refactor(deploy): remove gingress controller, switch to nginx ingress

- Delete gingress templates (deployment, rbac, service) - Remove gingress config block from values.yaml - Switch ingress class to nginx with full annotations: - Unlimited body size for large file uploads - WebSocket support with 1h timeouts - Cookie-based session affinity - Real IP passthrough via X-Forwarded-For
feat(core): initialize project with access control and AI integration
2026-05-12 17:20:52 +08:00 · 2026-05-12 17:01:42 +08:00
7 changed files with 26 additions and 154 deletions
--- a/bun.lock
+++ b/bun.lock
@ -89,6 +89,7 @@
        "typescript": "~5.9.3",
        "typescript-eslint": "^8.57.1",
        "vite": "^7.3.1",
+        "vite-bundle-analyzer": "^1.3.8",
      },
    },
  },
@ -2581,6 +2582,8 @@

    "vite": ["vite@7.3.2", "https://registry.npmmirror.com/vite/-/vite-7.3.2.tgz", { "dependencies": { "esbuild": "^0.27.0", "fdir": "^6.5.0", "picomatch": "^4.0.3", "postcss": "^8.5.6", "rollup": "^4.43.0", "tinyglobby": "^0.2.15" }, "optionalDependencies": { "fsevents": "~2.3.3" }, "peerDependencies": { "@types/node": "^20.19.0 || >=22.12.0", "jiti": ">=1.21.0", "less": "^4.0.0", "lightningcss": "^1.21.0", "sass": "^1.70.0", "sass-embedded": "^1.70.0", "stylus": ">=0.54.8", "sugarss": "^5.0.0", "terser": "^5.16.0", "tsx": "^4.8.1", "yaml": "^2.4.2" }, "optionalPeers": ["@types/node", "jiti", "less", "lightningcss", "sass", "sass-embedded", "stylus", "sugarss", "terser", "tsx", "yaml"], "bin": { "vite": "bin/vite.js" } }, "sha512-Bby3NOsna2jsjfLVOHKes8sGwgl4TT0E6vvpYgnAYDIF/tie7MRaFthmKuHx1NSXjiTueXH3do80FMQgvEktRg=="],

+    "vite-bundle-analyzer": ["vite-bundle-analyzer@1.3.8", "", { "bin": { "analyze": "dist/bin.js" } }, "sha512-IIk7WPhoYs7pyo75jwI+dFt7yykgjK7NY+dqnJtiZnyqP2k6NgPb3TY80FLFjtgnfk/o+OjI18+anKyeviCbRA=="],
+
    "void-elements": ["void-elements@3.1.0", "https://registry.npmmirror.com/void-elements/-/void-elements-3.1.0.tgz", {}, "sha512-Dhxzh5HZuiHQhbvTW9AMetFfBHDMYpo23Uo9btPXgdYP+3T5S+p+jgNy7spra+veYhBP2dCSgxR/i2Y02h5/6w=="],

    "vscode-jsonrpc": ["vscode-jsonrpc@8.2.0", "", {}, "sha512-C+r0eKJUIfiDIfwJhria30+TYWPtuHJXHtI7J0YlOmKAo7ogxP20T0zxB7HZQIFhIyvoBPwWskjxrvAtfjyZfA=="],
--- a/deploy/templates/gingress/deployment.yaml
+++ b/deploy/templates/gingress/deployment.yaml
@ -1,69 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: gingress-controller
-  namespace: {{ .Values.gingress.namespace | default "gingress-system" }}
-  labels:
-    app: gingress
-spec:
-  replicas: {{ .Values.gingress.replicaCount | default 2 }}
-  selector:
-    matchLabels:
-      app: gingress
-  template:
-    metadata:
-      labels:
-        app: gingress
-    spec:
-      serviceAccountName: gingress-controller
-      containers:
-        - name: gingress
-          image: "{{ .Values.imageRegistry }}/{{ .Values.gingress.repository }}:{{ .Values.imageTag | default .Chart.AppVersion }}"
-          imagePullPolicy: {{ .Values.gingress.imagePullPolicy | default "IfNotPresent" }}
-          {{- with .Values.securityContext }}
-          securityContext:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          args:
-            - "--ingress-class=gingress"
-            - "--bind-http=0.0.0.0:{{ .Values.gingress.httpPort | default 80 }}"
-            - "--bind-https=0.0.0.0:{{ .Values.gingress.httpsPort | default 443 }}"
-            - "--metrics-bind=0.0.0.0:8080"
-          ports:
-            - name: http
-              containerPort: {{ .Values.gingress.httpPort | default 80 }}
-              protocol: TCP
-            - name: https
-              containerPort: {{ .Values.gingress.httpsPort | default 443 }}
-              protocol: TCP
-            - name: metrics
-              containerPort: 8080
-              protocol: TCP
-          env:
-            - name: RUST_LOG
-              value: {{ .Values.gingress.logLevel | default "info" | quote }}
-          livenessProbe:
-            httpGet:
-              path: /healthz
-              port: 8080
-            initialDelaySeconds: 10
-            periodSeconds: 10
-          readinessProbe:
-            httpGet:
-              path: /readyz
-              port: 8080
-            initialDelaySeconds: 5
-            periodSeconds: 5
-          {{- with .Values.gingress.resources }}
-          resources:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-      affinity:
-        podAntiAffinity:
-          preferredDuringSchedulingIgnoredDuringExecution:
-            - weight: 100
-              podAffinityTerm:
-                labelSelector:
-                  matchLabels:
-                    app: gingress
-                topologyKey: kubernetes.io/hostname
--- a/deploy/templates/gingress/rbac.yaml
+++ b/deploy/templates/gingress/rbac.yaml
@ -1,43 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: gingress-controller
-  namespace: {{ .Values.gingress.namespace | default "gingress-system" }}
---
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: gingress-controller
-rules:
-  - apiGroups: ["networking.k8s.io"]
-    resources: ["ingresses", "ingressclasses"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["networking.k8s.io"]
-    resources: ["ingresses/status"]
-    verbs: ["update", "patch"]
-  - apiGroups: [""]
-    resources: ["services", "endpoints", "endpointslices", "secrets", "nodes"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["discovery.k8s.io"]
-    resources: ["endpointslices"]
-    verbs: ["get", "list", "watch"]
---
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: gingress-controller
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: gingress-controller
-subjects:
-  - kind: ServiceAccount
-    name: gingress-controller
-    namespace: {{ .Values.gingress.namespace | default "gingress-system" }}
---
-apiVersion: networking.k8s.io/v1
-kind: IngressClass
-metadata:
-  name: gingress
-spec:
-  controller: gingress.io/gingress-controller
--- a/deploy/templates/gingress/service.yaml
+++ b/deploy/templates/gingress/service.yaml
@ -1,20 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: gingress
-  namespace: {{ .Values.gingress.namespace | default "gingress-system" }}
-  labels:
-    app: gingress
-spec:
-  type: LoadBalancer
-  selector:
-    app: gingress
-  ports:
-    - name: http
-      port: {{ .Values.gingress.httpPort | default 80 }}
-      targetPort: http
-      protocol: TCP
-    - name: https
-      port: {{ .Values.gingress.httpsPort | default 443 }}
-      targetPort: https
-      protocol: TCP
--- a/deploy/values.yaml
+++ b/deploy/values.yaml
@ -137,29 +137,22 @@ services:
        mountPath: /data
        subPath: static

-# Gingress controller configuration
-gingress:
-  namespace: "app"
-  repository: gingress
-  replicaCount: 2
-  httpPort: 80
-  httpsPort: 443
-  logLevel: "info"
-  resources:
-    requests:
-      cpu: 100m
-      memory: 128Mi
-    limits:
-      cpu: 500m
-      memory: 512Mi
-
-# Ingress — handled by gingress controller
+# Ingress
 ingress:
  enabled: true
-  className: "gingress"
+  className: "nginx"
  annotations:
    cert-manager.io/cluster-issuer: "cloudflare-acme-cluster-issuer"
-    gingress.io/git-backend: "deploy-gitserver:8021"
+    nginx.ingress.kubernetes.io/proxy-body-size: "0"
+    nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
+    nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
+    nginx.ingress.kubernetes.io/affinity: "cookie"
+    nginx.ingress.kubernetes.io/session-cookie-name: "INGRESSROUTE"
+    nginx.ingress.kubernetes.io/session-cookie-path: "/"
+    nginx.ingress.kubernetes.io/session-cookie-max-age: "86400"
+    nginx.ingress.kubernetes.io/enable-real-ip: "true"
+    nginx.ingress.kubernetes.io/real-ip-header: "X-Forwarded-For"
+    nginx.ingress.kubernetes.io/use-forwarded-headers: "true"
  hosts:
    - host: gitdata.ai
      paths:
@ -173,11 +166,18 @@ ingress:
          pathType: Prefix
          serviceName: static_server
          servicePort: 8081
+    - host: git.gitdata.ai
+      paths:
+        - path: /
+          pathType: Prefix
+          serviceName: gitserver
+          servicePort: 8021
  tls:
    - secretName: gitdata-ai-tls
      hosts:
        - gitdata.ai
        - static.gitdata.ai
+        - git.gitdata.ai

 imagePullSecrets: []
 nameOverride: ""
--- a/package.json
+++ b/package.json
@ -100,6 +100,7 @@
    "prettier-plugin-tailwindcss": "^0.7.2",
    "typescript": "~5.9.3",
    "typescript-eslint": "^8.57.1",
-    "vite": "^7.3.1"
+    "vite": "^7.3.1",
+    "vite-bundle-analyzer": "^1.3.8"
  }
 }
--- a/vite.config.ts
+++ b/vite.config.ts
@ -2,7 +2,7 @@ import path from "path"
 import tailwindcss from "@tailwindcss/vite"
 import react from "@vitejs/plugin-react"
 import {defineConfig, type Plugin} from "vite"
-
+import {analyzer} from 'vite-bundle-analyzer'

 function tailwindEscapeFix(): Plugin {
    return {
@ -17,7 +17,7 @@ function tailwindEscapeFix(): Plugin {
 }

 export default defineConfig({
-    plugins: [tailwindcss(), tailwindEscapeFix(), react()],
+    plugins: [tailwindcss(), tailwindEscapeFix(), react(), analyzer()],
    optimizeDeps: {
        entries: ["src/**/*.{ts,tsx}"],
    },