apiVersion: v1 kind: Secret metadata: name: wt-secrets namespace: warthunder type: Opaque stringData: DATABASE_URL: "postgresql://admin:geheim123@postgres-service:5432/warthunder" --- apiVersion: apps/v1 kind: Deployment metadata: name: wt-tracker-app namespace: warthunder spec: replicas: 1 selector: matchLabels: app: wt-tracker template: metadata: labels: app: wt-tracker spec: imagePullSecrets: - name: github-auth containers: - name: streamlit image: ghcr.io/unreg-hdw/wt-tracker:v1 ports: - containerPort: 8501 # WICHTIG: Streamlit Flags direkt im Deployment setzen, damit Traefik & Websockets funktionieren args: - "streamlit" - "run" - "app.py" - "--server.port=8501" - "--server.address=0.0.0.0" - "--server.enableCORS=false" - "--server.enableXsrfProtection=false" env: - name: DATABASE_URL valueFrom: secretKeyRef: name: wt-secrets key: DATABASE_URL --- apiVersion: v1 kind: Service metadata: name: wt-tracker-service namespace: warthunder spec: selector: app: wt-tracker ports: - protocol: TCP port: 80 targetPort: 8501 --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: wt-tracker-ingress namespace: warthunder annotations: # Sagt Traefik, welche Einstiegspunkte er nutzen soll cert-manager.io/cluster-issuer: "letsencrypt-prod" # Traefik soll HTTP auf HTTPS umleiten (optional, aber empfohlen) traefik.ingress.kubernetes.io/router.middlewares: "traefik-internal-redirect-https@kubernetescrd" traefik.ingress.kubernetes.io/router.entrypoints: web, websecure spec: # Das hier killt den 404: Explizite Zuweisung an Traefik ingressClassName: traefik rules: - host: wt.unreg-hdw.de http: paths: - path: / pathType: Prefix backend: service: name: wt-tracker-service port: number: 80 tls: - hosts: - wt.unreg-hdw.de