kms: replace inline ConfigMap nginx with custom Hugo image

The kms-web-page deployment now pulls forgejo.viktorbarzin.me/viktor/kms-website:${var.image_tag} (source in the new Forgejo repo viktor/kms-website). The ConfigMap-mounted index.html is gone — the new site is a Hugo build with full GVLK catalog for every Microsoft KMS-eligible Windows + Office edition, copy-to-clipboard, dark/light themes. The container image tag is managed by CI (kubectl set image), so add lifecycle ignore_changes on container[0].image alongside the existing dns_config (Kyverno) ignore. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-07 23:28:57 +00:00 · 2026-05-07 23:28:57 +00:00 · afd78f8d3e
commit afd78f8d3e
parent 4518aff71c
3 changed files with 22 additions and 96 deletions
--- a/stacks/kms/.terraform.lock.hcl
+++ b/stacks/kms/.terraform.lock.hcl
@ -24,6 +24,14 @@ provider "registry.terraform.io/cloudflare/cloudflare" {
  ]
 }

+provider "registry.terraform.io/goauthentik/authentik" {
+  version     = "2024.12.1"
+  constraints = "~> 2024.10"
+  hashes = [
+    "h1:roBMd+gi+TGgikH/bMzEI8JfvJiMAQWt+8FmokCrQIs=",
+  ]
+}
+
 provider "registry.terraform.io/hashicorp/helm" {
  version = "3.1.1"
  hashes = [
--- a/stacks/kms/main.tf
+++ b/stacks/kms/main.tf
@ -24,16 +24,6 @@ module "tls_secret" {
  tls_secret_name = var.tls_secret_name
 }

-resource "kubernetes_config_map" "kms-web-page" {
-  metadata {
-    name      = "kms-web-page-config"
-    namespace = kubernetes_namespace.kms.metadata[0].name
-  }
-  data = {
-    "index.html" = var.index_html
-  }
-}
-
 resource "kubernetes_deployment" "kms-web-page" {
  metadata {
    name      = "kms-web-page"
@ -59,8 +49,11 @@ resource "kubernetes_deployment" "kms-web-page" {
        }
      }
      spec {
+        image_pull_secrets {
+          name = "registry-credentials"
+        }
        container {
-          image             = "nginx"
+          image             = "forgejo.viktorbarzin.me/viktor/kms-website:${var.image_tag}"
          name              = "kms-web-page"
          image_pull_policy = "IfNotPresent"
          resources {
@ -76,29 +69,17 @@ resource "kubernetes_deployment" "kms-web-page" {
            container_port = 80
            protocol       = "TCP"
          }
-          volume_mount {
-            name       = "config"
-            mount_path = "/usr/share/nginx/html/"
-          }
-        }
-
-        volume {
-          name = "config"
-          config_map {
-            name = "kms-web-page-config"
-            items {
-              key  = "index.html"
-              path = "index.html"
-            }
-          }
        }
      }
    }
  }
-  depends_on = [kubernetes_config_map.kms-web-page]
  lifecycle {
-    # KYVERNO_LIFECYCLE_V1: Kyverno admission webhook mutates dns_config with ndots=2
-    ignore_changes = [spec[0].template[0].spec[0].dns_config]
+    ignore_changes = [
+      # KYVERNO_LIFECYCLE_V1: Kyverno admission webhook mutates dns_config with ndots=2
+      spec[0].template[0].spec[0].dns_config,
+      # CI (Woodpecker) manages the live image tag via `kubectl set image`
+      spec[0].template[0].spec[0].container[0].image,
+    ]
  }
 }

--- a/stacks/kms/variables.tf
+++ b/stacks/kms/variables.tf
@ -1,68 +1,5 @@
-variable "index_html" {
-
-  default = <<EOT
-<h1>How to activate windows</h1>
-Open the following link and find a key for you version of windows: </br>
-<b><a href="https://goo.gl/BcrPjW" target="_blank">https://goo.gl/BcrPjW</a></b>
-</br>
-</br>
-Open cmd as <b>Administrator</b> and run the following: </br>
-</br>
-<b>slmgr.vbs /ipk key_for_your_windows</b>
-</br>
-<b>slmgr.vbs /skms kms.viktorbarzin.me </b>
-<br>
-<b>
-    slmgr /ato
-</b>
-<br>
-<p>
-<h3> If you have an evaluation windows, you need to change it to retail one. This is how:</h3>
-<br>
-From an elevated command prompt, determine the current edition name with the command <br>
-<strong>DISM /online /Get-CurrentEdition</strong>.
-<br>Make note of the edition ID, an abbreviated form of the edition name. Then run
-<br>
-<strong>DISM /online /Set-Edition:<edition ID> /ProductKey:XXXXX-XXXXX-XXXXX-XXXXX-XXXXX /AcceptEula</strong>
-<br> providing the edition ID and a retail product key. The server will restart
-</p>
-<hr>
-
-
-<h1>How to activate Microsoft Office</h1>
-<br>
-<b>
-    CD \Program Files\Microsoft Office\Office16 </b> OR <b>CD \Program Files (x86)\Microsoft Office\Office16
-</b>
-<br>
-<b>
-    cscript ospp.vbs /sethst:kms.viktorbarzin.me
-</b>
-<br>
-<b>
-    cscript ospp.vbs /inpkey:xxxxx-xxxxx-xxxxx-xxxxx-xxxxx
-</b>
-<br>
-where 'xxxx' is a key for your office. Some examples for office 2016 - <a
-    href="https://www.techdee.com/microsoft-office-2016-product-key/">https://www.techdee.com/microsoft-office-2016-product-key/</a>
-<br>
-<b>
-    cscript ospp.vbs /act
-</b>
-
-<br>
-<br>
-If you messed up activation settings reset them using
-<br>
-slmgr /upk
-
-<br>
-slmgr /cpky
-<br>
-and
-<br>
-slmgr /rearm
-
-<h3>Buy me a beer :P</h3>
-EOT
+variable "image_tag" {
+  type        = string
+  default     = "latest"
+  description = "kms-website image tag pushed to forgejo.viktorbarzin.me/viktor/kms-website. Use 8-char git SHA in CI."
 }