imfreedom/k8s-cluster
Clone
Summary
Browse
Changes
Graph
Update the tagpull annotation
2020-07-05, Gary Kramlich
a91e6a08df4b
Update the tagpull annotation
# Prosody is an xmpp server. This manifest creates a deployment for it. It
# handles virtualhosts for adium.im, imfreedom.org, as well as pidgin.im.
---
apiVersion
:
traefik.containo.us/v1alpha1
kind
:
IngressRoute
metadata
:
name
:
xmpp-imfreedom-http
namespace
:
roost
spec
:
entryPoints
:
-
http
routes
:
-
match
:
Host(`xmpp.imfreedom.org`) || Host(`conference.imfreedom.org`)
kind
:
Rule
services
:
-
name
:
prosody
port
:
5280
middlewares
:
-
name
:
https-redirect
---
apiVersion
:
traefik.containo.us/v1alpha1
kind
:
IngressRoute
metadata
:
name
:
xmpp-imfreedom
namespace
:
roost
spec
:
entryPoints
:
-
https
routes
:
-
match
:
Host(`xmpp.imfreedom.org`) || Host(`conference.imfreedom.org`)
kind
:
Rule
services
:
-
name
:
prosody
port
:
5280
tls
:
secretName
:
imfreedom-tls
options
:
name
:
default
namespace
:
kube-public
---
apiVersion
:
traefik.containo.us/v1alpha1
kind
:
IngressRoute
metadata
:
name
:
xmpp-pidgin-http
namespace
:
roost
spec
:
entryPoints
:
-
http
routes
:
-
match
:
Host(`xmpp.pidgin.im`) || Host(`conference.pidgin.im`)
kind
:
Rule
services
:
-
name
:
prosody
port
:
5280
middlewares
:
-
name
:
https-redirect
---
apiVersion
:
traefik.containo.us/v1alpha1
kind
:
IngressRoute
metadata
:
name
:
xmpp-pidgin
namespace
:
roost
spec
:
entryPoints
:
-
https
routes
:
-
match
:
Host(`xmpp.pidgin.im`) || Host(`conference.pidgin.im`)
kind
:
Rule
services
:
-
name
:
prosody
port
:
5280
tls
:
secretName
:
nest-tls
---
apiVersion
:
traefik.containo.us/v1alpha1
kind
:
IngressRouteTCP
metadata
:
name
:
prosody-c2s
namespace
:
roost
spec
:
entryPoints
:
-
xmpp-c2s
routes
:
-
match
:
HostSNI(`*`)
kind
:
Rule
services
:
-
name
:
prosody
port
:
5222
---
apiVersion
:
traefik.containo.us/v1alpha1
kind
:
IngressRouteTCP
metadata
:
name
:
prosody-s2s
namespace
:
roost
spec
:
entryPoints
:
-
xmpp-s2s
routes
:
-
match
:
HostSNI(`*`)
kind
:
Rule
services
:
-
name
:
prosody
port
:
5269
---
apiVersion
:
v1
kind
:
Service
metadata
:
namespace
:
roost
labels
:
app
:
prosody
role
:
app
name
:
prosody
spec
:
ports
:
-
name
:
c2s
port
:
5222
protocol
:
TCP
-
name
:
s2s
port
:
5269
protocol
:
TCP
-
name
:
http
port
:
5280
protocol
:
TCP
-
name
:
https
port
:
5281
protocol
:
TCP
selector
:
app
:
prosody
role
:
app
---
apiVersion
:
networking.k8s.io/v1
kind
:
NetworkPolicy
metadata
:
namespace
:
roost
name
:
prosody
labels
:
app
:
prosody
role
:
app
spec
:
podSelector
:
matchLabels
:
app
:
prosody
role
:
app
ingress
:
-
from
:
-
namespaceSelector
:
matchLabels
:
name
:
kube-public
podSelector
:
matchLabels
:
app
:
traefik
role
:
controller
ports
:
-
port
:
5222
protocol
:
TCP
-
port
:
5269
protocol
:
TCP
-
port
:
5280
protocol
:
TCP
-
from
:
-
namespaceSelector
:
matchLabels
:
name
:
monitoring
podSelector
:
matchLabels
:
app
:
prometheus
prometheus
:
k8s
ports
:
-
port
:
5281
protocol
:
TCP
---
apiVersion
:
v1
kind
:
ConfigMap
metadata
:
name
:
prosody-config
namespace
:
roost
data
:
imfreedom.cfg.lua
:
|
VirtualHost "imfreedom.org"
modules_enabled = {"prometheus"}
certificate = "imfreedom/tls.crt"
jetbrains_hub_groups = { "IMF Board Member", "IMF Officer", "IMF XMPP" }
http_host = "xmpp.imfreedom.org"
http_interfaces = {"*"}
http_external_url = "https://xmpp.imfreedom.org/"
ssl = {
certificate = "certs/imfreedom/tls.crt";
key = "certs/imfreedom/tls.key";
}
Component "conference.imfreedom.org" "muc"
name = "Instant Messaging Freedom MUC"
modules_enabled = { "muc_mam" }
http_host = "conference.imfreedom.org"
http_external_url = "https://conference.imfreedom.org/"
ssl = {
certificate = "certs/imfreedom/tls.crt";
key = "certs/imfreedom/tls.key";
}
restrict_room_creation = "local"
Component "xmpp.imfreedom.org" "http"
http_external_url = "https://xmpp.imfreedom.org/"
http_host = "xmpp.imfreedom.org"
modules_enabled = {"bosh"}
pidgin.cfg.lua
:
|
VirtualHost "pidgin.im"
modules_enabled = {"prometheus"}
certificate = "pidgin/tls.crt"
jetbrains_hub_groups = { "Pidgin Admin", "Pidgin Contributor", "Pidgin XMPP" }
http_host = "xmpp.pidgin.im"
http_interfaces = {"*"}
http_external_url = "https://xmpp.pidgin.im/"
ssl = {
certificate = "certs/pidgin/tls.crt";
key = "certs/pidgin/tls.key";
}
Component "conference.pidgin.im" "muc"
name = "Pidgin Internet Messaging MUC"
modules_enabled = { "muc_mam" }
http_host = "conference.pidgin.im"
http_external_url = "https://conference.pidgin.im/"
ssl = {
certificate = "certs/pidgin/tls.crt";
key = "certs/pidgin/tls.key";
}
restrict_room_creation = "local"
Component "xmpp.pidgin.im" "http"
http_external_url = "https://xmpp.pidgin.im/"
http_host = "xmpp.pidgin.im"
modules_enabled = {"bosh"}
---
apiVersion
:
apps/v1
kind
:
Deployment
metadata
:
namespace
:
roost
name
:
prosody
labels
:
app
:
prosody
role
:
app
spec
:
replicas
:
1
selector
:
matchLabels
:
app
:
prosody
role
:
app
strategy
:
type
:
Recreate
template
:
metadata
:
labels
:
app
:
prosody
role
:
app
spec
:
containers
:
-
name
:
prosody
image
:
docker.io/rwgrim/prosody:latest
imagePullPolicy
:
Always
ports
:
-
containerPort
:
5222
name
:
c2s
-
containerPort
:
5269
name
:
s2s
-
containerPort
:
5280
name
:
http
-
containerPort
:
5281
name
:
https
-
containerPort
:
5582
name
:
telnet
resources
:
limits
:
cpu
:
100m
memory
:
128Mi
requests
:
cpu
:
50m
memory
:
64Mi
volumeMounts
:
-
mountPath
:
/var/lib/prosody
name
:
homedir
readOnly
:
false
subPath
:
home
-
mountPath
:
/etc/prosody/secrets.d/
name
:
secrets
readOnly
:
true
-
mountPath
:
/etc/prosody/conf.d/
name
:
config
readOnly
:
true
-
mountPath
:
/etc/prosody/certs/imfreedom/
name
:
imfreedom-tls
readOnly
:
true
-
mountPath
:
/etc/prosody/certs/pidgin/
name
:
pidgin-tls
readOnly
:
true
securityContext
:
fsGroup
:
101
runAsUser
:
101
volumes
:
-
name
:
homedir
persistentVolumeClaim
:
claimName
:
prosody
-
name
:
secrets
secret
:
secretName
:
prosody
-
name
:
config
configMap
:
name
:
prosody-config
-
name
:
imfreedom-tls
secret
:
secretName
:
imfreedom-tls
-
name
:
pidgin-tls
secret
:
secretName
:
nest-tls
---
apiVersion
:
v1
kind
:
PersistentVolumeClaim
metadata
:
namespace
:
roost
name
:
prosody
labels
:
app
:
prosody
role
:
app
spec
:
accessModes
:
-
ReadWriteOnce
resources
:
requests
:
storage
:
2Gi
volumeName
:
pvc-415a206e-5484-4cf0-a655-908d18339f62
---
apiVersion
:
monitoring.coreos.com/v1
kind
:
ServiceMonitor
metadata
:
namespace
:
roost
name
:
prosody
labels
:
app
:
prosody
spec
:
selector
:
matchLabels
:
app
:
prosody
endpoints
:
-
port
:
https
interval
:
15s
---