From ebbfb4f169704d6cf83ee35b971711b33016457d Mon Sep 17 00:00:00 2001
From: Moritz Graf <github@moritzgraf.de>
Date: Sat, 20 Dec 2025 14:35:26 +0100
Subject: [PATCH] Adding kubernetest deployment stuff for private registry

---
 deploy.sh          |  8 +++++++-
 k8s-manifests.yaml | 18 ++++++++++++++++--
 2 files changed, 23 insertions(+), 3 deletions(-)

diff --git a/deploy.sh b/deploy.sh
index 7a9dc1b..8a8aa51 100755
--- a/deploy.sh
+++ b/deploy.sh
@@ -2,7 +2,9 @@
 
 # Configuration
 NAMESPACE="haumdaucher"
-IMAGE_NAME="haumdaucher-website"
+REGISTRY="registry.moritzgraf.de"
+IMAGE_BASE_NAME="haumdaucher-website"
+IMAGE_NAME="$REGISTRY/$IMAGE_BASE_NAME"
 TAG="latest"
 
 echo "🚀 Starting deployment for Haumdaucher..."
@@ -14,6 +16,10 @@ kubectl create namespace $NAMESPACE --dry-run=client -o yaml | kubectl apply -f
 echo "📦 Building Docker image..."
 docker build -t $IMAGE_NAME:$TAG .
 
+# Push the docker image
+echo "📤 Pushing Docker image to $REGISTRY..."
+docker push $IMAGE_NAME:$TAG
+
 # Apply manifests
 echo "🎡 Applying Kubernetes manifests..."
 kubectl apply -f k8s-manifests.yaml
diff --git a/k8s-manifests.yaml b/k8s-manifests.yaml
index 81b4921..6c8a913 100644
--- a/k8s-manifests.yaml
+++ b/k8s-manifests.yaml
@@ -15,10 +15,12 @@ spec:
       labels:
         app: haumdaucher
     spec:
+      imagePullSecrets:
+      - name: registry-haumdaucher-de
       containers:
       - name: haumdaucher
-        image: haumdaucher-website:latest
-        imagePullPolicy: IfNotPresent
+        image: registry.moritzgraf.de/haumdaucher-website:latest
+        imagePullPolicy: Always
         ports:
         - containerPort: 80
 ---
@@ -42,8 +44,16 @@ metadata:
   name: haumdaucher-ingress
   namespace: haumdaucher
   annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
     kubernetes.io/ingress.class: nginx
+    kubernetes.io/tls-acme: "true"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/proxy-body-size: "0"
+    nginx.ingress.kubernetes.io/proxy-buffering: "off"
+    nginx.ingress.kubernetes.io/proxy-request-buffering: "off"
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
 spec:
+  ingressClassName: nginx
   rules:
   - host: haumdaucher.de
     http:
@@ -55,3 +65,7 @@ spec:
             name: haumdaucher-service
             port:
               number: 80
+  tls:
+  - hosts:
+    - haumdaucher.de
+    secretName: haumdaucher-de-tls