yuukiii/hermes-mcp
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
e3a272c3328cc730de85830e4ec57d7f075c8faf
hermes-mcp/jacob-k8s-ingress.yaml
Garfield e3a272c332 Add multi-account OAuth, Obsidian integration, product assets, and test tooling 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-29 09:52:53 -04:00

87 lines
2.5 KiB
YAML
Raw Blame History

# K8s Ingress for jacob.fetcherpay.com
# Option A: Route through existing nginx-ingress-controller (hostNetwork :443)
# Applies to namespace: fetcherpay (same as hermes)
#
# Prerequisites:
# - DeerFlow nginx must be reachable from the host network on port 2026
# (docker-compose already binds host:2026 → container:2026)
# - cert-manager with ClusterIssuer "letsencrypt-prod" (same as hermes)
# - microk8s kubectl apply -f jacob-k8s-ingress.yaml
#
# After apply, cert-manager will issue a new LE cert for jacob.fetcherpay.com
# and nginx-ingress will serve it instead of the fake cert.
---
# External Service pointing to DeerFlow nginx on the host
# Since DeerFlow runs in Docker (not K8s), we use a headless Service + Endpoints
# to target localhost:2026. This works because nginx-ingress runs with hostNetwork.
apiVersion: v1
kind: Service
metadata:
name: jacob-deerflow
namespace: fetcherpay
spec:
ports:
- port: 80
targetPort: 2026
protocol: TCP
---
apiVersion: v1
kind: Endpoints
metadata:
name: jacob-deerflow
namespace: fetcherpay
subsets:
- addresses:
- ip: 104.190.60.129
ports:
- port: 2026
---
# Basic auth secret for nginx-ingress
# Generate with: htpasswd -nbB boaz strength | base64
# Then paste the base64 string under data.auth
apiVersion: v1
kind: Secret
metadata:
name: jacob-basic-auth
namespace: fetcherpay
type: Opaque
data:
# boaz:strength (bcrypt $2y$ for nginx compat)
auth: "Ym9hejokMnkkMDUkMU01MUkyMXhPWWU5aU14QUFmaGhHTzZza1NrUE0uVm9LemF4cFBLbzBva1A2TkRrOUI5ZGk="
---
# Ingress resource
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: jacob-ingress
namespace: fetcherpay
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
nginx.ingress.kubernetes.io/auth-type: basic
nginx.ingress.kubernetes.io/auth-secret: jacob-basic-auth
nginx.ingress.kubernetes.io/auth-realm: "Jacob - Authentication Required"
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-buffering: "off"
nginx.ingress.kubernetes.io/proxy-body-size: "100m"
spec:
ingressClassName: nginx
tls:
- hosts:
- jacob.fetcherpay.com
secretName: jacob-fetcherpay-tls
rules:
- host: jacob.fetcherpay.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: jacob-deerflow
port:
number: 80
Reference in New Issue View Git Blame Copy Permalink