HGKeeper

imfreedom/k8s-cluster

Update the allowed groups for pidgin.im xmpp

19 months ago, Gary Kramlich

f3fdd3dab6c1

Update the allowed groups for pidgin.im xmpp

Apparently groups don't matter for the group or in values in hub queries, but
the project name does? I dunno, but this seems to work fine.

---

apiVersion: traefik.containo.us/v1alpha1

kind: Middleware

metadata:

name: common-headers

spec:

headers:

customResponseHeaders:

X-Frame-Options: SAMEORIGIN

---

apiVersion: traefik.containo.us/v1alpha1

kind: Middleware

metadata:

name: https-redirect

spec:

redirectScheme:

scheme: https

permanent: true

---

apiVersion: traefik.containo.us/v1alpha1

kind: Middleware

metadata:

name: hsts-headers

spec:

headers:

stsSeconds: 31536000

---

apiVersion: traefik.containo.us/v1alpha1

kind: IngressRoute

metadata:

name: www-http

spec:

entryPoints:

- http

routes:

- match: Host(`reaperworld.com`) || Host(`www.reaperworld.com`)

kind: Rule

services:

- name: www

port: 3000

middlewares:

- name: https-redirect

---

apiVersion: traefik.containo.us/v1alpha1

kind: IngressRoute

metadata:

name: www

spec:

entryPoints:

- https

routes:

- match: Host(`reaperworld.com`) || Host(`www.reaperworld.com`)

kind: Rule

services:

- name: www

port: 3000

middlewares:

- name: common-headers

- name: hsts-headers

tls:

secretName: www-tls

---

apiVersion: cert-manager.io/v1

kind: Certificate

metadata:

name: www-tls

spec:

secretName: www-tls

issuerRef:

name: letsencrypt

commonName: reaperworld.com

dnsNames:

- reaperworld.com

- www.reaperworld.com

---

apiVersion: v1

kind: Service

metadata:

name: www

labels:

app: www

spec:

ports:

- port: 3000

protocol: TCP

selector:

app: www

---

apiVersion: networking.k8s.io/v1

kind: NetworkPolicy

metadata:

name: www

labels:

app: www

spec:

podSelector:

matchLabels:

app: www

ingress:

- from:

- namespaceSelector:

matchLabels:

name: kube-public

podSelector:

matchLabels:

app: traefik

role: controller

ports:

- port: 3000

protocol: TCP

---

apiVersion: policy/v1

kind: PodDisruptionBudget

metadata:

name: www

spec:

minAvailable: 1

selector:

matchLabels:

app: www

---

apiVersion: apps/v1

kind: Deployment

metadata:

name: www

labels:

app: www

keel.sh/policy: force

keel.sh/trigger: poll

annotations:

keel.sh/pollSchedule: "@every 10m"

spec:

replicas: 2

revisionHistoryLimit: 0

selector:

matchLabels:

app: www

template:

metadata:

labels:

app: www

spec:

affinity:

podAntiAffinity:

preferredDuringSchedulingIgnoredDuringExecution:

- podAffinityTerm:

labelSelector:

matchExpressions:

- key: app

operator: In

values:

- www

topologyKey: failure-domain.beta.kubernetes.io/region

weight: 100

containers:

- name: www

image: rwgrim/www.reaperworld.com:latest

imagePullPolicy: Always

ports:

- containerPort: 3000

resources:

limits:

cpu: 50m

memory: 96Mi

requests:

cpu: 10m

memory: 64Mi

---