Start using ingress instead of virtual service

This commit is contained in:
Nikolai Rodionov 2024-05-27 09:34:42 +02:00
parent 76c4f57845
commit 5414085273
Signed by: allanger
GPG Key ID: 0AA46A90E25592AD
6 changed files with 183 additions and 78 deletions

93
.woodpecker.yml Normal file
View File

@ -0,0 +1,93 @@
---
when:
event:
- push
steps:
- image: alpine/helm
name: Publish the Helm chart
commands:
- helm plugin install https://github.com/chartmuseum/helm-push
- helm package chart -d chart-package
- helm repo add --username allanger --password $GITEA_TOKEN badhouseplants-net https://git.badhouseplants.net/api/packages/badhouseplants/helm
- helm cm-push "./chart-package/$(ls chart-package)" badhouseplants-net
secrets:
- gitea_token
- name: Test a build
image: git.badhouseplants.net/badhouseplants/hugo-container
commands:
- hugo -s ./src
- name: Build and push the docker image
image: git.badhouseplants.net/badhouseplants/badhouseplants-builder:9665015b44590b7ce2139f7acbad23af6628fff3
privileged: true
depends_on:
- Test a build
secrets:
- gitea_token
environment:
BUILDER_COMMIT: 2449b73b13a62ae916c6703778d096e5290157b3
commands:
- rm -rf $DRONE_WORKSPACE/src/assets/
- ./scripts/build-container.pl
backend_options:
kubernetes:
resources:
requests:
memory: 500Mi
cpu: 200m
limits:
memory: 1000Mi
cpu: 1000m
securityContext:
privileged: true
- name: Sync pictures from lfs to Minio
image: git.badhouseplants.net/badhouseplants/badhouseplants-builder:9665015b44590b7ce2139f7acbad23af6628fff3
depends_on:
- Test a build
secrets:
- rclone_config_content
environment:
RCLONE_CONFIG: /tmp/rclone.conf
commands:
- echo "$RCLONE_CONFIG_CONTENT" > $RCLONE_CONFIG
- ./scripts/upload-media.pl
- name: Deploy the application
image: git.badhouseplants.net/badhouseplants/badhouseplants-builder:9665015b44590b7ce2139f7acbad23af6628fff3
depends_on:
- Build and push the docker image
- Sync pictures from lfs to Minio
secrets:
- gitea_token
- argocd_auth_token
- argo_github_oauth_key
- argo_google_oauth_key
environment:
ARGOCD_SERVER: argo.badhouseplants.net:443
commands:
- ./scripts/deploy-app.pl
- name: Cleanup everything
image: git.badhouseplants.net/badhouseplants/badhouseplants-builder:9665015b44590b7ce2139f7acbad23af6628fff3
depends_on:
- Deploy the application
secrets:
- gitea_token
- argocd_auth_token
- rclone_config_content
environment:
ARGOCD_SERVER: argo.badhouseplants.net:443
RCLONE_CONFIG: /tmp/rclone.conf
commands:
- echo "$RCLONE_CONFIG_CONTENT" > $RCLONE_CONFIG
- ./scripts/cleanup.pl
- name: Spell-Checker
failure: ignore
image: node
commands:
- npm i markdown-spellcheck -g
- mdspell "src/content/**/*.md" -n -r

View File

@ -2,10 +2,10 @@ apiVersion: v2
name: badhouseplants-net name: badhouseplants-net
description: A Helm chart for Kubernetes description: A Helm chart for Kubernetes
type: application type: application
version: 0.8.6 version: 0.9.0
appVersion: "4.20.0" appVersion: "4.20.0"
dependencies: dependencies:
- name: remark42 - name: remark42
version: 0.5.5 version: 0.7.0
repository: https://groundhog2k.github.io/helm-charts/ repository: https://groundhog2k.github.io/helm-charts/
condition: remark42.enabled condition: remark42.enabled

View File

@ -1,57 +0,0 @@
{{- if .Values.istio.enabled -}}
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: {{ include "badhouseplants-net.fullname" . }}
labels:
{{- include "badhouseplants-net.labels" . | nindent 4 }}
{{- with .Values.istio.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
gateways:
- istio-system/badhouseplants-net
hosts:
{{- range .Values.istio.hosts}}
- {{ . }}
{{- end }}
http:
- match:
- uri:
prefix: {{ .Values.istio.prefix }}
route:
- destination:
host: {{ include "badhouseplants-net.fullname" . }}
port:
number: {{ .Values.service.port }}
{{- end }}
---
{{- if .Values.remark42.istio.enabled -}}
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: {{ include "remark42.fullname" . }}-remark42
labels:
{{- include "badhouseplants-net.labels" . | nindent 4 }}
{{- with .Values.remark42.istio.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
gateways:
- istio-system/badhouseplants-net
hosts:
{{- range .Values.remark42.istio.hosts}}
- {{ . }}
{{- end }}
http:
- match:
- uri:
prefix: {{ .Values.remark42.istio.prefix }}
route:
- destination:
host: {{ .Release.Name }}-remark42
port:
number: {{ .Values.remark42.service.port }}
{{- end }}

View File

@ -39,14 +39,6 @@ hugo:
env: env:
HUGO_PARAMS_GITBRANCH: main HUGO_PARAMS_GITBRANCH: main
istio:
annotations: {}
enabled: true
hosts:
- badhouseplants.net
- www.badhouseplants.net
prefix: /
volumes: volumes:
# ---------------------------------------------- # ----------------------------------------------
# -- An emptydir volume where hugo should # -- An emptydir volume where hugo should

View File

@ -5,11 +5,33 @@ values: |
tag: $ARGO_APP_IMAGE_TAG tag: $ARGO_APP_IMAGE_TAG
env: env:
HUGO_PARAMS_GITCOMMIT: $ARGO_APP_IMAGE_TAG HUGO_PARAMS_GITCOMMIT: $ARGO_APP_IMAGE_TAG
istio: ingress:
enabled: true
className: ~
annotations: annotations:
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
link.argocd.argoproj.io/env: https://badhouseplants.net/ link.argocd.argoproj.io/env: https://badhouseplants.net/
link.argocd.argoproj.io/build: $DRONE_BUILD_LINK link.argocd.argoproj.io/build: $DRONE_BUILD_LINK
link.argocd.argoproj.io/remark42: https://remark42.badhouseplants.net/web pathtype: ImplementationSpecific
hosts:
- host: badhouseplants.net
paths:
- path: /
pathType: ImplementationSpecific
- host: www.badhouseplants.net
paths:
- path: /
pathType: ImplementationSpecific
tls:
- secretName: badhp-tls
hosts:
- badhouseplants.net
- www.badhouseplants.net
remark42: remark42:
settings: settings:
secret: $ARGO_REMARK_SECRET secret: $ARGO_REMARK_SECRET
@ -26,3 +48,25 @@ values: |
secret: $ARGO_GOOGLE_OAUTH_KEY secret: $ARGO_GOOGLE_OAUTH_KEY
storage: storage:
requestedSize: 300Mi requestedSize: 300Mi
ingress:
enabled: true
className: ~
annotations:
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
link.argocd.argoproj.io/remark42: https://remark42.badhouseplants.net/web
## Hosts
hosts:
- host: remark42.badhouseplants.net
paths:
- path: /
pathType: ImplementationSpecific
tls:
secretName: chart-example-tls
hosts:
- remark42.badhouseplants.net

View File

@ -1,12 +1,27 @@
--- ---
values: | values: |
istio: ingress:
enabled: true
className: ~
annotations:
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
link.argocd.argoproj.io/env: https://$ARGO_APP_HOSTNAME/
link.argocd.argoproj.io/build: $DRONE_BUILD_LINK
pathtype: ImplementationSpecific
hosts:
- host: $ARGO_APP_HOSTNAME
paths:
- path: /
pathType: ImplementationSpecific
tls:
- secretName: badhp-$ARGO_APP_BRANCH-tls
hosts: hosts:
- $ARGO_APP_HOSTNAME - $ARGO_APP_HOSTNAME
annotations:
link.argocd.argoproj.io/env: https://$ARGO_APP_HOSTNAME/
link.argocd.argoproj.io/remark42: https://remark42-$ARGO_APP_HOSTNAME/web
link.argocd.argoproj.io/build: $DRONE_BUILD_LINK
hugo: hugo:
image: image:
tag: $ARGO_APP_IMAGE_TAG tag: $ARGO_APP_IMAGE_TAG
@ -17,13 +32,31 @@ values: |
HUGO_PARAMS_COMMENTS_REMARK42_HOST: https://remark42-$ARGO_APP_HOSTNAME HUGO_PARAMS_COMMENTS_REMARK42_HOST: https://remark42-$ARGO_APP_HOSTNAME
HUGO_PARAMS_GITCOMMIT: $ARGO_APP_IMAGE_TAG HUGO_PARAMS_GITCOMMIT: $ARGO_APP_IMAGE_TAG
remark42: remark42:
istio:
hosts:
- remark42-$ARGO_APP_HOSTNAME
settings: settings:
url: https://remark42-$ARGO_APP_HOSTNAME/ url: https://remark42-$ARGO_APP_HOSTNAME/
auth: auth:
anonymous: true anonymous: true
secretKey: $ARGO_REMARK_SECRET secretKey: $ARGO_REMARK_SECRET
ingress:
enabled: true
className: ~
annotations:
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
link.argocd.argoproj.io/remark42: https://remark42-$ARGO_APP_HOSTNAME/
## Hosts
hosts:
- host: remark42.badhouseplants.net
paths:
- path: /
pathType: ImplementationSpecific
tls:
secretName: remark-$ARGO_APP_BRANCH-tls
hosts:
- remark42-$ARGO_APP_HOSTNAME
rclone: rclone:
command: 'rclone copy -P badhouseplants-public:/badhouseplants-net/$ARGO_APP_IMAGE_TAG /static' command: 'rclone copy -P badhouseplants-public:/badhouseplants-net/$ARGO_APP_IMAGE_TAG /static'