forked from k-space/kube
Clean up Etherpad
This commit is contained in:
@@ -1,12 +1,5 @@
|
|||||||
To apply changes:
|
To apply changes:
|
||||||
|
|
||||||
```
|
```
|
||||||
kubectl apply -n etherpad -f application.yml -f networkpolicy-base.yml
|
kubectl apply -n etherpad -f application.yml
|
||||||
```
|
```
|
||||||
|
|
||||||
Initialize MySQL secrets:
|
|
||||||
|
|
||||||
```
|
|
||||||
kubectl create secret generic -n etherpad mariadb-secrets \
|
|
||||||
--from-literal=MYSQL_ROOT_PASSWORD=$(cat /dev/urandom | base64 | head -c 30) \
|
|
||||||
--from-literal=MYSQL_PASSWORD=$(cat /dev/urandom | base64 | head -c 30)
|
|
||||||
|
|||||||
@@ -97,108 +97,3 @@ spec:
|
|||||||
tls:
|
tls:
|
||||||
- hosts:
|
- hosts:
|
||||||
- "*.k-space.ee"
|
- "*.k-space.ee"
|
||||||
---
|
|
||||||
apiVersion: networking.k8s.io/v1
|
|
||||||
kind: NetworkPolicy
|
|
||||||
metadata:
|
|
||||||
name: etherpad
|
|
||||||
namespace: etherpad
|
|
||||||
spec:
|
|
||||||
podSelector:
|
|
||||||
matchLabels:
|
|
||||||
app: etherpad
|
|
||||||
policyTypes:
|
|
||||||
- Ingress
|
|
||||||
- Egress
|
|
||||||
ingress:
|
|
||||||
- from:
|
|
||||||
- namespaceSelector:
|
|
||||||
matchLabels:
|
|
||||||
kubernetes.io/metadata.name: traefik
|
|
||||||
ports:
|
|
||||||
- protocol: TCP
|
|
||||||
port: 9001
|
|
||||||
egress:
|
|
||||||
- to:
|
|
||||||
- ipBlock:
|
|
||||||
cidr: 172.20.36.1/32
|
|
||||||
ports:
|
|
||||||
- protocol: TCP
|
|
||||||
port: 3306
|
|
||||||
---
|
|
||||||
apiVersion: networking.k8s.io/v1
|
|
||||||
kind: NetworkPolicy
|
|
||||||
metadata:
|
|
||||||
name: mysql-operator
|
|
||||||
spec:
|
|
||||||
podSelector:
|
|
||||||
matchLabels:
|
|
||||||
app: etherpad
|
|
||||||
policyTypes:
|
|
||||||
- Ingress
|
|
||||||
- Egress
|
|
||||||
ingress:
|
|
||||||
- # TODO: Not sure why mysql-operator needs to be able to connect
|
|
||||||
from:
|
|
||||||
- namespaceSelector:
|
|
||||||
matchExpressions:
|
|
||||||
- key: kubernetes.io/metadata.name
|
|
||||||
operator: In
|
|
||||||
values:
|
|
||||||
- mysql-operator
|
|
||||||
ports:
|
|
||||||
- protocol: TCP
|
|
||||||
port: 3306
|
|
||||||
- # Allow connecting from other MySQL pods in same namespace
|
|
||||||
from:
|
|
||||||
- podSelector:
|
|
||||||
matchLabels:
|
|
||||||
app.kubernetes.io/managed-by: mysql-operator
|
|
||||||
ports:
|
|
||||||
- protocol: TCP
|
|
||||||
port: 3306
|
|
||||||
egress:
|
|
||||||
- # Allow connecting to other MySQL pods in same namespace
|
|
||||||
to:
|
|
||||||
- podSelector:
|
|
||||||
matchLabels:
|
|
||||||
app.kubernetes.io/managed-by: mysql-operator
|
|
||||||
ports:
|
|
||||||
- protocol: TCP
|
|
||||||
port: 3306
|
|
||||||
---
|
|
||||||
apiVersion: mysql.oracle.com/v2
|
|
||||||
kind: InnoDBCluster
|
|
||||||
metadata:
|
|
||||||
name: mysql-cluster
|
|
||||||
spec:
|
|
||||||
secretName: mysql-secrets
|
|
||||||
instances: 3
|
|
||||||
router:
|
|
||||||
instances: 1
|
|
||||||
tlsUseSelfSigned: true
|
|
||||||
datadirVolumeClaimTemplate:
|
|
||||||
storageClassName: local-path
|
|
||||||
accessModes:
|
|
||||||
- ReadWriteOnce
|
|
||||||
resources:
|
|
||||||
requests:
|
|
||||||
storage: "10Gi"
|
|
||||||
podSpec:
|
|
||||||
affinity:
|
|
||||||
podAntiAffinity:
|
|
||||||
requiredDuringSchedulingIgnoredDuringExecution:
|
|
||||||
- labelSelector:
|
|
||||||
matchExpressions:
|
|
||||||
- key: app.kubernetes.io/managed-by
|
|
||||||
operator: In
|
|
||||||
values:
|
|
||||||
- mysql-operator
|
|
||||||
topologyKey: kubernetes.io/hostname
|
|
||||||
nodeSelector:
|
|
||||||
dedicated: storage
|
|
||||||
tolerations:
|
|
||||||
- key: dedicated
|
|
||||||
operator: Equal
|
|
||||||
value: storage
|
|
||||||
effect: NoSchedule
|
|
||||||
|
|||||||
@@ -1 +0,0 @@
|
|||||||
../shared/networkpolicy-base.yml
|
|
||||||
Reference in New Issue
Block a user