imfreedom/k8s-cluster
Clone
Summary
Browse
Changes
Graph
Redirect some stuff that pidgin links to. Fixes NEST-21
2020-01-21, Gary Kramlich
ad9548cab441
Redirect some stuff that pidgin links to. Fixes NEST-21
# Prosody is an xmpp server. This manifest creates a deployment for it. It
# handles virtualhosts for adium.im, imfreedom.org, as well as pidgin.im.
---
apiVersion
:
extensions/v1beta1
kind
:
Ingress
metadata
:
namespace
:
imfreedom
name
:
prosody
annotations
:
cert-manager.io/issuer
:
letsencrypt
nginx.ingress.kubernetes.io/configuration-snippet
:
|
more_set_headers "X-Frame-Options: SAMEORIGIN";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
# proxy_buffering off;
tcp_nodelay on;
labels
:
app
:
prosody
role
:
app
spec
:
rules
:
-
host
:
xmpp.imfreedom.org
http
:
paths
:
-
backend
:
serviceName
:
prosody
servicePort
:
5280
path
:
/
tls
:
-
hosts
:
-
xmpp.imfreedom.org
-
conference.imfreedom.org
secretName
:
www-tls
---
apiVersion
:
v1
kind
:
Service
metadata
:
namespace
:
imfreedom
labels
:
app
:
prosody
role
:
app
name
:
prosody
spec
:
ports
:
-
name
:
c2s
port
:
5222
protocol
:
TCP
-
name
:
s2s
port
:
5269
protocol
:
TCP
-
name
:
http
port
:
5280
protocol
:
TCP
-
name
:
https
port
:
5281
protocol
:
TCP
selector
:
app
:
prosody
role
:
app
---
apiVersion
:
networking.k8s.io/v1
kind
:
NetworkPolicy
metadata
:
namespace
:
imfreedom
name
:
prosody
labels
:
app
:
prosody
role
:
app
spec
:
podSelector
:
matchLabels
:
app
:
prosody
role
:
app
ingress
:
-
from
:
-
namespaceSelector
:
matchLabels
:
name
:
kube-public
podSelector
:
matchLabels
:
app
:
ingress
role
:
controller
ports
:
-
port
:
5222
protocol
:
TCP
-
port
:
5269
protocol
:
TCP
-
port
:
5280
protocol
:
TCP
-
from
:
-
namespaceSelector
:
matchLabels
:
name
:
monitoring
podSelector
:
matchLabels
:
app
:
prometheus
prometheus
:
k8s
ports
:
-
port
:
5281
protocol
:
TCP
---
apiVersion
:
v1
kind
:
ConfigMap
metadata
:
name
:
prosody-config
namespace
:
imfreedom
data
:
imfreedom.cfg.lua
:
|
VirtualHost "imfreedom.org"
certificate = "imfreedom/tls.crt"
jetbrains_hub_groups = { "IMF Board Member", "IMF Officer" }
http_host = "xmpp.imfreedom.org"
http_interfaces = {"*"}
http_external_url = "https://xmpp.imfreedom.org/"
ssl = {
certificate = "certs/imfreedom/tls.crt";
key = "certs/imfreedom/tls.key";
}
disco_items = {
{ "conference.imfreedom.org", "Instant Messaging Freedom MUC" };
}
Component "conference.imfreedom.org" "muc"
ssl = {
certificate = "certs/imfreedom/tls.crt";
key = "certs/imfreedom/tls.key";
}
restrict_room_creation = "local"
Component "xmpp.imfreedom.org" "http"
modules_enabled = {"bosh", "prometheus"}
---
apiVersion
:
apps/v1
kind
:
Deployment
metadata
:
namespace
:
imfreedom
name
:
prosody
labels
:
app
:
prosody
role
:
app
spec
:
replicas
:
1
selector
:
matchLabels
:
app
:
prosody
role
:
app
strategy
:
type
:
Recreate
template
:
metadata
:
labels
:
app
:
prosody
role
:
app
spec
:
containers
:
-
name
:
prosody
image
:
docker.io/rwgrim/prosody:latest
imagePullPolicy
:
Always
ports
:
-
containerPort
:
5222
name
:
c2s
-
containerPort
:
5269
name
:
s2s
-
containerPort
:
5280
name
:
http
-
containerPort
:
5281
name
:
https
-
containerPort
:
5582
name
:
telnet
resources
:
limits
:
cpu
:
100m
memory
:
128Mi
requests
:
cpu
:
50m
memory
:
64Mi
volumeMounts
:
-
mountPath
:
/var/lib/prosody
name
:
homedir
readOnly
:
false
subPath
:
home
-
mountPath
:
/etc/prosody/secrets.d/
name
:
secrets
readOnly
:
true
-
mountPath
:
/etc/prosody/conf.d/
name
:
config
readOnly
:
true
-
mountPath
:
/etc/prosody/certs/imfreedom/
name
:
www-tls
readOnly
:
true
securityContext
:
fsGroup
:
101
runAsUser
:
101
volumes
:
-
name
:
homedir
persistentVolumeClaim
:
claimName
:
prosody
-
name
:
secrets
secret
:
secretName
:
prosody
-
name
:
config
configMap
:
name
:
prosody-config
-
name
:
www-tls
secret
:
secretName
:
www-tls
---
apiVersion
:
v1
kind
:
PersistentVolumeClaim
metadata
:
namespace
:
imfreedom
name
:
prosody
labels
:
app
:
prosody
role
:
app
spec
:
accessModes
:
-
ReadWriteOnce
resources
:
requests
:
storage
:
2Gi
---
apiVersion
:
monitoring.coreos.com/v1
kind
:
ServiceMonitor
metadata
:
namespace
:
imfreedom
name
:
prosody
labels
:
app
:
prosody
spec
:
selector
:
matchLabels
:
app
:
prosody
endpoints
:
-
port
:
https
interval
:
15s
---