Sienna Meridian Satterwhite
3ecb42056f
Remove scripts/sunbeam.py — superseded by the new cli/ package. Add install/test/sunbeam targets to justfile pointing at ../cli/. fix(vso): add deletecollection to test-rbac Role — CachingClientFactory calls deletecollection on secrets during init; the old Role only had delete, causing vault-secrets-operator-test to CrashLoopBackOff. fix(ingress): pingora imagePullPolicy IfNotPresent — Always caused unnecessary pulls on every pod restart in local dev.
38 lines
1.2 KiB
YAML
38 lines
1.2 KiB
YAML
# Patch: local Pingora overrides
|
|
# - ACME disabled (mkcert wildcard cert from pingora-tls Secret)
|
|
# - hostPort for TURN relay range on the Lima VM
|
|
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: pingora
|
|
namespace: ingress
|
|
spec:
|
|
template:
|
|
spec:
|
|
containers:
|
|
- name: pingora
|
|
imagePullPolicy: IfNotPresent
|
|
ports:
|
|
# Bind HTTP/HTTPS directly to the Lima VM's host network
|
|
- name: http
|
|
containerPort: 80
|
|
hostPort: 80
|
|
protocol: TCP
|
|
- name: https
|
|
containerPort: 443
|
|
hostPort: 443
|
|
protocol: TCP
|
|
# Expose full TURN relay range as hostPort so the Lima VM forwards UDP
|
|
- name: turn-start
|
|
containerPort: 49152
|
|
hostPort: 49152
|
|
protocol: UDP
|
|
- name: turn-end
|
|
containerPort: 49252
|
|
hostPort: 49252
|
|
protocol: UDP
|
|
# acme.enabled = false is the default in pingora-config.yaml.
|
|
# The mkcert cert Secret (pingora-tls) is created by scripts/local-certs.sh
|
|
# before kustomize runs, so it is always present on first apply.
|