From 46aac745c26c27acaafc295c144db402b286ff47 Mon Sep 17 00:00:00 2001
From: abearxiong <xiongxiao@xiongxiao.me>
Date: Sun, 30 Nov 2025 15:47:59 +0800
Subject: [PATCH] update

---
 k8s/xiongxiao.me/apps/my-secrets.yaml |  14 ++++
 k8s/xiongxiao.me/apps/newsnow.yaml    | 110 ++++++++++++++++++++++++++
 2 files changed, 124 insertions(+)
 create mode 100644 k8s/xiongxiao.me/apps/my-secrets.yaml
 create mode 100644 k8s/xiongxiao.me/apps/newsnow.yaml

diff --git a/k8s/xiongxiao.me/apps/my-secrets.yaml b/k8s/xiongxiao.me/apps/my-secrets.yaml
new file mode 100644
index 0000000..df5124c
--- /dev/null
+++ b/k8s/xiongxiao.me/apps/my-secrets.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: my-secrets
+  namespace: default
+type: Opaque
+data:
+  # Base64 编码的值 
+  # Ov23littcejmbA5iKrhK -> T3YyM2xpdHRjZWptYUE1aUtyaEs=
+  # af67c4cdbc37367a69258d798e06641e51445315 -> YWY2N2M0Y2RiYzM3MzY3YTY5MjU4ZDc5OGUwNjY0MWU1MTQ0NTMxNQ==
+  # abc123 ->YWJjMTIz
+  g-client-id: T3YyM2xpdHRjZWptYkE1aUtyaEs=
+  g-client-secret: YWY2N2M0Y2RiYzM3MzY3YTY5MjU4ZDc5OGUwNjY0MWU1MTQ0NTMxNQ==
+  jwt-secret: YWJjMTIz
\ No newline at end of file
diff --git a/k8s/xiongxiao.me/apps/newsnow.yaml b/k8s/xiongxiao.me/apps/newsnow.yaml
new file mode 100644
index 0000000..e27874b
--- /dev/null
+++ b/k8s/xiongxiao.me/apps/newsnow.yaml
@@ -0,0 +1,110 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: newsnow
+  labels:
+    app: newsnow
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: newsnow
+  template:
+    metadata:
+      labels:
+        app: newsnow
+    spec:
+      containers:
+      - name: newsnow
+        image: ghcr.io/ourongxing/newsnow:latest
+        ports:
+        - containerPort: 4444
+        env:
+        - name: HOST
+          value: "0.0.0.0"
+        - name: PORT
+          value: "4444"
+        - name: NODE_ENV
+          value: "production"
+        - name: G_CLIENT_ID
+          valueFrom:
+            secretKeyRef:
+              name: my-secrets
+              key: g-client-id
+        - name: G_CLIENT_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: my-secrets
+              key: g-client-secret
+        - name: JWT_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: my-secrets
+              key: jwt-secret
+        - name: INIT_TABLE
+          value: "true"
+        - name: ENABLE_CACHE
+          value: "true"
+        resources:
+          requests:
+            memory: "128Mi"
+            cpu: "100m"
+          limits:
+            memory: "512Mi"
+            cpu: "500m"
+        livenessProbe:
+          httpGet:
+            path: /
+            port: 4444
+          initialDelaySeconds: 30
+          periodSeconds: 10
+          timeoutSeconds: 5
+          failureThreshold: 3
+        readinessProbe:
+          httpGet:
+            path: /
+            port: 4444
+          initialDelaySeconds: 5
+          periodSeconds: 5
+          timeoutSeconds: 3
+          failureThreshold: 3
+        volumeMounts:
+        - name: data-volume
+          mountPath: /usr/app/.data
+      volumes:
+      - name: data-volume
+        hostPath:
+          path: /opt/docker/newsnow/data
+          type: DirectoryOrCreate
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: newsnow
+  labels:
+    app: newsnow
+spec:
+  type: ClusterIP
+  ports:
+  - port: 4444
+    targetPort: 4444
+    protocol: TCP
+    name: http
+  selector:
+    app: newsnow
+---
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: newsnow-https
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`newsnow.xiongxiao.me`)
+      kind: Rule
+      services:
+        - name: newsnow
+          port: 4444
+  tls:
+    certResolver: letsencrypt
\ No newline at end of file