zammad: using ungleich-certbot container
This commit is contained in:
Nico Schottelius
parent
e54622f81b
commit
52b4fbead7
|
|
@ -112,15 +112,15 @@ spec:
|
|||
checksum/config: {{ include (print $.Template.BasePath "/nginxconf.yaml") . | sha256sum }}
|
||||
spec:
|
||||
initContainers:
|
||||
- name: wait-for-cert
|
||||
image: busybox
|
||||
command:
|
||||
- sh
|
||||
- -c
|
||||
- until ls /etc/letsencrypt/live/{{ tpl .Values.fqdn . }}/fullchain.pem; do sleep 5; done
|
||||
volumeMounts:
|
||||
- name: etcletsencrypt
|
||||
mountPath: "/etc/letsencrypt"
|
||||
# - name: wait-for-cert
|
||||
# image: busybox
|
||||
# command:
|
||||
# - sh
|
||||
# - -c
|
||||
# - until ls /etc/letsencrypt/live/{{ tpl .Values.fqdn . }}/fullchain.pem; do sleep 5; done
|
||||
# volumeMounts:
|
||||
# - name: etcletsencrypt
|
||||
# mountPath: "/etc/letsencrypt"
|
||||
- name: change-permissions
|
||||
image: busybox
|
||||
command:
|
||||
|
|
@ -160,9 +160,23 @@ spec:
|
|||
mountPath: "/opt/zammad"
|
||||
containers:
|
||||
- name: nginx
|
||||
image: nginx:1.21.3-alpine
|
||||
image: ungleich/ungleich-certbot:0.2.0
|
||||
ports:
|
||||
- containerPort: 443
|
||||
name: https
|
||||
- containerPort: 80
|
||||
name: http
|
||||
env:
|
||||
- name: DOMAIN
|
||||
value: "{{ tpl .Values.fqdn . }}"
|
||||
- name: EMAIL
|
||||
value: "{{ .Values.email }}"
|
||||
- name: NGINX
|
||||
value: "yes"
|
||||
{{ if eq .Values.letsencryptStaging "no" }}
|
||||
- name: STAGING
|
||||
value: "no"
|
||||
{{ end }}
|
||||
volumeMounts:
|
||||
- name: nginx-config
|
||||
mountPath: "/etc/nginx/conf.d/"
|
||||
|
|
@ -170,18 +184,18 @@ spec:
|
|||
mountPath: "/etc/letsencrypt"
|
||||
- name: zammad-data
|
||||
mountPath: "/opt/zammad"
|
||||
# Is it ready to work?
|
||||
readinessProbe:
|
||||
tcpSocket:
|
||||
port: 443
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 10
|
||||
# Is it still working?
|
||||
livenessProbe:
|
||||
tcpSocket:
|
||||
port: 443
|
||||
initialDelaySeconds: 15
|
||||
periodSeconds: 20
|
||||
# # Is it ready to work?
|
||||
# readinessProbe:
|
||||
# tcpSocket:
|
||||
# port: 443
|
||||
# initialDelaySeconds: 5
|
||||
# periodSeconds: 10
|
||||
# # Is it still working?
|
||||
# livenessProbe:
|
||||
# tcpSocket:
|
||||
# port: 443
|
||||
# initialDelaySeconds: 15
|
||||
# periodSeconds: 20
|
||||
- name: memcached
|
||||
image: memcached:1.6.12-alpine
|
||||
resources:
|
||||
|
|
@ -429,42 +443,7 @@ spec:
|
|||
requests:
|
||||
storage: {{ .Values.dbsizeingb }}Gi
|
||||
storageClassName: rook-ceph-block
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: {{ tpl .Values.identifier . }}-getcert
|
||||
spec:
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: {{ .Release.Name }}-zammad
|
||||
spec:
|
||||
restartPolicy: Never
|
||||
containers:
|
||||
- name: certbot
|
||||
image: ungleich/ungleich-certbot
|
||||
ports:
|
||||
- containerPort: 80
|
||||
env:
|
||||
- name: ONLYGETCERT
|
||||
value: "yes"
|
||||
- name: DOMAIN
|
||||
value: "{{ tpl .Values.fqdn . }}"
|
||||
- name: EMAIL
|
||||
value: "{{ .Values.email }}"
|
||||
{{ if eq .Values.letsencryptStaging "no" }}
|
||||
- name: STAGING
|
||||
value: "no"
|
||||
{{ end }}
|
||||
volumeMounts:
|
||||
- name: etcletsencrypt
|
||||
mountPath: "/etc/letsencrypt"
|
||||
volumes:
|
||||
- name: etcletsencrypt
|
||||
persistentVolumeClaim:
|
||||
claimName: {{ tpl .Values.identifier . }}-letsencrypt-certs
|
||||
backoffLimit: 3
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
|
|
|
|||
Loading…
Reference in New Issue