bluejay/bluejay-infra
1
0
Fork 0
Code Issues Pull Requests 15 Actions Packages Projects Releases Wiki Activity

infra(cx2-5): DNS auth/NetPol substrate, air-gap landing, arm64 ARC runner + tenant landing manifests

Browse Source 
- fc-dns: add OnePasswordItem CRD for DNS API keys + NetworkPolicy for Phase 0 auth hardening; bump dns-web image tag
- fc-landing: rewrite landing HTML to remove CDN dependencies (air-gap safe); add preview.html standalone preview
- github-runner: add TOOLCACHE_ARCH to install-ruby-toolcache.sh for arm64 support; add Dockerfile.arm64 for arm64 ARC runner image
- docs/gx10-tenant-landing: per-user Deployment+IngressRoute manifests (andrew/dustin/erik/fit/matt) + CUTOVER-RUNBOOK.md

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
Andrew Stoltz
2026-06-21 11:53:26 -05:00
parent 9dd170a9ac
commit eae7b4ed7a
16 changed files with 2122 additions and 140 deletions
Download Patch File Download Diff File Expand all files Collapse all files

83
docs/gx10-tenant-landing/CUTOVER-RUNBOOK.md Normal file
View File

@@ -0,0 +1,83 @@
# GX10 Tenant Landing-Site Migration — Cutover Runbook
Date: 2026-06-16. Migrates the 5 per-tenant public landing sites from the OLD RKE2
cluster (`10.0.56.200` Traefik) to the GX10 ARM64 cluster (`10.0.57.202` VIP /
NodePort `10.0.56.14:32491`).
## Deployed on GX10 (DONE — staged-verified, NOT yet receiving public traffic)
| Domain(s) | GX10 ns | Workload | TLS secret (in ns + traefik-system) | Live content replicated |
|-----------------------------------|--------------------|---------------|-------------------------------------|-------------------------|
| bluejay.dev, www.bluejay.dev | `fc-tenant-andrew` | nginx:alpine | `cf-origin-bluejay-dev` | "Blue Jay" (custom) |
| timeforta.co, www.timeforta.co | `fc-tenant-dustin` | nginx:alpine | `cf-origin-timeforta-co` | "Coming Soon" (generic) |
| erckak.dev, www.erckak.dev | `fc-tenant-erik` | nginx:alpine | `cf-origin-erckak-dev` | "Erckak" (custom) |
| flowerinsider.xyz, www.* | `fc-tenant-fit` | nginx:alpine | `cf-origin-flowerinsider-xyz` | "Flower Insider" (custom)|
| matt.flowercore.io | `fc-tenant-matt` | nginx:alpine | `cf-origin-flowercore-io` | "Coming Soon" (generic) |
All nginx pods 1/1 Running, IngressRoutes priority 100 (override the GX10
`public-catchall`). Each site replicates EXACTLY what was live on OLD at migration
time, so cutover is content-invisible.
Staged verification (all HTTP 200, correct content, SNI-correct cert):
```
curl -sk --resolve <host>:32491:10.0.56.14 https://<host>:32491/
```
## Public routing reality (why NO automatic cutover happened)
Every tenant domain enters the network through Cloudflare (proxied) → a dedicated
pfSense WAN IP in 74.40.140.16/28 → pfSense port-forward. ALL FIVE currently forward
to OLD Traefik `10.0.56.200:443`:
| Domain | CF origin WAN IP | pfSense rdr today |
|-------------------|------------------|--------------------|
| bluejay.dev | 74.40.140.17 | → 10.0.56.200:443 |
| matt.flowercore.io| 74.40.140.19 | → 10.0.56.200:443 |
| timeforta.co | 74.40.140.21 | → 10.0.56.200:443 |
| erckak.dev | 74.40.140.23 | → 10.0.56.200:443 |
| flowerinsider.xyz | 74.40.140.25 | → 10.0.56.200:443 |
(Contrast: main flowercore.io = WAN `.24` → already GX10 `10.0.56.14:32491`.)
NOTE: matt.flowercore.io is bound to WAN `.19` (the MATT VPN IP), NOT `.24`, so the
"*.flowercore.io already NATs to GX10" assumption does NOT cover matt.
Because none of these NAT to GX10 yet, no cutover was performed (live sites untouched).
## OPERATOR ACTION — cutover = repoint the pfSense port-forward target
For each domain, change the HTTPS (and HTTP) port-forward TARGET from
`10.0.56.200` to `10.0.56.14:32491` (HTTPS) / `10.0.56.14:30776` (HTTP). pfSense
port-forwards (Firewall → NAT → Port Forward), edit these rule descriptions:
- `ANDREW: HTTPS to Traefik` 74.40.140.17:443 → change target `10.0.56.200:443` to `10.0.56.14:32491`
- `MATT: HTTPS to Traefik` 74.40.140.19:443 → change target `10.0.56.200:443` to `10.0.56.14:32491`
- `DUSTIN: HTTPS to Traefik` 74.40.140.21:443 → change target `10.0.56.200:443` to `10.0.56.14:32491`
- `ERIK: HTTPS to Traefik` 74.40.140.23:443 → change target `10.0.56.200:443` to `10.0.56.14:32491`
- `FIT: HTTPS to Traefik` 74.40.140.25:443 → change target `10.0.56.200:443` to `10.0.56.14:32491`
- (corresponding `:80 → 10.0.56.14:30776` HTTP rules likewise, optional — sites are HTTPS-only)
No Cloudflare DNS change is required: the WAN IPs stay the same, only the internal
NAT target moves. Each can be flipped independently (per-tenant blast radius).
Post-flip verify (external):
```
curl -sI https://<host>/ # expect HTTP 200, Server: cloudflare, unchanged content
```
## Rollback
OLD cluster left fully intact (ArgoCD apps infra-andrew/dustin/erik/fit Synced+Healthy,
pods Running). To roll back any domain: revert that pfSense port-forward target to
`10.0.56.200`.
## Notes
- The OLD cluster has DUPLICATE namespaces per tenant (`tenant-X` custom page +
`fc-tenant-X` generic landing), both with IngressRoutes claiming the same host.
Traefik non-deterministically picked a winner; live content was: andrew/erik/fit =
custom (`tenant-X`), dustin/matt = generic (`fc-tenant-X`). GX10 consolidates to ONE
namespace per tenant (`fc-tenant-X`) serving the content that was actually live.
- `infra-worldbuilder` (worldbuilder.iamworkin.lan, internal .NET app) was ALREADY
migrated to GX10 (`fc-worldbuilder`, 1/1 Running) — no action.
- `infra-flowercore` (tenant-flowercore/flowercore-web demo) has NO public route and is
superseded by the production `fc-system/fc-landing-public` (flowercore.io root) already
live on GX10 — intentionally NOT migrated.

225
docs/gx10-tenant-landing/andrew-deploy.yaml Normal file
View File

@@ -0,0 +1,225 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: fc-tenant-andrew
labels:
app.kubernetes.io/part-of: bluejay-infra
flowercore.io/tenant: andrew
---
apiVersion: v1
kind: ConfigMap
metadata:
name: andrew-web-html
namespace: fc-tenant-andrew
data:
index.html: |
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Blue Jay — bluejay.dev</title>
<style>
* { margin: 0; padding: 0; box-sizing: border-box; }
body {
font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
background: #0A1628;
color: #e0e8f0;
min-height: 100vh;
display: flex;
flex-direction: column;
align-items: center;
justify-content: center;
overflow: hidden;
}
.bg {
position: fixed;
inset: 0;
background:
radial-gradient(ellipse 80% 60% at 50% 0%, rgba(43,138,255,0.15) 0%, transparent 70%),
radial-gradient(ellipse 60% 50% at 80% 100%, rgba(43,138,255,0.08) 0%, transparent 60%),
linear-gradient(135deg, #0A1628 0%, #111E36 50%, #0A1628 100%);
z-index: 0;
}
.container {
position: relative;
z-index: 1;
text-align: center;
padding: 2rem;
max-width: 640px;
width: 100%;
}
.badge {
display: inline-block;
background: rgba(43,138,255,0.12);
border: 1px solid rgba(43,138,255,0.25);
border-radius: 20px;
padding: 0.4rem 1.2rem;
font-size: 0.8rem;
color: #2B8AFF;
letter-spacing: 0.08em;
text-transform: uppercase;
margin-bottom: 2rem;
}
.icon {
font-size: 4rem;
margin-bottom: 1.5rem;
filter: drop-shadow(0 0 30px rgba(43,138,255,0.3));
}
h1 {
font-size: 2.8rem;
font-weight: 700;
background: linear-gradient(135deg, #2B8AFF 0%, #6BB3FF 100%);
-webkit-background-clip: text;
-webkit-text-fill-color: transparent;
background-clip: text;
margin-bottom: 0.5rem;
}
.domain {
font-size: 1.1rem;
color: #6BB3FF;
font-weight: 300;
font-family: 'SF Mono', 'Fira Code', 'Consolas', monospace;
margin-bottom: 2.5rem;
}
.status {
display: inline-flex;
align-items: center;
gap: 0.5rem;
background: rgba(43,138,255,0.08);
border: 1px solid rgba(43,138,255,0.15);
border-radius: 8px;
padding: 1rem 2rem;
margin-bottom: 2rem;
}
.status .dot {
width: 8px;
height: 8px;
background: #2B8AFF;
border-radius: 50%;
animation: pulse 2s ease-in-out infinite;
}
@keyframes pulse {
0%, 100% { opacity: 0.4; }
50% { opacity: 1; box-shadow: 0 0 8px rgba(43,138,255,0.6); }
}
.status p {
font-size: 0.95rem;
color: #8aa8c4;
}
.divider {
width: 40px;
height: 2px;
background: linear-gradient(90deg, transparent, rgba(43,138,255,0.4), transparent);
margin: 2rem auto;
}
.footer {
color: #3a5570;
font-size: 0.75rem;
line-height: 1.6;
}
.footer a {
color: #4a7a9e;
text-decoration: none;
}
@media (max-width: 480px) {
h1 { font-size: 2rem; }
.icon { font-size: 3rem; }
.container { padding: 1.5rem; }
}
</style>
</head>
<body>
<div class="bg"></div>
<div class="container">
<div class="badge">Andrew's Space</div>
<div class="icon">&#x1F426;</div>
<h1>Blue Jay</h1>
<p class="domain">bluejay.dev</p>
<div class="status">
<span class="dot"></span>
<p>Coming Soon</p>
</div>
<div class="divider"></div>
<p class="footer">
Powered by <a href="https://flowercore.io">FlowerCore</a>
</p>
</div>
</body>
</html>
---
apiVersion: v1
kind: ConfigMap
metadata:
name: andrew-web-nginx-conf
namespace: fc-tenant-andrew
data:
default.conf: |
server {
listen 80;
server_name _;
root /usr/share/nginx/html;
index index.html;
location / { try_files $uri $uri/ =404; }
location /healthz { access_log off; return 200 "ok"; add_header Content-Type text/plain; }
}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: andrew-web
namespace: fc-tenant-andrew
labels:
app: andrew-web
spec:
replicas: 1
selector:
matchLabels:
app: andrew-web
template:
metadata:
labels:
app: andrew-web
spec:
containers:
- name: nginx
image: nginx:alpine
ports:
- containerPort: 80
name: http
volumeMounts:
- name: nginx-conf
mountPath: /etc/nginx/conf.d/default.conf
subPath: default.conf
- name: html
mountPath: /usr/share/nginx/html
resources:
requests: { memory: 32Mi, cpu: 10m }
limits: { memory: 64Mi, cpu: 50m }
livenessProbe:
httpGet: { path: /healthz, port: 80 }
initialDelaySeconds: 5
periodSeconds: 10
readinessProbe:
httpGet: { path: /healthz, port: 80 }
initialDelaySeconds: 3
periodSeconds: 5
volumes:
- name: nginx-conf
configMap: { name: andrew-web-nginx-conf }
- name: html
configMap: { name: andrew-web-html }
---
apiVersion: v1
kind: Service
metadata:
name: andrew-web
namespace: fc-tenant-andrew
spec:
selector:
app: andrew-web
ports:
- port: 80
targetPort: 80
name: http

18
docs/gx10-tenant-landing/andrew-ingressroute.yaml Normal file
View File

@@ -0,0 +1,18 @@
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: andrew-web
namespace: fc-tenant-andrew
spec:
entryPoints:
- websecure
routes:
- match: Host(`bluejay.dev`) || Host(`www.bluejay.dev`)
kind: Rule
priority: 100
services:
- name: andrew-web
port: 80
tls:
secretName: cf-origin-bluejay-dev

208
docs/gx10-tenant-landing/dustin-deploy.yaml Normal file
View File

@@ -0,0 +1,208 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: fc-tenant-dustin
labels:
app.kubernetes.io/part-of: bluejay-infra
flowercore.io/tenant: dustin
---
apiVersion: v1
kind: ConfigMap
metadata:
name: dustin-web-html
namespace: fc-tenant-dustin
data:
index.html: |
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>timeforta.co &mdash; Coming Soon</title>
<style>
* { margin: 0; padding: 0; box-sizing: border-box; }
body {
background: #1a1a2e;
color: #e0e0e0;
font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
min-height: 100vh;
display: flex;
flex-direction: column;
align-items: center;
justify-content: center;
}
.container {
text-align: center;
padding: 2rem;
max-width: 600px;
}
.icon {
font-size: 4rem;
margin-bottom: 1rem;
filter: drop-shadow(0 0 20px #4aff9e40);
}
h1 {
font-size: 2.5rem;
font-weight: 700;
color: #4aff9e;
margin-bottom: 0.5rem;
letter-spacing: -0.02em;
}
.domain {
font-size: 1.1rem;
color: #888;
margin-bottom: 2rem;
font-family: 'SF Mono', Monaco, 'Cascadia Code', monospace;
}
.divider {
width: 60px;
height: 3px;
background: #4aff9e;
margin: 0 auto 2rem;
border-radius: 2px;
}
.tagline {
font-size: 1.3rem;
color: #ccc;
margin-bottom: 1rem;
line-height: 1.5;
}
.status {
display: inline-block;
padding: 0.4rem 1.2rem;
background: #4aff9e15;
border: 1px solid #4aff9e40;
border-radius: 20px;
color: #4aff9e;
font-size: 0.85rem;
font-weight: 500;
letter-spacing: 0.05em;
text-transform: uppercase;
margin-top: 1.5rem;
}
.pulse {
display: inline-block;
width: 8px;
height: 8px;
background: #4aff9e;
border-radius: 50%;
margin-right: 8px;
animation: pulse 2s infinite;
}
@keyframes pulse {
0%, 100% { opacity: 1; }
50% { opacity: 0.3; }
}
footer {
position: fixed;
bottom: 0;
width: 100%;
text-align: center;
padding: 1.5rem;
color: #555;
font-size: 0.8rem;
border-top: 1px solid #ffffff08;
background: #1a1a2e;
}
footer a {
color: #4a9eff;
text-decoration: none;
}
footer a:hover {
text-decoration: underline;
}
</style>
</head>
<body>
<div class="container">
<div class="icon">&#x1F32E;</div>
<h1>timeforta.co</h1>
<div class="domain">Dustin</div>
<div class="divider"></div>
<p class="tagline">It's always time for tacos.</p>
<div class="status">
<span class="pulse"></span>
Under Construction
</div>
</div>
<footer>
Powered by <a href="https://flowercore.io">FlowerCore</a> &bull; Hosted on Blue Jay Infrastructure
</footer>
</body>
</html>
---
apiVersion: v1
kind: ConfigMap
metadata:
name: dustin-web-nginx-conf
namespace: fc-tenant-dustin
data:
default.conf: |
server {
listen 80;
server_name _;
root /usr/share/nginx/html;
index index.html;
location / { try_files $uri $uri/ =404; }
location /healthz { access_log off; return 200 "ok"; add_header Content-Type text/plain; }
}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: dustin-web
namespace: fc-tenant-dustin
labels:
app: dustin-web
spec:
replicas: 1
selector:
matchLabels:
app: dustin-web
template:
metadata:
labels:
app: dustin-web
spec:
containers:
- name: nginx
image: nginx:alpine
ports:
- containerPort: 80
name: http
volumeMounts:
- name: nginx-conf
mountPath: /etc/nginx/conf.d/default.conf
subPath: default.conf
- name: html
mountPath: /usr/share/nginx/html
resources:
requests: { memory: 32Mi, cpu: 10m }
limits: { memory: 64Mi, cpu: 50m }
livenessProbe:
httpGet: { path: /healthz, port: 80 }
initialDelaySeconds: 5
periodSeconds: 10
readinessProbe:
httpGet: { path: /healthz, port: 80 }
initialDelaySeconds: 3
periodSeconds: 5
volumes:
- name: nginx-conf
configMap: { name: dustin-web-nginx-conf }
- name: html
configMap: { name: dustin-web-html }
---
apiVersion: v1
kind: Service
metadata:
name: dustin-web
namespace: fc-tenant-dustin
spec:
selector:
app: dustin-web
ports:
- port: 80
targetPort: 80
name: http

18
docs/gx10-tenant-landing/dustin-ingressroute.yaml Normal file
View File

@@ -0,0 +1,18 @@
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: dustin-web
namespace: fc-tenant-dustin
spec:
entryPoints:
- websecure
routes:
- match: Host(`timeforta.co`) || Host(`www.timeforta.co`)
kind: Rule
priority: 100
services:
- name: dustin-web
port: 80
tls:
secretName: cf-origin-timeforta-co

225
docs/gx10-tenant-landing/erik-deploy.yaml Normal file
View File

@@ -0,0 +1,225 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: fc-tenant-erik
labels:
app.kubernetes.io/part-of: bluejay-infra
flowercore.io/tenant: erik
---
apiVersion: v1
kind: ConfigMap
metadata:
name: erik-web-html
namespace: fc-tenant-erik
data:
index.html: |
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Erckak — erckak.dev</title>
<style>
* { margin: 0; padding: 0; box-sizing: border-box; }
body {
font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
background: #0A1628;
color: #e0e8f0;
min-height: 100vh;
display: flex;
flex-direction: column;
align-items: center;
justify-content: center;
overflow: hidden;
}
.bg {
position: fixed;
inset: 0;
background:
radial-gradient(ellipse 80% 60% at 50% 0%, rgba(43,138,255,0.15) 0%, transparent 70%),
radial-gradient(ellipse 60% 50% at 80% 100%, rgba(43,138,255,0.08) 0%, transparent 60%),
linear-gradient(135deg, #0A1628 0%, #111E36 50%, #0A1628 100%);
z-index: 0;
}
.container {
position: relative;
z-index: 1;
text-align: center;
padding: 2rem;
max-width: 640px;
width: 100%;
}
.badge {
display: inline-block;
background: rgba(43,138,255,0.12);
border: 1px solid rgba(43,138,255,0.25);
border-radius: 20px;
padding: 0.4rem 1.2rem;
font-size: 0.8rem;
color: #2B8AFF;
letter-spacing: 0.08em;
text-transform: uppercase;
margin-bottom: 2rem;
}
.icon {
font-size: 4rem;
margin-bottom: 1.5rem;
filter: drop-shadow(0 0 30px rgba(43,138,255,0.3));
}
h1 {
font-size: 2.8rem;
font-weight: 700;
background: linear-gradient(135deg, #2B8AFF 0%, #6BB3FF 100%);
-webkit-background-clip: text;
-webkit-text-fill-color: transparent;
background-clip: text;
margin-bottom: 0.5rem;
}
.domain {
font-size: 1.1rem;
color: #6BB3FF;
font-weight: 300;
font-family: 'SF Mono', 'Fira Code', 'Consolas', monospace;
margin-bottom: 2.5rem;
}
.status {
display: inline-flex;
align-items: center;
gap: 0.5rem;
background: rgba(43,138,255,0.08);
border: 1px solid rgba(43,138,255,0.15);
border-radius: 8px;
padding: 1rem 2rem;
margin-bottom: 2rem;
}
.status .dot {
width: 8px;
height: 8px;
background: #2B8AFF;
border-radius: 50%;
animation: pulse 2s ease-in-out infinite;
}
@keyframes pulse {
0%, 100% { opacity: 0.4; }
50% { opacity: 1; box-shadow: 0 0 8px rgba(43,138,255,0.6); }
}
.status p {
font-size: 0.95rem;
color: #8aa8c4;
}
.divider {
width: 40px;
height: 2px;
background: linear-gradient(90deg, transparent, rgba(43,138,255,0.4), transparent);
margin: 2rem auto;
}
.footer {
color: #3a5570;
font-size: 0.75rem;
line-height: 1.6;
}
.footer a {
color: #4a7a9e;
text-decoration: none;
}
@media (max-width: 480px) {
h1 { font-size: 2rem; }
.icon { font-size: 3rem; }
.container { padding: 1.5rem; }
}
</style>
</head>
<body>
<div class="bg"></div>
<div class="container">
<div class="badge">Erik's Space</div>
<div class="icon">&#x1F680;</div>
<h1>Erckak</h1>
<p class="domain">erckak.dev</p>
<div class="status">
<span class="dot"></span>
<p>Coming Soon</p>
</div>
<div class="divider"></div>
<p class="footer">
Powered by <a href="https://flowercore.io">FlowerCore</a>
</p>
</div>
</body>
</html>
---
apiVersion: v1
kind: ConfigMap
metadata:
name: erik-web-nginx-conf
namespace: fc-tenant-erik
data:
default.conf: |
server {
listen 80;
server_name _;
root /usr/share/nginx/html;
index index.html;
location / { try_files $uri $uri/ =404; }
location /healthz { access_log off; return 200 "ok"; add_header Content-Type text/plain; }
}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: erik-web
namespace: fc-tenant-erik
labels:
app: erik-web
spec:
replicas: 1
selector:
matchLabels:
app: erik-web
template:
metadata:
labels:
app: erik-web
spec:
containers:
- name: nginx
image: nginx:alpine
ports:
- containerPort: 80
name: http
volumeMounts:
- name: nginx-conf
mountPath: /etc/nginx/conf.d/default.conf
subPath: default.conf
- name: html
mountPath: /usr/share/nginx/html
resources:
requests: { memory: 32Mi, cpu: 10m }
limits: { memory: 64Mi, cpu: 50m }
livenessProbe:
httpGet: { path: /healthz, port: 80 }
initialDelaySeconds: 5
periodSeconds: 10
readinessProbe:
httpGet: { path: /healthz, port: 80 }
initialDelaySeconds: 3
periodSeconds: 5
volumes:
- name: nginx-conf
configMap: { name: erik-web-nginx-conf }
- name: html
configMap: { name: erik-web-html }
---
apiVersion: v1
kind: Service
metadata:
name: erik-web
namespace: fc-tenant-erik
spec:
selector:
app: erik-web
ports:
- port: 80
targetPort: 80
name: http

18
docs/gx10-tenant-landing/erik-ingressroute.yaml Normal file
View File

@@ -0,0 +1,18 @@
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: erik-web
namespace: fc-tenant-erik
spec:
entryPoints:
- websecure
routes:
- match: Host(`erckak.dev`) || Host(`www.erckak.dev`)
kind: Rule
priority: 100
services:
- name: erik-web
port: 80
tls:
secretName: cf-origin-erckak-dev

225
docs/gx10-tenant-landing/fit-deploy.yaml Normal file
View File

@@ -0,0 +1,225 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: fc-tenant-fit
labels:
app.kubernetes.io/part-of: bluejay-infra
flowercore.io/tenant: fit
---
apiVersion: v1
kind: ConfigMap
metadata:
name: fit-web-html
namespace: fc-tenant-fit
data:
index.html: |
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Flower Insider — flowerinsider.xyz</title>
<style>
* { margin: 0; padding: 0; box-sizing: border-box; }
body {
font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
background: #0A1628;
color: #e0e8f0;
min-height: 100vh;
display: flex;
flex-direction: column;
align-items: center;
justify-content: center;
overflow: hidden;
}
.bg {
position: fixed;
inset: 0;
background:
radial-gradient(ellipse 80% 60% at 50% 0%, rgba(43,138,255,0.15) 0%, transparent 70%),
radial-gradient(ellipse 60% 50% at 80% 100%, rgba(43,138,255,0.08) 0%, transparent 60%),
linear-gradient(135deg, #0A1628 0%, #111E36 50%, #0A1628 100%);
z-index: 0;
}
.container {
position: relative;
z-index: 1;
text-align: center;
padding: 2rem;
max-width: 640px;
width: 100%;
}
.badge {
display: inline-block;
background: rgba(43,138,255,0.12);
border: 1px solid rgba(43,138,255,0.25);
border-radius: 20px;
padding: 0.4rem 1.2rem;
font-size: 0.8rem;
color: #2B8AFF;
letter-spacing: 0.08em;
text-transform: uppercase;
margin-bottom: 2rem;
}
.icon {
font-size: 4rem;
margin-bottom: 1.5rem;
filter: drop-shadow(0 0 30px rgba(43,138,255,0.3));
}
h1 {
font-size: 2.8rem;
font-weight: 700;
background: linear-gradient(135deg, #2B8AFF 0%, #6BB3FF 100%);
-webkit-background-clip: text;
-webkit-text-fill-color: transparent;
background-clip: text;
margin-bottom: 0.5rem;
}
.domain {
font-size: 1.1rem;
color: #6BB3FF;
font-weight: 300;
font-family: 'SF Mono', 'Fira Code', 'Consolas', monospace;
margin-bottom: 2.5rem;
}
.status {
display: inline-flex;
align-items: center;
gap: 0.5rem;
background: rgba(43,138,255,0.08);
border: 1px solid rgba(43,138,255,0.15);
border-radius: 8px;
padding: 1rem 2rem;
margin-bottom: 2rem;
}
.status .dot {
width: 8px;
height: 8px;
background: #2B8AFF;
border-radius: 50%;
animation: pulse 2s ease-in-out infinite;
}
@keyframes pulse {
0%, 100% { opacity: 0.4; }
50% { opacity: 1; box-shadow: 0 0 8px rgba(43,138,255,0.6); }
}
.status p {
font-size: 0.95rem;
color: #8aa8c4;
}
.divider {
width: 40px;
height: 2px;
background: linear-gradient(90deg, transparent, rgba(43,138,255,0.4), transparent);
margin: 2rem auto;
}
.footer {
color: #3a5570;
font-size: 0.75rem;
line-height: 1.6;
}
.footer a {
color: #4a7a9e;
text-decoration: none;
}
@media (max-width: 480px) {
h1 { font-size: 2rem; }
.icon { font-size: 3rem; }
.container { padding: 1.5rem; }
}
</style>
</head>
<body>
<div class="bg"></div>
<div class="container">
<div class="badge">Flower Insider Team</div>
<div class="icon">&#x1F338;</div>
<h1>Flower Insider</h1>
<p class="domain">flowerinsider.xyz</p>
<div class="status">
<span class="dot"></span>
<p>Coming Soon</p>
</div>
<div class="divider"></div>
<p class="footer">
Powered by <a href="https://flowercore.io">FlowerCore</a>
</p>
</div>
</body>
</html>
---
apiVersion: v1
kind: ConfigMap
metadata:
name: fit-web-nginx-conf
namespace: fc-tenant-fit
data:
default.conf: |
server {
listen 80;
server_name _;
root /usr/share/nginx/html;
index index.html;
location / { try_files $uri $uri/ =404; }
location /healthz { access_log off; return 200 "ok"; add_header Content-Type text/plain; }
}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: fit-web
namespace: fc-tenant-fit
labels:
app: fit-web
spec:
replicas: 1
selector:
matchLabels:
app: fit-web
template:
metadata:
labels:
app: fit-web
spec:
containers:
- name: nginx
image: nginx:alpine
ports:
- containerPort: 80
name: http
volumeMounts:
- name: nginx-conf
mountPath: /etc/nginx/conf.d/default.conf
subPath: default.conf
- name: html
mountPath: /usr/share/nginx/html
resources:
requests: { memory: 32Mi, cpu: 10m }
limits: { memory: 64Mi, cpu: 50m }
livenessProbe:
httpGet: { path: /healthz, port: 80 }
initialDelaySeconds: 5
periodSeconds: 10
readinessProbe:
httpGet: { path: /healthz, port: 80 }
initialDelaySeconds: 3
periodSeconds: 5
volumes:
- name: nginx-conf
configMap: { name: fit-web-nginx-conf }
- name: html
configMap: { name: fit-web-html }
---
apiVersion: v1
kind: Service
metadata:
name: fit-web
namespace: fc-tenant-fit
spec:
selector:
app: fit-web
ports:
- port: 80
targetPort: 80
name: http

18
docs/gx10-tenant-landing/fit-ingressroute.yaml Normal file
View File

@@ -0,0 +1,18 @@
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: fit-web
namespace: fc-tenant-fit
spec:
entryPoints:
- websecure
routes:
- match: Host(`flowerinsider.xyz`) || Host(`www.flowerinsider.xyz`)
kind: Rule
priority: 100
services:
- name: fit-web
port: 80
tls:
secretName: cf-origin-flowerinsider-xyz

208
docs/gx10-tenant-landing/matt-deploy.yaml Normal file
View File

@@ -0,0 +1,208 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: fc-tenant-matt
labels:
app.kubernetes.io/part-of: bluejay-infra
flowercore.io/tenant: matt
---
apiVersion: v1
kind: ConfigMap
metadata:
name: matt-web-html
namespace: fc-tenant-matt
data:
index.html: |
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>matt.flowercore.io &mdash; Coming Soon</title>
<style>
* { margin: 0; padding: 0; box-sizing: border-box; }
body {
background: #1a1a2e;
color: #e0e0e0;
font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
min-height: 100vh;
display: flex;
flex-direction: column;
align-items: center;
justify-content: center;
}
.container {
text-align: center;
padding: 2rem;
max-width: 600px;
}
.icon {
font-size: 4rem;
margin-bottom: 1rem;
filter: drop-shadow(0 0 20px #ff6b4a40);
}
h1 {
font-size: 2.5rem;
font-weight: 700;
color: #ff6b4a;
margin-bottom: 0.5rem;
letter-spacing: -0.02em;
}
.domain {
font-size: 1.1rem;
color: #888;
margin-bottom: 2rem;
font-family: 'SF Mono', Monaco, 'Cascadia Code', monospace;
}
.divider {
width: 60px;
height: 3px;
background: #ff6b4a;
margin: 0 auto 2rem;
border-radius: 2px;
}
.tagline {
font-size: 1.3rem;
color: #ccc;
margin-bottom: 1rem;
line-height: 1.5;
}
.status {
display: inline-block;
padding: 0.4rem 1.2rem;
background: #ff6b4a15;
border: 1px solid #ff6b4a40;
border-radius: 20px;
color: #ff6b4a;
font-size: 0.85rem;
font-weight: 500;
letter-spacing: 0.05em;
text-transform: uppercase;
margin-top: 1.5rem;
}
.pulse {
display: inline-block;
width: 8px;
height: 8px;
background: #ff6b4a;
border-radius: 50%;
margin-right: 8px;
animation: pulse 2s infinite;
}
@keyframes pulse {
0%, 100% { opacity: 1; }
50% { opacity: 0.3; }
}
footer {
position: fixed;
bottom: 0;
width: 100%;
text-align: center;
padding: 1.5rem;
color: #555;
font-size: 0.8rem;
border-top: 1px solid #ffffff08;
background: #1a1a2e;
}
footer a {
color: #4a9eff;
text-decoration: none;
}
footer a:hover {
text-decoration: underline;
}
</style>
</head>
<body>
<div class="container">
<div class="icon">&#x1F525;</div>
<h1>matt.flowercore.io</h1>
<div class="domain">Matt</div>
<div class="divider"></div>
<p class="tagline">Building something extraordinary.</p>
<div class="status">
<span class="pulse"></span>
Under Construction
</div>
</div>
<footer>
Powered by <a href="https://flowercore.io">FlowerCore</a> &bull; Hosted on Blue Jay Infrastructure
</footer>
</body>
</html>
---
apiVersion: v1
kind: ConfigMap
metadata:
name: matt-web-nginx-conf
namespace: fc-tenant-matt
data:
default.conf: |
server {
listen 80;
server_name _;
root /usr/share/nginx/html;
index index.html;
location / { try_files $uri $uri/ =404; }
location /healthz { access_log off; return 200 "ok"; add_header Content-Type text/plain; }
}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: matt-web
namespace: fc-tenant-matt
labels:
app: matt-web
spec:
replicas: 1
selector:
matchLabels:
app: matt-web
template:
metadata:
labels:
app: matt-web
spec:
containers:
- name: nginx
image: nginx:alpine
ports:
- containerPort: 80
name: http
volumeMounts:
- name: nginx-conf
mountPath: /etc/nginx/conf.d/default.conf
subPath: default.conf
- name: html
mountPath: /usr/share/nginx/html
resources:
requests: { memory: 32Mi, cpu: 10m }
limits: { memory: 64Mi, cpu: 50m }
livenessProbe:
httpGet: { path: /healthz, port: 80 }
initialDelaySeconds: 5
periodSeconds: 10
readinessProbe:
httpGet: { path: /healthz, port: 80 }
initialDelaySeconds: 3
periodSeconds: 5
volumes:
- name: nginx-conf
configMap: { name: matt-web-nginx-conf }
- name: html
configMap: { name: matt-web-html }
---
apiVersion: v1
kind: Service
metadata:
name: matt-web
namespace: fc-tenant-matt
spec:
selector:
app: matt-web
ports:
- port: 80
targetPort: 80
name: http

18
docs/gx10-tenant-landing/matt-ingressroute.yaml Normal file
View File

@@ -0,0 +1,18 @@
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: matt-web
namespace: fc-tenant-matt
spec:
entryPoints:
- websecure
routes:
- match: Host(`matt.flowercore.io`)
kind: Rule
priority: 100
services:
- name: matt-web
port: 80
tls:
secretName: cf-origin-flowercore-io