feat(k8s): add static sites deployments and fix service naming

- Add nginx deployments for static sites (dashboard, homepage, argentinamusic, humansconnect) - Configure hostPath volumes to match existing GitHub Actions rsync targets - Fix filestash service name mismatch (was incorrectly named filebrowser) - Add static sites to ingress with SSL support - Add shared nginx config for SPA support and security headers
1 day ago · 5500b54e79
parent 25f2cc5e59
commit 5500b54e79
7 changed files with 310 additions and 4 deletions
--- a/k8s/filestash/filestash-deployment.yaml
+++ b/k8s/filestash/filestash-deployment.yaml
@ -83,7 +83,7 @@ spec:
 apiVersion: v1
 kind: Service
 metadata:
-  name: filebrowser
+  name: filestash
  namespace: base-infrastructure
 spec:
  selector:
--- a/k8s/ingress/ingress.yaml
+++ b/k8s/ingress/ingress.yaml
@ -16,7 +16,10 @@ spec:
    - server.arcbjorn.com
    - logs.arcbjorn.com
    - memos.arcbjorn.com
-    - k8s.arcbjorn.com
+    - dashboard.arcbjorn.com
+    - homepage.arcbjorn.com
+    - argentinamusic.space
+    - humansconnect.ai
    secretName: arcbjorn-tls
  rules:
  
@ -64,7 +67,7 @@ spec:
        pathType: Prefix
        backend:
          service:
-            name: filebrowser
+            name: filestash
            port:
              number: 8080
  
@ -90,4 +93,49 @@ spec:
          service:
            name: memos
            port:
-              number: 5230
+              number: 5230
+
+  # Static Sites
+  - host: dashboard.arcbjorn.com
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: dashboard-static
+            port:
+              number: 80
+
+  - host: homepage.arcbjorn.com
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: homepage-static
+            port:
+              number: 80
+
+  - host: argentinamusic.space
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: argentinamusic-static
+            port:
+              number: 80
+
+  - host: humansconnect.ai
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: humansconnect-static
+            port:
+              number: 80
--- a/k8s/static-sites/argentinamusic-deployment.yaml
+++ b/k8s/static-sites/argentinamusic-deployment.yaml
@ -0,0 +1,55 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: argentinamusic-static
+  namespace: base-infrastructure
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: argentinamusic-static
+  template:
+    metadata:
+      labels:
+        app: argentinamusic-static
+    spec:
+      containers:
+      - name: nginx
+        image: nginx:alpine
+        ports:
+        - containerPort: 80
+        volumeMounts:
+        - name: static-content
+          mountPath: /usr/share/nginx/html
+        - name: nginx-config
+          mountPath: /etc/nginx/conf.d/default.conf
+          subPath: default.conf
+        resources:
+          requests:
+            memory: "32Mi"
+            cpu: "10m"
+          limits:
+            memory: "64Mi"
+            cpu: "50m"
+      volumes:
+      - name: static-content
+        hostPath:
+          path: /root/static/argentinamusic.space
+          type: Directory
+      - name: nginx-config
+        configMap:
+          name: static-nginx-config
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: argentinamusic-static
+  namespace: base-infrastructure
+spec:
+  selector:
+    app: argentinamusic-static
+  ports:
+  - port: 80
+    targetPort: 80
+  type: ClusterIP
--- a/k8s/static-sites/dashboard-deployment.yaml
+++ b/k8s/static-sites/dashboard-deployment.yaml
@ -0,0 +1,55 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: dashboard-static
+  namespace: base-infrastructure
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: dashboard-static
+  template:
+    metadata:
+      labels:
+        app: dashboard-static
+    spec:
+      containers:
+      - name: nginx
+        image: nginx:alpine
+        ports:
+        - containerPort: 80
+        volumeMounts:
+        - name: static-content
+          mountPath: /usr/share/nginx/html
+        - name: nginx-config
+          mountPath: /etc/nginx/conf.d/default.conf
+          subPath: default.conf
+        resources:
+          requests:
+            memory: "32Mi"
+            cpu: "10m"
+          limits:
+            memory: "64Mi"
+            cpu: "50m"
+      volumes:
+      - name: static-content
+        hostPath:
+          path: /root/static/dashboard.arcbjorn.com
+          type: Directory
+      - name: nginx-config
+        configMap:
+          name: static-nginx-config
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: dashboard-static
+  namespace: base-infrastructure
+spec:
+  selector:
+    app: dashboard-static
+  ports:
+  - port: 80
+    targetPort: 80
+  type: ClusterIP
--- a/k8s/static-sites/homepage-deployment.yaml
+++ b/k8s/static-sites/homepage-deployment.yaml
@ -0,0 +1,55 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: homepage-static
+  namespace: base-infrastructure
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: homepage-static
+  template:
+    metadata:
+      labels:
+        app: homepage-static
+    spec:
+      containers:
+      - name: nginx
+        image: nginx:alpine
+        ports:
+        - containerPort: 80
+        volumeMounts:
+        - name: static-content
+          mountPath: /usr/share/nginx/html
+        - name: nginx-config
+          mountPath: /etc/nginx/conf.d/default.conf
+          subPath: default.conf
+        resources:
+          requests:
+            memory: "32Mi"
+            cpu: "10m"
+          limits:
+            memory: "64Mi"
+            cpu: "50m"
+      volumes:
+      - name: static-content
+        hostPath:
+          path: /root/static/homepage.arcbjorn.com
+          type: Directory
+      - name: nginx-config
+        configMap:
+          name: static-nginx-config
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: homepage-static
+  namespace: base-infrastructure
+spec:
+  selector:
+    app: homepage-static
+  ports:
+  - port: 80
+    targetPort: 80
+  type: ClusterIP
--- a/k8s/static-sites/humansconnect-deployment.yaml
+++ b/k8s/static-sites/humansconnect-deployment.yaml
@ -0,0 +1,55 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: humansconnect-static
+  namespace: base-infrastructure
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: humansconnect-static
+  template:
+    metadata:
+      labels:
+        app: humansconnect-static
+    spec:
+      containers:
+      - name: nginx
+        image: nginx:alpine
+        ports:
+        - containerPort: 80
+        volumeMounts:
+        - name: static-content
+          mountPath: /usr/share/nginx/html
+        - name: nginx-config
+          mountPath: /etc/nginx/conf.d/default.conf
+          subPath: default.conf
+        resources:
+          requests:
+            memory: "32Mi"
+            cpu: "10m"
+          limits:
+            memory: "64Mi"
+            cpu: "50m"
+      volumes:
+      - name: static-content
+        hostPath:
+          path: /root/static/humansconnect.ai
+          type: Directory
+      - name: nginx-config
+        configMap:
+          name: static-nginx-config
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: humansconnect-static
+  namespace: base-infrastructure
+spec:
+  selector:
+    app: humansconnect-static
+  ports:
+  - port: 80
+    targetPort: 80
+  type: ClusterIP
--- a/k8s/static-sites/nginx-config.yaml
+++ b/k8s/static-sites/nginx-config.yaml
@ -0,0 +1,38 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: static-nginx-config
+  namespace: base-infrastructure
+data:
+  default.conf: |
+    server {
+        listen 80;
+        server_name _;
+        root /usr/share/nginx/html;
+        index index.html index.htm;
+
+        # SPA support - try files then fallback to index.html
+        location / {
+            try_files $uri $uri/ /index.html;
+        }
+
+        # Security headers
+        add_header X-Frame-Options "SAMEORIGIN" always;
+        add_header X-Content-Type-Options "nosniff" always;
+        add_header X-XSS-Protection "1; mode=block" always;
+
+        # Cache static assets
+        location ~* \.(css|js|ico|png|jpg|jpeg|gif|svg|woff|woff2|ttf|eot)$ {
+            expires 1y;
+            add_header Cache-Control "public, immutable";
+        }
+
+        # Hide sensitive files
+        location ~ /\. {
+            deny all;
+        }
+
+        location ~ \.git {
+            deny all; 
+        }
+    }