Add Kaniko build automation for resume-site

- Namespace for resume-site resources
- Build trigger CronJob (runs every 5 minutes)
- Kaniko-based image builds to Harbor
- RBAC for build job creation
- PVC for tracking last commit

Follows same pattern as neon-vortex

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

k8s/build-trigger-cronjob.yaml

@@ -0,0 +1,39 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: resume-site-build-trigger
+  namespace: resume-site
+spec:
+  schedule: "*/5 * * * *"
+  concurrencyPolicy: Forbid
+  successfulJobsHistoryLimit: 1
+  failedJobsHistoryLimit: 1
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          serviceAccountName: build-trigger-cron-sa
+          restartPolicy: Never
+          containers:
+          - name: trigger
+            image: alpine/k8s:1.28.13
+            command:
+            - /bin/bash
+            args:
+            - -c
+            - |
+              apk add --no-cache git bash curl
+              /scripts/trigger-build.sh
+            volumeMounts:
+            - name: script
+              mountPath: /scripts
+            - name: data
+              mountPath: /data
+          volumes:
+          - name: script
+            configMap:
+              name: build-trigger-script
+              defaultMode: 0755
+          - name: data
+            persistentVolumeClaim:
+              claimName: build-trigger-data

k8s/build-trigger-pvc.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: build-trigger-data
+  namespace: resume-site
+spec:
+  accessModes:
+  - ReadWriteOnce
+  resources:
+    requests:
+      storage: 100Mi
+  storageClassName: longhorn

k8s/build-trigger-rbac.yaml

@@ -0,0 +1,32 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: build-trigger-cron-sa
+  namespace: resume-site
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: build-trigger-role
+  namespace: flux-builds
+rules:
+- apiGroups: ["batch"]
+  resources: ["jobs"]
+  verbs: ["create", "get", "list", "delete"]
+- apiGroups: [""]
+  resources: ["pods", "pods/log"]
+  verbs: ["get", "list"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: build-trigger-binding
+  namespace: flux-builds
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: build-trigger-role
+subjects:
+- kind: ServiceAccount
+  name: build-trigger-cron-sa
+  namespace: resume-site

k8s/build-trigger-script.yaml

@@ -0,0 +1,110 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: build-trigger-script
+  namespace: resume-site
+data:
+  trigger-build.sh: |
+    #!/bin/bash
+    set -e
+
+    # Configuration
+    GIT_URL="http://192.168.1.49:13001/admin/resume-site.git"
+    REPO_DIR="/tmp/repo"
+    LAST_COMMIT_FILE="/data/last_commit"
+
+    echo "Checking for new commits..."
+
+    # Clone or update repository
+    if [ ! -d "$REPO_DIR" ]; then
+      git clone "$GIT_URL" "$REPO_DIR"
+    else
+      cd "$REPO_DIR"
+      git fetch origin main
+      git reset --hard origin/main
+    fi
+
+    cd "$REPO_DIR"
+    CURRENT_COMMIT=$(git rev-parse HEAD)
+    SHORT_COMMIT=$(git rev-parse --short HEAD)
+
+    echo "Current commit: $CURRENT_COMMIT"
+
+    # Read last processed commit
+    LAST_COMMIT=""
+    if [ -f "$LAST_COMMIT_FILE" ]; then
+      LAST_COMMIT=$(cat "$LAST_COMMIT_FILE")
+      echo "Last processed commit: $LAST_COMMIT"
+    fi
+
+    # Check if there are new commits
+    if [ "$CURRENT_COMMIT" != "$LAST_COMMIT" ]; then
+      echo "New commit detected! Triggering build..."
+
+      # Create a new build job with unique name
+      TIMESTAMP=$(date +%s)
+      JOB_NAME="build-cron-$SHORT_COMMIT-$TIMESTAMP"
+
+      # Generate build job YAML
+      cat <<EOF | kubectl apply -f -
+    apiVersion: batch/v1
+    kind: Job
+    metadata:
+      name: $JOB_NAME
+      namespace: flux-builds
+      labels:
+        app: resume-site
+        build-trigger: cronjob
+        git-commit: "$SHORT_COMMIT"
+    spec:
+      ttlSecondsAfterFinished: 1800
+      template:
+        spec:
+          restartPolicy: Never
+          initContainers:
+          - name: git-clone
+            image: alpine/git:latest
+            command:
+            - sh
+            - -c
+            - |
+              git clone $GIT_URL /workspace
+              cd /workspace
+              git checkout $CURRENT_COMMIT
+            volumeMounts:
+            - name: workspace
+              mountPath: /workspace
+          containers:
+          - name: kaniko
+            image: gcr.io/kaniko-project/executor:latest
+            args:
+            - "--dockerfile=/workspace/Dockerfile"
+            - "--context=/workspace"
+            - "--destination=images.caffeinetux.com/production/resume-site:latest"
+            - "--destination=images.caffeinetux.com/production/resume-site:$SHORT_COMMIT"
+            - "--cache=true"
+            - "--cache-repo=images.caffeinetux.com/production/resume-site/cache"
+            volumeMounts:
+            - name: workspace
+              mountPath: /workspace
+            - name: docker-config
+              mountPath: /kaniko/.docker
+          volumes:
+          - name: workspace
+            emptyDir: {}
+          - name: docker-config
+            secret:
+              secretName: harbor-registry
+              items:
+              - key: .dockerconfigjson
+                path: config.json
+    EOF
+
+      echo "Build job created: $JOB_NAME"
+
+      # Update last commit
+      echo "$CURRENT_COMMIT" > "$LAST_COMMIT_FILE"
+      echo "Updated last commit reference"
+    else
+      echo "No new commits. Skipping build."
+    fi

k8s/kustomization.yaml

@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - namespace.yaml
+  - build-trigger-rbac.yaml
+  - build-trigger-pvc.yaml
+  - build-trigger-script.yaml
+  - build-trigger-cronjob.yaml

k8s/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: resume-site