256 lines
5.1 KiB
Markdown
256 lines
5.1 KiB
Markdown
# MerchantsOfHope.org - Kubernetes Configuration
|
|
|
|
## Namespace
|
|
```yaml
|
|
apiVersion: v1
|
|
kind: Namespace
|
|
metadata:
|
|
name: merchantsofhope
|
|
```
|
|
|
|
## ConfigMap for Application Configuration
|
|
```yaml
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: moh-config
|
|
namespace: merchantsofhope
|
|
data:
|
|
APP_NAME: "MerchantsOfHope"
|
|
APP_VERSION: "0.1.0"
|
|
APP_ENV: "production"
|
|
DEBUG: "false"
|
|
TIMEZONE: "UTC"
|
|
DB_HOST: "moh-postgres"
|
|
DB_NAME: "moh"
|
|
DB_PORT: "5432"
|
|
JWT_SECRET: "changeme-in-production"
|
|
TENANT_ISOLATION_ENABLED: "true"
|
|
ACCESSIBILITY_ENABLED: "true"
|
|
GDPR_COMPLIANCE_ENABLED: "true"
|
|
PCI_DSS_COMPLIANCE_ENABLED: "true"
|
|
```
|
|
|
|
## Secrets for Sensitive Configuration
|
|
```yaml
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: moh-secrets
|
|
namespace: merchantsofhope
|
|
type: Opaque
|
|
data:
|
|
DB_USER: bW9oX3VzZXI= # base64 encoded "moh_user"
|
|
DB_PASS: bW9oX3Bhc3N3b3Jk # base64 encoded "moh_password"
|
|
GOOGLE_CLIENT_ID: <base64-encoded-google-client-id>
|
|
GOOGLE_CLIENT_SECRET: <base64-encoded-google-client-secret>
|
|
GITHUB_CLIENT_ID: <base64-encoded-github-client-id>
|
|
GITHUB_CLIENT_SECRET: <base64-encoded-github-client-secret>
|
|
MAIL_USERNAME: <base64-encoded-mail-username>
|
|
MAIL_PASSWORD: <base64-encoded-mail-password>
|
|
```
|
|
|
|
## Deployment for Application
|
|
```yaml
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: moh-app
|
|
namespace: merchantsofhope
|
|
spec:
|
|
replicas: 3
|
|
selector:
|
|
matchLabels:
|
|
app: moh-app
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: moh-app
|
|
spec:
|
|
containers:
|
|
- name: app
|
|
image: qwen-hack-moh:latest
|
|
ports:
|
|
- containerPort: 18000
|
|
envFrom:
|
|
- configMapRef:
|
|
name: moh-config
|
|
- secretRef:
|
|
name: moh-secrets
|
|
resources:
|
|
requests:
|
|
memory: "256Mi"
|
|
cpu: "250m"
|
|
limits:
|
|
memory: "512Mi"
|
|
cpu: "500m"
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /
|
|
port: 18000
|
|
initialDelaySeconds: 30
|
|
periodSeconds: 10
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /
|
|
port: 18000
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 5
|
|
volumeMounts:
|
|
- name: app-logs
|
|
mountPath: /var/log/app
|
|
volumes:
|
|
- name: app-logs
|
|
emptyDir: {}
|
|
```
|
|
|
|
## Service for Application
|
|
```yaml
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: moh-app-service
|
|
namespace: merchantsofhope
|
|
spec:
|
|
selector:
|
|
app: moh-app
|
|
ports:
|
|
- protocol: TCP
|
|
port: 80
|
|
targetPort: 18000
|
|
type: ClusterIP
|
|
```
|
|
|
|
## Ingress for External Access
|
|
```yaml
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
name: moh-ingress
|
|
namespace: merchantsofhope
|
|
annotations:
|
|
nginx.ingress.kubernetes.io/rewrite-target: /
|
|
cert-manager.io/cluster-issuer: letsencrypt-prod
|
|
spec:
|
|
tls:
|
|
- hosts:
|
|
- merchantsofhope.org
|
|
secretName: merchantsofhope-tls
|
|
rules:
|
|
- host: merchantsofhope.org
|
|
http:
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
backend:
|
|
service:
|
|
name: moh-app-service
|
|
port:
|
|
number: 80
|
|
```
|
|
|
|
## PostgreSQL StatefulSet (Example)
|
|
```yaml
|
|
apiVersion: apps/v1
|
|
kind: StatefulSet
|
|
metadata:
|
|
name: moh-postgres
|
|
namespace: merchantsofhope
|
|
spec:
|
|
serviceName: moh-postgres
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: moh-postgres
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: moh-postgres
|
|
spec:
|
|
containers:
|
|
- name: postgres
|
|
image: postgres:13
|
|
ports:
|
|
- containerPort: 5432
|
|
env:
|
|
- name: POSTGRES_DB
|
|
value: moh
|
|
- name: POSTGRES_USER
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: moh-secrets
|
|
key: DB_USER
|
|
- name: POSTGRES_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: moh-secrets
|
|
key: DB_PASS
|
|
volumeMounts:
|
|
- name: postgres-storage
|
|
mountPath: /var/lib/postgresql/data
|
|
volumes:
|
|
- name: postgres-storage
|
|
persistentVolumeClaim:
|
|
claimName: postgres-pvc
|
|
```
|
|
|
|
## PostgreSQL Service
|
|
```yaml
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: moh-postgres
|
|
namespace: merchantsofhope
|
|
spec:
|
|
selector:
|
|
app: moh-postgres
|
|
ports:
|
|
- protocol: TCP
|
|
port: 5432
|
|
targetPort: 5432
|
|
clusterIP: None # Headless service for StatefulSet
|
|
```
|
|
|
|
## PersistentVolumeClaim for PostgreSQL
|
|
```yaml
|
|
apiVersion: v1
|
|
kind: PersistentVolumeClaim
|
|
metadata:
|
|
name: postgres-pvc
|
|
namespace: merchantsofhope
|
|
spec:
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
resources:
|
|
requests:
|
|
storage: 10Gi
|
|
```
|
|
|
|
## Horizontal Pod Autoscaler for Application
|
|
```yaml
|
|
apiVersion: autoscaling/v2
|
|
kind: HorizontalPodAutoscaler
|
|
metadata:
|
|
name: moh-app-hpa
|
|
namespace: merchantsofhope
|
|
spec:
|
|
scaleTargetRef:
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
name: moh-app
|
|
minReplicas: 3
|
|
maxReplicas: 10
|
|
metrics:
|
|
- type: Resource
|
|
resource:
|
|
name: cpu
|
|
target:
|
|
type: Utilization
|
|
averageUtilization: 70
|
|
- type: Resource
|
|
resource:
|
|
name: memory
|
|
target:
|
|
type: Utilization
|
|
averageUtilization: 80
|
|
``` |