imfreedom/k8s-cluster

Finally add the prosody manifest

2019-11-24, Gary Kramlich
cb90f35605e5
Parents 190e9257dad3
Children 602f15d61173
Finally add the prosody manifest
2 files changed, 225 insertions(+), 0 deletions(-)
  • +213 -0
    50-xmpp.imfreedom.org.yaml
  • +12 -0
    90-ingress.yaml
    • --- /dev/null Thu Jan 01 00:00:00 1970 +0000
    +++ b/50-xmpp.imfreedom.org.yaml Sun Nov 24 00:26:46 2019 -0600
    @@ -0,0 +1,213 @@
    +# Prosody is an xmpp server. This manifest creates a deployment for it. It
    +# handles virtualhosts for adium.im, imfreedom.org, as well as pidgin.im.
    +---
    +apiVersion: extensions/v1beta1
    +kind: Ingress
    +metadata:
    + namespace: imfreedom
    + name: prosody
    + annotations:
    + certmanager.k8s.io/issuer: letsencrypt
    + nginx.ingress.kubernetes.io/configuration-snippet: |
    + more_set_headers "X-Frame-Options: SAMEORIGIN";
    + labels:
    + app: prosody
    + role: app
    +spec:
    + rules:
    + - host: xmpp.imfreedom.org
    + http:
    + paths:
    + - backend:
    + serviceName: prosody
    + servicePort: 5280
    + path: /
    + tls:
    + - hosts:
    + - xmpp.imfreedom.org
    + - conference.imfreedom.org
    + secretName: prosody-tls-imfreedom
    +---
    +apiVersion: certmanager.k8s.io/v1alpha1
    +kind: Certificate
    +metadata:
    + namespace: imfreedom
    + name: prosody
    +spec:
    + secretName: prosody-tls-imfreedom
    + issuerRef:
    + name: letsencrypt
    + commonName: xmpp.imfreedom.org
    + dnsNames:
    + - xmpp.imfreedom.org
    + - conference.imfreedom.org
    + acme:
    + config:
    + - http01:
    + ingress: prosody
    + domains:
    + - xmpp.imfreedom.org
    + - conference.imfreedom.org
    +---
    +apiVersion: v1
    +kind: Service
    +metadata:
    + namespace: imfreedom
    + labels:
    + app: prosody
    + role: app
    + name: prosody
    +spec:
    + ports:
    + - name: c2s
    + port: 5222
    + protocol: TCP
    + - name: s2s
    + port: 5269
    + protocol: TCP
    + - name: http
    + port: 5280
    + protocol: TCP
    + selector:
    + app: prosody
    + role: app
    +---
    +apiVersion: networking.k8s.io/v1
    +kind: NetworkPolicy
    +metadata:
    + namespace: imfreedom
    + name: prosody
    + labels:
    + app: prosody
    + role: app
    +spec:
    + podSelector:
    + matchLabels:
    + app: prosody
    + role: app
    + ingress:
    + - from:
    + - namespaceSelector:
    + matchLabels:
    + name: kube-public
    + podSelector:
    + matchLabels:
    + app: ingress
    + role: controller
    + ports:
    + - port: 5222
    + protocol: TCP
    + - port: 5269
    + protocol: TCP
    + - port: 5280
    + protocol: TCP
    +---
    +apiVersion: v1
    +kind: ConfigMap
    +metadata:
    + name: prosody-config
    + namespace: imfreedom
    +data:
    + imfreedom.cfg.lua: |
    + VirtualHost "imfreedom.org"
    + certificate = "imfreedom/tls.crt"
    +
    + jetbrains_hub_groups = { "IMF Board Member", "IMF Officer" }
    +
    + http_host = "xmpp.imfreedom.org"
    + http_external_url = "https://xmpp.imfreedom.org/"
    +
    + ssl = {
    + certificate = "certs/imfreedom/tls.crt";
    + key = "certs/imfreedom/tls.key";
    + }
    +
    + Component "conference.imfreedom.org" "muc"
    + ssl = {
    + certificate = "certs/imfreedom/tls.crt";
    + key = "certs/imfreedom/tls.key";
    + }
    +---
    +apiVersion: apps/v1
    +kind: Deployment
    +metadata:
    + namespace: imfreedom
    + name: prosody
    + labels:
    + app: prosody
    + role: app
    +spec:
    + replicas: 1
    + selector:
    + matchLabels:
    + app: prosody
    + role: app
    + strategy:
    + type: Recreate
    + template:
    + metadata:
    + labels:
    + app: prosody
    + role: app
    + spec:
    + containers:
    + - name: prosody
    + image: docker.io/rwgrim/prosody:latest
    + ports:
    + - containerPort: 5222
    + - containerPort: 5269
    + - containerPort: 5280
    + resources:
    + limits:
    + cpu: 100m
    + memory: 128Mi
    + requests:
    + cpu: 50m
    + memory: 64Mi
    + volumeMounts:
    + - mountPath: /var/lib/prosody
    + name: homedir
    + readOnly: false
    + subPath: home
    + - mountPath: /etc/prosody/secrets.d/
    + name: secrets
    + readOnly: true
    + - mountPath: /etc/prosody/conf.d/
    + name: config
    + readOnly: true
    + - mountPath: /etc/prosody/certs/imfreedom/
    + name: tls-imfreedom
    + readOnly: true
    + securityContext:
    + fsGroup: 101
    + runAsUser: 101
    + volumes:
    + - name: homedir
    + persistentVolumeClaim:
    + claimName: prosody
    + - name: secrets
    + secret:
    + secretName: prosody
    + - name: config
    + configMap:
    + name: prosody-config
    + - name: tls-imfreedom
    + secret:
    + secretName: prosody-tls-imfreedom
    +---
    +apiVersion: v1
    +kind: PersistentVolumeClaim
    +metadata:
    + namespace: imfreedom
    + name: prosody
    + labels:
    + app: prosody
    + role: app
    +spec:
    + accessModes:
    + - ReadWriteOnce
    + resources:
    + requests:
    + storage: 2Gi
    +---
    +
    --- a/90-ingress.yaml Sun Nov 17 03:15:32 2019 -0600
    +++ b/90-ingress.yaml Sun Nov 24 00:26:46 2019 -0600
    @@ -22,6 +22,8 @@
    role: controller
    data:
    22: imfreedom/keep:22222
    + 5222: imfreedom/prosody:5222
    + 5269: imfreedom/prosody:5269
    54663: pidgin/bamboo-agent:54663
    ---
    apiVersion: v1
    @@ -248,6 +250,10 @@
    containerPort: 80
    - name: https
    containerPort: 443
    + - name: xmpp-c2s
    + containerPort: 5222
    + - name: xmpp-s2s
    + containerPort: 5269
    - name: bamboo-agent
    containerPort: 54663
    livenessProbe:
    @@ -293,6 +299,12 @@
    - name: https
    port: 443
    targetPort: https
    + - name: xmpp-c2s
    + port: 5222
    + targetPort: xmpp-c2s
    + - name: xmpp-s2s
    + port: 5269
    + targetPort: xmpp-s2s
    - name: bamboo-agent
    port: 54663
    targetPort: bamboo-agent