10 files changed, 191 insertions, 0 deletions

diff --git a/k8s/cas-config.yaml b/k8s/cas-config.yaml
new file mode 100644
index 0000000..a7aa9d8
--- /dev/null
+++ b/k8s/cas-config.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: cas-config
+data:
+  RUST_LOG: ${RUST_LOG}
+  DATABASE_URL: "postgres://postgres:password@postgres-service:5432/gis"
+  ALLOWED_HOST: "0.0.0.0:8000"
diff --git a/k8s/cas-deployment.yaml b/k8s/cas-deployment.yaml
new file mode 100644
index 0000000..f070fe4
--- /dev/null
+++ b/k8s/cas-deployment.yaml
@@ -0,0 +1,47 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: cas-deployment
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: cas
+  template:
+    metadata:
+      labels:
+        app: cas
+    spec:
+      containers:
+        - name: cas
+          image: ghcr.io/cas-4/backend:latest
+          imagePullPolicy: Always
+          env:
+            - name: RUST_LOG
+              valueFrom:
+                configMapKeyRef:
+                  name: cas-config
+                  key: RUST_LOG
+            - name: DATABASE_URL
+              valueFrom:
+                configMapKeyRef:
+                  name: cas-config
+                  key: DATABASE_URL
+            - name: JWT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: cas-secret
+                  key: JWT_SECRET
+            - name: EXPO_ACCESS_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: cas-secret
+                  key: EXPO_ACCESS_TOKEN
+            - name: ALLOWED_HOST
+              valueFrom:
+                configMapKeyRef:
+                  name: cas-config
+                  key: ALLOWED_HOST
+          ports:
+            - containerPort: 8000
+      restartPolicy: Always
diff --git a/k8s/cas-secret.yaml b/k8s/cas-secret.yaml
new file mode 100644
index 0000000..268c119
--- /dev/null
+++ b/k8s/cas-secret.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: cas-secret
+type: Opaque
+data:
+  JWT_SECRET: ${JWT_SECRET}
+  EXPO_ACCESS_TOKEN: ${EXPO_ACCESS_TOKEN}
diff --git a/k8s/cas-service.yaml b/k8s/cas-service.yaml
new file mode 100644
index 0000000..98a7a9d
--- /dev/null
+++ b/k8s/cas-service.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: cas-service
+spec:
+  ports:
+    - port: 8000
+      targetPort: 8000
+  selector:
+    app: cas
+  type: ClusterIP
diff --git a/k8s/network-policy.yaml b/k8s/network-policy.yaml
new file mode 100644
index 0000000..2af8a27
--- /dev/null
+++ b/k8s/network-policy.yaml
@@ -0,0 +1,18 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-cas-postgres
+spec:
+  podSelector:
+    matchLabels:
+      app: cas
+  policyTypes:
+  - Ingress
+  ingress:
+  - from:
+      - podSelector:
+          matchLabels:
+            app: postgres
+    ports:
+    - protocol: TCP
+      port: 5432
diff --git a/k8s/pgdata-pvc.yaml b/k8s/pgdata-pvc.yaml
new file mode 100644
index 0000000..7580530
--- /dev/null
+++ b/k8s/pgdata-pvc.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: pgdata-pvc
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi
diff --git a/k8s/postgres-deployment.yaml b/k8s/postgres-deployment.yaml
new file mode 100644
index 0000000..fd9945f
--- /dev/null
+++ b/k8s/postgres-deployment.yaml
@@ -0,0 +1,38 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: postgres-deployment
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: postgres
+  template:
+    metadata:
+      labels:
+        app: postgres
+    spec:
+      containers:
+        - name: postgres
+          image: postgis/postgis:16-3.4
+          env:
+            - name: POSTGRES_USER
+              value: "postgres"
+            - name: POSTGRES_PASSWORD
+              value: "password"
+            - name: POSTGRES_DB
+              value: "gis"
+          ports:
+            - containerPort: 5432
+          volumeMounts:
+            - mountPath: /var/lib/postgresql/data
+              name: pgdata
+            - mountPath: /docker-entrypoint-initdb.d
+              name: schema
+      volumes:
+        - name: pgdata
+          persistentVolumeClaim:
+            claimName: pgdata-pvc
+        - name: schema
+          hostPath:
+            path: ${PGDATA}
diff --git a/k8s/postgres-service.yaml b/k8s/postgres-service.yaml
new file mode 100644
index 0000000..ad3b969
--- /dev/null
+++ b/k8s/postgres-service.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: postgres-service
+spec:
+  ports:
+    - port: 5432
+      targetPort: 5432
+  selector:
+    app: postgres
+  type: ClusterIP
diff --git a/scripts/k8s.yaml b/scripts/k8s.yaml
new file mode 100755
index 0000000..350a19a
--- /dev/null
+++ b/scripts/k8s.yaml
@@ -0,0 +1,40 @@
+#!/bin/bash
+
+usage() {
+  echo "Usage: $0 (apply|delete)"
+}
+
+if [ $# -ne 1 ]; then
+  usage
+  exit 1
+fi
+
+command=$1
+
+if [ "$1" != "apply" ] && [ "$1" != "delete" ]; then
+  usage
+  exit 1
+fi
+
+K8S_FOLDER="../k8s"
+
+if [ "$(basename "$PWD")" = "backend" ]; then
+  K8S_FOLDER="./k8s"
+fi
+
+YAML_FILES=(
+  "cas-config.yaml"
+  "cas-deployment.yaml"
+  "cas-secret.yaml"
+  "cas-service.yaml"
+  "network-policy.yaml"
+  "pgdata-pvc.yaml"
+  "postgres-deployment.yaml"
+  "postgres-service.yaml"
+)
+
+for file in "${YAML_FILES[@]}"; do
+  file="$K8S_FOLDER/$file"
+  echo "${command^}ing $file ..."
+  envsubst < $file | kubectl "$command" -f -
+done
diff --git a/release.sh b/scripts/release.sh
index 9c513f4..9c513f4 100755
--- a/release.sh
+++ b/scripts/release.sh