TazLab K8s: hugo-blog Detail

Level 3 (Detail) — Blog deployment, ingress, redirect rules, and image automation.

Concept

hugo-blog serves the static Hugo-generated blog at blog.tazlab.net. It is deployed as a single-replica nginx container with image automation from the blog-src repository.

Manifests

File: apps/base/hugo-blog/

FilePurpose
hugo-blog.yamlDeployment + Service + Ingress + Redirect Ingress
middlewares.yamlTraefik redirect middleware
certificate.yamlLet’s Encrypt certificate for *.tazlab.net

Deployment

FieldValue
Imagetazzo/tazlab-blog:blog-<N>-<sha>
Port80
Replicas1

Image line includes the flux setter marker:

image: tazzo/tazlab-blog:blog-47-32117b2314277572d4e8905002bb2783c379656a # {"$imagepolicy": "flux-system:hugo-blog"}

Ingress — Main

Serves blog.tazlab.net on HTTPS using wildcard TLS.

Ingress — Redirect

Serves tazlab.net, www.tazlab.net, and lab.tazlab.net with a redirect middleware that forwards all traffic to blog.tazlab.net.

Redirect Middleware

spec:
  redirectRegex:
    regex: ^https?://(www\.)?tazlab\.net/(.*)
    replacement: https://blog.tazlab.net/${2}
    permanent: true

Certificate

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: blog-tazlab.net-tls
  namespace: hugo-blog
spec:
  secretName: blog-tazlab.net-tls
  issuerRef:
    name: tazlab-issuer
    kind: ClusterIssuer
  dnsNames:
    - "*.tazlab.net"

Image Automation

File: infrastructure/automation/hugo-blog/automation.yaml

ResourceNameDetails
ImageRepositoryhugo-blogtazzo/tazlab-blog, poll 1m
ImagePolicyhugo-blogTag ^blog-(?P<value>[0-9]+)-.*$, numerical asc
ImageUpdateAutomationhugo-blogCommits to ./apps/base/hugo-blog, strategy Setters

Delivery Chain

blog-src (Git push) → GitHub Action (publish.yml) → Docker Hub (tazzo/tazlab-blog:blog-<N>-<sha>)
→ Flux ImageRepository (poll 1m) → ImagePolicy (selects latest) → ImageUpdateAutomation (commits)
→ Flux reconcile apps-static → Deployment rollout

DAG Position

configs (Level 2, creates github-external-secret for Flux automation)
→ apps-static (Level 3, deploys hugo-blog)

See Also