IRC: TLS emptyDir+initContainer, Anope initContainer for permissions

2026-03-09 17:16:00 -05:00
parent 388ec876da
commit f0198c2c65
1 changed files with 37 additions and 12 deletions
--- a/apps/irc/irc.yaml
+++ b/apps/irc/irc.yaml
@@ -87,8 +87,8 @@ stringData:
      port 6697;
      options { tls; }
      tls-options {
-        certificate "/app/conf/tls/tls.crt";
-        key "/app/conf/tls/tls.key";
+        certificate "/app/conf/tls/server.cert.pem";
+        key "/app/conf/tls/server.key.pem";
      }
    }

@@ -156,8 +156,8 @@ stringData:

      /* TLS config */
      tls {
-        certificate "/app/conf/tls/tls.crt";
-        key "/app/conf/tls/tls.key";
+        certificate "/app/conf/tls/server.cert.pem";
+        key "/app/conf/tls/server.key.pem";
      }
    }
 ---
@@ -408,6 +408,22 @@ spec:
      labels:
        app: unrealircd
    spec:
+      initContainers:
+        - name: copy-tls
+          image: busybox:1.36
+          command: ["sh", "-c"]
+          args:
+            - |
+              cp /tls-secret/tls.crt /tls/server.cert.pem
+              cp /tls-secret/tls.key /tls/server.key.pem
+              chmod 644 /tls/server.cert.pem
+              chmod 600 /tls/server.key.pem
+          volumeMounts:
+            - name: irc-tls-secret
+              mountPath: /tls-secret
+              readOnly: true
+            - name: irc-tls
+              mountPath: /tls
      containers:
        - name: unrealircd
          image: djlegolas/unrealircd:6.1.9.1
@@ -426,7 +442,6 @@ spec:
              mountPath: /app/data
            - name: irc-tls
              mountPath: /app/conf/tls
-              readOnly: true
          resources:
            requests:
              memory: 64Mi
@@ -441,9 +456,11 @@ spec:
        - name: unrealircd-data
          persistentVolumeClaim:
            claimName: unrealircd-data
-        - name: irc-tls
+        - name: irc-tls-secret
          secret:
            secretName: irc-tls
+        - name: irc-tls
+          emptyDir: {}
 ---
 # Anope IRC Services Deployment
 apiVersion: apps/v1
@@ -463,15 +480,23 @@ spec:
      labels:
        app: anope
    spec:
+      initContainers:
+        - name: fix-perms
+          image: busybox:1.36
+          command: ["sh", "-c"]
+          args:
+            - |
+              mkdir -p /data/conf /data/logs /data/runtime
+              cp -f /config/services.conf /data/conf/services.conf
+              chown -R 10000:10000 /data 2>/dev/null || chmod -R 777 /data
+          volumeMounts:
+            - name: anope-config
+              mountPath: /config
+            - name: anope-data
+              mountPath: /data
      containers:
        - name: anope
          image: anope/anope:latest
-          command: ["/bin/sh", "-c"]
-          args:
-            - |
-              mkdir -p /data/conf /data/logs
-              cp /config/services.conf /data/conf/services.conf
-              exec /anope/bin/services --nofork
          volumeMounts:
            - name: anope-config
              mountPath: /config