Move ntfy ownership to cluster repo

Proof: npm test; PYTHONPATH=. python3 test/render_release_manifest_test.py; PYTHONPATH=. python3 test/repo_deployments_test.py; PYTHONPATH=. python3 test/ntfy_manifest_test.py; kubectl kustomize deploy/k8s/base. Assumptions: ntfy is a shared cluster utility owned by ../unrip3, while this app repo only consumes the internal ntfy endpoint and keeps publisher-side client/config. Still fake: No public ntfy ingress, auth token, iOS subscription, or runtime notification emission path is wired yet.
2026-04-16 00:22:08 +02:00 · 2026-04-16 00:22:08 +02:00 · f3676c201f
commit f3676c201f
parent 551050beb3
5 changed files with 7 additions and 113 deletions
--- a/.forgejo/workflows/deploy.yml
+++ b/.forgejo/workflows/deploy.yml
@ -156,5 +156,3 @@ jobs:
                kubectl -n "$PROJECT_NAMESPACE" set image "deployment/$deployment" app="$IMAGE"
                kubectl -n "$PROJECT_NAMESPACE" rollout status "deployment/$deployment" --timeout=180s
              done
          kubectl -n utility rollout status deployment/ntfy --timeout=180s
--- a/deploy/k8s/base/kustomization.yaml
+++ b/deploy/k8s/base/kustomization.yaml
@ -2,8 +2,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
  - namespace.yaml
  - utility-namespace.yaml
  - ntfy.yaml
  - redpanda.yaml
  - postgres.yaml
  - unrip.yaml
--- a/deploy/k8s/base/ntfy.yaml
+++ b/deploy/k8s/base/ntfy.yaml
@ -1,86 +0,0 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: ntfy-config
  namespace: utility
 data:
  server.yml: |
    base-url: http://ntfy.utility.svc.cluster.local
    cache-file: /var/cache/ntfy/cache.db
    attachment-cache-dir: /var/cache/ntfy/attachments
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: ntfy
  namespace: utility
  labels:
    app: ntfy
    app.kubernetes.io/part-of: unrip
 spec:
  type: ClusterIP
  selector:
    app: ntfy
  ports:
    - name: http
      port: 80
      targetPort: http
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: ntfy
  namespace: utility
  labels:
    app: ntfy
    app.kubernetes.io/part-of: unrip
 spec:
  replicas: 1
  selector:
    matchLabels:
      app: ntfy
  template:
    metadata:
      labels:
        app: ntfy
        app.kubernetes.io/part-of: unrip
    spec:
      containers:
        - name: ntfy
          image: binwiederhier/ntfy:v2.21.0
          imagePullPolicy: IfNotPresent
          args: ["serve"]
          ports:
            - name: http
              containerPort: 80
          readinessProbe:
            httpGet:
              path: /v1/health
              port: http
            initialDelaySeconds: 5
            periodSeconds: 10
          livenessProbe:
            httpGet:
              path: /v1/health
              port: http
            initialDelaySeconds: 20
            periodSeconds: 30
          resources:
            requests:
              cpu: 25m
              memory: 64Mi
            limits:
              cpu: 250m
              memory: 128Mi
          volumeMounts:
            - name: config
              mountPath: /etc/ntfy
              readOnly: true
            - name: cache
              mountPath: /var/cache/ntfy
      volumes:
        - name: config
          configMap:
            name: ntfy-config
        - name: cache
          emptyDir: {}
--- a/deploy/k8s/base/utility-namespace.yaml
+++ b/deploy/k8s/base/utility-namespace.yaml
@ -1,7 +0,0 @@
 apiVersion: v1
 kind: Namespace
 metadata:
  name: utility
  labels:
    app.kubernetes.io/part-of: unrip
    project.pi.io/type: utility
--- a/test/ntfy_manifest_test.py
+++ b/test/ntfy_manifest_test.py
@ -1,34 +1,25 @@
 import pathlib
 import re
 import unittest
 ROOT = pathlib.Path(__file__).resolve().parents[1]
 class NtfyManifestTest(unittest.TestCase):
-    def test_kustomization_includes_internal_ntfy_utility_resources(self):
+    def test_app_kustomization_does_not_own_cluster_ntfy_resources(self):
        source = (ROOT / 'deploy/k8s/base/kustomization.yaml').read_text()
-        self.assertIn('utility-namespace.yaml', source)
+        self.assertNotIn('utility-namespace.yaml', source)
-        self.assertIn('ntfy.yaml', source)
+        self.assertNotIn('ntfy.yaml', source)
-
+        self.assertFalse((ROOT / 'deploy/k8s/base/utility-namespace.yaml').exists())
-    def test_ntfy_manifest_is_internal_clusterip_service_with_health_checks(self):
+        self.assertFalse((ROOT / 'deploy/k8s/base/ntfy.yaml').exists())
        source = (ROOT / 'deploy/k8s/base/ntfy.yaml').read_text()
        self.assertIn('namespace: utility', source)
        self.assertIn('image: binwiederhier/ntfy:v2.21.0', source)
        self.assertRegex(source, r'kind: Service[\s\S]*type: ClusterIP')
        self.assertIn('path: /v1/health', source)
        self.assertIn('base-url: http://ntfy.utility.svc.cluster.local', source)
        self.assertNotIn('kind: Ingress', source)
    def test_unrip_services_receive_internal_notification_endpoint(self):
        source = (ROOT / 'deploy/k8s/base/unrip.yaml').read_text()
        self.assertIn('NOTIFICATION_NTFY_BASE_URL: http://ntfy.utility.svc.cluster.local', source)
        self.assertIn('NOTIFICATION_NTFY_TOPIC: unrip', source)
-    def test_workflow_waits_for_ntfy_rollout_without_rewriting_external_image(self):
+    def test_app_workflow_does_not_wait_on_cluster_owned_ntfy(self):
        source = (ROOT / '.forgejo/workflows/deploy.yml').read_text()
-        self.assertIn('kubectl -n utility rollout status deployment/ntfy --timeout=180s', source)
+        self.assertNotIn('deployment/ntfy', source)
        self.assertNotRegex(source, re.compile(r'set image "deployment/ntfy"'))
 if __name__ == '__main__':