Sienna Meridian Satterwhite
cc2d4e6cbd
Image is now built and pushed by `sunbeam.py --build` rather than imported directly into k3s containerd. imagePullPolicy changes from Never to Always so every rollout restart pulls the freshly pushed image.
38 lines
1.2 KiB
YAML
38 lines
1.2 KiB
YAML
# Patch: local Pingora overrides
|
|
# - ACME disabled (mkcert wildcard cert from pingora-tls Secret)
|
|
# - hostPort for TURN relay range on the Lima VM
|
|
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: pingora
|
|
namespace: ingress
|
|
spec:
|
|
template:
|
|
spec:
|
|
containers:
|
|
- name: pingora
|
|
imagePullPolicy: Always
|
|
ports:
|
|
# Bind HTTP/HTTPS directly to the Lima VM's host network
|
|
- name: http
|
|
containerPort: 80
|
|
hostPort: 80
|
|
protocol: TCP
|
|
- name: https
|
|
containerPort: 443
|
|
hostPort: 443
|
|
protocol: TCP
|
|
# Expose full TURN relay range as hostPort so the Lima VM forwards UDP
|
|
- name: turn-start
|
|
containerPort: 49152
|
|
hostPort: 49152
|
|
protocol: UDP
|
|
- name: turn-end
|
|
containerPort: 49252
|
|
hostPort: 49252
|
|
protocol: UDP
|
|
# acme.enabled = false is the default in pingora-config.yaml.
|
|
# The mkcert cert Secret (pingora-tls) is created by scripts/local-certs.sh
|
|
# before kustomize runs, so it is always present on first apply.
|