153 lines
3.1 KiB
YAML
153 lines
3.1 KiB
YAML
apiVersion: cert-manager.io/v1
|
|
kind: Certificate
|
|
metadata:
|
|
name: spreed-prod.allarddcs.nl
|
|
namespace: nextcloud
|
|
spec:
|
|
secretName: spreed-prod.allarddcs.nl
|
|
issuerRef:
|
|
name: letsencrypt
|
|
kind: ClusterIssuer
|
|
dnsNames:
|
|
- spreed-prod.allarddcs.nl
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: spreed
|
|
namespace: nextcloud
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: spreed
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: spreed
|
|
spec:
|
|
containers:
|
|
- name: spreed
|
|
image: ghcr.io/strukturag/nextcloud-spreed-signaling:latest
|
|
ports:
|
|
- containerPort: 3478
|
|
- containerPort: 5349
|
|
- containerPort: 8443
|
|
- containerPort: 8080
|
|
volumeMounts:
|
|
- mountPath: /var/run
|
|
name: spreed-socket
|
|
- mountPath: /etc/tls
|
|
name: spreed-prod-cert
|
|
readOnly: true
|
|
- name: spreed-config
|
|
mountPath: /config/server.conf # Mount location inside the container
|
|
subPath: server.conf # Ensure we only mount the file, not the entire directory
|
|
volumes:
|
|
- name: spreed-socket
|
|
emptyDir: {}
|
|
- name: spreed-prod-cert
|
|
secret:
|
|
secretName: spreed-prod.allarddcs.nl
|
|
- name: spreed-config
|
|
persistentVolumeClaim:
|
|
claimName: spreed-pvc
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: spreed
|
|
namespace: nextcloud
|
|
spec:
|
|
type: ClusterIP
|
|
selector:
|
|
app: spreed
|
|
ports:
|
|
- name: websocket-web
|
|
protocol: TCP
|
|
port: 8080
|
|
targetPort: 8080
|
|
- name: websocket
|
|
protocol: TCP
|
|
port: 8443
|
|
targetPort: 8443
|
|
- name: stun-port
|
|
protocol: TCP
|
|
port: 3478
|
|
targetPort: 3478
|
|
- name: signaling-port
|
|
protocol: TCP
|
|
port: 5349
|
|
targetPort: 5349
|
|
---
|
|
apiVersion: v1
|
|
kind: PersistentVolume
|
|
metadata:
|
|
name: spreed-pv
|
|
spec:
|
|
storageClassName: ""
|
|
capacity:
|
|
storage: 1Gi
|
|
accessModes:
|
|
- ReadWriteMany
|
|
persistentVolumeReclaimPolicy: Retain
|
|
mountOptions:
|
|
- hard
|
|
- nfsvers=4.1
|
|
nfs:
|
|
server: 192.168.2.110
|
|
path: /mnt/nfs_share/spreed
|
|
readOnly: false
|
|
---
|
|
apiVersion: v1
|
|
kind: PersistentVolumeClaim
|
|
metadata:
|
|
name: spreed-pvc
|
|
namespace: nextcloud
|
|
spec:
|
|
storageClassName: ""
|
|
volumeName: spreed-pv
|
|
accessModes:
|
|
- ReadWriteMany
|
|
volumeMode: Filesystem
|
|
resources:
|
|
requests:
|
|
storage: 1Gi
|
|
---
|
|
apiVersion: traefik.io/v1alpha1
|
|
kind: IngressRoute
|
|
metadata:
|
|
name: spreed
|
|
namespace: nextcloud
|
|
spec:
|
|
entryPoints:
|
|
- websecure
|
|
routes:
|
|
- match: Host(`spreed-prod.allarddcs.nl`)
|
|
kind: Rule
|
|
services:
|
|
- name: spreed
|
|
port: 8080
|
|
middlewares:
|
|
- name: websocket-headers
|
|
---
|
|
apiVersion: traefik.io/v1alpha1
|
|
kind: Middleware
|
|
metadata:
|
|
name: websocket-headers
|
|
namespace: nextcloud
|
|
spec:
|
|
headers:
|
|
customRequestHeaders:
|
|
X-Forwarded-Proto: "https"
|
|
customResponseHeaders:
|
|
Connection: "Upgrade"
|
|
Upgrade: "websocket"
|
|
accessControlAllowMethods:
|
|
- GET
|
|
- OPTIONS
|
|
- POST
|
|
accessControlAllowHeaders:
|
|
- "*"
|
|
|