añadido apolo

apolo/deployments/deploy-ejabberd.yaml

@@ -0,0 +1,109 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: apolo-ejabberd
+  namespace: apolo
+  labels:
+    app.kubernetes.io/name: apolo-ejabberd
+    app.kubernetes.io/part-of: apolo
+    app.kubernetes.io/component: ejabberd
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: apolo-ejabberd
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: apolo-ejabberd
+        app.kubernetes.io/part-of: apolo
+        app.kubernetes.io/component: ejabberd
+    spec:
+      imagePullSecrets:
+        - name: harbor-cred
+
+      # >>> Asegura permisos/ownership en volúmenes
+      securityContext:
+        runAsUser: 9000
+        runAsGroup: 9000
+        fsGroup: 9000
+        fsGroupChangePolicy: "OnRootMismatch"
+
+      initContainers:
+        - name: make-chat-pem
+          image: alpine:latest
+          command: ["/bin/sh","-lc"]
+          args:
+            - |
+              set -eu
+              mkdir -p /work/conf
+              cat /tls/tls.key /tls/tls.crt > /work/conf/chat.pem
+              chmod 600 /work/conf/chat.pem
+          volumeMounts:
+            - { name: tls,  mountPath: /tls, readOnly: true }
+            - { name: conf, mountPath: /work/conf }
+
+        - name: fix-perms
+          image: alpine:latest
+          securityContext:
+            runAsUser: 0
+            runAsGroup: 0
+          command: ["/bin/sh","-lc"]
+          args:
+            - |
+              set -eu
+              chown -R 9000:9000 /home/ejabberd/database || true
+              chown -R 9000:9000 /home/ejabberd/logs || true
+              chown -R 9000:9000 /home/ejabberd/conf || true
+          volumeMounts:
+            - { name: data, mountPath: /home/ejabberd/database }
+            - { name: logs, mountPath: /home/ejabberd/logs }
+            - { name: conf, mountPath: /home/ejabberd/conf }
+
+      containers:
+        - name: ejabberd
+          image: harbor.c2et.com/xrf-ssl/xrf-ejabberd:6.0
+          imagePullPolicy: IfNotPresent
+          envFrom:
+            - secretRef:
+                name: apolo-ejabberd-secret
+          ports:
+            - { name: c2s,   containerPort: 5222, protocol: TCP }
+            - { name: s2s,   containerPort: 5269, protocol: TCP }
+            - { name: https, containerPort: 5443, protocol: TCP }
+            - { name: http,  containerPort: 5280, protocol: TCP }
+          readinessProbe:
+            tcpSocket: { port: 5222 }
+            initialDelaySeconds: 10
+            periodSeconds: 10
+          livenessProbe:
+            tcpSocket: { port: 5222 }
+            initialDelaySeconds: 30
+            periodSeconds: 20
+          volumeMounts:
+            - { name: data,   mountPath: /home/ejabberd/database }
+            - { name: logs,   mountPath: /home/ejabberd/logs }
+            - { name: conf,   mountPath: /home/ejabberd/conf }
+            - { name: confmap, mountPath: /home/ejabberd/conf/ejabberd.yml, subPath: ejabberd.yml }
+            # inetrc opcional (para callar el warning)
+            - { name: inetrc, mountPath: /home/ejabberd/conf/inetrc, subPath: inetrc, readOnly: true }
+
+      volumes:
+        - name: data
+          persistentVolumeClaim:
+            claimName: apolo-ejabberd-data
+        - name: logs
+          persistentVolumeClaim:
+            claimName: apolo-ejabberd-logs
+        - name: conf
+          emptyDir: {}
+        - name: confmap
+          configMap:
+            name: apolo-ejabberd-config
+        - name: tls
+          secret:
+            secretName: chat-tls
+        - name: inetrc
+          configMap:
+            name: apolo-ejabberd-inetrc
+            optional: true