feat(apps): restructure apps deployment, add Penpot HelmRelease, and refactor CDN ingress

flux/infrastructure/infra-data/post-2/reflector-secret-annotations.yaml

@@ -7,9 +7,9 @@ metadata:
     kustomize.toolkit.fluxcd.io/prune: disabled
     kustomize.toolkit.fluxcd.io/ssa: Merge
     reflector.v1.k8s.emberstack.com/reflection-allowed: "true"
-    reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces: "apps,infra-net,infra-gitops,infra-monitor"
+    reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces: "infra-net,infra-gitops,infra-monitor"
     reflector.v1.k8s.emberstack.com/reflection-auto-enabled: "true"
-    reflector.v1.k8s.emberstack.com/reflection-auto-namespaces: "apps,infra-net,infra-gitops,infra-monitor"
+    reflector.v1.k8s.emberstack.com/reflection-auto-namespaces: "infra-net,infra-gitops,infra-monitor"
 ---
 apiVersion: v1
 kind: Secret

flux/infrastructure/infra-net/post/ingress-cdn.yaml

@@ -1,78 +0,0 @@
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: cdn
-  namespace: infra-net
-  annotations:
-    nginx.ingress.kubernetes.io/use-regex: "true"
-    nginx.ingress.kubernetes.io/rewrite-target: "/$3"
-    # 重定向配置
-    nginx.ingress.kubernetes.io/proxy-redirect-from: "/"
-    nginx.ingress.kubernetes.io/proxy-redirect-to: "/$1/"
-    # 添加允许跨域请求
-    nginx.ingress.kubernetes.io/enable-cors: "true"
-    nginx.ingress.kubernetes.io/cors-allow-origin: "https://dev.cm, https://*.dev.cm, https://fillcode.cm, https://*.fillcode.cm"
-    nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
-    # cookie配置
-    nginx.ingress.kubernetes.io/proxy-cookie-domain: "~^(.+)$ cdn.fillcode.com"
-    nginx.ingress.kubernetes.io/proxy-cookie-path: "/ /$1"
-    nginx.ingress.kubernetes.io/configuration-snippet: |
-      proxy_cookie_flags ~ SameSite=None Secure;
-spec:
-  ingressClassName: nginx
-  rules:
-    - host: cdn.fillcode.com
-      http:
-        paths:
-          - path: /(dev-cm)(/|$)(.*)
-            pathType: ImplementationSpecific
-            backend:
-              service:
-                name: cdn-halo
-                port:
-                  number: 80
-          - path: /(git-dev-cm)(/|$)(.*)
-            pathType: ImplementationSpecific
-            backend:
-              service:
-                name: cdn-gitea-http
-                port:
-                  number: 3000
-          - path: /(monitor-dev-cm)(/|$)(.*)
-            pathType: ImplementationSpecific
-            backend:
-              service:
-                name: cdn-prometheus-grafana
-                port:
-                  number: 80
-
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: cdn-halo
-  namespace: infra-net
-spec:
-  type: ExternalName
-  externalName: halo.apps.svc.cluster.local
-
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: cdn-gitea-http
-  namespace: infra-net
-spec:
-  type: ExternalName
-  externalName: gitea-http.infra-gitops.svc.cluster.local
-
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: cdn-prometheus-grafana
-  namespace: infra-net
-spec:
-  type: ExternalName
-  externalName: prometheus-grafana.infra-monitor.svc.cluster.local

flux/infrastructure/infra-net/post/kustomization.yaml

@@ -1,4 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - ingress-cdn.yaml

flux/infrastructure/sources/helm-repositories.yaml

@@ -131,24 +131,3 @@ spec:
   timeout: 5m
   url: https://dl.gitea.com/charts
 ---
-# whoami
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
-  name: cowboysysop
-  namespace: infra-gitops
-spec:
-  interval: 168h
-  timeout: 5m
-  url: https://cowboysysop.github.io/charts/
----
-# halo
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
-  name: halo
-  namespace: infra-gitops
-spec:
-  interval: 168h
-  timeout: 5m
-  url: https://halo-sigs.github.io/charts/