kms: replace inline ConfigMap nginx with custom Hugo image

The kms-web-page deployment now pulls forgejo.viktorbarzin.me/viktor/kms-website:${var.image_tag} (source in the new Forgejo repo viktor/kms-website). The ConfigMap-mounted index.html is gone — the new site is a Hugo build with full GVLK catalog for every Microsoft KMS-eligible Windows + Office edition, copy-to-clipboard, dark/light themes. The container image tag is managed by CI (kubectl set image), so add lifecycle ignore_changes on container[0].image alongside the existing dns_config (Kyverno) ignore. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-07 23:28:57 +00:00 · 2026-05-07 23:28:57 +00:00 · afd78f8d3e
commit afd78f8d3e
parent 4518aff71c
3 changed files with 22 additions and 96 deletions
--- a/stacks/kms/.terraform.lock.hcl
+++ b/stacks/kms/.terraform.lock.hcl
@ -24,6 +24,14 @@ provider "registry.terraform.io/cloudflare/cloudflare" {
  ]
 }
 provider "registry.terraform.io/goauthentik/authentik" {
  version     = "2024.12.1"
  constraints = "~> 2024.10"
  hashes = [
    "h1:roBMd+gi+TGgikH/bMzEI8JfvJiMAQWt+8FmokCrQIs=",
  ]
 }
 provider "registry.terraform.io/hashicorp/helm" {
  version = "3.1.1"
  hashes = [
--- a/stacks/kms/main.tf
+++ b/stacks/kms/main.tf
@ -24,16 +24,6 @@ module "tls_secret" {
  tls_secret_name = var.tls_secret_name
 }
 resource "kubernetes_config_map" "kms-web-page" {
  metadata {
    name      = "kms-web-page-config"
    namespace = kubernetes_namespace.kms.metadata[0].name
  }
  data = {
    "index.html" = var.index_html
  }
 }
 resource "kubernetes_deployment" "kms-web-page" {
  metadata {
    name      = "kms-web-page"
@ -59,8 +49,11 @@ resource "kubernetes_deployment" "kms-web-page" {
        }
      }
      spec {
        image_pull_secrets {
          name = "registry-credentials"
        }
        container {
-          image             = "nginx"
+          image             = "forgejo.viktorbarzin.me/viktor/kms-website:${var.image_tag}"
          name              = "kms-web-page"
          image_pull_policy = "IfNotPresent"
          resources {
@ -76,29 +69,17 @@ resource "kubernetes_deployment" "kms-web-page" {
            container_port = 80
            protocol       = "TCP"
          }
          volume_mount {
            name       = "config"
            mount_path = "/usr/share/nginx/html/"
          }
        }
        volume {
          name = "config"
          config_map {
            name = "kms-web-page-config"
            items {
              key  = "index.html"
              path = "index.html"
            }
          }
        }
      }
    }
  }
  depends_on = [kubernetes_config_map.kms-web-page]
  lifecycle {
-    # KYVERNO_LIFECYCLE_V1: Kyverno admission webhook mutates dns_config with ndots=2
+    ignore_changes = [
-    ignore_changes = [spec[0].template[0].spec[0].dns_config]
+      # KYVERNO_LIFECYCLE_V1: Kyverno admission webhook mutates dns_config with ndots=2
      spec[0].template[0].spec[0].dns_config,
      # CI (Woodpecker) manages the live image tag via `kubectl set image`
      spec[0].template[0].spec[0].container[0].image,
    ]
  }
 }
--- a/stacks/kms/variables.tf
+++ b/stacks/kms/variables.tf
@ -1,68 +1,5 @@
-variable "index_html" {
+variable "image_tag" {
-
+  type        = string
-  default = <<EOT
+  default     = "latest"
-<h1>How to activate windows</h1>
+  description = "kms-website image tag pushed to forgejo.viktorbarzin.me/viktor/kms-website. Use 8-char git SHA in CI."
 Open the following link and find a key for you version of windows: </br>
 <b><a href="https://goo.gl/BcrPjW" target="_blank">https://goo.gl/BcrPjW</a></b>
 </br>
 </br>
 Open cmd as <b>Administrator</b> and run the following: </br>
 </br>
 <b>slmgr.vbs /ipk key_for_your_windows</b>
 </br>
 <b>slmgr.vbs /skms kms.viktorbarzin.me </b>
 <br>
 <b>
    slmgr /ato
 </b>
 <br>
 <p>
 <h3> If you have an evaluation windows, you need to change it to retail one. This is how:</h3>
 <br>
 From an elevated command prompt, determine the current edition name with the command <br>
 <strong>DISM /online /Get-CurrentEdition</strong>.
 <br>Make note of the edition ID, an abbreviated form of the edition name. Then run
 <br>
 <strong>DISM /online /Set-Edition:<edition ID> /ProductKey:XXXXX-XXXXX-XXXXX-XXXXX-XXXXX /AcceptEula</strong>
 <br> providing the edition ID and a retail product key. The server will restart
 </p>
 <hr>
 <h1>How to activate Microsoft Office</h1>
 <br>
 <b>
    CD \Program Files\Microsoft Office\Office16 </b> OR <b>CD \Program Files (x86)\Microsoft Office\Office16
 </b>
 <br>
 <b>
    cscript ospp.vbs /sethst:kms.viktorbarzin.me
 </b>
 <br>
 <b>
    cscript ospp.vbs /inpkey:xxxxx-xxxxx-xxxxx-xxxxx-xxxxx
 </b>
 <br>
 where 'xxxx' is a key for your office. Some examples for office 2016 - <a
    href="https://www.techdee.com/microsoft-office-2016-product-key/">https://www.techdee.com/microsoft-office-2016-product-key/</a>
 <br>
 <b>
    cscript ospp.vbs /act
 </b>
 <br>
 <br>
 If you messed up activation settings reset them using
 <br>
 slmgr /upk
 <br>
 slmgr /cpky
 <br>
 and
 <br>
 slmgr /rearm
 <h3>Buy me a beer :P</h3>
 EOT
 }