--- apiVersion: codemowers.io/v1alpha1 kind: OIDCGWMiddlewareClient metadata: name: sso spec: displayName: Etherpad uri: 'https://pad.k-space.ee/' --- apiVersion: apps/v1 kind: StatefulSet metadata: name: etherpad namespace: etherpad spec: # Etherpad does NOT support running multiple replicas due to # in-application caching https://github.com/ether/etherpad-lite/issues/3680 replicas: 1 serviceName: etherpad selector: matchLabels: app: etherpad template: metadata: labels: app: etherpad spec: containers: - name: etherpad image: etherpad/etherpad:1 securityContext: # Etherpad writes session key during start readOnlyRootFilesystem: false runAsNonRoot: true runAsUser: 5001 ports: - containerPort: 9001 env: - name: MINIFY value: 'false' - name: DB_TYPE value: mysql - name: DB_HOST value: 172.20.36.1 - name: DB_NAME value: kspace_etherpad - name: DB_USER value: kspace_etherpad - name: PAD_OPTIONS_NO_COLORS value: "true" - name: PAD_OPTIONS_USE_MONOSPACE_FONT value: "true" - name: PAD_OPTIONS_SHOW_CHAT value: "false" - name: TRUST_PROXY value: "true" - name: ADMIN_PASSWORD valueFrom: secretKeyRef: name: application-secrets key: ADMIN_PASSWORD - name: DB_PASS valueFrom: secretKeyRef: name: mariadb-secrets key: MYSQL_PASSWORD --- apiVersion: v1 kind: Service metadata: name: etherpad namespace: etherpad spec: type: ClusterIP selector: app: etherpad ports: - protocol: TCP port: 9001 --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: etherpad namespace: etherpad annotations: kubernetes.io/ingress.class: traefik traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.tls: "true" external-dns.alpha.kubernetes.io/target: traefik.k-space.ee spec: rules: - host: pad.k-space.ee http: paths: - pathType: Prefix path: "/" backend: service: name: etherpad port: number: 9001 tls: - hosts: - "*.k-space.ee" --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: etherpad namespace: etherpad spec: podSelector: matchLabels: app: etherpad policyTypes: - Ingress - Egress ingress: - from: - namespaceSelector: matchLabels: kubernetes.io/metadata.name: traefik ports: - port: 9001 protocol: TCP egress: - ports: - port: 3306 protocol: TCP to: - ipBlock: cidr: 172.20.36.1/32