Start using ingress instead of virtual service

.woodpecker.yml

@@ -0,0 +1,93 @@
+---
+when:
+  event:
+    - push
+
+steps:
+  - image: alpine/helm
+    name: Publish the Helm chart
+    commands:
+      - helm plugin install https://github.com/chartmuseum/helm-push
+      - helm package chart -d chart-package
+      - helm repo add  --username allanger --password $GITEA_TOKEN badhouseplants-net https://git.badhouseplants.net/api/packages/badhouseplants/helm
+      - helm cm-push "./chart-package/$(ls chart-package)" badhouseplants-net
+    secrets:
+      - gitea_token
+
+  - name: Test a build
+    image: git.badhouseplants.net/badhouseplants/hugo-container
+    commands:
+      - hugo -s ./src
+
+  - name: Build and push the docker image
+    image: git.badhouseplants.net/badhouseplants/badhouseplants-builder:9665015b44590b7ce2139f7acbad23af6628fff3
+    privileged: true
+    depends_on:
+      - Test a build
+    secrets:
+      - gitea_token
+    environment:
+      BUILDER_COMMIT: 2449b73b13a62ae916c6703778d096e5290157b3
+    commands:
+      - rm -rf $DRONE_WORKSPACE/src/assets/
+      - ./scripts/build-container.pl
+    backend_options:
+      kubernetes:
+        resources:
+          requests:
+            memory: 500Mi
+            cpu: 200m
+          limits:
+            memory: 1000Mi
+            cpu: 1000m
+        securityContext:
+          privileged: true
+
+  - name: Sync pictures from lfs to Minio
+    image: git.badhouseplants.net/badhouseplants/badhouseplants-builder:9665015b44590b7ce2139f7acbad23af6628fff3
+    depends_on:
+      - Test a build
+    secrets:
+      - rclone_config_content
+    environment:
+      RCLONE_CONFIG: /tmp/rclone.conf
+    commands:
+      - echo "$RCLONE_CONFIG_CONTENT" > $RCLONE_CONFIG
+      - ./scripts/upload-media.pl
+
+  - name: Deploy the application
+    image: git.badhouseplants.net/badhouseplants/badhouseplants-builder:9665015b44590b7ce2139f7acbad23af6628fff3
+    depends_on:
+      - Build and push the docker image
+      - Sync pictures from lfs to Minio
+    secrets:
+      - gitea_token
+      - argocd_auth_token
+      - argo_github_oauth_key
+      - argo_google_oauth_key
+    environment:
+      ARGOCD_SERVER: argo.badhouseplants.net:443
+    commands:
+      - ./scripts/deploy-app.pl
+
+  - name: Cleanup everything
+    image: git.badhouseplants.net/badhouseplants/badhouseplants-builder:9665015b44590b7ce2139f7acbad23af6628fff3
+    depends_on:
+      - Deploy the application
+    secrets:
+      - gitea_token
+      - argocd_auth_token
+      - rclone_config_content
+    environment:
+      ARGOCD_SERVER: argo.badhouseplants.net:443
+      RCLONE_CONFIG: /tmp/rclone.conf
+    commands:
+      - echo "$RCLONE_CONFIG_CONTENT" > $RCLONE_CONFIG
+      - ./scripts/cleanup.pl
+
+  - name: Spell-Checker
+    failure: ignore
+    image: node
+    commands:
+      - npm i markdown-spellcheck -g
+      - mdspell "src/content/**/*.md" -n -r

chart/Chart.yaml

@@ -2,10 +2,10 @@ apiVersion: v2
 name: badhouseplants-net
 description: A Helm chart for Kubernetes
 type: application
-version: 0.8.6
+version: 0.9.0
 appVersion: "4.20.0"
 dependencies:
   - name: remark42
-    version: 0.5.5
+    version: 0.7.0
     repository: https://groundhog2k.github.io/helm-charts/
     condition: remark42.enabled

chart/templates/virtual-service.yaml

@@ -1,57 +0,0 @@
-{{- if .Values.istio.enabled -}}
-apiVersion: networking.istio.io/v1beta1
-kind: VirtualService
-metadata:
-  name: {{ include "badhouseplants-net.fullname" . }}
-  labels:
-    {{- include "badhouseplants-net.labels" . | nindent 4 }}
-  {{- with .Values.istio.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-spec:
-  gateways:
-  - istio-system/badhouseplants-net
-  hosts: 
-    {{- range .Values.istio.hosts}}
-    - {{ . }}
-    {{- end }}
-  http:
-  - match:
-    - uri:
-        prefix:  {{ .Values.istio.prefix }}
-    route:
-    - destination:
-        host: {{ include "badhouseplants-net.fullname" . }}
-        port:
-          number: {{ .Values.service.port }}
-{{- end }}
----
-{{- if .Values.remark42.istio.enabled -}}
-apiVersion: networking.istio.io/v1beta1
-kind: VirtualService
-metadata:
-  name: {{ include "remark42.fullname" . }}-remark42
-  labels:
-    {{- include "badhouseplants-net.labels" . | nindent 4 }}
-  {{- with .Values.remark42.istio.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-spec:
-  gateways:
-  - istio-system/badhouseplants-net
-  hosts: 
-    {{- range .Values.remark42.istio.hosts}}
-    - {{ . }}
-    {{- end }}
-  http:
-  - match:
-    - uri:
-        prefix:  {{ .Values.remark42.istio.prefix }}
-    route:
-    - destination:
-        host: {{ .Release.Name }}-remark42
-        port:
-          number: {{ .Values.remark42.service.port }}
-{{- end }}

chart/values.yaml

@@ -39,14 +39,6 @@ hugo:
   env:
     HUGO_PARAMS_GITBRANCH: main
 
-istio:
-  annotations: {}
-  enabled: true
-  hosts:
-    - badhouseplants.net
-    - www.badhouseplants.net
-  prefix: /
-
 volumes:
   # ----------------------------------------------
   # -- An emptydir volume where hugo should

kube/values-main.yaml

@@ -5,11 +5,33 @@ values: |
       tag: $ARGO_APP_IMAGE_TAG
     env:
       HUGO_PARAMS_GITCOMMIT: $ARGO_APP_IMAGE_TAG
-  istio:
+  ingress:
+    enabled: true
+    className: ~
     annotations: 
+      kubernetes.io/ingress.class: traefik
+      kubernetes.io/tls-acme: "true"
+      kubernetes.io/ingress.allow-http: "false"
+      kubernetes.io/ingress.global-static-ip-name: ""
+      cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
       link.argocd.argoproj.io/env: https://badhouseplants.net/
       link.argocd.argoproj.io/build: $DRONE_BUILD_LINK
-      link.argocd.argoproj.io/remark42: https://remark42.badhouseplants.net/web
+    pathtype: ImplementationSpecific
+    hosts:
+      - host: badhouseplants.net
+        paths: 
+          - path: /
+            pathType: ImplementationSpecific
+      - host: www.badhouseplants.net
+        paths: 
+          - path: /
+            pathType: ImplementationSpecific
+    tls: 
+      - secretName: badhp-tls
+        hosts:
+          - badhouseplants.net
+          - www.badhouseplants.net
+    
   remark42:
     settings:
       secret: $ARGO_REMARK_SECRET
@@ -26,3 +48,25 @@ values: |
           secret: $ARGO_GOOGLE_OAUTH_KEY
     storage:
       requestedSize: 300Mi
+    ingress:
+      enabled: true
+      className: ~
+      annotations:
+        kubernetes.io/ingress.class: traefik
+        kubernetes.io/tls-acme: "true"
+        kubernetes.io/ingress.allow-http: "false"
+        kubernetes.io/ingress.global-static-ip-name: ""
+        cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
+        link.argocd.argoproj.io/remark42: https://remark42.badhouseplants.net/web
+      ## Hosts
+      hosts:
+        - host: remark42.badhouseplants.net
+          paths:
+            - path: /
+              pathType: ImplementationSpecific
+    
+      tls:
+        secretName: chart-example-tls
+        hosts:
+          - remark42.badhouseplants.net
+  

kube/values-preview.yaml

@@ -1,12 +1,27 @@
 ---
 values: |
-  istio:
+  ingress:
+    enabled: true
+    className: ~
+    annotations: 
+      kubernetes.io/ingress.class: traefik
+      kubernetes.io/tls-acme: "true"
+      kubernetes.io/ingress.allow-http: "false"
+      kubernetes.io/ingress.global-static-ip-name: ""
+      cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
+      link.argocd.argoproj.io/env: https://$ARGO_APP_HOSTNAME/
+      link.argocd.argoproj.io/build: $DRONE_BUILD_LINK
+    pathtype: ImplementationSpecific
+    hosts:
+      - host: $ARGO_APP_HOSTNAME
+        paths: 
+          - path: /
+            pathType: ImplementationSpecific
+    tls: 
+      - secretName: badhp-$ARGO_APP_BRANCH-tls
         hosts:
           - $ARGO_APP_HOSTNAME
-    annotations:
+
-      link.argocd.argoproj.io/env: https://$ARGO_APP_HOSTNAME/
-      link.argocd.argoproj.io/remark42: https://remark42-$ARGO_APP_HOSTNAME/web
-      link.argocd.argoproj.io/build: $DRONE_BUILD_LINK
   hugo:
     image:
       tag: $ARGO_APP_IMAGE_TAG
@@ -17,13 +32,31 @@ values: |
       HUGO_PARAMS_COMMENTS_REMARK42_HOST: https://remark42-$ARGO_APP_HOSTNAME
       HUGO_PARAMS_GITCOMMIT: $ARGO_APP_IMAGE_TAG
   remark42:
-    istio:
-      hosts:
-        - remark42-$ARGO_APP_HOSTNAME
     settings:
       url: https://remark42-$ARGO_APP_HOSTNAME/
       auth:
         anonymous: true
       secretKey: $ARGO_REMARK_SECRET
+    ingress:
+      enabled: true
+      className: ~
+      annotations:
+        kubernetes.io/ingress.class: traefik
+        kubernetes.io/tls-acme: "true"
+        kubernetes.io/ingress.allow-http: "false"
+        kubernetes.io/ingress.global-static-ip-name: ""
+        cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
+        link.argocd.argoproj.io/remark42: https://remark42-$ARGO_APP_HOSTNAME/
+      ## Hosts
+      hosts:
+        - host: remark42.badhouseplants.net
+          paths:
+            - path: /
+              pathType: ImplementationSpecific
+    
+      tls:
+        secretName: remark-$ARGO_APP_BRANCH-tls
+        hosts:
+          - remark42-$ARGO_APP_HOSTNAME
   rclone:
     command: 'rclone copy -P badhouseplants-public:/badhouseplants-net/$ARGO_APP_IMAGE_TAG /static'