kube/etherpad/application.yml

135 lines
3.1 KiB
YAML
Raw Normal View History

2022-08-16 09:40:54 +00:00
---
apiVersion: codemowers.cloud/v1beta1
kind: OIDCMiddlewareClient
2023-08-16 07:11:05 +00:00
metadata:
name: etherpad
2023-08-16 07:11:05 +00:00
spec:
displayName: Etherpad
uri: 'https://pad.k-space.ee/'
---
2022-08-16 09:40:54 +00:00
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: etherpad
namespace: etherpad
spec:
# Etherpad does NOT support running multiple replicas due to
# in-application caching https://github.com/ether/etherpad-lite/issues/3680
2024-08-14 03:58:28 +00:00
revisionHistoryLimit: 0
2022-08-16 09:40:54 +00:00
replicas: 1
serviceName: etherpad
selector:
matchLabels:
app: etherpad
template:
metadata:
labels:
app: etherpad
spec:
containers:
- name: etherpad
2024-07-27 05:31:56 +00:00
image: etherpad/etherpad:2
2022-08-16 09:40:54 +00:00
securityContext:
# Etherpad writes session key during start
readOnlyRootFilesystem: false
runAsNonRoot: true
runAsUser: 5001
ports:
- containerPort: 9001
env:
2023-08-16 07:11:05 +00:00
- name: MINIFY
value: 'false'
2022-08-16 09:40:54 +00:00
- name: DB_TYPE
value: mysql
- name: DB_HOST
value: 172.20.36.1
- name: DB_NAME
value: kspace_etherpad
- name: DB_USER
value: kspace_etherpad
- name: PAD_OPTIONS_NO_COLORS
value: "true"
- name: PAD_OPTIONS_USE_MONOSPACE_FONT
value: "true"
- name: PAD_OPTIONS_SHOW_CHAT
value: "false"
- name: TRUST_PROXY
value: "true"
- name: ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: application-secrets
key: ADMIN_PASSWORD
- name: DB_PASS
valueFrom:
secretKeyRef:
name: mariadb-secrets
key: MYSQL_PASSWORD
---
apiVersion: v1
kind: Service
metadata:
name: etherpad
namespace: etherpad
spec:
type: ClusterIP
selector:
app: etherpad
ports:
2024-08-14 03:58:28 +00:00
- protocol: TCP
port: 9001
2022-08-16 09:40:54 +00:00
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: etherpad
namespace: etherpad
annotations:
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
spec:
rules:
2024-08-14 03:58:28 +00:00
- host: pad.k-space.ee
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: etherpad
port:
number: 9001
2022-08-16 09:40:54 +00:00
tls:
2024-08-14 03:58:28 +00:00
- hosts:
- "*.k-space.ee"
2023-09-20 12:08:03 +00:00
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: etherpad
namespace: etherpad
spec:
podSelector:
matchLabels:
app: etherpad
policyTypes:
- Ingress
- Egress
ingress:
- from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: traefik
ports:
- port: 9001
protocol: TCP
egress:
- ports:
- port: 3306
protocol: TCP
to:
- ipBlock:
cidr: 172.20.36.1/32