
spec:
replicas: 2
selector:
matchLabels:
app: www
template:
metadata:
labels:
app: www
annotations:
tagops/autoupdate: 15m
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: app
operator: In
values:
- www
topologyKey: failure-domain.beta.kubernetes.io/region
weight: 100
containers:
- name: www
image: rwgrim/www.reaperworld.com
imagePullPolicy: Always
ports:
- containerPort: 3000
resources:
limits:
cpu: 50m
memory: 96Mi
requests:
cpu: 10m
memory: 64Mi
---