-
|
Is there anyone running ejabberd in kubernetes? Would be nice if someone could provide their configuration or have tips on mine. |
Beta Was this translation helpful? Give feedback.
Replies: 6 comments
-
|
Hello, I have a kustomize example on bare metal here:
In case of questions, just let me know. |
Beta Was this translation helpful? Give feedback.
-
|
Edit says: Only how do I get the certificate for the main domain now? My hoster wants that still itself, becaus there still runs my website. Before Edit: Thanks for your reply @sando38 I tried the whole day, but i don´t get it work. Nevertheless, I think I've made a lot of progress and learned from your example. e.g. I patched Ingress for non http(s) services. But unfortunately I don't get the certificate thing yet. This is my current DNS configuration at my hoster and here are the important iptables from my ipfire to cluster node 192.168.1.235 Here is my current confi: here is the log: possibly other interesting output: It would be nice if you, or anyone else, could tell me where the error is. Thanks in advance |
Beta Was this translation helpful? Give feedback.
-
|
For the first answer, I can see, that your https://acme-staging-v02.api.letsencrypt.org/directory Do you plan to to use the integrated TURN Service from ejabberd as well? In the service part, I am pretty sure you do not need the epmd port, because this would be only interesting to "publish" within your cluster if you plan clustering with ejabberd. |
Beta Was this translation helpful? Give feedback.
-
|
Since I have not managed to delegate the acme challenge for my main domain in such a way that both -my hoster and home hosted kubernetes cluster- can resolve it, I have set up a kubernetes CronJob and copy all the certificates from my hoster to the drive mounted by ejabberd. However, I still get the Kubernetes Ingress Controller Fake Certificate delivered. What is wrong with my configuration and how can I fix this? Here is my actual ejabberd-deployment:
Yes, but first the other things have to run smoothly. It would be nice if you could help me with my certificate problem.
OK, i've commented it out. |
Beta Was this translation helpful? Give feedback.
-
Sounds a bit as if the ingress controller terminates/ tries to terminate the TLS connections instead of ejabberd itself. Are the TCP routers configured with something like ssl pass-through? I am not much familiar with nginx ingress controller and the kubernetes ingress kind itself. Additionally:
|
Beta Was this translation helpful? Give feedback.
-
|
For documentation: The goal is to merge it upstream at some point if wanted of course. |
Beta Was this translation helpful? Give feedback.
For documentation:
I have created a helm chart for ejabberd. It is under development, but I run my server successfully with it.
https://github.com/sando38/helm-ejabberd
The goal is to merge it upstream at some point if wanted of course.