diff --git a/.woodpecker.yml b/.woodpecker.yml deleted file mode 100644 index 3189887..0000000 --- a/.woodpecker.yml +++ /dev/null @@ -1,93 +0,0 @@ ---- -when: - event: - - push - -steps: - - image: alpine/helm - name: Publish the Helm chart - commands: - - helm plugin install https://github.com/chartmuseum/helm-push - - helm package chart -d chart-package - - helm repo add --username allanger --password $GITEA_TOKEN badhouseplants-net https://git.badhouseplants.net/api/packages/badhouseplants/helm - - helm cm-push "./chart-package/$(ls chart-package)" badhouseplants-net - secrets: - - gitea_token - - - name: Test a build - image: git.badhouseplants.net/badhouseplants/hugo-container - commands: - - hugo -s ./src - - - name: Build and push the docker image - image: git.badhouseplants.net/badhouseplants/badhouseplants-builder:latest - privileged: true - depends_on: - - Test a build - secrets: - - gitea_token - environment: - BUILDER_COMMIT: 2449b73b13a62ae916c6703778d096e5290157b3 - commands: - - rm -rf $DRONE_WORKSPACE/src/assets/ - - ./scripts/build-container.pl - backend_options: - kubernetes: - resources: - requests: - memory: 500Mi - cpu: 200m - limits: - memory: 1000Mi - cpu: 1000m - securityContext: - privileged: true - - - name: Sync pictures from lfs to Minio - image: git.badhouseplants.net/badhouseplants/badhouseplants-builder:latest - depends_on: - - Test a build - secrets: - - rclone_config_content - environment: - RCLONE_CONFIG: /tmp/rclone.conf - commands: - - echo "$RCLONE_CONFIG_CONTENT" > $RCLONE_CONFIG - - ./scripts/upload-media.pl - - - name: Deploy the application - image: git.badhouseplants.net/badhouseplants/badhouseplants-builder:latest - depends_on: - - Build and push the docker image - - Sync pictures from lfs to Minio - secrets: - - gitea_token - - argocd_auth_token - - argo_github_oauth_key - - argo_google_oauth_key - environment: - ARGOCD_SERVER: https://argo.badhouseplants.net:443 - commands: - - ./scripts/deploy-app.pl - - - name: Cleanup everything - image: git.badhouseplants.net/badhouseplants/badhouseplants-builder:latest - depends_on: - - Deploy the application - secrets: - - gitea_token - - argocd_auth_token - - rclone_config_content - environment: - ARGOCD_SERVER: argo.badhouseplants.net:443 - RCLONE_CONFIG: /tmp/rclone.conf - commands: - - echo "$RCLONE_CONFIG_CONTENT" > $RCLONE_CONFIG - - ./scripts/cleanup.pl - - - name: Spell-Checker - failure: ignore - image: node - commands: - - npm i markdown-spellcheck -g - - mdspell "src/content/**/*.md" -n -r diff --git a/chart/Chart.yaml b/chart/Chart.yaml index 96d4f43..b249eeb 100644 --- a/chart/Chart.yaml +++ b/chart/Chart.yaml @@ -2,10 +2,10 @@ apiVersion: v2 name: badhouseplants-net description: A Helm chart for Kubernetes type: application -version: 0.9.0 +version: 0.8.6 appVersion: "4.20.0" dependencies: - name: remark42 - version: 0.7.0 + version: 0.5.5 repository: https://groundhog2k.github.io/helm-charts/ condition: remark42.enabled diff --git a/chart/templates/virtual-service.yaml b/chart/templates/virtual-service.yaml new file mode 100644 index 0000000..0db7593 --- /dev/null +++ b/chart/templates/virtual-service.yaml @@ -0,0 +1,57 @@ +{{- if .Values.istio.enabled -}} +apiVersion: networking.istio.io/v1beta1 +kind: VirtualService +metadata: + name: {{ include "badhouseplants-net.fullname" . }} + labels: + {{- include "badhouseplants-net.labels" . | nindent 4 }} + {{- with .Values.istio.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + gateways: + - istio-system/badhouseplants-net + hosts: + {{- range .Values.istio.hosts}} + - {{ . }} + {{- end }} + http: + - match: + - uri: + prefix: {{ .Values.istio.prefix }} + route: + - destination: + host: {{ include "badhouseplants-net.fullname" . }} + port: + number: {{ .Values.service.port }} +{{- end }} +--- +{{- if .Values.remark42.istio.enabled -}} +apiVersion: networking.istio.io/v1beta1 +kind: VirtualService +metadata: + name: {{ include "remark42.fullname" . }}-remark42 + labels: + {{- include "badhouseplants-net.labels" . | nindent 4 }} + {{- with .Values.remark42.istio.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + gateways: + - istio-system/badhouseplants-net + hosts: + {{- range .Values.remark42.istio.hosts}} + - {{ . }} + {{- end }} + http: + - match: + - uri: + prefix: {{ .Values.remark42.istio.prefix }} + route: + - destination: + host: {{ .Release.Name }}-remark42 + port: + number: {{ .Values.remark42.service.port }} +{{- end }} diff --git a/chart/values.yaml b/chart/values.yaml index c0463a3..ed5d115 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -39,6 +39,14 @@ hugo: env: HUGO_PARAMS_GITBRANCH: main +istio: + annotations: {} + enabled: true + hosts: + - badhouseplants.net + - www.badhouseplants.net + prefix: / + volumes: # ---------------------------------------------- # -- An emptydir volume where hugo should diff --git a/kube/application.yaml b/kube/application.yaml index cc41ea1..6441ed5 100644 --- a/kube/application.yaml +++ b/kube/application.yaml @@ -6,10 +6,10 @@ metadata: branch: $ARGO_APP_BRANCH commit_sha: $ARGO_APP_IMAGE_TAG name: badhouseplants-$ARGO_APP_BRANCH - namespace: platform + namespace: argo-system spec: destination: - namespace: $ARGO_APP_NAMESPACE + namespace: badhouseplants-$ARGO_APP_NAMESPACE server: https://kubernetes.default.svc project: badhouseplants source: diff --git a/kube/project.yaml b/kube/project.yaml index f302767..fcb23c4 100644 --- a/kube/project.yaml +++ b/kube/project.yaml @@ -2,7 +2,7 @@ apiVersion: argoproj.io/v1alpha1 kind: AppProject metadata: name: badhouseplants - namespace: platform + namespace: argo-system finalizers: - resources-finalizer.argocd.argoproj.io spec: @@ -11,13 +11,15 @@ spec: - '*' destinations: - - namespace: development - server: https://kubernetes.default.svc - name: in-cluster - - namespace: production + - namespace: badhouseplants-* server: https://kubernetes.default.svc name: in-cluster + # Deny all cluster-scoped resources from being created, except for Namespace + clusterResourceWhitelist: + - group: '' + kind: Namespace + # Allow all namespaced-scoped resources to be created, except for ResourceQuota, LimitRange, NetworkPolicy namespaceResourceBlacklist: - group: '' @@ -29,4 +31,4 @@ spec: # Enables namespace orphaned resource monitoring. orphanedResources: - warn: false + warn: false \ No newline at end of file diff --git a/kube/values-main.yaml b/kube/values-main.yaml index 4d25e03..7555fdb 100644 --- a/kube/values-main.yaml +++ b/kube/values-main.yaml @@ -5,33 +5,11 @@ values: | tag: $ARGO_APP_IMAGE_TAG env: HUGO_PARAMS_GITCOMMIT: $ARGO_APP_IMAGE_TAG - ingress: - enabled: true - className: ~ - annotations: - kubernetes.io/ingress.class: traefik - kubernetes.io/tls-acme: "true" - kubernetes.io/ingress.allow-http: "false" - kubernetes.io/ingress.global-static-ip-name: "" - cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + istio: + annotations: link.argocd.argoproj.io/env: https://badhouseplants.net/ link.argocd.argoproj.io/build: $DRONE_BUILD_LINK - pathtype: ImplementationSpecific - hosts: - - host: badhouseplants.net - paths: - - path: / - pathType: ImplementationSpecific - - host: www.badhouseplants.net - paths: - - path: / - pathType: ImplementationSpecific - tls: - - secretName: badhp-tls - hosts: - - badhouseplants.net - - www.badhouseplants.net - + link.argocd.argoproj.io/remark42: https://remark42.badhouseplants.net/web remark42: settings: secret: $ARGO_REMARK_SECRET @@ -48,25 +26,3 @@ values: | secret: $ARGO_GOOGLE_OAUTH_KEY storage: requestedSize: 300Mi - ingress: - enabled: true - className: ~ - annotations: - kubernetes.io/ingress.class: traefik - kubernetes.io/tls-acme: "true" - kubernetes.io/ingress.allow-http: "false" - kubernetes.io/ingress.global-static-ip-name: "" - cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 - link.argocd.argoproj.io/remark42: https://remark42.badhouseplants.net/web - ## Hosts - hosts: - - host: remark42.badhouseplants.net - paths: - - path: / - pathType: ImplementationSpecific - - tls: - secretName: chart-example-tls - hosts: - - remark42.badhouseplants.net - \ No newline at end of file diff --git a/kube/values-preview.yaml b/kube/values-preview.yaml index c618bd8..5789c75 100644 --- a/kube/values-preview.yaml +++ b/kube/values-preview.yaml @@ -1,27 +1,12 @@ --- values: | - ingress: - enabled: true - className: ~ - annotations: - kubernetes.io/ingress.class: traefik - kubernetes.io/tls-acme: "true" - kubernetes.io/ingress.allow-http: "false" - kubernetes.io/ingress.global-static-ip-name: "" - cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 - link.argocd.argoproj.io/env: https://$ARGO_APP_HOSTNAME/ - link.argocd.argoproj.io/build: $DRONE_BUILD_LINK - pathtype: ImplementationSpecific + istio: hosts: - - host: $ARGO_APP_HOSTNAME - paths: - - path: / - pathType: ImplementationSpecific - tls: - - secretName: badhp-$ARGO_APP_BRANCH-tls - hosts: - - $ARGO_APP_HOSTNAME - + - $ARGO_APP_HOSTNAME + annotations: + link.argocd.argoproj.io/env: https://$ARGO_APP_HOSTNAME/ + link.argocd.argoproj.io/remark42: https://remark42-$ARGO_APP_HOSTNAME/web + link.argocd.argoproj.io/build: $DRONE_BUILD_LINK hugo: image: tag: $ARGO_APP_IMAGE_TAG @@ -32,31 +17,13 @@ values: | HUGO_PARAMS_COMMENTS_REMARK42_HOST: https://remark42-$ARGO_APP_HOSTNAME HUGO_PARAMS_GITCOMMIT: $ARGO_APP_IMAGE_TAG remark42: + istio: + hosts: + - remark42-$ARGO_APP_HOSTNAME settings: url: https://remark42-$ARGO_APP_HOSTNAME/ auth: anonymous: true secretKey: $ARGO_REMARK_SECRET - ingress: - enabled: true - className: ~ - annotations: - kubernetes.io/ingress.class: traefik - kubernetes.io/tls-acme: "true" - kubernetes.io/ingress.allow-http: "false" - kubernetes.io/ingress.global-static-ip-name: "" - cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 - link.argocd.argoproj.io/remark42: https://remark42-$ARGO_APP_HOSTNAME/ - ## Hosts - hosts: - - host: remark42.badhouseplants.net - paths: - - path: / - pathType: ImplementationSpecific - - tls: - secretName: remark-$ARGO_APP_BRANCH-tls - hosts: - - remark42-$ARGO_APP_HOSTNAME rclone: command: 'rclone copy -P badhouseplants-public:/badhouseplants-net/$ARGO_APP_IMAGE_TAG /static' diff --git a/scripts/deploy-app.pl b/scripts/deploy-app.pl index 7e53405..4a6602b 100755 --- a/scripts/deploy-app.pl +++ b/scripts/deploy-app.pl @@ -18,9 +18,9 @@ chomp($remark_secret); $ENV{'ARGO_APP_CHART_VERSION'} = $chart_version; $ENV{'ARGO_APP_BRANCH'} = $git_branch; if ($git_branch eq $main_branch) { - $ENV{'ARGO_APP_NAMESPACE'} = "production"; + $ENV{'ARGO_APP_NAMESPACE'} = $git_branch; } else { - $ENV{'ARGO_APP_NAMESPACE'} = "development" + $ENV{'ARGO_APP_NAMESPACE'} = "preview" } $ENV{'ARGO_APP_HOSTNAME'} = "$git_branch-dev.badhouseplants.net"; $ENV{'ARGO_APP_IMAGE_TAG'} = $git_commit_sha; @@ -72,3 +72,4 @@ foreach my $app (@all_applications) { } } } + diff --git a/src/hugo.yaml b/src/hugo.yaml index 1c17075..a049ac5 100644 --- a/src/hugo.yaml +++ b/src/hugo.yaml @@ -11,7 +11,7 @@ Params: avatar: enable: true local: false - src: /avatar.png + src: avatar.png subtitle: PunkOps by allanger comments: enabled: true diff --git a/src/static/avatar.png b/src/static/avatar.png deleted file mode 100644 index 54ec2f3..0000000 --- a/src/static/avatar.png +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:475223457ecd56a9b4450e39a1273727f98c4b0c78c6427992f4f77f6b90b957 -size 686006 diff --git a/src/static/favicon.ico b/src/static/favicon.ico deleted file mode 100644 index c5d3be1..0000000 --- a/src/static/favicon.ico +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:d872fe94954e47d14563d77ddba54f15aa62f5df0a76f3ead45764847e554154 -size 15406