dev.cm/k3s
1
0
派生 0
代码 议题 拉取请求 活动

feat(apps): restructure apps deployment, add Penpot HelmRelease, and refactor CDN ingress

浏览代码
这个提交包含在:
rohow
2026-05-22 16:18:32 +08:00
未验证
父节点 c994697d7a
当前提交 15522bbaa8
修改 24 个文件,包含 292 行新增75 行删除
下载 Patch 文件 下载 Diff 文件 展开所有文件 折叠所有文件
flux/apps/helmrelease-penpot.yaml
+74
查看文件
@@ -0,0 +1,74 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: penpot
namespace: apps
spec:
interval: 30m
timeout: 15m
chart:
spec:
chart: penpot
version: 0.43.0
sourceRef:
kind: HelmRepository
name: penpot
namespace: infra-gitops
interval: 12h
postRenderers:
- kustomize:
patches:
- target:
kind: Deployment
name: penpot-backend
patch: |
- op: add
path: /spec/template/spec/containers/0/env/8
value:
name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: valkey-cluster-sh
key: valkey-password
- target:
kind: Deployment
name: penpot-exporter
patch: |
- op: add
path: /spec/template/spec/containers/0/env/2
value:
name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: valkey-cluster-sh
key: valkey-password
values:
global:
postgresqlEnabled: false
valkeyEnabled: false
redisEnabled: false
config:
publicUri: https://penpot.dev.cm
existingSecret: penpot
secretKeys:
apiSecretKey: api-secret-key
postgresql:
host: cnpg17-cluster-sh-rw.infra-data
port: 5432
database: penpot
existingSecret: cnpg17-cluster-sh-app
secretKeys:
usernameKey: username
passwordKey: password
redis:
host: :$(REDIS_PASSWORD)@valkey-cluster-sh-headless.infra-data
port: 6379
database: 0
backend:
podAnnotations:
backup.velero.io/backup-volumes: app-data
ingress:
enabled: true
className: nginx
hosts:
- penpot.dev.cm
flux/apps/ingress-halo-static.yaml
+4 -4
查看文件
@@ -4,8 +4,8 @@ metadata:
name: halo-static
namespace: apps
annotations:
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/proxy-buffering: "on"
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/configuration-snippet: |
proxy_cache cache;
proxy_cache_valid 200 302 7d;
@@ -17,9 +17,6 @@ metadata:
add_header X-Cache-Status $upstream_cache_status;
spec:
ingressClassName: nginx
tls:
- hosts:
- dev.cm
rules:
- host: dev.cm
http:
@@ -31,3 +28,6 @@ spec:
name: halo
port:
number: 80
tls:
- hosts:
- dev.cm
flux/apps/ingress-sinceai-shop.yaml
-1
查看文件
@@ -4,7 +4,6 @@ metadata:
name: sinceai-shop
namespace: apps
annotations:
# 302 跳转到https://sinceai.taobao.com/
nginx.ingress.kubernetes.io/configuration-snippet: |
rewrite ^/(.*)$ https://sinceai.taobao.com/$1? permanent;
spec:
flux/apps/kustomization.yaml
+1 -1
查看文件
@@ -1,7 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespace.yaml
- certificate-fillcode-com.yaml
- certificate-sinceai-com.yaml
- helmrelease-halo.yaml
@@ -11,3 +10,4 @@ resources:
- ingress-sinceai-shop.yaml
- helmrelease-whoami.yaml
- helmrelease-rustdesk.yaml
- helmrelease-penpot.yaml
flux/apps/post/ingress-cdn.yaml
+78
查看文件
@@ -0,0 +1,78 @@
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: cdn
namespace: infra-net
annotations:
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/rewrite-target: "/$3"
# 重定向配置
nginx.ingress.kubernetes.io/proxy-redirect-from: "/"
nginx.ingress.kubernetes.io/proxy-redirect-to: "/$1/"
# 添加允许跨域请求
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/cors-allow-origin: "https://dev.cm, https://*.dev.cm, https://fillcode.cm, https://*.fillcode.cm"
nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
# cookie配置
nginx.ingress.kubernetes.io/proxy-cookie-domain: "~^(.+)$ cdn.fillcode.com"
nginx.ingress.kubernetes.io/proxy-cookie-path: "/ /$1"
nginx.ingress.kubernetes.io/configuration-snippet: |
proxy_cookie_flags ~ SameSite=None Secure;
spec:
ingressClassName: nginx
rules:
- host: cdn.fillcode.com
http:
paths:
- path: /(dev-cm)(/|$)(.*)
pathType: ImplementationSpecific
backend:
service:
name: cdn-halo
port:
number: 80
- path: /(git-dev-cm)(/|$)(.*)
pathType: ImplementationSpecific
backend:
service:
name: cdn-gitea-http
port:
number: 3000
- path: /(monitor-dev-cm)(/|$)(.*)
pathType: ImplementationSpecific
backend:
service:
name: cdn-prometheus-grafana
port:
number: 80
---
apiVersion: v1
kind: Service
metadata:
name: cdn-halo
namespace: infra-net
spec:
type: ExternalName
externalName: halo.apps.svc.cluster.local
---
apiVersion: v1
kind: Service
metadata:
name: cdn-gitea-http
namespace: infra-net
spec:
type: ExternalName
externalName: gitea-http.infra-gitops.svc.cluster.local
---
apiVersion: v1
kind: Service
metadata:
name: cdn-prometheus-grafana
namespace: infra-net
spec:
type: ExternalName
externalName: prometheus-grafana.infra-monitor.svc.cluster.local
flux/apps/post/kustomization.yaml
+4
查看文件
@@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ingress-cdn.yaml
flux/apps/secrets/kustomization.yaml
+5
查看文件
@@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespaces.yaml
- penpot.yaml
flux/apps/namespace.yaml → flux/apps/secrets/namespaces.yaml
查看文件
flux/apps/secrets/penpot.yaml
+10
查看文件
@@ -0,0 +1,10 @@
# Penpot runtime secrets
apiVersion: v1
kind: Secret
metadata:
name: penpot
namespace: apps
type: Opaque
stringData:
api-secret-key: |-
${PENPOT_API_SECRET_KEY}
flux/apps/sources/helm-repositories.yaml
+32
查看文件
@@ -0,0 +1,32 @@
# whoami
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: cowboysysop
namespace: infra-gitops
spec:
interval: 168h
timeout: 5m
url: https://cowboysysop.github.io/charts/
---
# halo
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: halo
namespace: infra-gitops
spec:
interval: 168h
timeout: 5m
url: https://halo-sigs.github.io/charts/
---
# penpot
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: penpot
namespace: infra-gitops
spec:
interval: 168h
timeout: 5m
url: https://helm.penpot.app
flux/apps/sources/kustomization.yaml
+4
查看文件
@@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helm-repositories.yaml