deployment.yml

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: foundry
  labels:
    app: foundry
spec:
  replicas: 1
  selector:
    matchLabels:
      app: foundry
  template:
    metadata:
      labels:
        app: foundry
    spec:
      containers:
        # TODO: Add sidecar container for sftp on port other than port 22 to drop assets into
        - name: foundry
          image: felddy/foundryvtt:0.7.9
          imagePullPolicy: IfNotPresent
          ports:
            - containerPort: 30000
              name: http
          env:
            - name: FOUNDRY_USERNAME
              value: "cclloyd"
            - name: FOUNDRY_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: foundry
                  key: foundry-password
            - name: CONTAINER_CACHE
              value: "/data/container-cache"
            - name: CONTAINER_PATCHES
              value: "/data/container-patches"
            - name: CONTAINER_PRESERVE_CONFIG
              value: "true"
            - name: FOUNDRY_ADMIN_KEY
              valueFrom:
                secretKeyRef:
                  name: foundry
                  key: admin-key
            - name: FOUNDRY_UID
              value: "redacted"
            - name: FOUNDRY_GID
              value: "redacted"
            - name: FOUNDRY_HOSTNAME
              value: "rpg.example.com"
            #- name: FOUNDRY_PROXY_PORT
            #  value: "443"
            - name: FOUNDRY_PROXY_SSL
              value: "true"
            - name: TIMEZONE
              value: "America/New_York"

          volumeMounts:
            - name: foundry-data
              mountPath: /data
            - name: foundry-assets
              mountPath: /data/assets
      volumes:
        - name: foundry-data
          persistentVolumeClaim:
            claimName: foundry-data
        - name: foundry-assets
          persistentVolumeClaim:
            claimName: foundry-assets

ingress.yml

---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: foundry
  labels:
    app: foundry
  annotations:
    kubernetes.io/ingress.class: nginx
    cert-manager.io/cluster-issuer: "letsencrypt-prod"
    nginx.ingress.kubernetes.io/connection-proxy-header: "keep-alive"
    nginx.ingress.kubernetes.io/enable-cors: "true"
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/proxy-connect-timeout: "30"
    nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
    nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
    nginx.ingress.kubernetes.io/proxy-body-size: 512M
    nginx.org/websocket-services: "foundry-ws"
    #nginx.ingress.kubernetes.io/websocket-services: "foundry"
    nginx.ingress.kubernetes.io/upstream-hash-by: "$arg_token"
    nginx.ingress.kubernetes.io/configuration-snippet: |
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection $connection_upgrade;
spec:
  tls:
    - hosts:
        - rpg.casualtryhards.com
      secretName: foundry-tls
  rules:
    - host: rpg.casualtryhards.com
      http:
        paths:
          - path: /
            backend:
              serviceName: foundry
              servicePort: http
          - path: /socket.io/
            backend:
              serviceName: foundry-ws
              servicePort: http

service.yml

---
kind: Service
apiVersion: v1
metadata:
  labels:
    app: foundry
  name: foundry
spec:
  selector:
    app: foundry
  ports:
    - protocol: TCP
      name: http
      port: 30000
      targetPort: http

---
kind: Service
apiVersion: v1
metadata:
  labels:
    app: foundry
  name: foundry-ws
spec:
  selector:
    app: foundry
  ports:
    - protocol: TCP
      name: foundry-ws
      port: 30000
      targetPort: http