etherpad: enable ssl, fix naming and selectors

This commit is contained in:
Nico Schottelius 2021-06-20 14:58:15 +02:00
parent 6f72fb1321
commit 267b4cfda3
3 changed files with 34 additions and 20 deletions

View file

@ -143,12 +143,10 @@
* that the Etherpad server can access them
*/
/*
"ssl" : {
"key" : "/etc/letsencrypt/live/{{ .Release.Name }}-{{ .Values.serviceName }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}/privkey.pem",
"cert" : "/etc/letsencrypt/live/{{ .Release.Name }}-{{ .Values.serviceName }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}/fullchain.pem"
"key" : "/etc/letsencrypt/live/{{ tpl .Values.fqdn . }}/privkey.pem",
"cert" : "/etc/letsencrypt/live/{{ tpl .Values.fqdn . }}/fullchain.pem"
},
*/
/*
* The type of the database.

View file

@ -2,18 +2,25 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .Release.Name }}-https
name: {{ .Release.Name }}-etherpad
spec:
selector:
matchLabels:
nginx: {{ .Release.Name }}
app: etherpad
replicas: 1
template:
metadata:
labels:
app: {{ .Release.Name }}
nginx: {{ .Release.Name }}
use-as-service: "yes"
spec:
initContainers:
- name: wait-for-cert
image: busybox
command:
- sh
- -c
- until ls /etc/letsencrypt/live/{{ tpl .Values.fqdn . }}/fullchain.pem; do sleep 5; done
containers:
- name: etherpad
image: etherpad/etherpad:1.8.13
@ -28,22 +35,23 @@ spec:
- name: data
mountPath: "/data"
volumes:
- name: nginx-config
configMap:
name: {{ .Release.Name }}-nginx-config
- name: etcletsencrypt
persistentVolumeClaim:
claimName: {{ .Release.Name }}-letsencrypt-certs
- name: data
persistentVolumeClaim:
claimName: {{ .Release.Name }}-data
- name: etherpadconfig
configMap:
name: {{ .Release.Name }}-etherpadconfig
---
apiVersion: v1
kind: Service
metadata:
name: {{ .Release.Name }}-{{ .Values.serviceName }}
name: {{ tpl .Values.identifier . }}
labels:
app: {{ .Release.Name }}-{{ .Values.serviceName }}
app: {{ tpl .Values.identifier . }}
spec:
type: ClusterIP
ports:
@ -54,18 +62,19 @@ spec:
name: https
selector:
app: {{ .Release.Name }}
use-as-service: "yes"
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Release.Name }}-nginx-config
name: {{ tpl .Values.identifier . }}-etherpadconfig
data:
{{ tpl (.Files.Glob "etherpad/*").AsConfig . | indent 2 }}
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ .Release.Name }}-letsencrypt-certs
name: {{ tpl .Values.identifier . }}-letsencrypt-certs
spec:
accessModes:
- ReadWriteMany
@ -77,7 +86,7 @@ spec:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ .Release.Name }}-data
name: {{ tpl .Values.identifier . }}-data
spec:
accessModes:
- ReadWriteMany
@ -89,12 +98,13 @@ spec:
apiVersion: batch/v1
kind: Job
metadata:
name: {{ .Release.Name }}-getcert
name: {{ tpl .Values.identifier . }}-getcert
spec:
template:
metadata:
labels:
app: {{ .Release.Name }}
use-as-service: "yes"
spec:
restartPolicy: Never
containers:
@ -104,7 +114,7 @@ spec:
- containerPort: 80
env:
- name: DOMAIN
value: "{{ .Release.Name }}-{{ .Values.serviceName }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
value: "{{ tpl .Values.fqdn . }}"
- name: EMAIL
value: "{{ .Values.email }}"
{{ if eq .Values.letsencryptStaging "no" }}
@ -117,5 +127,5 @@ spec:
volumes:
- name: etcletsencrypt
persistentVolumeClaim:
claimName: {{ .Release.Name }}-letsencrypt-certs
claimName: {{ tpl .Values.identifier . }}-letsencrypt-certs
backoffLimit: 3

View file

@ -1,4 +1,10 @@
serviceName: pad
#serviceName: pad
clusterDomain: c2.k8s.ooo
email: technik@ungleich.ch
letsencryptStaging: "no"
letsencryptStaging: "yes"
# This is how the service and the data volumes are named - i.e. the
# persistent thing
#identifier: "{{ .Chart.Name }}-{{ .Release.Name }}"
identifier: "{{ .Release.Name }}"
fqdn: "{{ .Release.Name }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"