ungleich-public/ungleich-k8s
6
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

etherpad: enable ssl, fix naming and selectors

Browse source
This commit is contained in:
Nico Schottelius 2021-06-20 14:58:15 +02:00
parent 6f72fb1321
commit 267b4cfda3
3 changed files with 34 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
apps/etherpadlite-ssl/etherpad/settings.json
View file

@ -143,12 +143,10 @@
* that the Etherpad server can access them * that the Etherpad server can access them
*/ */
/*
"ssl" : { "ssl" : {
"key" : "/etc/letsencrypt/live/{{ .Release.Name }}-{{ .Values.serviceName }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}/privkey.pem", "key" : "/etc/letsencrypt/live/{{ tpl .Values.fqdn . }}/privkey.pem",
"cert" : "/etc/letsencrypt/live/{{ .Release.Name }}-{{ .Values.serviceName }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}/fullchain.pem" "cert" : "/etc/letsencrypt/live/{{ tpl .Values.fqdn . }}/fullchain.pem"
}, },
*/
/* /*
* The type of the database. * The type of the database.

38
apps/etherpadlite-ssl/templates/deployment.yaml
View file

@ -2,18 +2,25 @@
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
name: {{ .Release.Name }}-https name: {{ .Release.Name }}-etherpad
spec: spec:
selector: selector:
matchLabels: matchLabels:
nginx: {{ .Release.Name }} app: etherpad
replicas: 1 replicas: 1
template: template:
metadata: metadata:
labels: labels:
app: {{ .Release.Name }} app: {{ .Release.Name }}
nginx: {{ .Release.Name }} use-as-service: "yes"
spec: spec:
initContainers:
- name: wait-for-cert
image: busybox
command:
- sh
- -c
- until ls /etc/letsencrypt/live/{{ tpl .Values.fqdn . }}/fullchain.pem; do sleep 5; done
containers: containers:
- name: etherpad - name: etherpad
image: etherpad/etherpad:1.8.13 image: etherpad/etherpad:1.8.13
@ -28,22 +35,23 @@ spec:
- name: data - name: data
mountPath: "/data" mountPath: "/data"
volumes: volumes:
- name: nginx-config
configMap:
name: {{ .Release.Name }}-nginx-config
- name: etcletsencrypt - name: etcletsencrypt
persistentVolumeClaim: persistentVolumeClaim:
claimName: {{ .Release.Name }}-letsencrypt-certs claimName: {{ .Release.Name }}-letsencrypt-certs
- name: data - name: data
persistentVolumeClaim: persistentVolumeClaim:
claimName: {{ .Release.Name }}-data claimName: {{ .Release.Name }}-data
- name: etherpadconfig
configMap:
name: {{ .Release.Name }}-etherpadconfig
--- ---
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: {{ .Release.Name }}-{{ .Values.serviceName }} name: {{ tpl .Values.identifier . }}
labels: labels:
app: {{ .Release.Name }}-{{ .Values.serviceName }} app: {{ tpl .Values.identifier . }}
spec: spec:
type: ClusterIP type: ClusterIP
ports: ports:
@ -54,18 +62,19 @@ spec:
name: https name: https
selector: selector:
app: {{ .Release.Name }} app: {{ .Release.Name }}
use-as-service: "yes"
--- ---
apiVersion: v1 apiVersion: v1
kind: ConfigMap kind: ConfigMap
metadata: metadata:
name: {{ .Release.Name }}-nginx-config name: {{ tpl .Values.identifier . }}-etherpadconfig
data: data:
{{ tpl (.Files.Glob "etherpad/*").AsConfig . | indent 2 }} {{ tpl (.Files.Glob "etherpad/*").AsConfig . | indent 2 }}
--- ---
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
metadata: metadata:
name: {{ .Release.Name }}-letsencrypt-certs name: {{ tpl .Values.identifier . }}-letsencrypt-certs
spec: spec:
accessModes: accessModes:
- ReadWriteMany - ReadWriteMany
@ -77,7 +86,7 @@ spec:
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
metadata: metadata:
name: {{ .Release.Name }}-data name: {{ tpl .Values.identifier . }}-data
spec: spec:
accessModes: accessModes:
- ReadWriteMany - ReadWriteMany
@ -89,12 +98,13 @@ spec:
apiVersion: batch/v1 apiVersion: batch/v1
kind: Job kind: Job
metadata: metadata:
name: {{ .Release.Name }}-getcert name: {{ tpl .Values.identifier . }}-getcert
spec: spec:
template: template:
metadata: metadata:
labels: labels:
app: {{ .Release.Name }} app: {{ .Release.Name }}
use-as-service: "yes"
spec: spec:
restartPolicy: Never restartPolicy: Never
containers: containers:
@ -104,7 +114,7 @@ spec:
- containerPort: 80 - containerPort: 80
env: env:
- name: DOMAIN - name: DOMAIN
value: "{{ .Release.Name }}-{{ .Values.serviceName }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}" value: "{{ tpl .Values.fqdn . }}"
- name: EMAIL - name: EMAIL
value: "{{ .Values.email }}" value: "{{ .Values.email }}"
{{ if eq .Values.letsencryptStaging "no" }} {{ if eq .Values.letsencryptStaging "no" }}
@ -117,5 +127,5 @@ spec:
volumes: volumes:
- name: etcletsencrypt - name: etcletsencrypt
persistentVolumeClaim: persistentVolumeClaim:
claimName: {{ .Release.Name }}-letsencrypt-certs claimName: {{ tpl .Values.identifier . }}-letsencrypt-certs
backoffLimit: 3 backoffLimit: 3

10
apps/etherpadlite-ssl/values.yaml
View file

@ -1,4 +1,10 @@
serviceName: pad #serviceName: pad
clusterDomain: c2.k8s.ooo clusterDomain: c2.k8s.ooo
email: technik@ungleich.ch email: technik@ungleich.ch
letsencryptStaging: "no" letsencryptStaging: "yes"
# This is how the service and the data volumes are named - i.e. the
# persistent thing
#identifier: "{{ .Chart.Name }}-{{ .Release.Name }}"
identifier: "{{ .Release.Name }}"
fqdn: "{{ .Release.Name }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"