feat(deploy): Datasette analytics sidecar + analytics.aleshym.co ingress

Adds a Datasette container alongside the existing server in the same pod so it can read the SQLite PVC without a second ReadWriteOnce mount. Protected by a Traefik BasicAuth middleware at analytics.aleshym.co. Also fixes the ArgoCD repoURL to point to the migrated Gitea hostname (git.aleshym.co) instead of the old bare IP. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-13 20:17:15 -07:00
parent b88f3df119
commit f6506c57e5
6 changed files with 82 additions and 1 deletions
@@ -0,0 +1,26 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: solitaire-analytics
+  namespace: solitaire
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+    traefik.ingress.kubernetes.io/router.entrypoints: websecure
+    traefik.ingress.kubernetes.io/router.middlewares: solitaire-analytics-auth@kubernetescrd
+spec:
+  ingressClassName: traefik
+  rules:
+    - host: analytics.aleshym.co
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: solitaire-server
+                port:
+                  name: analytics
+  tls:
+    - hosts:
+        - analytics.aleshym.co
+      secretName: analytics-tls