.dockerignore

@@ -1 +1,3 @@
 node_modules
+static
+

Dockerfile

@@ -1,16 +1,5 @@
-FROM alpine:latest AS builder
+FROM klakegg/hugo
 WORKDIR /src
 COPY . /src
-ARG GOHUGO_LINK=https://github.com/gohugoio/hugo/releases/download/v0.110.0/hugo_0.110.0_linux-amd64.tar.gz
-RUN apk update && apk add curl tar
-RUN curl -LJO ${GOHUGO_LINK} && tar -xf hugo_0.110.0_linux-amd64.tar.gz
-RUN mv /src/hugo /usr/local/bin/hugo
-RUN chmod +x /usr/local/bin/hugo
 RUN hugo
 
-FROM nginx:stable-alpine
-COPY --from=builder /src/public /var/www
-COPY configs/nginx.conf /etc/nginx/conf.d/default.conf
-EXPOSE 80
-CMD [ "nginx", "-g", "daemon off;" ]
-

chart/templates/deployment.yaml

@@ -24,35 +24,67 @@ spec:
       labels:
         {{- include "badhouseplants-net.selectorLabels" . | nindent 8 }}
     spec:
-      {{- with .Values.imagePullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      securityContext:
-        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      initContainers:
+        - name: {{ .Values.rclone.container.name }}
+          image: "{{ .Values.rclone.image.repository}}:{{ .Values.rclone.image.tag}}"
+          imagePullPolicy: {{ .Values.rclone.image.pullPolicy }}
+          env:
+            - name: RCLONE_CONFIG
+              value: /tmp/rclone.conf
+          command:
+            - sh
+          args:
+            - "-c"
+            - "rclone copy -P badhouseplants-public:/badhouseplants-static /static"
+          volumeMounts:
+            - name: rclone-config
+              mountPath: "/tmp"
+              readOnly: true
+            - name: {{ .Values.volumes.rclone }}
+              mountPath: /static
+              readOnly: false
+          resources:
+            {{- toYaml .Values.rclone.container.resources | nindent 12 }}
+        - name: {{ .Values.hugo.container.name }}
+          volumeMounts:
+            - name: {{ .Values.volumes.rclone.name }}
+              mountPath: /src/static
+              readOnly: true
+            - name: {{ .Values.volumes.public.name }}
+              mountPath: /src/public
+              readOnly: false
+          image: "{{ .Values.hugo.image.repository}}:{{ .Values.hugo.image.tag}}"
+          imagePullPolicy: {{ .Values.hugo.image.pullPolicy }}
+          resources:
+            {{- toYaml .Values.hugo.container.resources | nindent 12 }}
       containers:
-        - name: {{ .Chart.Name }}
-          securityContext:
-            {{- toYaml .Values.securityContext | nindent 12 }}
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
+        - name: {{ .Values.nginx.container.name }}
+          image: "{{ .Values.nginx.image.repository}}:{{ .Values.nginx.image.tag}}"
+          imagePullPolicy: {{ .Values.nginx.image.pullPolicy }}
           ports:
             - name: http
               containerPort: {{ .Values.service.port }}
               protocol: TCP
           resources:
-            {{- toYaml .Values.resources | nindent 12 }}
-          command: 
-{{ toYaml .Values.command | indent 12 }}
-      {{- with .Values.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
+            {{- toYaml .Values.nginx.container.resources | nindent 12 }}
+          volumeMounts:
+            - name: {{ .Values.volumes.public.name }}
+              mountPath: /var/www
+              readOnly: true
+            - name: nginx-config
+              mountPath:  /etc/nginx/conf.d
+              readOnly: true
+      volumes:
+        - name: rclone-config
+          secret:
+            secretName: rclone-config
+        - name: {{ .Values.volumes.rclone.name }}
+          emptyDir:
+            sizeLimit: {{ .Values.volumes.rclone.sizeLimit }}
+        - name: {{ .Values.volumes.public.name }}
+          emptyDir:
+            sizeLimit: {{ .Values.volumes.public.sizeLimit }}
+        - name: nginx-config
+          configMap:
+            name: nginx-config
+

chart/templates/nginx-config-cm.yaml

@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: nginx-config
+data:
+  default.conf: |
+    server {
+      listen 80;
+      listen [::]:80;
+      server_name  ~.;
+      root /var/www;
+      index index.html;
+      location / {
+        try_files $uri $uri/ =404;
+      }
+    }
+

chart/templates/rclone-config-sec.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: rclone-config
+type: generic
+data:
+  # the data is abbreviated in this example
+  rclone.conf: {{ .Values.rclone.config  | b64enc }}

chart/templates/virtual-service.yaml

@@ -0,0 +1,21 @@
+{{- if .Values.istio.enabled -}}
+apiVersion: networking.istio.io/v1beta1
+kind: VirtualService
+metadata:
+  annotations:
+  labels:
+  name: blog-virtual-service
+spec:
+  gateways:
+  - istio-system/badhouseplants-net
+  hosts: {{ .Values.istio.hosts }}
+  http:
+  - match:
+    - uri:
+        prefix:  {{ .Values.istio.prefix }}
+    route:
+    - destination:
+        host: {{ include "badhouseplants-net.fullname" . }}
+        port:
+          number: {{ .Values.service.port }}
+{{- end }}

chart/values.yaml

@@ -1,10 +1,66 @@
 replicaCount: 1
 
+nginx: 
+  container:
+    name: nginx
+    resources: {}
+  image: 
+    repository: nginx
+    pullPolicy: Always
+    tag: latest
+  
+rclone:
+  container:
+    name: rclone
+    resources: {}
+  image: 
+    repository: rclone/rclone
+    pullPolicy: Always
+    tag: latest
+  config: |-
+    [badhouseplants-public]
+    type = s3
+    provider = Minio
+    region = us-west-1
+    endpoint = s3.badhouseplants.net
+    location_constraint = us-west-1
+
+hugo:
+  container:
+    name: badhouseplants-net
+    resources: {}
   image: 
     repository: git.badhouseplants.net/allanger/badhouseplants-net
     pullPolicy: Always
     tag: latest
 
+istio:
+  enabled: true
+  hosts:
+    - badhouseplants.net
+    - www.badhouseplants.net
+  prefix: /
+
+volumes:
+  # ----------------------------------------------
+  # -- An emptydir volume where hugo should 
+  # --  put the static content
+  # ----------------------------------------------
+  public:
+    name: public-content
+    sizeLimit: 1gi 
+  # ----------------------------------------------
+  # -- An emptydir volume where rclone should 
+  # --  download pictures
+  # ----------------------------------------------
+  rclone: 
+    name: s3-data
+    sizeLimit: 1Gi
+
+# -------------------------------------
+# -- Default values that I haven't 
+# --  touched
+# -------------------------------------
 imagePullSecrets: []
 nameOverride: ""
 fullnameOverride: ""
@@ -30,29 +86,6 @@ service:
 
 ingress:
   enabled: false
-  annotations: 
-    kubernetes.io/ingress.class: istio
-  hosts:
-    - host: badhouseplants.net
-      paths:
-        - path: /
-          pathType: Prefix
-  tls:
-      - secretName: badhouseplants-wildcard-tls
-        hosts:
-          - badhouseplants.net
-
-resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # limits:
-  #   cpu: 100m
-  #   memory: 128Mi
-  # requests:
-  #   cpu: 100m
-  #   memory: 128Mi
 
 autoscaling:
   enabled: false
@@ -60,9 +93,3 @@ autoscaling:
   maxReplicas: 100
   targetCPUUtilizationPercentage: 80
   # targetMemoryUtilizationPercentage: 80
-
-nodeSelector: {}
-
-tolerations: []
-
-affinity: {}