adebaumann/shorefront
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add Helm charts for Kubernetes deployment (Traefik + NFS Postgres)

Browse Source
This commit is contained in:
Adrian A. Baumann
2026-02-28 21:19:50 +01:00
parent 1d5c98739b
commit be64d0bffd
16 changed files with 338 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
helm/shorefront/Chart.yaml Normal file
View File

@@ -0,0 +1,6 @@
apiVersion: v2
name: shorefront
description: Shorewall configuration manager
type: application
version: 0.1.0
appVersion: "0.1.0"

9
helm/shorefront/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,9 @@
{{- define "shorefront.name" -}}
{{- .Release.Name }}
{{- end }}
{{- define "shorefront.labels" -}}
app.kubernetes.io/name: {{ include "shorefront.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}

67
helm/shorefront/templates/backend-deployment.yaml Normal file
View File

@@ -0,0 +1,67 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: backend
namespace: {{ .Values.namespace }}
labels:
{{- include "shorefront.labels" . | nindent 4 }}
app: backend
spec:
replicas: {{ .Values.backend.replicas }}
selector:
matchLabels:
app: backend
template:
metadata:
labels:
app: backend
spec:
initContainers:
- name: migrate
image: "{{ .Values.backend.image }}:{{ .Values.backend.tag }}"
command: ["alembic", "upgrade", "head"]
env:
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: shorefront-secret
key: POSTGRES_PASSWORD
- name: DATABASE_URL
value: "postgresql://{{ .Values.postgres.user }}:$(POSTGRES_PASSWORD)@postgres:5432/{{ .Values.postgres.database }}"
containers:
- name: backend
image: "{{ .Values.backend.image }}:{{ .Values.backend.tag }}"
command: ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "8000"]
env:
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: shorefront-secret
key: POSTGRES_PASSWORD
- name: JWT_SECRET_KEY
valueFrom:
secretKeyRef:
name: shorefront-secret
key: JWT_SECRET_KEY
- name: DATABASE_URL
value: "postgresql://{{ .Values.postgres.user }}:$(POSTGRES_PASSWORD)@postgres:5432/{{ .Values.postgres.database }}"
- name: JWT_ALGORITHM
valueFrom:
configMapKeyRef:
name: shorefront-config
key: JWT_ALGORITHM
- name: JWT_EXPIRE_MINUTES
valueFrom:
configMapKeyRef:
name: shorefront-config
key: JWT_EXPIRE_MINUTES
ports:
- containerPort: 8000
resources:
{{- toYaml .Values.backend.resources | nindent 12 }}
readinessProbe:
httpGet:
path: /health
port: 8000
initialDelaySeconds: 5
periodSeconds: 10

12
helm/shorefront/templates/backend-service.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: v1
kind: Service
metadata:
name: backend
namespace: {{ .Values.namespace }}
spec:
selector:
app: backend
ports:
- port: 8000
targetPort: 8000
type: ClusterIP

12
helm/shorefront/templates/configmap.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: shorefront-config
namespace: {{ .Values.namespace }}
labels:
{{- include "shorefront.labels" . | nindent 4 }}
data:
POSTGRES_DB: {{ .Values.postgres.database | quote }}
POSTGRES_USER: {{ .Values.postgres.user | quote }}
JWT_ALGORITHM: "HS256"
JWT_EXPIRE_MINUTES: "60"

31
helm/shorefront/templates/frontend-deployment.yaml Normal file
View File

@@ -0,0 +1,31 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: frontend
namespace: {{ .Values.namespace }}
labels:
{{- include "shorefront.labels" . | nindent 4 }}
app: frontend
spec:
replicas: {{ .Values.frontend.replicas }}
selector:
matchLabels:
app: frontend
template:
metadata:
labels:
app: frontend
spec:
containers:
- name: frontend
image: "{{ .Values.frontend.image }}:{{ .Values.frontend.tag }}"
ports:
- containerPort: 80
resources:
{{- toYaml .Values.frontend.resources | nindent 12 }}
readinessProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 5
periodSeconds: 10

12
helm/shorefront/templates/frontend-service.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: v1
kind: Service
metadata:
name: frontend
namespace: {{ .Values.namespace }}
spec:
selector:
app: frontend
ports:
- port: 80
targetPort: 80
type: ClusterIP

29
helm/shorefront/templates/ingress.yaml Normal file
View File

@@ -0,0 +1,29 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: shorefront
namespace: {{ .Values.namespace }}
labels:
{{- include "shorefront.labels" . | nindent 4 }}
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
spec:
ingressClassName: {{ .Values.ingress.ingressClassName }}
rules:
- host: {{ .Values.ingress.host }}
http:
paths:
- path: /api
pathType: Prefix
backend:
service:
name: backend
port:
number: 8000
- path: /
pathType: Prefix
backend:
service:
name: frontend
port:
number: 80

6
helm/shorefront/templates/namespace.yaml Normal file
View File

@@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: {{ .Values.namespace }}
labels:
{{- include "shorefront.labels" . | nindent 4 }}

53
helm/shorefront/templates/postgres-deployment.yaml Normal file
View File

@@ -0,0 +1,53 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: postgres
namespace: {{ .Values.namespace }}
labels:
{{- include "shorefront.labels" . | nindent 4 }}
app: postgres
spec:
replicas: 1
selector:
matchLabels:
app: postgres
template:
metadata:
labels:
app: postgres
spec:
containers:
- name: postgres
image: "{{ .Values.postgres.image }}:{{ .Values.postgres.tag }}"
env:
- name: POSTGRES_DB
valueFrom:
configMapKeyRef:
name: shorefront-config
key: POSTGRES_DB
- name: POSTGRES_USER
valueFrom:
configMapKeyRef:
name: shorefront-config
key: POSTGRES_USER
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: shorefront-secret
key: POSTGRES_PASSWORD
ports:
- containerPort: 5432
volumeMounts:
- name: pgdata
mountPath: /var/lib/postgresql/data
resources:
{{- toYaml .Values.postgres.resources | nindent 12 }}
readinessProbe:
exec:
command: ["pg_isready", "-U", "{{ .Values.postgres.user }}"]
initialDelaySeconds: 5
periodSeconds: 5
volumes:
- name: pgdata
persistentVolumeClaim:
claimName: shorefront-postgres-pvc

12
helm/shorefront/templates/postgres-service.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: v1
kind: Service
metadata:
name: postgres
namespace: {{ .Values.namespace }}
spec:
selector:
app: postgres
ports:
- port: 5432
targetPort: 5432
type: ClusterIP

16
helm/shorefront/templates/pv.yaml Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: shorefront-postgres-pv
labels:
{{- include "shorefront.labels" . | nindent 4 }}
spec:
capacity:
storage: {{ .Values.nfs.storage }}
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: ""
nfs:
server: {{ .Values.nfs.server }}
path: {{ .Values.nfs.path }}

15
helm/shorefront/templates/pvc.yaml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: shorefront-postgres-pvc
namespace: {{ .Values.namespace }}
labels:
{{- include "shorefront.labels" . | nindent 4 }}
spec:
accessModes:
- ReadWriteOnce
storageClassName: ""
volumeName: shorefront-postgres-pv
resources:
requests:
storage: {{ .Values.nfs.storage }}

11
helm/shorefront/templates/secret.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: v1
kind: Secret
metadata:
name: shorefront-secret
namespace: {{ .Values.namespace }}
labels:
{{- include "shorefront.labels" . | nindent 4 }}
type: Opaque
stringData:
POSTGRES_PASSWORD: {{ .Values.secrets.postgresPassword | quote }}
JWT_SECRET_KEY: {{ .Values.secrets.jwtSecretKey | quote }}

8
helm/shorefront/values-prod.yaml Normal file
View File

@@ -0,0 +1,8 @@
ingress:
host: shorefront.yourdomain.com
# Override secrets at deploy time:
# helm upgrade --install shorefront ./helm/shorefront \
# --values helm/shorefront/values-prod.yaml \
# --set secrets.postgresPassword=<real-password> \
# --set secrets.jwtSecretKey=<real-jwt-secret>

39
helm/shorefront/values.yaml Normal file
View File

@@ -0,0 +1,39 @@
namespace: shorefront
backend:
image: shorefront-backend
tag: latest
replicas: 1
resources:
requests: { cpu: 100m, memory: 128Mi }
limits: { cpu: 500m, memory: 512Mi }
frontend:
image: shorefront-frontend
tag: latest
replicas: 1
resources:
requests: { cpu: 50m, memory: 64Mi }
limits: { cpu: 200m, memory: 128Mi }
postgres:
image: postgres
tag: "15-alpine"
database: shorefront
user: shorefront
resources:
requests: { cpu: 100m, memory: 128Mi }
limits: { cpu: 500m, memory: 512Mi }
nfs:
server: 192.168.17.199
path: /mnt/user/kubernetesdata/shorefront
storage: 5Gi
ingress:
host: shorefront.example.com
ingressClassName: traefik
secrets:
postgresPassword: changeme-in-prod
jwtSecretKey: changeme-in-prod