Compare commits
11 Commits
d6458cfe4f
...
15150aa565
| Author | SHA1 | Date | |
|---|---|---|---|
15150aa565
|
|||
|
58ba882a9b
|
|||
|
b11683a26c
|
|||
|
e191fa71db
|
|||
|
7bdc38b151
|
|||
|
eb5d95f02c
|
|||
|
7431dd4524
|
|||
|
e041e4c490
|
|||
|
bee2e150e1
|
|||
|
450be7a336
|
|||
|
cc1c63854e
|
2
.env
2
.env
@ -1,2 +1,2 @@
|
||||
PROD_URL=chat.gmoker.com
|
||||
IMAGEAPP=docker.io/vectorim/element-web:v1.11.78
|
||||
IMAGEAPP=docker.io/vectorim/element-web:v1.11.99
|
||||
|
||||
@ -4,6 +4,8 @@ services:
|
||||
image: "$IMAGEAPP"
|
||||
restart: unless-stopped
|
||||
ports:
|
||||
- "8080:80"
|
||||
- "8080:8080"
|
||||
environment:
|
||||
- ELEMENT_WEB_PORT=8080
|
||||
volumes:
|
||||
- ./config.json:/app/config.json:ro
|
||||
- ./config/config.json:/app/config.json:ro
|
||||
|
||||
@ -3,32 +3,34 @@ set -o pipefail
|
||||
|
||||
function kapply() {
|
||||
for f in "$@"; do
|
||||
kubectl apply -f \
|
||||
<(envsubst "$(env | xargs printf '$%s ')" < "manifests/$f")
|
||||
kubectl apply --server-side \
|
||||
-f<(envsubst "$(env | sed 's/^/$/')" < "manifests/$f")
|
||||
done
|
||||
}
|
||||
}; export -f kapply
|
||||
|
||||
function kcreatesec() {
|
||||
kubectl create secret generic --save-config --dry-run=client -oyaml "$@" | kubectl apply -f-
|
||||
}
|
||||
kubectl apply --server-side \
|
||||
-f<(kubectl create secret generic --dry-run=client -oyaml "$@")
|
||||
}; export -f kcreatesec
|
||||
|
||||
function kcreatecm() {
|
||||
kubectl create configmap --dry-run=client -oyaml "$@" | kubectl apply -f-
|
||||
}
|
||||
kubectl apply --server-side \
|
||||
-f<(kubectl create configmap --dry-run=client -oyaml "$@")
|
||||
}; export -f kcreatecm
|
||||
|
||||
function kgseckey() {
|
||||
local sec="$1"; shift
|
||||
local key="$1"; shift
|
||||
|
||||
kubectl get secret "$sec" -o jsonpath="{.data.$key}" | base64 -d
|
||||
}
|
||||
kubectl get secret "$sec" -ojson | jq -re ".data.\"$key\"" | base64 -d
|
||||
}; export -f kgseckey
|
||||
|
||||
function kgcmkey() {
|
||||
local cm="$1"; shift
|
||||
local cm="$1"; shift
|
||||
local key="$1"; shift
|
||||
|
||||
kubectl get configmap "$cm" -o jsonpath="{.data.$key}"
|
||||
}
|
||||
kubectl get configmap "$cm" -ojson | jq -re ".data.\"$key\""
|
||||
}; export -f kgcmkey
|
||||
|
||||
|
||||
kcreatecm element --from-file=config/config.json
|
||||
|
||||
@ -1,4 +1,5 @@
|
||||
#!/bin/bash -e
|
||||
set -o pipefail
|
||||
|
||||
export NB_REPLICAS=1
|
||||
|
||||
|
||||
@ -1,4 +1,5 @@
|
||||
#!/bin/bash -e
|
||||
set -o pipefail
|
||||
|
||||
export NB_REPLICAS=3
|
||||
|
||||
|
||||
@ -5,11 +5,18 @@ metadata:
|
||||
name: app
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt-prod
|
||||
gethomepage.dev/enabled: "true"
|
||||
gethomepage.dev/instance: "$GITHUB_REF_NAME"
|
||||
gethomepage.dev/name: Element
|
||||
gethomepage.dev/icon: element
|
||||
gethomepage.dev/description: Secure collaboration and messaging
|
||||
nginx.ingress.kubernetes.io/configuration-snippet: |
|
||||
more_set_headers "X-Frame-Options: SAMEORIGIN";
|
||||
more_set_headers "X-Content-Type-Options: nosniff";
|
||||
more_set_headers "X-XSS-Protection: 1; mode=block";
|
||||
more_set_headers "Content-Security-Policy: frame-ancestors 'self'";
|
||||
|
||||
if ($request_uri = /) {
|
||||
more_set_headers "Cache-Control: no-cache";
|
||||
}
|
||||
if ($request_uri ~* ^/(config\..*\.json|i18n|home|sites|index\.html)$) {
|
||||
more_set_headers "Cache-Control: no-cache, no-store, must-revalidate";
|
||||
}
|
||||
spec:
|
||||
ingressClassName: nginx
|
||||
tls:
|
||||
@ -63,7 +70,10 @@ spec:
|
||||
image: "$IMAGEAPP"
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 80
|
||||
containerPort: 8080
|
||||
env:
|
||||
- name: ELEMENT_WEB_PORT
|
||||
value: "8080"
|
||||
volumeMounts:
|
||||
- name: config
|
||||
mountPath: /app/config.json
|
||||
|
||||
Loading…
Reference in New Issue
Block a user