Improve Helm Chart
- use official v0.3.13 docker images hosted on GitHub - load configs for Element-Call (public/config.json), nginx and SSL certs through ConfigMaps / PersistentVolumeClaims
This commit is contained in:
parent
89e052db1a
commit
1bbf689821
7 changed files with 91 additions and 4 deletions
|
@ -23,3 +23,33 @@ server {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 8443 ssl;
|
||||||
|
server_name mx22.local;
|
||||||
|
root /app;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
# disable cache entriely by default (apart from Etag which is accurate enough)
|
||||||
|
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
||||||
|
if_modified_since off;
|
||||||
|
expires off;
|
||||||
|
# also turn off last-modified since they are just the timestamps of the file in the docker image
|
||||||
|
# and may or may not bear any resemblance to when the resource changed
|
||||||
|
add_header Last-Modified "";
|
||||||
|
|
||||||
|
try_files $uri /$uri /index.html;
|
||||||
|
}
|
||||||
|
|
||||||
|
# assets can be cached because they have hashed filenames
|
||||||
|
location /assets {
|
||||||
|
expires 1w;
|
||||||
|
add_header Cache-Control "public, no-transform";
|
||||||
|
}
|
||||||
|
|
||||||
|
ssl_certificate "/etc/ssl/certs/element-call.crt";
|
||||||
|
ssl_certificate_key "/etc/ssl/private/element-call.key";
|
||||||
|
ssl_session_cache shared:SSL:1m;
|
||||||
|
ssl_session_timeout 10m;
|
||||||
|
ssl_prefer_server_ciphers on;
|
||||||
|
}
|
||||||
|
|
|
@ -21,4 +21,4 @@ version: 0.1.0
|
||||||
# incremented each time you make changes to the application. Versions are not expected to
|
# incremented each time you make changes to the application. Versions are not expected to
|
||||||
# follow Semantic Versioning. They should reflect the version the application is using.
|
# follow Semantic Versioning. They should reflect the version the application is using.
|
||||||
# It is recommended to use it with quotes.
|
# It is recommended to use it with quotes.
|
||||||
appVersion: "1.16.0"
|
appVersion: v0.3.13
|
||||||
|
|
1
helm-chart/files/nginx.conf
Symbolic link
1
helm-chart/files/nginx.conf
Symbolic link
|
@ -0,0 +1 @@
|
||||||
|
../../config/nginx.conf
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: ConfigMap
|
kind: ConfigMap
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -6,3 +7,31 @@ metadata:
|
||||||
data:
|
data:
|
||||||
{{ .Values.config.fileName }}: |
|
{{ .Values.config.fileName }}: |
|
||||||
{{ .Values.config.data | toPrettyJson | quote }}
|
{{ .Values.config.data | toPrettyJson | quote }}
|
||||||
|
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
name: nginx-config
|
||||||
|
namespace: default
|
||||||
|
data:
|
||||||
|
default.conf: {{ .Files.Get "files/nginx.conf" | quote }}
|
||||||
|
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
name: ssl-cert
|
||||||
|
namespace: default
|
||||||
|
data:
|
||||||
|
element-call.crt: {{ .Files.Get "certs/element-call.crt" | quote }}
|
||||||
|
|
||||||
|
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
name: ssl-key
|
||||||
|
namespace: default
|
||||||
|
data:
|
||||||
|
element-call.key: {{ .Files.Get "certs/element-call.key" | quote }}
|
||||||
|
|
|
@ -37,6 +37,9 @@ spec:
|
||||||
- name: http
|
- name: http
|
||||||
containerPort: {{ .Values.service.port }}
|
containerPort: {{ .Values.service.port }}
|
||||||
protocol: TCP
|
protocol: TCP
|
||||||
|
- name: https
|
||||||
|
containerPort: {{ .Values.service.port_https }}
|
||||||
|
protocol: TCP
|
||||||
livenessProbe:
|
livenessProbe:
|
||||||
httpGet:
|
httpGet:
|
||||||
path: /
|
path: /
|
||||||
|
@ -51,10 +54,25 @@ spec:
|
||||||
- name: config-volume
|
- name: config-volume
|
||||||
mountPath: "{{ .Values.config.path }}"
|
mountPath: "{{ .Values.config.path }}"
|
||||||
subPath: "{{ .Values.config.fileName }}"
|
subPath: "{{ .Values.config.fileName }}"
|
||||||
|
- name: nginx-volume
|
||||||
|
mountPath: "{{ .Values.nginx_config.path }}"
|
||||||
|
- name: ssl-cert-volume
|
||||||
|
mountPath: "/etc/ssl/certs/"
|
||||||
|
- name: ssl-key-volume
|
||||||
|
mountPath: "/etc/ssl/private/"
|
||||||
volumes:
|
volumes:
|
||||||
- name: config-volume
|
- name: config-volume
|
||||||
configMap:
|
configMap:
|
||||||
name: app-config
|
name: app-config
|
||||||
|
- name: nginx-volume
|
||||||
|
configMap:
|
||||||
|
name: nginx-config
|
||||||
|
- name: ssl-cert-volume
|
||||||
|
configMap:
|
||||||
|
name: ssl-cert
|
||||||
|
- name: ssl-key-volume
|
||||||
|
configMap:
|
||||||
|
name: ssl-key
|
||||||
{{- with .Values.nodeSelector }}
|
{{- with .Values.nodeSelector }}
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
{{- toYaml . | nindent 8 }}
|
{{- toYaml . | nindent 8 }}
|
||||||
|
|
|
@ -11,5 +11,9 @@ spec:
|
||||||
targetPort: http
|
targetPort: http
|
||||||
protocol: TCP
|
protocol: TCP
|
||||||
name: http
|
name: http
|
||||||
|
- port: {{ .Values.service.port_https }}
|
||||||
|
targetPort: {{ .Values.service.port_https }}
|
||||||
|
protocol: TCP
|
||||||
|
name: element-https
|
||||||
selector:
|
selector:
|
||||||
{{- include "element-call.selectorLabels" . | nindent 4 }}
|
{{- include "element-call.selectorLabels" . | nindent 4 }}
|
||||||
|
|
|
@ -5,10 +5,10 @@
|
||||||
replicaCount: 1
|
replicaCount: 1
|
||||||
|
|
||||||
image:
|
image:
|
||||||
repository: element-call_call
|
repository: ghcr.io/vector-im/element-call
|
||||||
pullPolicy: Never
|
pullPolicy: IfNotPresent
|
||||||
# Overrides the image tag whose default is the chart appVersion.
|
# Overrides the image tag whose default is the chart appVersion.
|
||||||
tag: ""
|
# tag: ""
|
||||||
|
|
||||||
imagePullSecrets: []
|
imagePullSecrets: []
|
||||||
nameOverride: ""
|
nameOverride: ""
|
||||||
|
@ -41,6 +41,7 @@ service:
|
||||||
port: 8080
|
port: 8080
|
||||||
targetPort: 8080
|
targetPort: 8080
|
||||||
nodePort: 30070
|
nodePort: 30070
|
||||||
|
port_https: 8443
|
||||||
|
|
||||||
ingress:
|
ingress:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
@ -87,3 +88,7 @@ config:
|
||||||
"feature_group_calls_without_video_and_audio": true
|
"feature_group_calls_without_video_and_audio": true
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
nginx_config:
|
||||||
|
path: /etc/nginx/conf.d
|
||||||
|
fileName: default.conf
|
||||||
|
|
Loading…
Reference in a new issue