IRC: TLS emptyDir+initContainer, Anope initContainer for permissions
This commit is contained in:
root
@@ -87,8 +87,8 @@ stringData:
|
|||||||
port 6697;
|
port 6697;
|
||||||
options { tls; }
|
options { tls; }
|
||||||
tls-options {
|
tls-options {
|
||||||
certificate "/app/conf/tls/tls.crt";
|
certificate "/app/conf/tls/server.cert.pem";
|
||||||
key "/app/conf/tls/tls.key";
|
key "/app/conf/tls/server.key.pem";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -156,8 +156,8 @@ stringData:
|
|||||||
|
|
||||||
/* TLS config */
|
/* TLS config */
|
||||||
tls {
|
tls {
|
||||||
certificate "/app/conf/tls/tls.crt";
|
certificate "/app/conf/tls/server.cert.pem";
|
||||||
key "/app/conf/tls/tls.key";
|
key "/app/conf/tls/server.key.pem";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
---
|
---
|
||||||
@@ -408,6 +408,22 @@ spec:
|
|||||||
labels:
|
labels:
|
||||||
app: unrealircd
|
app: unrealircd
|
||||||
spec:
|
spec:
|
||||||
|
initContainers:
|
||||||
|
- name: copy-tls
|
||||||
|
image: busybox:1.36
|
||||||
|
command: ["sh", "-c"]
|
||||||
|
args:
|
||||||
|
- |
|
||||||
|
cp /tls-secret/tls.crt /tls/server.cert.pem
|
||||||
|
cp /tls-secret/tls.key /tls/server.key.pem
|
||||||
|
chmod 644 /tls/server.cert.pem
|
||||||
|
chmod 600 /tls/server.key.pem
|
||||||
|
volumeMounts:
|
||||||
|
- name: irc-tls-secret
|
||||||
|
mountPath: /tls-secret
|
||||||
|
readOnly: true
|
||||||
|
- name: irc-tls
|
||||||
|
mountPath: /tls
|
||||||
containers:
|
containers:
|
||||||
- name: unrealircd
|
- name: unrealircd
|
||||||
image: djlegolas/unrealircd:6.1.9.1
|
image: djlegolas/unrealircd:6.1.9.1
|
||||||
@@ -426,7 +442,6 @@ spec:
|
|||||||
mountPath: /app/data
|
mountPath: /app/data
|
||||||
- name: irc-tls
|
- name: irc-tls
|
||||||
mountPath: /app/conf/tls
|
mountPath: /app/conf/tls
|
||||||
readOnly: true
|
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
memory: 64Mi
|
memory: 64Mi
|
||||||
@@ -441,9 +456,11 @@ spec:
|
|||||||
- name: unrealircd-data
|
- name: unrealircd-data
|
||||||
persistentVolumeClaim:
|
persistentVolumeClaim:
|
||||||
claimName: unrealircd-data
|
claimName: unrealircd-data
|
||||||
- name: irc-tls
|
- name: irc-tls-secret
|
||||||
secret:
|
secret:
|
||||||
secretName: irc-tls
|
secretName: irc-tls
|
||||||
|
- name: irc-tls
|
||||||
|
emptyDir: {}
|
||||||
---
|
---
|
||||||
# Anope IRC Services Deployment
|
# Anope IRC Services Deployment
|
||||||
apiVersion: apps/v1
|
apiVersion: apps/v1
|
||||||
@@ -463,15 +480,23 @@ spec:
|
|||||||
labels:
|
labels:
|
||||||
app: anope
|
app: anope
|
||||||
spec:
|
spec:
|
||||||
|
initContainers:
|
||||||
|
- name: fix-perms
|
||||||
|
image: busybox:1.36
|
||||||
|
command: ["sh", "-c"]
|
||||||
|
args:
|
||||||
|
- |
|
||||||
|
mkdir -p /data/conf /data/logs /data/runtime
|
||||||
|
cp -f /config/services.conf /data/conf/services.conf
|
||||||
|
chown -R 10000:10000 /data 2>/dev/null || chmod -R 777 /data
|
||||||
|
volumeMounts:
|
||||||
|
- name: anope-config
|
||||||
|
mountPath: /config
|
||||||
|
- name: anope-data
|
||||||
|
mountPath: /data
|
||||||
containers:
|
containers:
|
||||||
- name: anope
|
- name: anope
|
||||||
image: anope/anope:latest
|
image: anope/anope:latest
|
||||||
command: ["/bin/sh", "-c"]
|
|
||||||
args:
|
|
||||||
- |
|
|
||||||
mkdir -p /data/conf /data/logs
|
|
||||||
cp /config/services.conf /data/conf/services.conf
|
|
||||||
exec /anope/bin/services --nofork
|
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: anope-config
|
- name: anope-config
|
||||||
mountPath: /config
|
mountPath: /config
|
||||||
|
|||||||
Reference in New Issue
Block a user