admin/k3s-gitops
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: admin:feat/nginx-mcp-stable
Branches Tags
admin:main admin:feat/helm-jenkins admin:feat/nginx-direct-routes admin:feat/nginx-weighted admin:feat/nginx-canary admin:feat/nginx-mcp-stable admin:feat/canary-demo
...
pull from: admin:feat/nginx-direct-routes
Branches Tags
admin:main admin:feat/helm-jenkins admin:feat/nginx-direct-routes admin:feat/nginx-weighted admin:feat/nginx-canary admin:feat/nginx-mcp-stable admin:feat/canary-demo

18 Commits
feat/nginx ... feat/nginx

Author SHA1 Message Date
Claude AI
128857d740 feat: IngressRoute direct access to canary at nginx-canary.thedevops.dev 2026-03-04 19:01:07 +00:00
Claude AI
a74380c917 feat: IngressRoute direct access to stable at nginx-stable.thedevops.dev 2026-03-04 19:01:01 +00:00
Claude AI
e0ef0e683f feat: TLS certificate for nginx-canary.thedevops.dev 2026-03-04 19:00:54 +00:00
Claude AI
7fec458a39 feat: TLS certificate for nginx-stable.thedevops.dev 2026-03-04 19:00:49 +00:00
admin
a09690feba Merge pull request 'feat: deploy nginx-weighted traffic layer (TraefikService 90/10, TLS, HTTP redirect)' (#4) from feat/nginx-weighted into main 
Reviewed-on: #4
 2026-03-04 18:43:12 +00:00
Claude AI
cdb736d5b2 feat: nginx-weighted ArgoCD application — destination nginx-mcp namespace 2026-03-04 18:41:39 +00:00
Claude AI
e9823e56ad feat: IngressRoutes — websecure (weighted) + web (redirect) 2026-03-04 18:41:33 +00:00
Claude AI
d906dd2d25 feat: Traefik Middleware HTTP→HTTPS permanent redirect 2026-03-04 18:41:26 +00:00
Claude AI
ebef2bf36e feat: cert-manager Certificate for nginx.thedevops.dev 2026-03-04 18:41:21 +00:00
Claude AI
9447fe8b01 feat: TraefikService weighted routing 90/10 stable/canary 2026-03-04 18:41:15 +00:00
Claude AI
539483b4b5 feat: canary ExternalName proxy service (namespace bridge) 2026-03-04 18:41:08 +00:00
admin
047b1cbde8 Merge pull request 'feat/nginx-canary' (#3) from feat/nginx-canary into main 
Reviewed-on: #3
 2026-03-04 18:40:19 +00:00
Claude AI
16a8ab3276 feat: nginx-canary ArgoCD application — automated sync, prune, selfHeal 2026-03-04 18:39:41 +00:00
Claude AI
c02e2b29c7 feat: nginx-canary service — ClusterIP port 80 2026-03-04 18:39:36 +00:00
Claude AI
15c2233a71 feat: nginx-canary deployment — 2 replicas, nginx:1.25-alpine 2026-03-04 18:39:31 +00:00
Claude AI
2d51a42271 feat: nginx-canary configmap — orange UI, v2.0.0, X-Version/X-Track headers 2026-03-04 18:39:22 +00:00
Claude AI
785a363547 feat: nginx-canary namespace 2026-03-04 18:38:58 +00:00
admin
79e264572b Merge pull request 'feat: deploy nginx-mcp stable app (v1, 3 replicas, purple UI)' (#2) from feat/nginx-mcp-stable into main 
Reviewed-on: #2
 2026-03-04 18:37:39 +00:00
15 changed files with 493 additions and 0 deletions
Expand all files Collapse all files

20
apps/nginx-canary/application.yaml Normal file
View File

@@ -0,0 +1,20 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: nginx-canary
namespace: argocd
spec:
project: default
source:
repoURL: http://gitea-http.gitea.svc.cluster.local:3000/admin/k3s-gitops
path: apps/nginx-canary
targetRevision: HEAD
destination:
server: https://kubernetes.default.svc
namespace: nginx-canary
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true

12
apps/nginx-canary/certificate.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: nginx-canary-tls
namespace: nginx-canary
spec:
secretName: nginx-canary-tls
issuerRef:
name: letsencrypt-http
kind: ClusterIssuer
dnsNames:
- nginx-canary.thedevops.dev

180
apps/nginx-canary/configmap.yaml Normal file
View File

@@ -0,0 +1,180 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-canary-html
namespace: nginx-canary
data:
index.html: |
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Hello from MCP v2 — Canary</title>
<style>
* { margin: 0; padding: 0; box-sizing: border-box; }
body {
font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;
background: linear-gradient(135deg, #1a0a00, #3d1f00, #1a0a00);
min-height: 100vh;
display: flex;
align-items: center;
justify-content: center;
color: #fff;
}
.card {
background: rgba(255,200,0,0.08);
backdrop-filter: blur(12px);
border: 1px solid rgba(255,200,0,0.3);
border-radius: 20px;
padding: 60px 80px;
text-align: center;
box-shadow: 0 25px 50px rgba(0,0,0,0.5), 0 0 60px rgba(255,180,0,0.08);
max-width: 650px;
width: 90%;
}
.badge {
display: inline-block;
background: linear-gradient(90deg, #f59e0b, #d97706);
color: #000;
font-size: 0.75rem;
font-weight: 800;
letter-spacing: 2px;
text-transform: uppercase;
padding: 6px 18px;
border-radius: 20px;
margin-bottom: 10px;
}
.version-badge {
display: inline-block;
background: rgba(245,158,11,0.2);
border: 1px solid rgba(245,158,11,0.5);
color: #fbbf24;
font-size: 0.7rem;
font-weight: 700;
letter-spacing: 2px;
text-transform: uppercase;
padding: 4px 14px;
border-radius: 20px;
margin-bottom: 30px;
}
h1 {
font-size: 3rem;
font-weight: 800;
background: linear-gradient(90deg, #fbbf24, #f59e0b);
-webkit-background-clip: text;
-webkit-text-fill-color: transparent;
margin-bottom: 10px;
}
.subtitle { color: #d97706; font-size: 1rem; margin-bottom: 20px; }
.canary-warning {
background: rgba(245,158,11,0.15);
border: 1px solid rgba(245,158,11,0.4);
border-radius: 8px;
padding: 10px 20px;
font-size: 0.85rem;
color: #fbbf24;
margin-bottom: 25px;
font-weight: 600;
}
.ip-box {
background: rgba(0,0,0,0.35);
border: 1px solid rgba(245,158,11,0.5);
border-radius: 12px;
padding: 20px 30px;
margin-bottom: 20px;
}
.ip-label {
font-size: 0.7rem;
letter-spacing: 2px;
text-transform: uppercase;
color: #b45309;
margin-bottom: 8px;
}
.ip-value {
font-size: 1.8rem;
font-weight: 700;
font-family: 'Courier New', monospace;
color: #fbbf24;
letter-spacing: 3px;
}
.info-grid {
display: grid;
grid-template-columns: 1fr 1fr;
gap: 12px;
margin-bottom: 20px;
}
.info-box {
background: rgba(0,0,0,0.35);
border: 1px solid rgba(245,158,11,0.3);
border-radius: 10px;
padding: 12px 16px;
text-align: left;
}
.info-label {
font-size: 0.65rem;
letter-spacing: 2px;
text-transform: uppercase;
color: #b45309;
margin-bottom: 4px;
}
.info-value {
font-size: 0.95rem;
font-weight: 700;
font-family: 'Courier New', monospace;
color: #fbbf24;
}
.footer { font-size: 0.78rem; color: #78350f; margin-top: 10px; }
</style>
</head>
<body>
<div class="card">
<div class="badge">&#128036; Canary Release</div><br>
<div class="version-badge">v2.0.0</div>
<h1>Hello from MCP v2</h1>
<p class="subtitle">Canary deployment — receiving experimental traffic</p>
<div class="canary-warning">&#9888; This is a CANARY build — not yet promoted to stable</div>
<div class="ip-box">
<div class="ip-label">Your IP Address</div>
<div class="ip-value" id="ip">Detecting...</div>
</div>
<div class="info-grid">
<div class="info-box">
<div class="info-label">Track</div>
<div class="info-value">canary</div>
</div>
<div class="info-box">
<div class="info-label">Version</div>
<div class="info-value">v2.0.0</div>
</div>
<div class="info-box">
<div class="info-label">Image</div>
<div class="info-value">nginx:1.25-alpine</div>
</div>
<div class="info-box">
<div class="info-label">Replicas</div>
<div class="info-value">2</div>
</div>
</div>
<div class="footer">nginx-canary &middot; thedevops.dev &middot; ArgoCD + Traefik + MCP</div>
</div>
<script>
fetch('https://api.ipify.org?format=json')
.then(r => r.json())
.then(d => { document.getElementById('ip').textContent = d.ip; })
.catch(() => { document.getElementById('ip').textContent = window.location.hostname; });
</script>
</body>
</html>
nginx.conf: |
server {
listen 80;
server_name _;
root /usr/share/nginx/html;
index index.html;
add_header X-Version "v2.0.0" always;
add_header X-Track "canary" always;
location / {
try_files $uri $uri/ =404;
}
}

56
apps/nginx-canary/deployment.yaml Normal file
View File

@@ -0,0 +1,56 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-canary
namespace: nginx-canary
labels:
app: nginx-canary
track: canary
version: v2.0.0
spec:
replicas: 2
selector:
matchLabels:
app: nginx-canary
template:
metadata:
labels:
app: nginx-canary
track: canary
version: v2.0.0
spec:
containers:
- name: nginx
image: nginx:1.25-alpine
ports:
- containerPort: 80
volumeMounts:
- name: html
mountPath: /usr/share/nginx/html/index.html
subPath: index.html
- name: html
mountPath: /etc/nginx/conf.d/default.conf
subPath: nginx.conf
resources:
requests:
cpu: 50m
memory: 64Mi
limits:
cpu: 200m
memory: 128Mi
readinessProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 5
periodSeconds: 10
livenessProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 10
periodSeconds: 20
volumes:
- name: html
configMap:
name: nginx-canary-html

37
apps/nginx-canary/ingressroute.yaml Normal file
View File

@@ -0,0 +1,37 @@
---
# Direct HTTPS access to canary app at nginx-canary.thedevops.dev
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: nginx-canary-direct
namespace: nginx-canary
spec:
entryPoints:
- websecure
routes:
- match: Host(`nginx-canary.thedevops.dev`)
kind: Rule
services:
- name: nginx-canary
port: 80
tls:
secretName: nginx-canary-tls
---
# HTTP redirect for nginx-canary.thedevops.dev
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: nginx-canary-direct-http
namespace: nginx-canary
spec:
entryPoints:
- web
routes:
- match: Host(`nginx-canary.thedevops.dev`)
kind: Rule
middlewares:
- name: redirect-https
namespace: nginx-mcp
services:
- name: nginx-canary
port: 80

1
apps/nginx-canary/namespace.yaml
View File

@@ -4,3 +4,4 @@ metadata:
name: nginx-canary
labels:
track: canary
managed-by: argocd

16
apps/nginx-canary/service.yaml Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: v1
kind: Service
metadata:
name: nginx-canary
namespace: nginx-canary
labels:
app: nginx-canary
track: canary
spec:
selector:
app: nginx-canary
ports:
- name: http
port: 80
targetPort: 80
type: ClusterIP

20
apps/nginx-weighted/application.yaml Normal file
View File

@@ -0,0 +1,20 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: nginx-weighted
namespace: argocd
spec:
project: default
source:
repoURL: http://gitea-http.gitea.svc.cluster.local:3000/admin/k3s-gitops
path: apps/nginx-weighted
targetRevision: HEAD
destination:
server: https://kubernetes.default.svc
namespace: nginx-mcp
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true

18
apps/nginx-weighted/canary-proxy-svc.yaml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: v1
kind: Service
metadata:
name: nginx-canary-proxy
namespace: nginx-mcp
labels:
app: nginx-canary-proxy
annotations:
description: >
ExternalName proxy required because Traefik v3 does not allow
cross-namespace service references inside TraefikService weighted config.
This service bridges nginx-mcp namespace → nginx-canary namespace.
spec:
type: ExternalName
externalName: nginx-canary.nginx-canary.svc.cluster.local
ports:
- port: 80
targetPort: 80

12
apps/nginx-weighted/certificate-stable.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: nginx-stable-tls
namespace: nginx-mcp
spec:
secretName: nginx-stable-tls
issuerRef:
name: letsencrypt-http
kind: ClusterIssuer
dnsNames:
- nginx-stable.thedevops.dev

12
apps/nginx-weighted/certificate.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: nginx-weighted-tls
namespace: nginx-mcp
spec:
secretName: nginx-weighted-tls
issuerRef:
name: letsencrypt-http
kind: ClusterIssuer
dnsNames:
- nginx.thedevops.dev

37
apps/nginx-weighted/ingressroute-stable.yaml Normal file
View File

@@ -0,0 +1,37 @@
---
# Direct HTTPS access to stable app at nginx-stable.thedevops.dev
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: nginx-stable-direct
namespace: nginx-mcp
spec:
entryPoints:
- websecure
routes:
- match: Host(`nginx-stable.thedevops.dev`)
kind: Rule
services:
- name: nginx-mcp
port: 80
tls:
secretName: nginx-stable-tls
---
# HTTP redirect for nginx-stable.thedevops.dev
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: nginx-stable-direct-http
namespace: nginx-mcp
spec:
entryPoints:
- web
routes:
- match: Host(`nginx-stable.thedevops.dev`)
kind: Rule
middlewares:
- name: redirect-https
namespace: nginx-mcp
services:
- name: nginx-mcp
port: 80

38
apps/nginx-weighted/ingressroute.yaml Normal file
View File

@@ -0,0 +1,38 @@
---
# HTTPS entrypoint — routes nginx.thedevops.dev through weighted TraefikService
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: nginx-weighted
namespace: nginx-mcp
spec:
entryPoints:
- websecure
routes:
- match: Host(`nginx.thedevops.dev`)
kind: Rule
services:
- name: nginx-weighted
namespace: nginx-mcp
kind: TraefikService
tls:
secretName: nginx-weighted-tls
---
# HTTP entrypoint — redirects all HTTP traffic to HTTPS via middleware
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: nginx-weighted-http
namespace: nginx-mcp
spec:
entryPoints:
- web
routes:
- match: Host(`nginx.thedevops.dev`)
kind: Rule
middlewares:
- name: redirect-https
namespace: nginx-mcp
services:
- name: nginx-mcp
port: 80

9
apps/nginx-weighted/middleware.yaml Normal file
View File

@@ -0,0 +1,9 @@
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: redirect-https
namespace: nginx-mcp
spec:
redirectScheme:
scheme: https
permanent: true

25
apps/nginx-weighted/traefikservice.yaml Normal file
View File

@@ -0,0 +1,25 @@
---
# TraefikService — weighted load balancer between stable and canary.
# THIS IS THE ONLY FILE YOU NEED TO EDIT to shift traffic weights.
#
# Weight scenarios:
# Initial canary test → stable: 90 canary: 10
# Extended testing → stable: 50 canary: 50
# Full promote to canary → stable: 0 canary: 100
# Emergency rollback → stable: 100 canary: 0
apiVersion: traefik.io/v1alpha1
kind: TraefikService
metadata:
name: nginx-weighted
namespace: nginx-mcp
spec:
weighted:
services:
- name: nginx-mcp
namespace: nginx-mcp
port: 80
weight: 90
- name: nginx-canary-proxy
namespace: nginx-mcp
port: 80
weight: 10