alois/Verso
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
60d48ae5326514c053121a701940ea2b21e1588d
Verso/server-ce/k8s/verso-prod-ingress.example.yaml
T
claude 54ccb3d712
Build and Deploy Verso / deploy (push) Successful in 1m20s
Details
Add prod deploy workflow (verso namespace, persistent, friends-only) 
New .gitea/workflows/deploy-verso-prod.yml triggered by pushes to the 'prod'
branch — a real production target distinct from the ephemeral test rig:

- Runs in the 'verso' namespace; Mongo/Redis/app-data on PersistentVolumeClaims,
  applied idempotently and NEVER deleted (data survives deploys).
- Replica set initialised only once; admin created only if no users exist.
- Builds/pushes verso:stable (separate tag from test's verso:latest);
  imagePullPolicy Always so each rollout pulls the new build.
- SMTP via an optional 'verso-smtp' Secret (no credentials in the repo);
  anonymous read-write sharing left off and public registration off
  (friends-only).
- Example Ingress for verso.alocoq.fr at server-ce/k8s/verso-prod-ingress.example.yaml
  (apply by hand to match the existing TLS/annotation setup).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-03 11:21:33 +00:00

45 lines
1.4 KiB
YAML
Raw Blame History

# Example Ingress for the prod (verso namespace) instance at verso.alocoq.fr.
#
# This is NOT applied by the deploy workflow on purpose: the test ingress is
# managed by hand, and TLS/annotations depend on your cluster's ingress
# controller (Traefik) and cert setup. Copy this, adapt it to match how
# test.alocoq.fr is wired, then `kubectl apply -f` it once.
#
# Prerequisites:
# - DNS: verso.alocoq.fr → your ingress/load-balancer IP.
# - A TLS cert for verso.alocoq.fr (cert-manager, or a manually created
# Secret referenced under tls.secretName).
#
# Adjust:
# - ingressClassName (e.g. "traefik") to match your controller.
# - annotations (cert-manager issuer, Traefik entrypoints/router, etc.) to
# match the test ingress.
# - the TLS block (cert-manager will create the secret; otherwise create it).
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: verso
namespace: verso
annotations:
# --- adapt these to match your test.alocoq.fr ingress ---
# cert-manager.io/cluster-issuer: letsencrypt-prod
# traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
ingressClassName: traefik
tls:
- hosts:
- verso.alocoq.fr
secretName: verso-tls
rules:
- host: verso.alocoq.fr
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: verso
port:
number: 80
Reference in New Issue View Git Blame Copy Permalink