diff --git a/apps/etherpadlite-ssl/etherpad/settings.json b/apps/etherpadlite-ssl/etherpad/settings.json index d876d4a..816c7de 100644 --- a/apps/etherpadlite-ssl/etherpad/settings.json +++ b/apps/etherpadlite-ssl/etherpad/settings.json @@ -143,12 +143,10 @@ * that the Etherpad server can access them */ - /* "ssl" : { - "key" : "/etc/letsencrypt/live/{{ .Release.Name }}-{{ .Values.serviceName }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}/privkey.pem", - "cert" : "/etc/letsencrypt/live/{{ .Release.Name }}-{{ .Values.serviceName }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}/fullchain.pem" + "key" : "/etc/letsencrypt/live/{{ tpl .Values.fqdn . }}/privkey.pem", + "cert" : "/etc/letsencrypt/live/{{ tpl .Values.fqdn . }}/fullchain.pem" }, - */ /* * The type of the database. diff --git a/apps/etherpadlite-ssl/templates/deployment.yaml b/apps/etherpadlite-ssl/templates/deployment.yaml index f9e6ceb..3df7296 100644 --- a/apps/etherpadlite-ssl/templates/deployment.yaml +++ b/apps/etherpadlite-ssl/templates/deployment.yaml @@ -2,18 +2,25 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ .Release.Name }}-https + name: {{ .Release.Name }}-etherpad spec: selector: matchLabels: - nginx: {{ .Release.Name }} + app: etherpad replicas: 1 template: metadata: labels: app: {{ .Release.Name }} - nginx: {{ .Release.Name }} + use-as-service: "yes" spec: + initContainers: + - name: wait-for-cert + image: busybox + command: + - sh + - -c + - until ls /etc/letsencrypt/live/{{ tpl .Values.fqdn . }}/fullchain.pem; do sleep 5; done containers: - name: etherpad image: etherpad/etherpad:1.8.13 @@ -28,22 +35,23 @@ spec: - name: data mountPath: "/data" volumes: - - name: nginx-config - configMap: - name: {{ .Release.Name }}-nginx-config - name: etcletsencrypt persistentVolumeClaim: claimName: {{ .Release.Name }}-letsencrypt-certs - name: data persistentVolumeClaim: claimName: {{ .Release.Name }}-data + - name: etherpadconfig + configMap: + name: {{ .Release.Name }}-etherpadconfig + --- apiVersion: v1 kind: Service metadata: - name: {{ .Release.Name }}-{{ .Values.serviceName }} + name: {{ tpl .Values.identifier . }} labels: - app: {{ .Release.Name }}-{{ .Values.serviceName }} + app: {{ tpl .Values.identifier . }} spec: type: ClusterIP ports: @@ -54,18 +62,19 @@ spec: name: https selector: app: {{ .Release.Name }} + use-as-service: "yes" --- apiVersion: v1 kind: ConfigMap metadata: - name: {{ .Release.Name }}-nginx-config + name: {{ tpl .Values.identifier . }}-etherpadconfig data: {{ tpl (.Files.Glob "etherpad/*").AsConfig . | indent 2 }} --- apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: {{ .Release.Name }}-letsencrypt-certs + name: {{ tpl .Values.identifier . }}-letsencrypt-certs spec: accessModes: - ReadWriteMany @@ -77,7 +86,7 @@ spec: apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: {{ .Release.Name }}-data + name: {{ tpl .Values.identifier . }}-data spec: accessModes: - ReadWriteMany @@ -89,12 +98,13 @@ spec: apiVersion: batch/v1 kind: Job metadata: - name: {{ .Release.Name }}-getcert + name: {{ tpl .Values.identifier . }}-getcert spec: template: metadata: labels: app: {{ .Release.Name }} + use-as-service: "yes" spec: restartPolicy: Never containers: @@ -104,7 +114,7 @@ spec: - containerPort: 80 env: - name: DOMAIN - value: "{{ .Release.Name }}-{{ .Values.serviceName }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}" + value: "{{ tpl .Values.fqdn . }}" - name: EMAIL value: "{{ .Values.email }}" {{ if eq .Values.letsencryptStaging "no" }} @@ -117,5 +127,5 @@ spec: volumes: - name: etcletsencrypt persistentVolumeClaim: - claimName: {{ .Release.Name }}-letsencrypt-certs + claimName: {{ tpl .Values.identifier . }}-letsencrypt-certs backoffLimit: 3 diff --git a/apps/etherpadlite-ssl/values.yaml b/apps/etherpadlite-ssl/values.yaml index 57548cd..d119fd7 100644 --- a/apps/etherpadlite-ssl/values.yaml +++ b/apps/etherpadlite-ssl/values.yaml @@ -1,4 +1,10 @@ -serviceName: pad +#serviceName: pad clusterDomain: c2.k8s.ooo email: technik@ungleich.ch -letsencryptStaging: "no" +letsencryptStaging: "yes" + +# This is how the service and the data volumes are named - i.e. the +# persistent thing +#identifier: "{{ .Chart.Name }}-{{ .Release.Name }}" +identifier: "{{ .Release.Name }}" +fqdn: "{{ .Release.Name }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"