diff --git a/helm/shorefront/Chart.yaml b/helm/shorefront/Chart.yaml new file mode 100644 index 0000000..c3beb45 --- /dev/null +++ b/helm/shorefront/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +name: shorefront +description: Shorewall configuration manager +type: application +version: 0.1.0 +appVersion: "0.1.0" diff --git a/helm/shorefront/templates/_helpers.tpl b/helm/shorefront/templates/_helpers.tpl new file mode 100644 index 0000000..f212885 --- /dev/null +++ b/helm/shorefront/templates/_helpers.tpl @@ -0,0 +1,9 @@ +{{- define "shorefront.name" -}} +{{- .Release.Name }} +{{- end }} + +{{- define "shorefront.labels" -}} +app.kubernetes.io/name: {{ include "shorefront.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} diff --git a/helm/shorefront/templates/backend-deployment.yaml b/helm/shorefront/templates/backend-deployment.yaml new file mode 100644 index 0000000..9a1f78e --- /dev/null +++ b/helm/shorefront/templates/backend-deployment.yaml @@ -0,0 +1,67 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: backend + namespace: {{ .Values.namespace }} + labels: + {{- include "shorefront.labels" . | nindent 4 }} + app: backend +spec: + replicas: {{ .Values.backend.replicas }} + selector: + matchLabels: + app: backend + template: + metadata: + labels: + app: backend + spec: + initContainers: + - name: migrate + image: "{{ .Values.backend.image }}:{{ .Values.backend.tag }}" + command: ["alembic", "upgrade", "head"] + env: + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: shorefront-secret + key: POSTGRES_PASSWORD + - name: DATABASE_URL + value: "postgresql://{{ .Values.postgres.user }}:$(POSTGRES_PASSWORD)@postgres:5432/{{ .Values.postgres.database }}" + containers: + - name: backend + image: "{{ .Values.backend.image }}:{{ .Values.backend.tag }}" + command: ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "8000"] + env: + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: shorefront-secret + key: POSTGRES_PASSWORD + - name: JWT_SECRET_KEY + valueFrom: + secretKeyRef: + name: shorefront-secret + key: JWT_SECRET_KEY + - name: DATABASE_URL + value: "postgresql://{{ .Values.postgres.user }}:$(POSTGRES_PASSWORD)@postgres:5432/{{ .Values.postgres.database }}" + - name: JWT_ALGORITHM + valueFrom: + configMapKeyRef: + name: shorefront-config + key: JWT_ALGORITHM + - name: JWT_EXPIRE_MINUTES + valueFrom: + configMapKeyRef: + name: shorefront-config + key: JWT_EXPIRE_MINUTES + ports: + - containerPort: 8000 + resources: + {{- toYaml .Values.backend.resources | nindent 12 }} + readinessProbe: + httpGet: + path: /health + port: 8000 + initialDelaySeconds: 5 + periodSeconds: 10 diff --git a/helm/shorefront/templates/backend-service.yaml b/helm/shorefront/templates/backend-service.yaml new file mode 100644 index 0000000..8e8184f --- /dev/null +++ b/helm/shorefront/templates/backend-service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: backend + namespace: {{ .Values.namespace }} +spec: + selector: + app: backend + ports: + - port: 8000 + targetPort: 8000 + type: ClusterIP diff --git a/helm/shorefront/templates/configmap.yaml b/helm/shorefront/templates/configmap.yaml new file mode 100644 index 0000000..4fbb74c --- /dev/null +++ b/helm/shorefront/templates/configmap.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: shorefront-config + namespace: {{ .Values.namespace }} + labels: + {{- include "shorefront.labels" . | nindent 4 }} +data: + POSTGRES_DB: {{ .Values.postgres.database | quote }} + POSTGRES_USER: {{ .Values.postgres.user | quote }} + JWT_ALGORITHM: "HS256" + JWT_EXPIRE_MINUTES: "60" diff --git a/helm/shorefront/templates/frontend-deployment.yaml b/helm/shorefront/templates/frontend-deployment.yaml new file mode 100644 index 0000000..33369bf --- /dev/null +++ b/helm/shorefront/templates/frontend-deployment.yaml @@ -0,0 +1,31 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: frontend + namespace: {{ .Values.namespace }} + labels: + {{- include "shorefront.labels" . | nindent 4 }} + app: frontend +spec: + replicas: {{ .Values.frontend.replicas }} + selector: + matchLabels: + app: frontend + template: + metadata: + labels: + app: frontend + spec: + containers: + - name: frontend + image: "{{ .Values.frontend.image }}:{{ .Values.frontend.tag }}" + ports: + - containerPort: 80 + resources: + {{- toYaml .Values.frontend.resources | nindent 12 }} + readinessProbe: + httpGet: + path: / + port: 80 + initialDelaySeconds: 5 + periodSeconds: 10 diff --git a/helm/shorefront/templates/frontend-service.yaml b/helm/shorefront/templates/frontend-service.yaml new file mode 100644 index 0000000..268ade7 --- /dev/null +++ b/helm/shorefront/templates/frontend-service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: frontend + namespace: {{ .Values.namespace }} +spec: + selector: + app: frontend + ports: + - port: 80 + targetPort: 80 + type: ClusterIP diff --git a/helm/shorefront/templates/ingress.yaml b/helm/shorefront/templates/ingress.yaml new file mode 100644 index 0000000..a4a5844 --- /dev/null +++ b/helm/shorefront/templates/ingress.yaml @@ -0,0 +1,29 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: shorefront + namespace: {{ .Values.namespace }} + labels: + {{- include "shorefront.labels" . | nindent 4 }} + annotations: + traefik.ingress.kubernetes.io/router.entrypoints: web,websecure +spec: + ingressClassName: {{ .Values.ingress.ingressClassName }} + rules: + - host: {{ .Values.ingress.host }} + http: + paths: + - path: /api + pathType: Prefix + backend: + service: + name: backend + port: + number: 8000 + - path: / + pathType: Prefix + backend: + service: + name: frontend + port: + number: 80 diff --git a/helm/shorefront/templates/namespace.yaml b/helm/shorefront/templates/namespace.yaml new file mode 100644 index 0000000..b89d98b --- /dev/null +++ b/helm/shorefront/templates/namespace.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: {{ .Values.namespace }} + labels: + {{- include "shorefront.labels" . | nindent 4 }} diff --git a/helm/shorefront/templates/postgres-deployment.yaml b/helm/shorefront/templates/postgres-deployment.yaml new file mode 100644 index 0000000..86defea --- /dev/null +++ b/helm/shorefront/templates/postgres-deployment.yaml @@ -0,0 +1,53 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: postgres + namespace: {{ .Values.namespace }} + labels: + {{- include "shorefront.labels" . | nindent 4 }} + app: postgres +spec: + replicas: 1 + selector: + matchLabels: + app: postgres + template: + metadata: + labels: + app: postgres + spec: + containers: + - name: postgres + image: "{{ .Values.postgres.image }}:{{ .Values.postgres.tag }}" + env: + - name: POSTGRES_DB + valueFrom: + configMapKeyRef: + name: shorefront-config + key: POSTGRES_DB + - name: POSTGRES_USER + valueFrom: + configMapKeyRef: + name: shorefront-config + key: POSTGRES_USER + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: shorefront-secret + key: POSTGRES_PASSWORD + ports: + - containerPort: 5432 + volumeMounts: + - name: pgdata + mountPath: /var/lib/postgresql/data + resources: + {{- toYaml .Values.postgres.resources | nindent 12 }} + readinessProbe: + exec: + command: ["pg_isready", "-U", "{{ .Values.postgres.user }}"] + initialDelaySeconds: 5 + periodSeconds: 5 + volumes: + - name: pgdata + persistentVolumeClaim: + claimName: shorefront-postgres-pvc diff --git a/helm/shorefront/templates/postgres-service.yaml b/helm/shorefront/templates/postgres-service.yaml new file mode 100644 index 0000000..fc8a82b --- /dev/null +++ b/helm/shorefront/templates/postgres-service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: postgres + namespace: {{ .Values.namespace }} +spec: + selector: + app: postgres + ports: + - port: 5432 + targetPort: 5432 + type: ClusterIP diff --git a/helm/shorefront/templates/pv.yaml b/helm/shorefront/templates/pv.yaml new file mode 100644 index 0000000..23cf426 --- /dev/null +++ b/helm/shorefront/templates/pv.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: shorefront-postgres-pv + labels: + {{- include "shorefront.labels" . | nindent 4 }} +spec: + capacity: + storage: {{ .Values.nfs.storage }} + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + storageClassName: "" + nfs: + server: {{ .Values.nfs.server }} + path: {{ .Values.nfs.path }} diff --git a/helm/shorefront/templates/pvc.yaml b/helm/shorefront/templates/pvc.yaml new file mode 100644 index 0000000..7c64d04 --- /dev/null +++ b/helm/shorefront/templates/pvc.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: shorefront-postgres-pvc + namespace: {{ .Values.namespace }} + labels: + {{- include "shorefront.labels" . | nindent 4 }} +spec: + accessModes: + - ReadWriteOnce + storageClassName: "" + volumeName: shorefront-postgres-pv + resources: + requests: + storage: {{ .Values.nfs.storage }} diff --git a/helm/shorefront/templates/secret.yaml b/helm/shorefront/templates/secret.yaml new file mode 100644 index 0000000..6c374bd --- /dev/null +++ b/helm/shorefront/templates/secret.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Secret +metadata: + name: shorefront-secret + namespace: {{ .Values.namespace }} + labels: + {{- include "shorefront.labels" . | nindent 4 }} +type: Opaque +stringData: + POSTGRES_PASSWORD: {{ .Values.secrets.postgresPassword | quote }} + JWT_SECRET_KEY: {{ .Values.secrets.jwtSecretKey | quote }} diff --git a/helm/shorefront/values-prod.yaml b/helm/shorefront/values-prod.yaml new file mode 100644 index 0000000..f3a86a9 --- /dev/null +++ b/helm/shorefront/values-prod.yaml @@ -0,0 +1,8 @@ +ingress: + host: shorefront.yourdomain.com + +# Override secrets at deploy time: +# helm upgrade --install shorefront ./helm/shorefront \ +# --values helm/shorefront/values-prod.yaml \ +# --set secrets.postgresPassword= \ +# --set secrets.jwtSecretKey= diff --git a/helm/shorefront/values.yaml b/helm/shorefront/values.yaml new file mode 100644 index 0000000..7e7febe --- /dev/null +++ b/helm/shorefront/values.yaml @@ -0,0 +1,39 @@ +namespace: shorefront + +backend: + image: shorefront-backend + tag: latest + replicas: 1 + resources: + requests: { cpu: 100m, memory: 128Mi } + limits: { cpu: 500m, memory: 512Mi } + +frontend: + image: shorefront-frontend + tag: latest + replicas: 1 + resources: + requests: { cpu: 50m, memory: 64Mi } + limits: { cpu: 200m, memory: 128Mi } + +postgres: + image: postgres + tag: "15-alpine" + database: shorefront + user: shorefront + resources: + requests: { cpu: 100m, memory: 128Mi } + limits: { cpu: 500m, memory: 512Mi } + +nfs: + server: 192.168.17.199 + path: /mnt/user/kubernetesdata/shorefront + storage: 5Gi + +ingress: + host: shorefront.example.com + ingressClassName: traefik + +secrets: + postgresPassword: changeme-in-prod + jwtSecretKey: changeme-in-prod