Add script and configuration for Kubernetes

author: Santo Cariotti <santo@dcariotti.me> 2024-09-06 16:09:25 +0200
committer: Santo Cariotti <santo@dcariotti.me> 2024-09-06 16:09:25 +0200
commit: ff68c8cd24baef66ebb038d237b8f501c84edde5 (patch)
tree: a719191dce466a03244a705337f58c8f83f6f926 /k8s
parent: c4ef50c1f566b86c8892fa344ade8d5ca66fb93b (diff)
8 files changed, 151 insertions, 0 deletions
diff --git a/k8s/cas-config.yaml b/k8s/cas-config.yaml
new file mode 100644
index 0000000..a7aa9d8
--- /dev/null
+++ b/k8s/cas-config.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: cas-config
+data:
+  RUST_LOG: ${RUST_LOG}
+  DATABASE_URL: "postgres://postgres:password@postgres-service:5432/gis"
+  ALLOWED_HOST: "0.0.0.0:8000"
diff --git a/k8s/cas-deployment.yaml b/k8s/cas-deployment.yaml
new file mode 100644
index 0000000..f070fe4
--- /dev/null
+++ b/k8s/cas-deployment.yaml
@@ -0,0 +1,47 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: cas-deployment
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: cas
+  template:
+    metadata:
+      labels:
+        app: cas
+    spec:
+      containers:
+        - name: cas
+          image: ghcr.io/cas-4/backend:latest
+          imagePullPolicy: Always
+          env:
+            - name: RUST_LOG
+              valueFrom:
+                configMapKeyRef:
+                  name: cas-config
+                  key: RUST_LOG
+            - name: DATABASE_URL
+              valueFrom:
+                configMapKeyRef:
+                  name: cas-config
+                  key: DATABASE_URL
+            - name: JWT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: cas-secret
+                  key: JWT_SECRET
+            - name: EXPO_ACCESS_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: cas-secret
+                  key: EXPO_ACCESS_TOKEN
+            - name: ALLOWED_HOST
+              valueFrom:
+                configMapKeyRef:
+                  name: cas-config
+                  key: ALLOWED_HOST
+          ports:
+            - containerPort: 8000
+      restartPolicy: Always
diff --git a/k8s/cas-secret.yaml b/k8s/cas-secret.yaml
new file mode 100644
index 0000000..268c119
--- /dev/null
+++ b/k8s/cas-secret.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: cas-secret
+type: Opaque
+data:
+  JWT_SECRET: ${JWT_SECRET}
+  EXPO_ACCESS_TOKEN: ${EXPO_ACCESS_TOKEN}
diff --git a/k8s/cas-service.yaml b/k8s/cas-service.yaml
new file mode 100644
index 0000000..98a7a9d
--- /dev/null
+++ b/k8s/cas-service.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: cas-service
+spec:
+  ports:
+    - port: 8000
+      targetPort: 8000
+  selector:
+    app: cas
+  type: ClusterIP
diff --git a/k8s/network-policy.yaml b/k8s/network-policy.yaml
new file mode 100644
index 0000000..2af8a27
--- /dev/null
+++ b/k8s/network-policy.yaml
@@ -0,0 +1,18 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-cas-postgres
+spec:
+  podSelector:
+    matchLabels:
+      app: cas
+  policyTypes:
+  - Ingress
+  ingress:
+  - from:
+      - podSelector:
+          matchLabels:
+            app: postgres
+    ports:
+    - protocol: TCP
+      port: 5432
diff --git a/k8s/pgdata-pvc.yaml b/k8s/pgdata-pvc.yaml
new file mode 100644
index 0000000..7580530
--- /dev/null
+++ b/k8s/pgdata-pvc.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: pgdata-pvc
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi
diff --git a/k8s/postgres-deployment.yaml b/k8s/postgres-deployment.yaml
new file mode 100644
index 0000000..fd9945f
--- /dev/null
+++ b/k8s/postgres-deployment.yaml
@@ -0,0 +1,38 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: postgres-deployment
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: postgres
+  template:
+    metadata:
+      labels:
+        app: postgres
+    spec:
+      containers:
+        - name: postgres
+          image: postgis/postgis:16-3.4
+          env:
+            - name: POSTGRES_USER
+              value: "postgres"
+            - name: POSTGRES_PASSWORD
+              value: "password"
+            - name: POSTGRES_DB
+              value: "gis"
+          ports:
+            - containerPort: 5432
+          volumeMounts:
+            - mountPath: /var/lib/postgresql/data
+              name: pgdata
+            - mountPath: /docker-entrypoint-initdb.d
+              name: schema
+      volumes:
+        - name: pgdata
+          persistentVolumeClaim:
+            claimName: pgdata-pvc
+        - name: schema
+          hostPath:
+            path: ${PGDATA}
diff --git a/k8s/postgres-service.yaml b/k8s/postgres-service.yaml
new file mode 100644
index 0000000..ad3b969
--- /dev/null
+++ b/k8s/postgres-service.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: postgres-service
+spec:
+  ports:
+    - port: 5432
+      targetPort: 5432
+  selector:
+    app: postgres
+  type: ClusterIP
author	Santo Cariotti <santo@dcariotti.me>	2024-09-06 16:09:25 +0200
committer	Santo Cariotti <santo@dcariotti.me>	2024-09-06 16:09:25 +0200
commit	ff68c8cd24baef66ebb038d237b8f501c84edde5 (patch)
tree	a719191dce466a03244a705337f58c8f83f6f926 /k8s
parent	c4ef50c1f566b86c8892fa344ade8d5ca66fb93b (diff)