Replace Homepage Helm chart with kustomize manifests and custom Dockerfile #221

Merged

eblume merged 8 commits from feature/homepage-kustomize into main

2026-02-19 18:29:19 -08:00

eblume commented

2026-02-19 17:55:52 -08:00

Owner

Summary

Replace third-party Helm chart (jameswynn/homepage v2.1.0, pinned at app v1.2.0) with plain kustomize manifests and a custom Dockerfile building from forge mirror at v1.10.1
Adds Dockerfile (containers/homepage/) with multi-stage build (node:22-slim builder, node:22-alpine runtime)
Creates kustomize manifests: Deployment, Service, ConfigMap (6 config files), ServiceAccount, ClusterRole, ClusterRoleBinding
Keeps existing ingress-tailscale.yaml and all 6 ExternalSecret resources unchanged
Updates ArgoCD app definition from multi-source Helm to single directory source

Prerequisite

Homepage source mirrored at forge.ops.eblu.me/eblume/homepage.git ✅
Container must be built and pushed before syncing: mise run container-release homepage v1.10.1

Deployment and Testing

Build and push container image: mise run container-release homepage v1.10.1
Branch-test via ArgoCD: argocd app set homepage --revision feature/homepage-kustomize && argocd app sync homepage
Verify dashboard loads at go.ops.eblu.me / go.tail8d86e.ts.net
Verify k8s autodiscovery works (services appear on dashboard)
Verify widgets load (weather, Forgejo, Jellyfin, etc.)
After merge: argocd app set homepage --revision main && argocd app sync homepage

🤖 Generated with Claude Code

## Summary - Replace third-party Helm chart (jameswynn/homepage v2.1.0, pinned at app v1.2.0) with plain kustomize manifests and a custom Dockerfile building from forge mirror at v1.10.1 - Adds Dockerfile (`containers/homepage/`) with multi-stage build (node:22-slim builder, node:22-alpine runtime) - Creates kustomize manifests: Deployment, Service, ConfigMap (6 config files), ServiceAccount, ClusterRole, ClusterRoleBinding - Keeps existing ingress-tailscale.yaml and all 6 ExternalSecret resources unchanged - Updates ArgoCD app definition from multi-source Helm to single directory source ## Prerequisite - Homepage source mirrored at forge.ops.eblu.me/eblume/homepage.git ✅ - Container must be built and pushed before syncing: `mise run container-release homepage v1.10.1` ## Deployment and Testing - [ ] Build and push container image: `mise run container-release homepage v1.10.1` - [ ] Branch-test via ArgoCD: `argocd app set homepage --revision feature/homepage-kustomize && argocd app sync homepage` - [ ] Verify dashboard loads at go.ops.eblu.me / go.tail8d86e.ts.net - [ ] Verify k8s autodiscovery works (services appear on dashboard) - [ ] Verify widgets load (weather, Forgejo, Jellyfin, etc.) - [ ] After merge: `argocd app set homepage --revision main && argocd app sync homepage` 🤖 Generated with [Claude Code](https://claude.com/claude-code)

eblume added 1 commit

2026-02-19 17:55:52 -08:00

Replace Homepage Helm chart with kustomize manifests and custom Dockerfile 0648ae450d

The third-party Helm chart (jameswynn/homepage v2.1.0) pinned Homepage at
v1.2.0, 8 minor versions behind upstream. Replace with plain kustomize
manifests and a Dockerfile building from forge mirror at v1.10.1, matching
the pattern used by other blumeops services.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

eblume added 1 commit

2026-02-19 17:58:25 -08:00

Use Node 24 LTS base images for Homepage container e45b1a4afb

Node 24 is the current LTS (Node 22 EOL April 2027, but 24 is active LTS).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

eblume added 1 commit

2026-02-19 18:05:50 -08:00

Add ca-certificates to Homepage builder stage

Build Container (Nix) / build (push) Successful in 3s

Details

Build Container / build (push) Successful in 3m2s

Details

7c0089a2ad

--no-install-recommends skips ca-certificates, causing git clone
to fail with SSL certificate verification errors.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

eblume added 1 commit

2026-02-19 18:07:51 -08:00

Set Homepage container image to v1.0.0 d1251dc10f

Container versions are decoupled from upstream app versions.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

eblume added 1 commit

2026-02-19 18:09:32 -08:00

Document version tracking convention in review-services bc0b031115

Container image tags are decoupled from upstream app versions;
service-versions.yaml tracks the upstream app version.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

eblume added 1 commit

2026-02-19 18:17:35 -08:00

Allow pod IP and cluster-local hosts in Homepage allowed hosts 38e6058789

Health probes use the pod IP which was being rejected by Homepage's
host validation, causing readiness failures and restarts.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

eblume added 1 commit

2026-02-19 18:20:13 -08:00

Fix health probes: set Host header to pass Homepage host validation 7c06896045

K8s probes use the pod IP as the Host header, which Homepage rejects.
Set an explicit Host header on probes to match the allowed hosts list.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

eblume added 1 commit

2026-02-19 18:23:06 -08:00

Use subPath mounts for Homepage config files d4fcc57046

Homepage tries to copy skeleton files (custom.css etc.) into /app/config
at startup. A ConfigMap volume mount makes the directory read-only,
blocking this. SubPath mounts keep individual config files from the
ConfigMap while leaving the directory writable.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>