imfreedom/k8s-cluster

Add the new public xmpp instance

2021-03-06, Gary Kramlich
e766aad2a431
Parents 23220f00a680
Children 59cedaf28647
Add the new public xmpp instance
2 files changed, 78 insertions(+), 0 deletions(-)
  • +56 -0
    50-pidginchat.com.yaml
  • +22 -0
    50-xmpp.imfreedom.org.yaml
    • --- /dev/null Thu Jan 01 00:00:00 1970 +0000
    +++ b/50-pidginchat.com.yaml Sat Mar 06 23:02:24 2021 -0600
    @@ -0,0 +1,56 @@
    +# This is just the http and https ingresses for pidginchat.com and the tls
    +# certificate. The rest of the xmpp configuration is in the vhost for this
    +# domain in 50-xmpp.imfreedom.org.
    +---
    +apiVersion: traefik.containo.us/v1alpha1
    +kind: IngressRoute
    +metadata:
    + name: pidginchat-http
    + namespace: roost
    +spec:
    + entryPoints:
    + - http
    + routes:
    + - match: Host(`pidginchat.com`) || Host(`www.pidginchat.com`)
    + kind: Rule
    + services:
    + - name: prosody
    + port: 5280
    + middlewares:
    + - name: https-redirect
    +---
    +apiVersion: traefik.containo.us/v1alpha1
    +kind: IngressRoute
    +metadata:
    + name: pidginchat-https
    + namespace: roost
    +spec:
    + entryPoints:
    + - https
    + routes:
    + - match: Host(`pidginchat.com`) || Host(`www.pidginchat.com`)
    + kind: Rule
    + services:
    + - name: prosody
    + port: 5280
    + middlewares:
    + - name: common-headers
    + - name: hsts-headers
    + tls:
    + secretName: pidginchat-tls
    +---
    +apiVersion: cert-manager.io/v1alpha2
    +kind: Certificate
    +metadata:
    + namespace: roost
    + name: pidginchat-tls
    +spec:
    + secretName: pidginchat-tls
    + issuerRef:
    + name: letsencrypt
    + commonName: pidginchat.com
    + dnsNames:
    + - pidginchat.com
    + - www.pidginchat.com
    +---
    +
    --- a/50-xmpp.imfreedom.org.yaml Tue Feb 23 00:59:20 2021 -0600
    +++ b/50-xmpp.imfreedom.org.yaml Sat Mar 06 23:02:24 2021 -0600
    @@ -224,6 +224,22 @@
    http_external_url = "https://xmpp.pidgin.im/"
    http_host = "xmpp.pidgin.im"
    modules_enabled = {"bosh"}
    + pidginchat.com.cfg.lua: |
    + VirtualHost "pidginchat.com"
    + modules_disabled = {"s2s"}
    + certificate = "pidginchat/tls.crt"
    + jetbrains_hub_groups = { "pidginchat.com XMPP" }
    + http_host = "pidginchat.com"
    + http_interfaces = {"*"}
    + http_external_url = "https://pidginchat.com/"
    + ssl = {
    + certificate = "certs/pidginchat/tls.crt";
    + key = "certs/pidginchat/tls.key";
    + }
    + Component "pidginchat.com" "http"
    + http_external_url = "https://pidginchat.com/"
    + http_host = "pidginchat.com"
    + modules_enabled = {"bosh"}
    ---
    apiVersion: policy/v1beta1
    kind: PodDisruptionBudget
    @@ -298,6 +314,9 @@
    - mountPath: /etc/prosody/certs/pidgin/
    name: pidgin-tls
    readOnly: true
    + - mountPath: /etc/prosody/certs/pidginchat/
    + name: pidginchat-tls
    + readOnly: true
    securityContext:
    fsGroup: 101
    runAsUser: 101
    @@ -317,6 +336,9 @@
    - name: pidgin-tls
    secret:
    secretName: pidgin-tls
    + - name: pidginchat-tls
    + secret:
    + secretName: pidginchat-tls
    ---
    apiVersion: v1
    kind: PersistentVolumeClaim