# Andrew Tenant — bluejay.dev
# Placeholder landing page served by nginx
# ArgoCD managed - BlueJay Lab
---
apiVersion: v1
kind: Namespace
metadata:
name: tenant-andrew
labels:
app.kubernetes.io/part-of: bluejay-infra
flowercore.io/tenant: andrew
---
# NOTE: The TLS secret cf-origin-bluejay-dev must be created in this namespace
# separately from a Cloudflare Origin Certificate covering *.bluejay.dev.
# Create with: kubectl create secret tls cf-origin-bluejay-dev \
# --cert=bluejay-dev-origin.pem --key=bluejay-dev-origin-key.pem \
# -n tenant-andrew
---
# Landing page HTML
apiVersion: v1
kind: ConfigMap
metadata:
name: andrew-web-html
namespace: tenant-andrew
data:
index.html: |
Blue Jay — bluejay.dev
Andrew's Space
🐦
Blue Jay
bluejay.dev
---
# nginx configuration
apiVersion: v1
kind: ConfigMap
metadata:
name: andrew-web-nginx-conf
namespace: tenant-andrew
data:
default.conf: |
server {
listen 80;
server_name _;
root /usr/share/nginx/html;
index index.html;
location / {
try_files $uri $uri/ =404;
}
location /healthz {
access_log off;
return 200 "ok";
add_header Content-Type text/plain;
}
}
---
# Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: andrew-web
namespace: tenant-andrew
labels:
app: andrew-web
spec:
replicas: 1
selector:
matchLabels:
app: andrew-web
template:
metadata:
labels:
app: andrew-web
annotations:
flowercore.io/healthz-auth-policy: "allow-anonymous"
spec:
containers:
- name: nginx
image: nginx:alpine
ports:
- containerPort: 80
name: http
volumeMounts:
- name: nginx-conf
mountPath: /etc/nginx/conf.d/default.conf
subPath: default.conf
- name: html
mountPath: /usr/share/nginx/html
resources:
requests:
memory: 32Mi
cpu: 10m
limits:
memory: 64Mi
cpu: 50m
livenessProbe:
httpGet:
path: /healthz
port: 80
httpHeaders:
- name: X-Forwarded-Proto
value: https
initialDelaySeconds: 5
periodSeconds: 10
readinessProbe:
httpGet:
path: /healthz
port: 80
httpHeaders:
- name: X-Forwarded-Proto
value: https
initialDelaySeconds: 3
periodSeconds: 5
volumes:
- name: nginx-conf
configMap:
name: andrew-web-nginx-conf
- name: html
configMap:
name: andrew-web-html
---
# Service
apiVersion: v1
kind: Service
metadata:
name: andrew-web
namespace: tenant-andrew
spec:
selector:
app: andrew-web
ports:
- port: 80
targetPort: 80
name: http
---
# Traefik IngressRoute — public via Cloudflare
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: andrew-web
namespace: tenant-andrew
spec:
entryPoints:
- websecure
routes:
- match: (Host(`bluejay.dev`) || Host(`www.bluejay.dev`)) && (Method(`GET`) || Method(`HEAD`))
kind: Rule
services:
- name: andrew-web
port: 80
tls:
secretName: cf-origin-bluejay-dev