diff --git a/CLAUDE.md b/CLAUDE.md new file mode 100644 index 0000000..d592771 --- /dev/null +++ b/CLAUDE.md @@ -0,0 +1,24 @@ +# CLAUDE.md + +This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository. + +## Commands +- Validate YAML: `kubectl --dry-run=client -f ` +- Validate syntax with YAML linter: `yamllint ` +- Check Kubernetes resources: `kubectl get --namespace ` + +## Style Guidelines +1. YAML Formatting: + - Use 2-space indentation + - Use snake_case for keys + - Keep line length under 100 characters + +2. Kubernetes Resources: + - Include resource limits/requests in all deployments + - Add appropriate labels and annotations + - Group related resources in the same file + - Use namespaces to organize resources by service + +3. Documentation: + - Add comments for non-obvious configuration choices + - Document environment-specific variables clearly \ No newline at end of file diff --git a/crates/crates.ingress.yaml b/crates/crates.ingress.yaml index da950fe..31eee76 100644 --- a/crates/crates.ingress.yaml +++ b/crates/crates.ingress.yaml @@ -11,7 +11,7 @@ metadata: annotations: cert-manager.io/cluster-issuer: "letsencrypt-prod" spec: - ingressClassName: nginx + ingressClassName: haproxy tls: - hosts: - crates.strix.systems @@ -27,6 +27,16 @@ spec: name: crates-client port: number: 8080 + - host: crates.ntwl.xyz + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: crates-client + port: + number: 8080 --- @@ -35,12 +45,11 @@ kind: Ingress metadata: annotations: cert-manager.io/cluster-issuer: "letsencrypt-prod" - nginx.ingress.kubernetes.io/use-regex: "true" - nginx.ingress.kubernetes.io/rewrite-target: /$2 + haproxy.org/path-rewrite: "/api(/)?(.*) /$2" name: crates-api namespace: default spec: - ingressClassName: nginx + ingressClassName: haproxy tls: - hosts: - crates.strix.systems @@ -56,3 +65,13 @@ spec: name: crates-api port: number: 41337 + - host: crates.ntwl.xyz + http: + paths: + - path: /api(/|$)(.*) + pathType: ImplementationSpecific + backend: + service: + name: crates-api + port: + number: 41337 diff --git a/memestream/memestream.ingress.yaml b/memestream/memestream.ingress.yaml index 0e56bb6..1aff13e 100644 --- a/memestream/memestream.ingress.yaml +++ b/memestream/memestream.ingress.yaml @@ -5,11 +5,13 @@ metadata: annotations: cert-manager.io/cluster-issuer: "letsencrypt-prod" spec: - ingressClassName: nginx + ingressClassName: haproxy tls: - hosts: - memestream.strix.systems - search.memestream.strix.systems + - memestream.ntwl.xyz + - search.memestream.ntwl.xyz secretName: memestream-strix-systems-tls rules: - host: search.memestream.strix.systems @@ -22,7 +24,27 @@ spec: name: memestream-meili port: number: 7700 + - host: search.memestream.ntwl.xyz + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: memestream-meili + port: + number: 7700 - host: memestream.strix.systems + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: memestream-client + port: + number: 8080 + - host: memestream.ntwl.xyz http: paths: - path: / diff --git a/memestream/memestream.yaml b/memestream/memestream.yaml index 5122b21..6b46ab6 100644 --- a/memestream/memestream.yaml +++ b/memestream/memestream.yaml @@ -76,6 +76,30 @@ spec: # DEPLOYMENTS # ----------------------------------------------------------------------- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: memestream-archiver +spec: + replicas: 1 + selector: + matchLabels: + app: memestream-archiver + template: + metadata: + labels: + app: memestream-archiver + spec: + containers: + - name: memestream-archiver + image: registry.strix.systems/memestream-archiver + imagePullPolicy: Always + envFrom: + - secretRef: + name: memestream-archiver + +--- + apiVersion: apps/v1 kind: Deployment metadata: diff --git a/mnml/mnml.ingress.yaml b/mnml/mnml.ingress.yaml index 5720d1c..3d802ad 100644 --- a/mnml/mnml.ingress.yaml +++ b/mnml/mnml.ingress.yaml @@ -10,7 +10,7 @@ metadata: annotations: cert-manager.io/cluster-issuer: "letsencrypt-prod" spec: - ingressClassName: nginx + ingressClassName: haproxy tls: - hosts: - mnml.gg @@ -36,9 +36,9 @@ metadata: namespace: default annotations: cert-manager.io/cluster-issuer: "letsencrypt-prod" - nginx.org/websocket-services: "mnml-ws" + haproxy.org/websocket-support: "true" spec: - ingressClassName: nginx + ingressClassName: haproxy tls: - hosts: - mnml.gg @@ -63,11 +63,10 @@ metadata: name: mnml-ws annotations: cert-manager.io/cluster-issuer: "letsencrypt-prod" - nginx.org/proxy-read-timeout: "3600" - nginx.org/proxy-send-timeout: "3600" - nginx.org/websocket-services: mnml-ws + haproxy.org/websocket-support: "true" + haproxy.org/timeout-tunnel: "3600s" spec: - ingressClassName: nginx + ingressClassName: haproxy tls: - hosts: - mnml.gg diff --git a/monitor/monitor.ingress.yaml b/monitor/monitor.ingress.yaml index 2856c3e..0c9ba50 100644 --- a/monitor/monitor.ingress.yaml +++ b/monitor/monitor.ingress.yaml @@ -8,10 +8,11 @@ metadata: annotations: cert-manager.io/cluster-issuer: "letsencrypt-prod" spec: - ingressClassName: nginx + ingressClassName: haproxy tls: - hosts: - monitor.strix.systems + - monitor.ntwl.xyz secretName: monitor-strix-systems-tls rules: - host: monitor.strix.systems @@ -24,3 +25,13 @@ spec: name: kube-prometheus-stack-grafana port: number: 80 + - host: monitor.ntwl.xyz + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: kube-prometheus-stack-grafana + port: + number: 80 diff --git a/nginx-ingress/cert-manager.yaml b/nginx-ingress/cert-manager.yaml deleted file mode 100644 index 7b21143..0000000 --- a/nginx-ingress/cert-manager.yaml +++ /dev/null @@ -1,43 +0,0 @@ -# using the same issuer for everything -# ntr@strix is the big boss - ---- -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - name: letsencrypt-staging -spec: - acme: - # The ACME server URL - server: https://acme-staging-v02.api.letsencrypt.org/directory - # Email address used for ACME registration - email: ntr@strix.systems - # Name of a secret used to store the ACME account private key - privateKeySecretRef: - name: letsencrypt-staging - # Enable the HTTP-01 challenge provider - solvers: - - http01: - ingress: - ingressClassName: nginx - ---- - -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - name: letsencrypt-prod -spec: - acme: - # The ACME server URL - server: https://acme-v02.api.letsencrypt.org/directory - # Email address used for ACME registration - email: ntr@strix.systems - # Name of a secret used to store the ACME account private key - privateKeySecretRef: - name: letsencrypt-prod - # Enable the HTTP-01 challenge provider - solvers: - - http01: - ingress: - ingressClassName: nginx diff --git a/ntr-cv/ntr-cv.ingress.yaml b/ntr-cv/ntr-cv.ingress.yaml index 9c6e651..06ecb06 100644 --- a/ntr-cv/ntr-cv.ingress.yaml +++ b/ntr-cv/ntr-cv.ingress.yaml @@ -7,10 +7,11 @@ metadata: annotations: cert-manager.io/cluster-issuer: "letsencrypt-prod" spec: - ingressClassName: nginx + ingressClassName: haproxy tls: - hosts: - strix.systems + - ntr.ntwl.xyz secretName: strix-systems-tls rules: - host: strix.systems @@ -23,3 +24,13 @@ spec: name: ntr-cv port: number: 8080 + - host: ntr.ntwl.xyz + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: ntr-cv + port: + number: 8080 diff --git a/registry/registry.ingress.yaml b/registry/registry.ingress.yaml index b3d9403..51c6424 100644 --- a/registry/registry.ingress.yaml +++ b/registry/registry.ingress.yaml @@ -5,13 +5,14 @@ kind: Ingress metadata: name: registry annotations: - nginx.ingress.kubernetes.io/proxy-body-size: 2g + haproxy.org/proxy-body-size-limit: "2g" cert-manager.io/cluster-issuer: "letsencrypt-prod" spec: - ingressClassName: nginx + ingressClassName: haproxy tls: - hosts: - registry.strix.systems + - registry.ntwl.xyz secretName: registry-strix-systems-tls rules: - host: registry.strix.systems @@ -24,3 +25,13 @@ spec: name: registry port: number: 5000 + - host: registry.ntwl.xyz + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: registry + port: + number: 5000 diff --git a/spacerace/spacerace.ingress.yaml b/spacerace/spacerace.ingress.yaml index 6e3b019..1c392e1 100644 --- a/spacerace/spacerace.ingress.yaml +++ b/spacerace/spacerace.ingress.yaml @@ -5,11 +5,9 @@ metadata: name: spacerace-api annotations: cert-manager.io/cluster-issuer: "letsencrypt-prod" - # don't do this again - nginx.ingress.kubernetes.io/use-regex: "true" - nginx.ingress.kubernetes.io/rewrite-target: /$2 + haproxy.org/path-rewrite: "/api(/)?(.*) /$2" spec: - ingressClassName: nginx + ingressClassName: haproxy tls: - hosts: - spacerace.strix.systems diff --git a/storage/minio.ingress.yaml b/storage/minio.ingress.yaml index b7ba8d0..02d6684 100644 --- a/storage/minio.ingress.yaml +++ b/storage/minio.ingress.yaml @@ -7,10 +7,11 @@ metadata: annotations: cert-manager.io/cluster-issuer: "letsencrypt-prod" spec: - ingressClassName: nginx + ingressClassName: haproxy tls: - hosts: - minio.strix.systems + - minio.ntwl.xyz secretName: minio.strix.systems rules: - host: minio.strix.systems @@ -23,6 +24,16 @@ spec: name: minio-service port: number: 9090 + - host: minio.ntwl.xyz + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: minio-service + port: + number: 9090 --- @@ -34,12 +45,13 @@ metadata: app: minio annotations: cert-manager.io/cluster-issuer: "letsencrypt-prod" - nginx.ingress.kubernetes.io/proxy-body-size: 1g + haproxy.org/proxy-body-size-limit: "1g" spec: - ingressClassName: nginx + ingressClassName: haproxy tls: - hosts: - storage.strix.systems + - storage.ntwl.xyz secretName: storage.strix.systems rules: - host: storage.strix.systems @@ -52,3 +64,13 @@ spec: name: minio-service port: number: 9000 + - host: storage.ntwl.xyz + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: minio-service + port: + number: 9000