# MerchantsOfHope.org - Kubernetes Configuration ## Namespace ```yaml apiVersion: v1 kind: Namespace metadata: name: merchantsofhope ``` ## ConfigMap for Application Configuration ```yaml apiVersion: v1 kind: ConfigMap metadata: name: moh-config namespace: merchantsofhope data: APP_NAME: "MerchantsOfHope" APP_VERSION: "0.1.0" APP_ENV: "production" DEBUG: "false" TIMEZONE: "UTC" DB_HOST: "moh-postgres" DB_NAME: "moh" DB_PORT: "5432" JWT_SECRET: "changeme-in-production" TENANT_ISOLATION_ENABLED: "true" ACCESSIBILITY_ENABLED: "true" GDPR_COMPLIANCE_ENABLED: "true" PCI_DSS_COMPLIANCE_ENABLED: "true" ``` ## Secrets for Sensitive Configuration ```yaml apiVersion: v1 kind: Secret metadata: name: moh-secrets namespace: merchantsofhope type: Opaque data: DB_USER: bW9oX3VzZXI= # base64 encoded "moh_user" DB_PASS: bW9oX3Bhc3N3b3Jk # base64 encoded "moh_password" GOOGLE_CLIENT_ID: GOOGLE_CLIENT_SECRET: GITHUB_CLIENT_ID: GITHUB_CLIENT_SECRET: MAIL_USERNAME: MAIL_PASSWORD: ``` ## Deployment for Application ```yaml apiVersion: apps/v1 kind: Deployment metadata: name: moh-app namespace: merchantsofhope spec: replicas: 3 selector: matchLabels: app: moh-app template: metadata: labels: app: moh-app spec: containers: - name: app image: qwen-hack-moh:latest ports: - containerPort: 18000 envFrom: - configMapRef: name: moh-config - secretRef: name: moh-secrets resources: requests: memory: "256Mi" cpu: "250m" limits: memory: "512Mi" cpu: "500m" livenessProbe: httpGet: path: / port: 18000 initialDelaySeconds: 30 periodSeconds: 10 readinessProbe: httpGet: path: / port: 18000 initialDelaySeconds: 5 periodSeconds: 5 volumeMounts: - name: app-logs mountPath: /var/log/app volumes: - name: app-logs emptyDir: {} ``` ## Service for Application ```yaml apiVersion: v1 kind: Service metadata: name: moh-app-service namespace: merchantsofhope spec: selector: app: moh-app ports: - protocol: TCP port: 80 targetPort: 18000 type: ClusterIP ``` ## Ingress for External Access ```yaml apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: moh-ingress namespace: merchantsofhope annotations: nginx.ingress.kubernetes.io/rewrite-target: / cert-manager.io/cluster-issuer: letsencrypt-prod spec: tls: - hosts: - merchantsofhope.org secretName: merchantsofhope-tls rules: - host: merchantsofhope.org http: paths: - path: / pathType: Prefix backend: service: name: moh-app-service port: number: 80 ``` ## PostgreSQL StatefulSet (Example) ```yaml apiVersion: apps/v1 kind: StatefulSet metadata: name: moh-postgres namespace: merchantsofhope spec: serviceName: moh-postgres replicas: 1 selector: matchLabels: app: moh-postgres template: metadata: labels: app: moh-postgres spec: containers: - name: postgres image: postgres:13 ports: - containerPort: 5432 env: - name: POSTGRES_DB value: moh - name: POSTGRES_USER valueFrom: secretKeyRef: name: moh-secrets key: DB_USER - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: name: moh-secrets key: DB_PASS volumeMounts: - name: postgres-storage mountPath: /var/lib/postgresql/data volumes: - name: postgres-storage persistentVolumeClaim: claimName: postgres-pvc ``` ## PostgreSQL Service ```yaml apiVersion: v1 kind: Service metadata: name: moh-postgres namespace: merchantsofhope spec: selector: app: moh-postgres ports: - protocol: TCP port: 5432 targetPort: 5432 clusterIP: None # Headless service for StatefulSet ``` ## PersistentVolumeClaim for PostgreSQL ```yaml apiVersion: v1 kind: PersistentVolumeClaim metadata: name: postgres-pvc namespace: merchantsofhope spec: accessModes: - ReadWriteOnce resources: requests: storage: 10Gi ``` ## Horizontal Pod Autoscaler for Application ```yaml apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: moh-app-hpa namespace: merchantsofhope spec: scaleTargetRef: apiVersion: apps/v1 kind: Deployment name: moh-app minReplicas: 3 maxReplicas: 10 metrics: - type: Resource resource: name: cpu target: type: Utilization averageUtilization: 70 - type: Resource resource: name: memory target: type: Utilization averageUtilization: 80 ```