imfreedom/k8s-cluster
Clone
Summary
Browse
Changes
Graph
Ignore client closed connections in nginx that's reverse proxying for reviewboard
16 months ago, Gary Kramlich
6eb43a49ff31
Ignore client closed connections in nginx that's reverse proxying for reviewboard
There was a reason I needed to do this a while ago, but I don't recall what it
was and I didn't commit it back then, but it _was_ necessary.
# hub is a deployment of jetbrains hub software which we use for a centralized
# authentication platform.
---
apiVersion
:
traefik.containo.us/v1alpha1
kind
:
IngressRoute
metadata
:
name
:
hub-http
spec
:
entryPoints
:
-
http
routes
:
-
match
:
Host(`hub.imfreedom.org`)
kind
:
Rule
services
:
-
name
:
hub
port
:
8080
middlewares
:
-
name
:
https-redirect
---
apiVersion
:
traefik.containo.us/v1alpha1
kind
:
IngressRoute
metadata
:
name
:
hub
spec
:
entryPoints
:
-
https
routes
:
-
match
:
Host(`hub.imfreedom.org`)
kind
:
Rule
services
:
-
name
:
hub
port
:
8080
middlewares
:
-
name
:
common-headers
-
name
:
hsts-headers
-
match
:
Host(`hub.imfreedom.org`) && PathPrefix(`/kludge`)
kind
:
Rule
services
:
-
name
:
oauth-kludge
port
:
8080
middlewares
:
-
name
:
common-headers
-
name
:
hsts-headers
tls
:
secretName
:
hub-tls
---
apiVersion
:
cert-manager.io/v1
kind
:
Certificate
metadata
:
name
:
hub-tls
spec
:
secretName
:
hub-tls
issuerRef
:
name
:
letsencrypt
commonName
:
hub.imfreedom.org
dnsNames
:
-
hub.imfreedom.org
---
apiVersion
:
v1
kind
:
Service
metadata
:
labels
:
app
:
hub
name
:
hub
spec
:
ports
:
-
port
:
8080
protocol
:
TCP
selector
:
app
:
hub
---
apiVersion
:
networking.k8s.io/v1
kind
:
NetworkPolicy
metadata
:
name
:
hub
labels
:
app
:
hub
spec
:
podSelector
:
matchLabels
:
app
:
hub
ingress
:
-
from
:
-
namespaceSelector
:
matchLabels
:
name
:
kube-public
podSelector
:
matchLabels
:
app
:
traefik
role
:
controller
ports
:
-
port
:
8080
protocol
:
TCP
---
apiVersion
:
apps/v1
kind
:
Deployment
metadata
:
name
:
hub
labels
:
app
:
hub
spec
:
replicas
:
1
revisionHistoryLimit
:
1
selector
:
matchLabels
:
app
:
hub
strategy
:
type
:
Recreate
template
:
metadata
:
labels
:
app
:
hub
spec
:
initContainers
:
-
name
:
configure
image
:
docker.io/jetbrains/hub:2022.3.15181
command
:
-
/run.sh
-
configure
-
-J-Dlog4j2.formatMsgNoLookups=true
volumeMounts
:
-
mountPath
:
/opt/hub/data/
name
:
hub
readOnly
:
false
subPath
:
data
-
mountPath
:
/opt/hub/conf/
name
:
hub
readOnly
:
false
subPath
:
conf
-
mountPath
:
/opt/hub/logs/
name
:
hub
readOnly
:
false
subPath
:
logs
-
mountPath
:
/opt/hub/backups/
name
:
hub
readOnly
:
false
subPath
:
backups
containers
:
-
name
:
hub
image
:
docker.io/jetbrains/hub:2022.3.15181
ports
:
-
containerPort
:
8080
resources
:
limits
:
cpu
:
250m
memory
:
1024Mi
requests
:
cpu
:
100m
memory
:
512Mi
volumeMounts
:
-
mountPath
:
/opt/hub/data/
name
:
hub
readOnly
:
false
subPath
:
data
-
mountPath
:
/opt/hub/conf/
name
:
hub
readOnly
:
false
subPath
:
conf
-
mountPath
:
/opt/hub/logs/
name
:
hub
readOnly
:
false
subPath
:
logs
-
mountPath
:
/opt/hub/backups/
name
:
hub
readOnly
:
false
subPath
:
backups
securityContext
:
fsGroup
:
13001
runAsUser
:
13001
volumes
:
-
name
:
hub
persistentVolumeClaim
:
claimName
:
hub
---
apiVersion
:
v1
kind
:
PersistentVolumeClaim
metadata
:
name
:
hub
labels
:
app
:
hub
spec
:
accessModes
:
-
ReadWriteOnce
resources
:
requests
:
storage
:
1Gi
---
apiVersion
:
gemini.fairwinds.com/v1beta1
kind
:
SnapshotGroup
metadata
:
name
:
hub
spec
:
persistentVolumeClaim
:
claimName
:
hub
schedule
:
-
every
:
12 hours
keep
:
2
---
apiVersion
:
v1
kind
:
Service
metadata
:
labels
:
app
:
oauth-kludge
name
:
oauth-kludge
spec
:
ports
:
-
port
:
8080
protocol
:
TCP
selector
:
app
:
oauth-kludge
---
apiVersion
:
networking.k8s.io/v1
kind
:
NetworkPolicy
metadata
:
name
:
oauth-kludge
labels
:
app
:
oauth-kludge
spec
:
podSelector
:
matchLabels
:
app
:
oauth-kludge
ingress
:
-
from
:
-
namespaceSelector
:
matchLabels
:
name
:
kube-public
podSelector
:
matchLabels
:
app
:
traefik
role
:
controller
ports
:
-
port
:
8080
protocol
:
TCP
---
apiVersion
:
apps/v1
kind
:
Deployment
metadata
:
name
:
oauth-kludge
labels
:
app
:
oauth-kludge
spec
:
replicas
:
1
selector
:
matchLabels
:
app
:
oauth-kludge
template
:
metadata
:
labels
:
app
:
oauth-kludge
spec
:
containers
:
-
name
:
oauth-kludge
image
:
docker.io/rwgrim/oauth-kludge:latest
imagePullPolicy
:
Always
env
:
-
name
:
OAUTH_KLUDGE_SCOPE
value
:
0-0-0-0-0
-
name
:
OAUTH_KLUDGE_TOKEN_ENDPOINT
value
:
https://hub.imfreedom.org/hub/api/rest/oauth2/token
ports
:
-
containerPort
:
8080
resources
:
limits
:
cpu
:
50m
memory
:
64Mi
requests
:
cpu
:
10m
memory
:
32Mi
---