imfreedom/k8s-cluster

Update imfreedom/www-tls to include xmpp and conference SAN's, update the prosody ingress and deployment to use the www-tls secret, and add some additional nginx config make it work better with prosody

2020-01-07, Gary Kramlich
872c8e29e434
Parents c220246c9b2f
Children 432803c955ec
Update imfreedom/www-tls to include xmpp and conference SAN's, update the prosody ingress and deployment to use the www-tls secret, and add some additional nginx config make it work better with prosody
2 files changed, 10 insertions(+), 18 deletions(-)
  • +2 -0
    50-imfreedom.org.yaml
  • +8 -18
    50-xmpp.imfreedom.org.yaml
    • --- a/50-imfreedom.org.yaml Tue Jan 07 06:00:23 2020 -0600
    +++ b/50-imfreedom.org.yaml Tue Jan 07 06:01:41 2020 -0600
    @@ -59,6 +59,8 @@
    dnsNames:
    - imfreedom.org
    - www.imfreedom.org
    + - xmpp.imfreedom.org
    + - conference.imfreedom.org
    ---
    apiVersion: apps/v1
    kind: Deployment
    --- a/50-xmpp.imfreedom.org.yaml Tue Jan 07 06:00:23 2020 -0600
    +++ b/50-xmpp.imfreedom.org.yaml Tue Jan 07 06:01:41 2020 -0600
    @@ -10,6 +10,10 @@
    cert-manager.io/issuer: letsencrypt
    nginx.ingress.kubernetes.io/configuration-snippet: |
    more_set_headers "X-Frame-Options: SAMEORIGIN";
    + proxy_set_header Host $host;
    + proxy_set_header X-Forwarded-For $remote_addr;
    + proxy_buffering off;
    + tcp_nodelay on;
    labels:
    app: prosody
    role: app
    @@ -26,21 +30,7 @@
    - hosts:
    - xmpp.imfreedom.org
    - conference.imfreedom.org
    - secretName: prosody-tls-imfreedom
    ----
    -apiVersion: cert-manager.io/v1alpha2
    -kind: Certificate
    -metadata:
    - namespace: imfreedom
    - name: prosody
    -spec:
    - secretName: prosody-tls-imfreedom
    - issuerRef:
    - name: letsencrypt
    - commonName: xmpp.imfreedom.org
    - dnsNames:
    - - xmpp.imfreedom.org
    - - conference.imfreedom.org
    + secretName: www-tls
    ---
    apiVersion: v1
    kind: Service
    @@ -165,7 +155,7 @@
    name: config
    readOnly: true
    - mountPath: /etc/prosody/certs/imfreedom/
    - name: tls-imfreedom
    + name: www-tls
    readOnly: true
    securityContext:
    fsGroup: 101
    @@ -180,9 +170,9 @@
    - name: config
    configMap:
    name: prosody-config
    - - name: tls-imfreedom
    + - name: www-tls
    secret:
    - secretName: prosody-tls-imfreedom
    + secretName: www-tls
    ---
    apiVersion: v1
    kind: PersistentVolumeClaim