From 6f45343ea389ea9b316804c9e611532daaf581e4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Paul=20Gro=C3=9Fmann?= Date: Fri, 18 Jul 2025 00:23:09 +0200 Subject: [PATCH 1/5] Refactor Kubernetes manifests to remove unnecessary labels and streamline deployment configuration --- .github/workflows/deploy.yml | 7 ++++++- k8s/base/deployment.yml | 4 +--- k8s/base/ingress.yml | 4 +--- k8s/base/kustomization.yml | 4 ---- k8s/base/namespace.yml | 2 -- k8s/base/service.yml | 2 -- k8s/deployment.yml | 22 ---------------------- k8s/ingress.yml | 21 --------------------- k8s/kustomization.yml | 10 ---------- k8s/namespace.yml | 6 ------ k8s/service.yml | 14 -------------- 11 files changed, 8 insertions(+), 88 deletions(-) delete mode 100644 k8s/deployment.yml delete mode 100644 k8s/ingress.yml delete mode 100644 k8s/kustomization.yml delete mode 100644 k8s/namespace.yml delete mode 100644 k8s/service.yml diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index a9f8829..6c3891d 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -92,4 +92,9 @@ jobs: exit 1 fi cd k8s/overlays/$OVERLAY - kustomize build . | kubectl apply --prune -l app=public-wiki --prune-allowlist=core/v1/Namespace --prune-allowlist=apps/v1/Deployment --prune-allowlist=core/v1/Service --prune-allowlist=networking.k8s.io/v1/Ingress -f - + if [ "$OVERLAY" = "main" ]; then + ENV_LABEL="main" + else + ENV_LABEL="dev" + fi + kustomize build . | kubectl apply --prune -l app=public-wiki --prune-allowlist=core/v1/Namespace --prune-allowlist=apps/v1/Deployment --prune-allowlist=core/v1/Service --prune-allowlist=networking.k8s.io/v1/Ingress -f - --selector=env=$ENV_LABEL diff --git a/k8s/base/deployment.yml b/k8s/base/deployment.yml index fb3d231..db04851 100644 --- a/k8s/base/deployment.yml +++ b/k8s/base/deployment.yml @@ -3,10 +3,8 @@ kind: Deployment metadata: name: public-wiki namespace: wiki - labels: - app: public-wiki spec: - replicas: 3 # default, will be overridden by overlays + replicas: 1 # default, will be overridden by overlays selector: matchLabels: app: public-wiki diff --git a/k8s/base/ingress.yml b/k8s/base/ingress.yml index 99fec47..5038cf9 100644 --- a/k8s/base/ingress.yml +++ b/k8s/base/ingress.yml @@ -3,8 +3,6 @@ kind: Ingress metadata: name: public-wiki-ingress namespace: wiki - labels: - app: public-wiki annotations: nginx.ingress.kubernetes.io/rewrite-target: / spec: @@ -16,6 +14,6 @@ spec: pathType: Prefix backend: service: - name: public-wiki + name: PLACEHOLDER_SERVICE port: number: 80 diff --git a/k8s/base/kustomization.yml b/k8s/base/kustomization.yml index 133a1d5..ab16a5d 100644 --- a/k8s/base/kustomization.yml +++ b/k8s/base/kustomization.yml @@ -4,8 +4,4 @@ resources: - service.yml - ingress.yml -images: - - name: public-wiki - newName: IMAGE_TAG - namespace: wiki diff --git a/k8s/base/namespace.yml b/k8s/base/namespace.yml index adf0a9e..5367c37 100644 --- a/k8s/base/namespace.yml +++ b/k8s/base/namespace.yml @@ -2,5 +2,3 @@ apiVersion: v1 kind: Namespace metadata: name: wiki - labels: - app: public-wiki diff --git a/k8s/base/service.yml b/k8s/base/service.yml index 229de96..7fde4d4 100644 --- a/k8s/base/service.yml +++ b/k8s/base/service.yml @@ -3,8 +3,6 @@ kind: Service metadata: name: public-wiki namespace: wiki - labels: - app: public-wiki spec: selector: app: public-wiki diff --git a/k8s/deployment.yml b/k8s/deployment.yml deleted file mode 100644 index fb3d231..0000000 --- a/k8s/deployment.yml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: public-wiki - namespace: wiki - labels: - app: public-wiki -spec: - replicas: 3 # default, will be overridden by overlays - selector: - matchLabels: - app: public-wiki - template: - metadata: - labels: - app: public-wiki - spec: - containers: - - name: public-wiki - image: IMAGE_TAG # will be replaced by kustomize - ports: - - containerPort: 3000 diff --git a/k8s/ingress.yml b/k8s/ingress.yml deleted file mode 100644 index 99fec47..0000000 --- a/k8s/ingress.yml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: public-wiki-ingress - namespace: wiki - labels: - app: public-wiki - annotations: - nginx.ingress.kubernetes.io/rewrite-target: / -spec: - rules: - - host: PLACEHOLDER_HOST - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: public-wiki - port: - number: 80 diff --git a/k8s/kustomization.yml b/k8s/kustomization.yml deleted file mode 100644 index 2e58f59..0000000 --- a/k8s/kustomization.yml +++ /dev/null @@ -1,10 +0,0 @@ -resources: - - namespace.yml - - deployment.yml - - service.yml - - ingress.yml -images: - - name: public-wiki - newName: IMAGE_TAG - -namespace: wiki diff --git a/k8s/namespace.yml b/k8s/namespace.yml deleted file mode 100644 index adf0a9e..0000000 --- a/k8s/namespace.yml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: wiki - labels: - app: public-wiki diff --git a/k8s/service.yml b/k8s/service.yml deleted file mode 100644 index 229de96..0000000 --- a/k8s/service.yml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: public-wiki - namespace: wiki - labels: - app: public-wiki -spec: - selector: - app: public-wiki - ports: - - protocol: TCP - port: 80 - targetPort: 3000 From ee697df6485bc44e3e53a5dd34eee8818d6dd95a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Paul=20Gro=C3=9Fmann?= Date: Fri, 18 Jul 2025 00:27:03 +0200 Subject: [PATCH 2/5] Refactor Kubernetes manifests to remove unnecessary namespace declarations and update image tags for deployments --- .github/workflows/deploy.yml | 2 +- k8s/base/deployment.yml | 3 +-- k8s/base/ingress.yml | 5 ++--- k8s/base/service.yml | 1 - k8s/overlays/dev/kustomization.yml | 16 +++++++++------- k8s/overlays/main/kustomization.yml | 16 ++++++++-------- 6 files changed, 21 insertions(+), 22 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 6c3891d..53f144f 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -97,4 +97,4 @@ jobs: else ENV_LABEL="dev" fi - kustomize build . | kubectl apply --prune -l app=public-wiki --prune-allowlist=core/v1/Namespace --prune-allowlist=apps/v1/Deployment --prune-allowlist=core/v1/Service --prune-allowlist=networking.k8s.io/v1/Ingress -f - --selector=env=$ENV_LABEL + kustomize build . | kubectl apply -f diff --git a/k8s/base/deployment.yml b/k8s/base/deployment.yml index db04851..46abe10 100644 --- a/k8s/base/deployment.yml +++ b/k8s/base/deployment.yml @@ -2,7 +2,6 @@ apiVersion: apps/v1 kind: Deployment metadata: name: public-wiki - namespace: wiki spec: replicas: 1 # default, will be overridden by overlays selector: @@ -15,6 +14,6 @@ spec: spec: containers: - name: public-wiki - image: IMAGE_TAG # will be replaced by kustomize + image: ghcr.io/42core-team/wiki:dev # will be replaced by overlays ports: - containerPort: 3000 diff --git a/k8s/base/ingress.yml b/k8s/base/ingress.yml index 5038cf9..3d03aba 100644 --- a/k8s/base/ingress.yml +++ b/k8s/base/ingress.yml @@ -2,18 +2,17 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: public-wiki-ingress - namespace: wiki annotations: nginx.ingress.kubernetes.io/rewrite-target: / spec: rules: - - host: PLACEHOLDER_HOST + - host: example.com # will be patched in overlays http: paths: - path: / pathType: Prefix backend: service: - name: PLACEHOLDER_SERVICE + name: public-wiki port: number: 80 diff --git a/k8s/base/service.yml b/k8s/base/service.yml index 7fde4d4..e779618 100644 --- a/k8s/base/service.yml +++ b/k8s/base/service.yml @@ -2,7 +2,6 @@ apiVersion: v1 kind: Service metadata: name: public-wiki - namespace: wiki spec: selector: app: public-wiki diff --git a/k8s/overlays/dev/kustomization.yml b/k8s/overlays/dev/kustomization.yml index b593024..f58deea 100644 --- a/k8s/overlays/dev/kustomization.yml +++ b/k8s/overlays/dev/kustomization.yml @@ -1,8 +1,12 @@ +namePrefix: dev- +namespace: wiki +commonLabels: + app: public-wiki + env: dev + resources: - ../../base -namespace: wiki - patches: - target: kind: Deployment @@ -11,6 +15,9 @@ patches: - op: replace path: /spec/replicas value: 1 + - op: replace + path: /spec/template/spec/containers/0/image + value: ghcr.io/42core-team/wiki:dev - target: kind: Ingress name: public-wiki-ingress @@ -18,8 +25,3 @@ patches: - op: replace path: /spec/rules/0/host value: dev.wiki.coregame.de - -images: - - name: IMAGE_TAG - newName: ghcr.io/42core-team/wiki - newTag: dev diff --git a/k8s/overlays/main/kustomization.yml b/k8s/overlays/main/kustomization.yml index 63214dc..daa032d 100644 --- a/k8s/overlays/main/kustomization.yml +++ b/k8s/overlays/main/kustomization.yml @@ -1,8 +1,10 @@ +namePrefix: main- +namespace: wiki +commonLabels: + app: public-wiki + env: main resources: - ../../base - -namespace: wiki - patches: - target: kind: Deployment @@ -11,6 +13,9 @@ patches: - op: replace path: /spec/replicas value: 3 + - op: replace + path: /spec/template/spec/containers/0/image + value: ghcr.io/42core-team/wiki:main - target: kind: Ingress name: public-wiki-ingress @@ -18,8 +23,3 @@ patches: - op: replace path: /spec/rules/0/host value: wiki.coregame.de - -images: - - name: IMAGE_TAG - newName: ghcr.io/42core-team/wiki - newTag: main From c67d9a2dced0c670cad85b4184995369b4591e32 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Paul=20Gro=C3=9Fmann?= Date: Fri, 18 Jul 2025 00:28:04 +0200 Subject: [PATCH 3/5] Enhance Ingress configuration by adding TLS settings and updating annotations for improved security --- k8s/base/ingress.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/k8s/base/ingress.yml b/k8s/base/ingress.yml index 3d03aba..90d022b 100644 --- a/k8s/base/ingress.yml +++ b/k8s/base/ingress.yml @@ -4,7 +4,13 @@ metadata: name: public-wiki-ingress annotations: nginx.ingress.kubernetes.io/rewrite-target: / + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + cert-manager.io/cluster-issuer: "letsencrypt-prod" spec: + tls: + - hosts: + - example.com # will be patched in overlays + secretName: public-wiki-tls rules: - host: example.com # will be patched in overlays http: From 6e537c38c9f9ab7790c68443a3736f6900f4734f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Paul=20Gro=C3=9Fmann?= Date: Fri, 18 Jul 2025 00:30:13 +0200 Subject: [PATCH 4/5] Refactor kustomization files to replace commonLabels with labels for improved structure --- .github/workflows/deploy.yml | 2 +- k8s/overlays/dev/kustomization.yml | 7 ++++--- k8s/overlays/main/kustomization.yml | 7 ++++--- 3 files changed, 9 insertions(+), 7 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 53f144f..454550e 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -97,4 +97,4 @@ jobs: else ENV_LABEL="dev" fi - kustomize build . | kubectl apply -f + kustomize build . | kubectl apply -f - diff --git a/k8s/overlays/dev/kustomization.yml b/k8s/overlays/dev/kustomization.yml index f58deea..ff8aa40 100644 --- a/k8s/overlays/dev/kustomization.yml +++ b/k8s/overlays/dev/kustomization.yml @@ -1,8 +1,9 @@ namePrefix: dev- namespace: wiki -commonLabels: - app: public-wiki - env: dev +labels: + - pairs: + app: public-wiki + env: dev resources: - ../../base diff --git a/k8s/overlays/main/kustomization.yml b/k8s/overlays/main/kustomization.yml index daa032d..9fc7138 100644 --- a/k8s/overlays/main/kustomization.yml +++ b/k8s/overlays/main/kustomization.yml @@ -1,8 +1,9 @@ namePrefix: main- namespace: wiki -commonLabels: - app: public-wiki - env: main +labels: + - pairs: + app: public-wiki + env: main resources: - ../../base patches: From 902c9eac749499c3502d5df8cc88c058d5ba8d2c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Paul=20Gro=C3=9Fmann?= Date: Fri, 18 Jul 2025 00:38:20 +0200 Subject: [PATCH 5/5] Update Ingress and Kustomization files to use placeholders for TLS configuration and host names --- k8s/base/ingress.yml | 10 +++++----- k8s/overlays/dev/kustomization.yml | 6 ++++++ k8s/overlays/main/kustomization.yml | 6 ++++++ 3 files changed, 17 insertions(+), 5 deletions(-) diff --git a/k8s/base/ingress.yml b/k8s/base/ingress.yml index 90d022b..6238aeb 100644 --- a/k8s/base/ingress.yml +++ b/k8s/base/ingress.yml @@ -3,16 +3,16 @@ kind: Ingress metadata: name: public-wiki-ingress annotations: - nginx.ingress.kubernetes.io/rewrite-target: / - nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + nginx.ingress.kubernetes.io/ssl-redirect: "true" cert-manager.io/cluster-issuer: "letsencrypt-prod" spec: + ingressClassName: nginx tls: - hosts: - - example.com # will be patched in overlays - secretName: public-wiki-tls + - PLACEHOLDER_HOST # will be patched in overlays + secretName: PLACEHOLDER_TLS_SECRET # will be patched in overlays rules: - - host: example.com # will be patched in overlays + - host: PLACEHOLDER_HOST # will be patched in overlays http: paths: - path: / diff --git a/k8s/overlays/dev/kustomization.yml b/k8s/overlays/dev/kustomization.yml index ff8aa40..86a2a68 100644 --- a/k8s/overlays/dev/kustomization.yml +++ b/k8s/overlays/dev/kustomization.yml @@ -26,3 +26,9 @@ patches: - op: replace path: /spec/rules/0/host value: dev.wiki.coregame.de + - op: replace + path: /spec/tls/0/hosts/0 + value: dev.wiki.coregame.de + - op: replace + path: /spec/tls/0/secretName + value: dev-wiki-coregame-de-tls diff --git a/k8s/overlays/main/kustomization.yml b/k8s/overlays/main/kustomization.yml index 9fc7138..e6d595e 100644 --- a/k8s/overlays/main/kustomization.yml +++ b/k8s/overlays/main/kustomization.yml @@ -24,3 +24,9 @@ patches: - op: replace path: /spec/rules/0/host value: wiki.coregame.de + - op: replace + path: /spec/tls/0/hosts/0 + value: wiki.coregame.de + - op: replace + path: /spec/tls/0/secretName + value: wiki-coregame-de-tls