diff options
33 files changed, 158 insertions, 60 deletions
diff --git a/ansible/host_vars/lovelace/prometheus.yml b/ansible/host_vars/lovelace/prometheus.yml index 71005fb..6f8db3c 100644 --- a/ansible/host_vars/lovelace/prometheus.yml +++ b/ansible/host_vars/lovelace/prometheus.yml @@ -11,7 +11,7 @@ prometheus_configuration: - scheme: https static_configs: - targets: - - alertmanager.pythondiscord.com + - alertmanager.pydis.wtf rule_files: - rules.yml diff --git a/ansible/local_testing/Vagrantfile b/ansible/local_testing/Vagrantfile index 3532c0c..30e6a9e 100644 --- a/ansible/local_testing/Vagrantfile +++ b/ansible/local_testing/Vagrantfile @@ -12,7 +12,7 @@ Vagrant.configure("2") do |config| config.vm.define "control", primary: true do |control| control.vm.hostname = "control" control.vm.network "private_network", ip: "192.168.56.1", virtualbox__intnet: true - control.vm.synced_folder "../..", "/home/vagrant/infra", type: "rsync", rsync__exclude: ['.git-crypt', '.ruff_cache', 'dns', 'docs', 'kubernetes', 'venv', '.gitattributes', '.git', '.gitmodules', '.gitignore', '.pre-commit-config.yaml', 'LICENSE', 'README.md', 'server_bootstrap.sh'] + control.vm.synced_folder "../..", "/home/vagrant/infra", type: "rsync", rsync__exclude: ['.git-crypt', '.ruff_cache', 'dns', 'docs', 'kubernetes', 'venv', '.gitattributes', '.git', '.gitmodules', '.gitignore', '.pre-commit-config.yaml', 'LICENSE', 'README.md', 'server_bootstrap.sh', 'ansible/.ansible'] control.vm.provision "Install poetry", type: "shell", inline: <<-SHELL apt-get install -y python3-poetry diff --git a/ansible/roles/postgres/handlers/main.yml b/ansible/roles/postgres/handlers/main.yml index 73fffe3..5f01c13 100644 --- a/ansible/roles/postgres/handlers/main.yml +++ b/ansible/roles/postgres/handlers/main.yml @@ -1,4 +1,13 @@ -- name: Restart postgres. +- name: Restart the postgres service service: name: '{{ postgres_daemon }}' state: "restarted" + tags: + - role::postgres + +- name: Reload the postgres service + service: + name: '{{ postgres_daemon }}' + state: reloaded + tags: + - role::postgres diff --git a/ansible/roles/postgres/tasks/main.yml b/ansible/roles/postgres/tasks/main.yml index 034ff9c..ea6565b 100644 --- a/ansible/roles/postgres/tasks/main.yml +++ b/ansible/roles/postgres/tasks/main.yml @@ -18,16 +18,55 @@ - role::postgres - name: Add postgres users - community.postgresql.postgresql_user: "{{ item }}" - with_items: "{{ postgres_users }}" become: true become_user: "{{ postgres_user }}" + community.postgresql.postgresql_user: + name: "{{ item.name }}" + password: "{{ item.password }}" + state: present + loop_control: + label: "{{ item.name }}" + loop: "{{ postgres_users }}" + environment: + PGOPTIONS: "-c password_encryption=scram-sha-256" tags: - role::postgres - name: Add postgres databases - community.postgresql.postgresql_db: "{{ item }}" - with_items: "{{ postgres_databases }}" + become: true + become_user: "{{ postgres_user }}" + community.postgresql.postgresql_db: + name: "{{ item.name }}" + owner: "{{ item.owner }}" + state: present + loop: "{{ postgres_databases }}" + tags: + - role::postgres + +- name: Set host based authentication rules for all postgres users at once + ansible.builtin.blockinfile: + path: /etc/postgresql/{{ postgres_version }}/main/pg_hba.conf + insertafter: "# Put your actual configuration here" + marker: "# {mark} ANSIBLE MANAGED HBA CONF BLOCK" + block: | + {% for db in postgres_databases %} + host {{ db.name }} {{ db.owner }} all scram-sha-256 + {% endfor %} + loop: "{{ postgres_databases }}" + notify: + - Reload the postgres service + tags: + - role::postgres + +- name: Grant specified roles to users + community.postgresql.postgresql_membership: + groups: "{{ user.roles }}" + target_role: "{{ user.name }}" + loop: "{{ postgres_users }}" + when: user.roles != None + loop_control: + loop_var: user + label: "{{ user.name }}" become: true become_user: "{{ postgres_user }}" tags: diff --git a/ansible/roles/postgres/vars/main.yml b/ansible/roles/postgres/vars/main.yml deleted file mode 100644 index 7f482b0..0000000 --- a/ansible/roles/postgres/vars/main.yml +++ /dev/null @@ -1,7 +0,0 @@ -postgres_version: "15" -postgres_daemon: "postgresql@{{ postgres_version }}-main" -postgres_user: "postgres" - -postgres_users: [] - -postgres_databases: [] diff --git a/ansible/roles/postgres/vars/main/db_passwords.yml b/ansible/roles/postgres/vars/main/db_passwords.yml new file mode 100644 index 0000000..6c31909 --- /dev/null +++ b/ansible/roles/postgres/vars/main/db_passwords.yml @@ -0,0 +1,15 @@ +$ANSIBLE_VAULT;1.1;AES256 +33376564336164313533613136396638396332383132366634373361303361643631353663646538 +6132653061306166356238396636656538356164343765380a316134626534363566363237373162 +66383963323931646230353265613764313062616466616465653066613636633233613038626239 +3133373631626531330a656330336466616165623161303963376538616331343032376461663237 +32306664356464376437623138393530643436303465353336613465353963356665303032366134 +65373166376339666138393835383863326138663536383039373438356634373534306332656231 +30656531623561353161616334323739373533363034663936376430316132316166396665376537 +61623131383037633432356538616434333139646465383432366132653636306233653865633134 +34663633386266323634366134356166346634333063323230336666373366343134353733303732 +39653137646132613635623531343464653931323262333534393766623132613938303763646636 +35343137656262313236343434393462383464393664333736383861383363313861363636653739 +31653439336365316466613065623063306635653336336565323539343061616163323235336463 +64303335623465303462613332303330666433333538316165333561663537386635653130663432 +6437633131326534656664353332623163653664373965633330 diff --git a/ansible/roles/postgres/vars/main/main.yml b/ansible/roles/postgres/vars/main/main.yml new file mode 100644 index 0000000..f532863 --- /dev/null +++ b/ansible/roles/postgres/vars/main/main.yml @@ -0,0 +1,18 @@ +postgres_version: "15" +postgres_daemon: "postgresql@{{ postgres_version }}-main" +postgres_user: "postgres" + +postgres_users: + - name: pinnwand + password: "{{ vault_postgres_user_passwords.pinnwand }}" + roles: + + - name: blackbox + password: "{{ vault_postgres_user_passwords.blackbox }}" + roles: + - pg_read_all_data + + +postgres_databases: + - name: pinnwand + owner: pinnwand diff --git a/dns/zones/pythondiscord.com.yaml b/dns/zones/pythondiscord.com.yaml index 436bd8c..5422c09 100644 --- a/dns/zones/pythondiscord.com.yaml +++ b/dns/zones/pythondiscord.com.yaml @@ -192,14 +192,6 @@ pixels: type: A value: 194.195.247.228 -pixels-modsite: - octodns: - cloudflare: - proxied: true - ttl: 300 - type: A - value: 194.195.247.228 - policy-bot: octodns: cloudflare: diff --git a/docs/content/docs/onboarding/tools.md b/docs/content/docs/onboarding/tools.md index d61cbd4..d771cb4 100644 --- a/docs/content/docs/onboarding/tools.md +++ b/docs/content/docs/onboarding/tools.md @@ -16,7 +16,7 @@ to the [DevOps Team](https://github.com/orgs/python-discord/teams/devops) on GitHub. These are marked with the ☁️ emoji. If you don’t have access, please contact Chris or Joe. -## [Grafana](https://grafana.pythondiscord.com/) +## [Grafana](https://grafana.pydis.wtf/) Grafana provides access to some of the most important resources at your disposal. It acts as an aggregator and frontend for a large amount of data. @@ -40,10 +40,10 @@ listed below: Accessed via a GitHub login, with permission for anyone in the dev-core or dev-ops team. -## [Prometheus Dashboard](https://prometheus.pythondiscord.com/) (☁️)) +## [Prometheus Dashboard](https://prometheus.pydis.wtf/) (☁️)) This provides access to the Prometheus query console. You may also enjoy the -[Alertmanager Console](https://alertmanager.pythondiscord.com/). +[Alertmanager Console](https://alertmanager.pydis.wtf/). ## [King Arthur](https://github.com/python-discord/king-arthur/) diff --git a/kubernetes/namespaces/cert-manager/cert-manager/certificates/pydis.wtf.yaml b/kubernetes/namespaces/cert-manager/cert-manager/certificates/pydis.wtf.yaml index 318e71f..979395d 100644 --- a/kubernetes/namespaces/cert-manager/cert-manager/certificates/pydis.wtf.yaml +++ b/kubernetes/namespaces/cert-manager/cert-manager/certificates/pydis.wtf.yaml @@ -10,3 +10,9 @@ spec: issuerRef: name: letsencrypt kind: ClusterIssuer + secretTemplate: + annotations: + reflector.v1.k8s.emberstack.com/reflection-allowed: "true" + reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces: "monitoring,modmail,tooling,pixels" + reflector.v1.k8s.emberstack.com/reflection-auto-enabled: "true" + reflector.v1.k8s.emberstack.com/reflection-auto-namespaces: "monitoring,modmail,tooling,pixels" diff --git a/kubernetes/namespaces/cert-manager/cert-manager/certificates/pythondiscord.com.yaml b/kubernetes/namespaces/cert-manager/cert-manager/certificates/pythondiscord.com.yaml index 94bd7dc..6d095de 100644 --- a/kubernetes/namespaces/cert-manager/cert-manager/certificates/pythondiscord.com.yaml +++ b/kubernetes/namespaces/cert-manager/cert-manager/certificates/pythondiscord.com.yaml @@ -10,3 +10,9 @@ spec: issuerRef: name: letsencrypt kind: ClusterIssuer + secretTemplate: + annotations: + reflector.v1.k8s.emberstack.com/reflection-allowed: "true" + reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces: "apis,forms,monitoring,pixels,prestashop,tooling,web" + reflector.v1.k8s.emberstack.com/reflection-auto-enabled: "true" + reflector.v1.k8s.emberstack.com/reflection-auto-namespaces: "apis,forms,monitoring,pixels,prestashop,tooling,web" diff --git a/kubernetes/namespaces/databases/blackbox/blackbox-configmap.yaml b/kubernetes/namespaces/databases/blackbox/blackbox-configmap.yaml index 5220a57..fb7013e 100644 --- a/kubernetes/namespaces/databases/blackbox/blackbox-configmap.yaml +++ b/kubernetes/namespaces/databases/blackbox/blackbox-configmap.yaml @@ -15,6 +15,13 @@ data: password: {{ POSTGRES_PASSWORD }} host: postgres.databases.svc.cluster.local port: "5432" + + lovelace_postgres: + username: {{ LOVELACE_BLACKBOX_POSTGRES_USER }} + password: {{ LOVELACE_BLACKBOX_POSTGRES_PASSWORD }} + host: lovelace.box.pydis.wtf + port: "5432" + redis: main_redis: password: {{ REDIS_PASSWORD }} diff --git a/kubernetes/namespaces/databases/blackbox/secrets.yaml b/kubernetes/namespaces/databases/blackbox/secrets.yaml Binary files differindex 4255b48..78169fb 100644 --- a/kubernetes/namespaces/databases/blackbox/secrets.yaml +++ b/kubernetes/namespaces/databases/blackbox/secrets.yaml diff --git a/kubernetes/namespaces/kube-system/reflector/README.md b/kubernetes/namespaces/kube-system/reflector/README.md new file mode 100644 index 0000000..aaeceb7 --- /dev/null +++ b/kubernetes/namespaces/kube-system/reflector/README.md @@ -0,0 +1,11 @@ +# Kubernetes reflector + +We use [kubernetes-reflector](github.com/emberstack/kubernetes-reflector) to mirror certificate resources into all namespaces that need access to the wildcard certificates used for the cluster. + +It is deployed using Helm with no additional configuration using the following steps: + +``` sh +$ helm repo add emberstack https://emberstack.github.io/helm-charts +$ helm repo update +$ helm upgrade -n kube-system --install reflector emberstack/reflector +``` diff --git a/kubernetes/namespaces/modmail/configmap.yaml b/kubernetes/namespaces/modmail/configmap.yaml index 9117464..5d5d850 100644 --- a/kubernetes/namespaces/modmail/configmap.yaml +++ b/kubernetes/namespaces/modmail/configmap.yaml @@ -8,6 +8,6 @@ data: DATA_COLLECTION: 'false' # Disable bot metadata collection by modmail devs DISABLE_AUTOUPDATES: 'yes' GUILD_ID: '267624335836053506' - LOG_URL: https://modmail.pythondiscord.com/ + LOG_URL: https://modmail.pydis.wtf/ OWNERS: 165023948638126080,95872159741644800,336843820513755157 REGISTRY_PLUGINS_ONLY: 'false' # Allow the usage of plugins outside of the official registry diff --git a/kubernetes/namespaces/modmail/web/ingress.yaml b/kubernetes/namespaces/modmail/web/ingress.yaml index b610b09..f54c022 100644 --- a/kubernetes/namespaces/modmail/web/ingress.yaml +++ b/kubernetes/namespaces/modmail/web/ingress.yaml @@ -10,10 +10,10 @@ metadata: spec: tls: - hosts: - - "*.pythondiscord.com" - secretName: pythondiscord.com-tls + - "*.pydis.wtf" + secretName: pydis.wtf-tls rules: - - host: modmail.pythondiscord.com + - host: modmail.pydis.wtf http: paths: - path: / diff --git a/kubernetes/namespaces/monitoring/alerts/alertmanager/deployment.yaml b/kubernetes/namespaces/monitoring/alerts/alertmanager/deployment.yaml index 4f1c322..dfdc155 100644 --- a/kubernetes/namespaces/monitoring/alerts/alertmanager/deployment.yaml +++ b/kubernetes/namespaces/monitoring/alerts/alertmanager/deployment.yaml @@ -52,7 +52,7 @@ spec: - | exec /bin/alertmanager \ --config.file=/opt/pydis/alertmanager/config.d/alertmanager.yaml \ - --web.external-url=https://alertmanager.pythondiscord.com \ + --web.external-url=https://alertmanager.pydis.wtf \ --storage.path=/data/alertmanager \ $(cat /tmp/peers) ports: diff --git a/kubernetes/namespaces/monitoring/alerts/alertmanager/ingress.yaml b/kubernetes/namespaces/monitoring/alerts/alertmanager/ingress.yaml index 0f2de08..31c93d7 100644 --- a/kubernetes/namespaces/monitoring/alerts/alertmanager/ingress.yaml +++ b/kubernetes/namespaces/monitoring/alerts/alertmanager/ingress.yaml @@ -7,7 +7,7 @@ metadata: nginx.ingress.kubernetes.io/auth-tls-error-page: "https://www.youtube.com/watch?v=dQw4w9WgXcQ" nginx.ingress.kubernetes.io/affinity: "cookie" nginx.ingress.kubernetes.io/session-cookie-name: "AlertManager_LB" - nginx.ingress.kubernetes.io/session-cookie-domain: "alertmanager.pythondiscord.com" + nginx.ingress.kubernetes.io/session-cookie-domain: "alertmanager.pydis.wtf" nginx.ingress.kubernetes.io/session-cookie-samesite: "Strict" nginx.ingress.kubernetes.io/session-cookie-expires: "3600" name: alertmanager @@ -15,9 +15,10 @@ metadata: spec: tls: - hosts: - - "*.pythondiscord.com" + - "*.pydis.wtf" + secretName: pydis.wtf-tls rules: - - host: alertmanager.pythondiscord.com + - host: alertmanager.pydis.wtf http: paths: - path: / diff --git a/kubernetes/namespaces/monitoring/grafana/configmap.yaml b/kubernetes/namespaces/monitoring/grafana/configmap.yaml index 931e2da..5424038 100644 --- a/kubernetes/namespaces/monitoring/grafana/configmap.yaml +++ b/kubernetes/namespaces/monitoring/grafana/configmap.yaml @@ -6,8 +6,8 @@ metadata: data: # Root settings GF_INSTANCE_NAME: "pythondiscord" - GF_SERVER_DOMAIN: "grafana.pythondiscord.com" - GF_SERVER_ROOT_URL: "https://grafana.pythondiscord.com" + GF_SERVER_DOMAIN: "grafana.pydis.wtf" + GF_SERVER_ROOT_URL: "https://grafana.pydis.wtf" GF_SECURITY_COOKIE_SECURE: "true" # GitHub Auth diff --git a/kubernetes/namespaces/monitoring/grafana/ingress.yaml b/kubernetes/namespaces/monitoring/grafana/ingress.yaml index 4331333..60336e7 100644 --- a/kubernetes/namespaces/monitoring/grafana/ingress.yaml +++ b/kubernetes/namespaces/monitoring/grafana/ingress.yaml @@ -10,10 +10,10 @@ metadata: spec: tls: - hosts: - - "*.pythondiscord.com" - secretName: pythondiscord.com-tls + - "*.pydis.wtf" + secretName: pydis.wtf-tls rules: - - host: grafana.pythondiscord.com + - host: grafana.pydis.wtf http: paths: - path: / diff --git a/kubernetes/namespaces/monitoring/prometheus/deployment.yaml b/kubernetes/namespaces/monitoring/prometheus/deployment.yaml index 5a806ff..2dd1e2d 100644 --- a/kubernetes/namespaces/monitoring/prometheus/deployment.yaml +++ b/kubernetes/namespaces/monitoring/prometheus/deployment.yaml @@ -21,7 +21,7 @@ spec: args: [ "--storage.tsdb.path", "/opt/prometheus/data", "--config.file", "/etc/prometheus/prometheus.yaml", - "--web.external-url", "https://prometheus.pythondiscord.com", + "--web.external-url", "https://prometheus.pydis.wtf", "--web.enable-lifecycle", "--web.enable-admin-api", "--web.page-title", "Python Discord Prometheus", diff --git a/kubernetes/namespaces/monitoring/prometheus/ingress.yaml b/kubernetes/namespaces/monitoring/prometheus/ingress.yaml index 69e240a..ac5d6be 100644 --- a/kubernetes/namespaces/monitoring/prometheus/ingress.yaml +++ b/kubernetes/namespaces/monitoring/prometheus/ingress.yaml @@ -10,9 +10,10 @@ metadata: spec: tls: - hosts: - - "*.pythondiscord.com" + - "*.pydis.wtf" + secretName: pydis.wtf-tls rules: - - host: prometheus.pythondiscord.com + - host: prometheus.pydis.wtf http: paths: - path: / diff --git a/kubernetes/namespaces/pixels/pixels-modsite/README.md b/kubernetes/namespaces/pixels/pixels-modsite/README.md index ee95650..3526004 100644 --- a/kubernetes/namespaces/pixels/pixels-modsite/README.md +++ b/kubernetes/namespaces/pixels/pixels-modsite/README.md @@ -1,6 +1,6 @@ # Pixels -The deployment for the [Pixels modsite project](https://git.pydis.com/pixels-modsite), hosted at https://pixels-modsite.pythondiscord.com. +The deployment for the [Pixels modsite project](https://git.pydis.com/pixels-modsite), hosted at https://pixels-mod.pydis.wtf. This mod site will give Discord mods easy access to moderation actions for the pixels event. diff --git a/kubernetes/namespaces/pixels/pixels-modsite/ingress.yaml b/kubernetes/namespaces/pixels/pixels-modsite/ingress.yaml index 7992344..d4f3649 100644 --- a/kubernetes/namespaces/pixels/pixels-modsite/ingress.yaml +++ b/kubernetes/namespaces/pixels/pixels-modsite/ingress.yaml @@ -10,10 +10,10 @@ metadata: spec: tls: - hosts: - - "*.pythondiscord.com" - secretName: pythondiscord.com-tls + - "*.pydis.wtf" + secretName: pydis.wtf-tls rules: - - host: pixels-modsite.pythondiscord.com + - host: pixels-mod.pydis.wtf http: paths: - path: / diff --git a/kubernetes/namespaces/tooling/bitwarden/README.md b/kubernetes/namespaces/tooling/bitwarden/README.md index 37f01eb..68b1176 100644 --- a/kubernetes/namespaces/tooling/bitwarden/README.md +++ b/kubernetes/namespaces/tooling/bitwarden/README.md @@ -1,6 +1,6 @@ # BitWarden -Our internal password manager, used by the admins to share passwords for our services. Hosted at https://bitwarden.pythondiscord.com +Our internal password manager, used by the admins to share passwords for our services. Hosted at https://bitwarden.pydis.wtf To deploy this, first set up the secrets (see below) and then run `kubectl apply -f .` in this folder. diff --git a/kubernetes/namespaces/tooling/bitwarden/configmap.yaml b/kubernetes/namespaces/tooling/bitwarden/configmap.yaml index 29b9a84..3b8c62d 100644 --- a/kubernetes/namespaces/tooling/bitwarden/configmap.yaml +++ b/kubernetes/namespaces/tooling/bitwarden/configmap.yaml @@ -5,7 +5,7 @@ metadata: namespace: tooling data: # Domain to access bitwarden by - DOMAIN: "https://bitwarden.pythondiscord.com" + DOMAIN: "https://bitwarden.pydis.wtf" # Password hint must be sent to an email when this is false. # When it's true, it'll be shown right on the page. diff --git a/kubernetes/namespaces/tooling/bitwarden/ingress.yaml b/kubernetes/namespaces/tooling/bitwarden/ingress.yaml index e7eab59..a1f7d16 100644 --- a/kubernetes/namespaces/tooling/bitwarden/ingress.yaml +++ b/kubernetes/namespaces/tooling/bitwarden/ingress.yaml @@ -10,10 +10,10 @@ metadata: spec: tls: - hosts: - - "*.pythondiscord.com" - secretName: pythondiscord.com-tls + - "*.pydis.wtf" + secretName: pydis.wtf-tls rules: - - host: bitwarden.pythondiscord.com + - host: bitwarden.pydis.wtf http: paths: - path: / diff --git a/kubernetes/namespaces/tooling/metabase/ingress.yaml b/kubernetes/namespaces/tooling/metabase/ingress.yaml index b29bdd8..c2c5436 100644 --- a/kubernetes/namespaces/tooling/metabase/ingress.yaml +++ b/kubernetes/namespaces/tooling/metabase/ingress.yaml @@ -10,10 +10,10 @@ metadata: spec: tls: - hosts: - - "*.pythondiscord.com" - secretName: pythondiscord.com-tls + - "*.pydis.wtf" + secretName: pydis.wtf-tls rules: - - host: metabase.pythondiscord.com + - host: metabase.pydis.wtf http: paths: - path: / diff --git a/kubernetes/namespaces/tooling/policy-bot/README.md b/kubernetes/namespaces/tooling/policy-bot/README.md index ed44a63..392d50f 100644 --- a/kubernetes/namespaces/tooling/policy-bot/README.md +++ b/kubernetes/namespaces/tooling/policy-bot/README.md @@ -5,7 +5,7 @@ Actual review policy is stored inside our GitHub repositories in the `.github/re ## GitHub Configuration -Follow the instructions in the [repository](https://github.com/palantir/policy-bot#deployment) to provision a GitHub application. Our manifests are configured to run the policy bot at https://policy-bot.pythondiscord.com/. +Follow the instructions in the [repository](https://github.com/palantir/policy-bot#deployment) to provision a GitHub application. Our manifests are configured to run the policy bot at https://policy-bot.pydis.wtf/. ## Secrets @@ -21,4 +21,4 @@ This app requires a `policy-bot-defaults` secret with the following entries: Run `kubectl apply -f .` inside this directory to apply the the configuration. -Access the running application over [policy-bot.pythondiscord.com]([https://policy-bot.pythondiscord.com/])! +Access the running application over [policy-bot.pydis.wtf]([https://policy-bot.pydis.wtf/])! diff --git a/kubernetes/namespaces/tooling/policy-bot/configmap.yaml b/kubernetes/namespaces/tooling/policy-bot/configmap.yaml index c3e3660..ec56f26 100644 --- a/kubernetes/namespaces/tooling/policy-bot/configmap.yaml +++ b/kubernetes/namespaces/tooling/policy-bot/configmap.yaml @@ -11,7 +11,7 @@ data: address: "0.0.0.0" port: 8080 # The public URL, used for URL generation when the server is behind a proxy - public_url: https://policy-bot.pythondiscord.com/ + public_url: https://policy-bot.pydis.wtf/ # Options for logging output logging: diff --git a/kubernetes/namespaces/tooling/policy-bot/ingress.yaml b/kubernetes/namespaces/tooling/policy-bot/ingress.yaml index 79c2f74..cd7d529 100644 --- a/kubernetes/namespaces/tooling/policy-bot/ingress.yaml +++ b/kubernetes/namespaces/tooling/policy-bot/ingress.yaml @@ -10,10 +10,10 @@ metadata: spec: tls: - hosts: - - "*.pythondiscord.com" - secretName: pythondiscord.com-tls + - "*.pydis.wtf" + secretName: pydis.wtf-tls rules: - - host: policy-bot.pythondiscord.com + - host: policy-bot.pydis.wtf http: paths: - path: / diff --git a/kubernetes/namespaces/web/pinnwand/deployment.yaml b/kubernetes/namespaces/web/pinnwand/deployment.yaml index 90bc7e9..61d65ae 100644 --- a/kubernetes/namespaces/web/pinnwand/deployment.yaml +++ b/kubernetes/namespaces/web/pinnwand/deployment.yaml @@ -22,7 +22,7 @@ spec: mountPath: /tmp/ containers: - name: pinnwand - image: ghcr.io/supakeen/pinnwand:v1.5.0-psql + image: ghcr.io/python-discord/pinnwand:latest-psql command: ["venv/bin/python3", "-m", "pinnwand", "-vvvvvvvv", "--configuration-path", "/config/config.toml", "http"] imagePullPolicy: Always resources: diff --git a/kubernetes/namespaces/web/pinnwand/secrets.yaml b/kubernetes/namespaces/web/pinnwand/secrets.yaml Binary files differindex a8f4811..ee7bec2 100644 --- a/kubernetes/namespaces/web/pinnwand/secrets.yaml +++ b/kubernetes/namespaces/web/pinnwand/secrets.yaml |