forked from k-space/kube
Clean up Etherpad
This commit is contained in:
parent
5259a7df04
commit
6a9254da33
@ -1,12 +1,5 @@
|
||||
To apply changes:
|
||||
|
||||
```
|
||||
kubectl apply -n etherpad -f application.yml -f networkpolicy-base.yml
|
||||
kubectl apply -n etherpad -f application.yml
|
||||
```
|
||||
|
||||
Initialize MySQL secrets:
|
||||
|
||||
```
|
||||
kubectl create secret generic -n etherpad mariadb-secrets \
|
||||
--from-literal=MYSQL_ROOT_PASSWORD=$(cat /dev/urandom | base64 | head -c 30) \
|
||||
--from-literal=MYSQL_PASSWORD=$(cat /dev/urandom | base64 | head -c 30)
|
||||
|
@ -97,108 +97,3 @@ spec:
|
||||
tls:
|
||||
- hosts:
|
||||
- "*.k-space.ee"
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
name: etherpad
|
||||
namespace: etherpad
|
||||
spec:
|
||||
podSelector:
|
||||
matchLabels:
|
||||
app: etherpad
|
||||
policyTypes:
|
||||
- Ingress
|
||||
- Egress
|
||||
ingress:
|
||||
- from:
|
||||
- namespaceSelector:
|
||||
matchLabels:
|
||||
kubernetes.io/metadata.name: traefik
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 9001
|
||||
egress:
|
||||
- to:
|
||||
- ipBlock:
|
||||
cidr: 172.20.36.1/32
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 3306
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
name: mysql-operator
|
||||
spec:
|
||||
podSelector:
|
||||
matchLabels:
|
||||
app: etherpad
|
||||
policyTypes:
|
||||
- Ingress
|
||||
- Egress
|
||||
ingress:
|
||||
- # TODO: Not sure why mysql-operator needs to be able to connect
|
||||
from:
|
||||
- namespaceSelector:
|
||||
matchExpressions:
|
||||
- key: kubernetes.io/metadata.name
|
||||
operator: In
|
||||
values:
|
||||
- mysql-operator
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 3306
|
||||
- # Allow connecting from other MySQL pods in same namespace
|
||||
from:
|
||||
- podSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/managed-by: mysql-operator
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 3306
|
||||
egress:
|
||||
- # Allow connecting to other MySQL pods in same namespace
|
||||
to:
|
||||
- podSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/managed-by: mysql-operator
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 3306
|
||||
---
|
||||
apiVersion: mysql.oracle.com/v2
|
||||
kind: InnoDBCluster
|
||||
metadata:
|
||||
name: mysql-cluster
|
||||
spec:
|
||||
secretName: mysql-secrets
|
||||
instances: 3
|
||||
router:
|
||||
instances: 1
|
||||
tlsUseSelfSigned: true
|
||||
datadirVolumeClaimTemplate:
|
||||
storageClassName: local-path
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: "10Gi"
|
||||
podSpec:
|
||||
affinity:
|
||||
podAntiAffinity:
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
- labelSelector:
|
||||
matchExpressions:
|
||||
- key: app.kubernetes.io/managed-by
|
||||
operator: In
|
||||
values:
|
||||
- mysql-operator
|
||||
topologyKey: kubernetes.io/hostname
|
||||
nodeSelector:
|
||||
dedicated: storage
|
||||
tolerations:
|
||||
- key: dedicated
|
||||
operator: Equal
|
||||
value: storage
|
||||
effect: NoSchedule
|
||||
|
@ -1 +0,0 @@
|
||||
../shared/networkpolicy-base.yml
|
Loading…
Reference in New Issue
Block a user