Sienna Meridian Satterwhite
cdddc334ff
Ingress: - Deploy custom sunbeam-proxy (Pingora/Rust) replacing nginx placeholder - HTTPS termination with mkcert (local) / rustls-acme (production) - Host-prefix routing with path-based sub-routing for auth virtual host: /oauth2 + /.well-known + /userinfo → Hydra, /kratos → Kratos (prefix stripped), default → login-ui - HTTP→HTTPS redirect, WebSocket passthrough, JSON audit logging, OTEL stub - cert-manager HTTP-01 ACME challenge routing via Ingress watcher - RBAC for Ingress watcher (pingora-watcher ClusterRole) - local overlay: hostPorts 80/443, LiveKit TURN demoted to ClusterIP to avoid klipper conflict Infrastructure: - socket_vmnet shared network for host↔VM reachability (192.168.105.2) - local-up.sh: cert-manager installation, eth1-based LIMA_IP detection, correct DOMAIN_SUFFIX sed substitution - Postfix MTA in lasuite namespace: outbound relay via Scaleway TEM, accepts SMTP from cluster pods - Kratos SMTP courier pointed at postfix.lasuite.svc.cluster.local:25 - Production overlay: cert-manager ClusterIssuer, ACME-enabled Pingora values
71 lines
2.3 KiB
YAML
71 lines
2.3 KiB
YAML
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
kind: Kustomization
|
|
|
|
namespace: lasuite
|
|
|
|
resources:
|
|
- namespace.yaml
|
|
- postfix-deployment.yaml
|
|
- hive-config.yaml
|
|
- hive-deployment.yaml
|
|
- hive-service.yaml
|
|
- seaweedfs-buckets.yaml
|
|
|
|
# La Suite Numérique Helm charts:
|
|
# Each component's chart lives in-tree inside its own GitHub repo (under helm/ or charts/).
|
|
# There is NO published Helm repo index at a suitenumerique.github.io URL — charts must be
|
|
# pulled from each component's repo individually.
|
|
#
|
|
# Options:
|
|
# a) Use Flux HelmRepository with type=git pointing at each suitenumerique/<app> repo.
|
|
# b) Package each chart locally (`helm package`) and commit to this repo under charts/.
|
|
# c) Use OCI if/when they start publishing to GHCR (check each repo's CI for ghcr.io pushes).
|
|
#
|
|
# Recommended starting points:
|
|
# - https://github.com/suitenumerique/docs (helm/ directory)
|
|
# - https://github.com/suitenumerique/meet (helm/ directory)
|
|
# - https://github.com/suitenumerique/drive (helm/ directory)
|
|
# - https://github.com/suitenumerique/people (helm/ directory)
|
|
# - https://github.com/suitenumerique/messages (check for helm/ directory)
|
|
# - https://github.com/suitenumerique/conversations (check for helm/ directory)
|
|
#
|
|
# TODO: Once each app's chart path is confirmed, add helmCharts entries here.
|
|
# Placeholder entries (commented out) — verify chart name and repo format first:
|
|
|
|
# helmCharts:
|
|
# - name: docs
|
|
# repo: oci://ghcr.io/suitenumerique/docs # hypothetical; verify on ghcr.io first
|
|
# version: "1.0.0"
|
|
# releaseName: docs
|
|
# namespace: lasuite
|
|
#
|
|
# - name: meet
|
|
# repo: oci://ghcr.io/suitenumerique/meet
|
|
# version: "1.0.0"
|
|
# releaseName: meet
|
|
# namespace: lasuite
|
|
#
|
|
# - name: drive
|
|
# repo: oci://ghcr.io/suitenumerique/drive
|
|
# version: "1.0.0"
|
|
# releaseName: drive
|
|
# namespace: lasuite
|
|
#
|
|
# - name: messages
|
|
# repo: oci://ghcr.io/suitenumerique/messages
|
|
# version: "1.0.0"
|
|
# releaseName: messages
|
|
# namespace: lasuite
|
|
#
|
|
# - name: conversations
|
|
# repo: oci://ghcr.io/suitenumerique/conversations
|
|
# version: "1.0.0"
|
|
# releaseName: conversations
|
|
# namespace: lasuite
|
|
#
|
|
# - name: people
|
|
# repo: oci://ghcr.io/suitenumerique/people
|
|
# version: "1.0.0"
|
|
# releaseName: people
|
|
# namespace: lasuite
|