reachableceo/MOHPortalTest-AllAgents-AllLangs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
df8c75603f935ea8d754cdcbb25b4bb335ffc968
MOHPortalTest-AllAgents-All…/qwen/hack/KUBERNETES.md
ReachableCEO 721301c779 the middle of the idiots
2025-10-24 16:29:40 -05:00

5.1 KiB
Raw Blame History

MerchantsOfHope.org - Kubernetes Configuration

Namespace

apiVersion: v1
kind: Namespace
metadata:
  name: merchantsofhope

ConfigMap for Application Configuration

apiVersion: v1
kind: ConfigMap
metadata:
  name: moh-config
  namespace: merchantsofhope
data:
  APP_NAME: "MerchantsOfHope"
  APP_VERSION: "0.1.0"
  APP_ENV: "production"
  DEBUG: "false"
  TIMEZONE: "UTC"
  DB_HOST: "moh-postgres"
  DB_NAME: "moh"
  DB_PORT: "5432"
  JWT_SECRET: "changeme-in-production"
  TENANT_ISOLATION_ENABLED: "true"
  ACCESSIBILITY_ENABLED: "true"
  GDPR_COMPLIANCE_ENABLED: "true"
  PCI_DSS_COMPLIANCE_ENABLED: "true"

Secrets for Sensitive Configuration

apiVersion: v1
kind: Secret
metadata:
  name: moh-secrets
  namespace: merchantsofhope
type: Opaque
data:
  DB_USER: bW9oX3VzZXI=  # base64 encoded "moh_user"
  DB_PASS: bW9oX3Bhc3N3b3Jk  # base64 encoded "moh_password"
  GOOGLE_CLIENT_ID: <base64-encoded-google-client-id>
  GOOGLE_CLIENT_SECRET: <base64-encoded-google-client-secret>
  GITHUB_CLIENT_ID: <base64-encoded-github-client-id>
  GITHUB_CLIENT_SECRET: <base64-encoded-github-client-secret>
  MAIL_USERNAME: <base64-encoded-mail-username>
  MAIL_PASSWORD: <base64-encoded-mail-password>

Deployment for Application

apiVersion: apps/v1
kind: Deployment
metadata:
  name: moh-app
  namespace: merchantsofhope
spec:
  replicas: 3
  selector:
    matchLabels:
      app: moh-app
  template:
    metadata:
      labels:
        app: moh-app
    spec:
      containers:
      - name: app
        image: qwen-hack-moh:latest
        ports:
        - containerPort: 18000
        envFrom:
        - configMapRef:
            name: moh-config
        - secretRef:
            name: moh-secrets
        resources:
          requests:
            memory: "256Mi"
            cpu: "250m"
          limits:
            memory: "512Mi"
            cpu: "500m"
        livenessProbe:
          httpGet:
            path: /
            port: 18000
          initialDelaySeconds: 30
          periodSeconds: 10
        readinessProbe:
          httpGet:
            path: /
            port: 18000
          initialDelaySeconds: 5
          periodSeconds: 5
        volumeMounts:
        - name: app-logs
          mountPath: /var/log/app
      volumes:
      - name: app-logs
        emptyDir: {}

Service for Application

apiVersion: v1
kind: Service
metadata:
  name: moh-app-service
  namespace: merchantsofhope
spec:
  selector:
    app: moh-app
  ports:
    - protocol: TCP
      port: 80
      targetPort: 18000
  type: ClusterIP

Ingress for External Access

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: moh-ingress
  namespace: merchantsofhope
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
    cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
  tls:
  - hosts:
    - merchantsofhope.org
    secretName: merchantsofhope-tls
  rules:
  - host: merchantsofhope.org
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: moh-app-service
            port:
              number: 80

PostgreSQL StatefulSet (Example)

apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: moh-postgres
  namespace: merchantsofhope
spec:
  serviceName: moh-postgres
  replicas: 1
  selector:
    matchLabels:
      app: moh-postgres
  template:
    metadata:
      labels:
        app: moh-postgres
    spec:
      containers:
      - name: postgres
        image: postgres:13
        ports:
        - containerPort: 5432
        env:
        - name: POSTGRES_DB
          value: moh
        - name: POSTGRES_USER
          valueFrom:
            secretKeyRef:
              name: moh-secrets
              key: DB_USER
        - name: POSTGRES_PASSWORD
          valueFrom:
            secretKeyRef:
              name: moh-secrets
              key: DB_PASS
        volumeMounts:
        - name: postgres-storage
          mountPath: /var/lib/postgresql/data
      volumes:
      - name: postgres-storage
        persistentVolumeClaim:
          claimName: postgres-pvc

PostgreSQL Service

apiVersion: v1
kind: Service
metadata:
  name: moh-postgres
  namespace: merchantsofhope
spec:
  selector:
    app: moh-postgres
  ports:
    - protocol: TCP
      port: 5432
      targetPort: 5432
  clusterIP: None  # Headless service for StatefulSet

PersistentVolumeClaim for PostgreSQL

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: postgres-pvc
  namespace: merchantsofhope
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 10Gi

Horizontal Pod Autoscaler for Application

apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
  name: moh-app-hpa
  namespace: merchantsofhope
spec:
  scaleTargetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: moh-app
  minReplicas: 3
  maxReplicas: 10
  metrics:
  - type: Resource
    resource:
      name: cpu
      target:
        type: Utilization
        averageUtilization: 70
  - type: Resource
    resource:
      name: memory
      target:
        type: Utilization
        averageUtilization: 80