8 files changed, 159 insertions, 0 deletions

diff --git a/yaml/cas-config.yaml b/yaml/cas-config.yaml
new file mode 100644
index 0000000..a7aa9d8
--- /dev/null
+++ b/yaml/cas-config.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: cas-config
+data:
+  RUST_LOG: ${RUST_LOG}
+  DATABASE_URL: "postgres://postgres:password@postgres-service:5432/gis"
+  ALLOWED_HOST: "0.0.0.0:8000"
diff --git a/yaml/cas-deployment.yaml b/yaml/cas-deployment.yaml
new file mode 100644
index 0000000..fc0289a
--- /dev/null
+++ b/yaml/cas-deployment.yaml
@@ -0,0 +1,52 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: cas-deployment
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: cas
+  template:
+    metadata:
+      labels:
+        app: cas
+    spec:
+      containers:
+        - name: cas
+          image: ghcr.io/cas-4/backend:latest
+          imagePullPolicy: Always
+          env:
+            - name: RUST_LOG
+              valueFrom:
+                configMapKeyRef:
+                  name: cas-config
+                  key: RUST_LOG
+            - name: DATABASE_URL
+              valueFrom:
+                configMapKeyRef:
+                  name: cas-config
+                  key: DATABASE_URL
+            - name: JWT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: cas-secret
+                  key: JWT_SECRET
+            - name: EXPO_ACCESS_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: cas-secret
+                  key: EXPO_ACCESS_TOKEN
+            - name: UNREALSPEECH_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: cas-secret
+                  key: UNREALSPEECH_TOKEN
+            - name: ALLOWED_HOST
+              valueFrom:
+                configMapKeyRef:
+                  name: cas-config
+                  key: ALLOWED_HOST
+          ports:
+            - containerPort: 8000
+      restartPolicy: Always
diff --git a/yaml/cas-secret.yaml b/yaml/cas-secret.yaml
new file mode 100644
index 0000000..a2fc3e3
--- /dev/null
+++ b/yaml/cas-secret.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: cas-secret
+type: Opaque
+data:
+  JWT_SECRET: ${JWT_SECRET}
+  EXPO_ACCESS_TOKEN: ${EXPO_ACCESS_TOKEN}
+  UNREALSPEECH_TOKEN: ${UNREALSPEECH_TOKEN}
diff --git a/yaml/cas-service.yaml b/yaml/cas-service.yaml
new file mode 100644
index 0000000..ff1d8c5
--- /dev/null
+++ b/yaml/cas-service.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: cas-service
+spec:
+  ports:
+    - port: 8000
+      targetPort: 8000
+      name: http
+      protocol: TCP
+  selector:
+    app: cas
+  type: ClusterIP
diff --git a/yaml/network-policy.yaml b/yaml/network-policy.yaml
new file mode 100644
index 0000000..2af8a27
--- /dev/null
+++ b/yaml/network-policy.yaml
@@ -0,0 +1,18 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-cas-postgres
+spec:
+  podSelector:
+    matchLabels:
+      app: cas
+  policyTypes:
+  - Ingress
+  ingress:
+  - from:
+      - podSelector:
+          matchLabels:
+            app: postgres
+    ports:
+    - protocol: TCP
+      port: 5432
diff --git a/yaml/pgdata-pvc.yaml b/yaml/pgdata-pvc.yaml
new file mode 100644
index 0000000..7580530
--- /dev/null
+++ b/yaml/pgdata-pvc.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: pgdata-pvc
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi
diff --git a/yaml/postgres-deployment.yaml b/yaml/postgres-deployment.yaml
new file mode 100644
index 0000000..fd9945f
--- /dev/null
+++ b/yaml/postgres-deployment.yaml
@@ -0,0 +1,38 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: postgres-deployment
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: postgres
+  template:
+    metadata:
+      labels:
+        app: postgres
+    spec:
+      containers:
+        - name: postgres
+          image: postgis/postgis:16-3.4
+          env:
+            - name: POSTGRES_USER
+              value: "postgres"
+            - name: POSTGRES_PASSWORD
+              value: "password"
+            - name: POSTGRES_DB
+              value: "gis"
+          ports:
+            - containerPort: 5432
+          volumeMounts:
+            - mountPath: /var/lib/postgresql/data
+              name: pgdata
+            - mountPath: /docker-entrypoint-initdb.d
+              name: schema
+      volumes:
+        - name: pgdata
+          persistentVolumeClaim:
+            claimName: pgdata-pvc
+        - name: schema
+          hostPath:
+            path: ${PGDATA}
diff --git a/yaml/postgres-service.yaml b/yaml/postgres-service.yaml
new file mode 100644
index 0000000..ad3b969
--- /dev/null
+++ b/yaml/postgres-service.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: postgres-service
+spec:
+  ports:
+    - port: 5432
+      targetPort: 5432
+  selector:
+    app: postgres
+  type: ClusterIP