diff --git a/clusters/cl01tl/manifests/foldergram/Deployment-foldergram-cloudflared.yaml b/clusters/cl01tl/manifests/foldergram/Deployment-foldergram-cloudflared.yaml new file mode 100644 index 000000000..8aefc2ac9 --- /dev/null +++ b/clusters/cl01tl/manifests/foldergram/Deployment-foldergram-cloudflared.yaml @@ -0,0 +1,58 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: foldergram-cloudflared + labels: + app.kubernetes.io/controller: main + app.kubernetes.io/instance: foldergram + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cloudflared + app.kubernetes.io/version: 2026.3.0 + helm.sh/chart: cloudflared-2.5.0 + namespace: foldergram +spec: + revisionHistoryLimit: 3 + replicas: 1 + strategy: + type: Recreate + selector: + matchLabels: + app.kubernetes.io/controller: main + app.kubernetes.io/name: cloudflared + app.kubernetes.io/instance: foldergram + template: + metadata: + labels: + app.kubernetes.io/controller: main + app.kubernetes.io/instance: foldergram + app.kubernetes.io/name: cloudflared + spec: + enableServiceLinks: false + serviceAccountName: default + automountServiceAccountToken: true + hostIPC: false + hostNetwork: false + hostPID: false + dnsPolicy: ClusterFirst + containers: + - args: + - tunnel + - --protocol + - http2 + - --no-autoupdate + - run + - --token + - $(CF_MANAGED_TUNNEL_TOKEN) + env: + - name: CF_MANAGED_TUNNEL_TOKEN + valueFrom: + secretKeyRef: + key: cf-tunnel-token + name: foldergram-cloudflared-secret + image: cloudflare/cloudflared:2026.3.0@sha256:6b599ca3e974349ead3286d178da61d291961182ec3fe9c505e1dd02c8ac31b0 + imagePullPolicy: IfNotPresent + name: main + resources: + requests: + cpu: 1m + memory: 20Mi diff --git a/clusters/cl01tl/manifests/foldergram/Deployment-foldergram.yaml b/clusters/cl01tl/manifests/foldergram/Deployment-foldergram.yaml index 6b6db7002..a87faa66c 100644 --- a/clusters/cl01tl/manifests/foldergram/Deployment-foldergram.yaml +++ b/clusters/cl01tl/manifests/foldergram/Deployment-foldergram.yaml @@ -47,17 +47,19 @@ spec: - name: GALLERY_ROOT value: /gallery - name: CSRF_TRUSTED_ORIGINS - value: https://foldergram.alexlebens.net + value: https://foldergram.alexlebens.net, https://art.alexlebens.dev + - name: PUBLIC_DEMO_MODE + value: "1" image: ghcr.io/foldergram/foldergram:1.1.0@sha256:b08c7f30a15a3d3e4cf0877a5271cb76be6a36ab83751f040c115ccdb76b736a name: main resources: requests: - cpu: 1m - memory: 230Mi + cpu: 10m + memory: 1Gi volumeMounts: - mountPath: /app/data name: cache - - mountPath: /gallery/pictures/collections + - mountPath: /gallery name: pictures readOnly: true volumes: diff --git a/clusters/cl01tl/manifests/foldergram/ExternalSecret-foldergram-cloudflared-secret.yaml b/clusters/cl01tl/manifests/foldergram/ExternalSecret-foldergram-cloudflared-secret.yaml new file mode 100644 index 000000000..94d1c4cb9 --- /dev/null +++ b/clusters/cl01tl/manifests/foldergram/ExternalSecret-foldergram-cloudflared-secret.yaml @@ -0,0 +1,24 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: foldergram-cloudflared-secret + namespace: foldergram + labels: + helm.sh/chart: cloudflared-2.5.0 + app.kubernetes.io/instance: foldergram + app.kubernetes.io/part-of: foldergram + app.kubernetes.io/version: "2.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: foldergram-cloudflared-secret +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: cf-tunnel-token + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cloudflare/tunnels/foldergram + metadataPolicy: None + property: token