setup a single user activity pub inbox on ap1.xai-corp.net

ansible-5/roles/prod.k3s/templates/ktistec/deployment.yaml

@@ -0,0 +1,49 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: ktistec-pod
+  namespace: "{{apps.ktistec.namespace}}"
+  labels:
+    app: ktistec
+spec:
+  imagePullSecrets:
+    - name: dkregistry-login
+  containers:
+    - name: ktistec
+      image: dkregistry.xai-corp.net/ktistec/app:2.4.13
+#      volumeMounts:
+#        - name: repo-vol
+#          mountPath: "/var/lib/registry"
+##        - name: certs-vol
+##          mountPath: "/certs"
+##          readOnly: true
+##        - name: auth-vol
+##          mountPath: "/auth"
+##          readOnly: false
+#        - name: auth-secret
+#          mountPath: "/auth"
+#          readOnly: true
+#      env:
+#        - name: REGISTRY_AUTH
+#          value: "htpasswd"
+#        - name: REGISTRY_AUTH_HTPASSWD_REALM
+#          value: "Registry Realm"
+#        - name: REGISTRY_AUTH_HTPASSWD_PATH
+#          value: "/auth/htpasswd"
+#        - name: REGISTRY_HTTP_SECRET
+#          value: "/auth/htpasswd"
+#        - name: REGISTRY_HTTP_TLS_CERTIFICATE
+#          value: "/certs/tls.crt"
+#        - name: REGISTRY_HTTP_TLS_KEY
+#          value: "/certs/tls.key"
+#  volumes:
+#    - name: repo-vol
+#      persistentVolumeClaim:
+#        claimName: data-dkregistry-0
+#    - name: auth-vol
+#      persistentVolumeClaim:
+#        claimName: data-dkregistry-auth-0
+
+#    - name: auth-secret
+#      secret:
+#        secretName: auth-secret-2025

ansible-5/roles/prod.k3s/templates/ktistec/ingress.yaml

@@ -0,0 +1,29 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: ktistec
+  namespace: "{{apps.ktistec.namespace}}"
+  annotations:
+    kubernetes.io/ingress.class: "traefik"
+    traefik.ingress.kubernetes.io/router.entrypoints: websecure
+    traefik.ingress.kubernetes.io/router.tls: "true"
+    cert-manager.io/cluster-issuer: letsencrypt-production
+
+spec:
+  rules:
+    - host: ap1.xai-corp.net
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: ktistec
+                port:
+                  number: 3000
+
+  tls: # < placing a host in the TLS config will determine what ends up in the cert's subjectAltNames
+    - secretName: xai-corp-production-tls-ap1
+      hosts:
+        - ap1.xai-corp.net

ansible-5/roles/prod.k3s/templates/ktistec/service.yaml

@@ -0,0 +1,12 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: ktistec
+  namespace: "{{apps.ktistec.namespace}}"
+spec:
+  selector:
+    app: ktistec
+  ports:
+    - port: 3000
+      targetPort: 3000