ghndrx/k8s-game-2048
1
0
Fork 0
mirror of https://github.com/ghndrx/k8s-game-2048.git synced 2026-02-10 06:45:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

🚀 Complete automation pipeline with SSL, testing, and deployment

Browse Source 
 Features:
- Full SSL setup with Let's Encrypt for all environments
- Automated CI/CD pipeline with GitHub Actions
- Comprehensive smoke testing workflow
- Auto-deploy to dev on main branch push
- Manual staging/production deployments with confirmation
- Istio + nginx SSL termination architecture

🔧 Infrastructure:
- Migrated from Kourier to Istio for Knative ingress
- nginx handles SSL termination and public traffic
- Istio manages internal Knative service routing
- Scale-to-zero configuration for all environments

🧪 Testing:
- SSL certificate validation and expiry checks
- Domain accessibility and content validation
- Performance testing and redirect behavior validation
- Automated smoke tests on every deployment

🌐 Domains:
- Dev: https://2048-dev.wa.darknex.us
- Staging: https://2048-staging.wa.darknex.us
- Production: https://2048.wa.darknex.us

📦 Deployment:
- Uses latest GHCR images with imagePullPolicy: Always
- Automated secret management across namespaces
- Environment-specific Knative service configurations
- Clean manifest structure with proper labeling
This commit is contained in:
Greg
2025-06-30 22:57:36 -07:00
parent f42d04f06e
commit 3dbb1d51e8
22 changed files with 1094 additions and 460 deletions
Download Patch File Download Diff File Expand all files Collapse all files

119
manifests/nginx-to-istio-proxy.yaml Normal file
View File

@@ -0,0 +1,119 @@
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: game-2048-dev-proxy
namespace: default
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
nginx.ingress.kubernetes.io/configuration-snippet: |
proxy_set_header Host game-2048-dev.game-2048-dev.dev.wa.darknex.us;
spec:
ingressClassName: nginx
tls:
- hosts:
- 2048-dev.wa.darknex.us
secretName: game-2048-dev-nginx-tls
rules:
- host: 2048-dev.wa.darknex.us
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: istio-nodeport-service
port:
number: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: game-2048-staging-proxy
namespace: default
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
nginx.ingress.kubernetes.io/configuration-snippet: |
proxy_set_header Host game-2048-staging.game-2048-staging.staging.wa.darknex.us;
spec:
ingressClassName: nginx
tls:
- hosts:
- 2048-staging.wa.darknex.us
secretName: game-2048-staging-nginx-tls
rules:
- host: 2048-staging.wa.darknex.us
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: istio-nodeport-service
port:
number: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: game-2048-prod-proxy
namespace: default
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
nginx.ingress.kubernetes.io/configuration-snippet: |
proxy_set_header Host game-2048-prod.game-2048-prod.wa.darknex.us;
spec:
ingressClassName: nginx
tls:
- hosts:
- 2048.wa.darknex.us
secretName: game-2048-prod-nginx-tls
rules:
- host: 2048.wa.darknex.us
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: istio-nodeport-service
port:
number: 80
---
apiVersion: v1
kind: Service
metadata:
name: istio-nodeport-service
namespace: default
spec:
ports:
- name: http
port: 80
targetPort: 32135
protocol: TCP
clusterIP: None
---
apiVersion: v1
kind: Endpoints
metadata:
name: istio-nodeport-service
namespace: default
subsets:
- addresses:
- ip: 192.168.4.134 # Your k3s node IP
ports:
- name: http
port: 32135