deploy
All checks were successful
Build and Push Container Image / build-and-push (push) Successful in 8m29s

This commit is contained in:
2026-05-23 03:05:16 +02:00
parent 23246e2326
commit 43afad7dba
11 changed files with 268 additions and 0 deletions

0
deploy/.gitkeep Normal file
View File

View File

@@ -0,0 +1,12 @@
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultStaticSecret
metadata:
name: mal-app
spec:
type: kv-v2
mount: secret
path: mal
destination:
name: mal
create: true
refreshAfter: 1h

11
deploy/base/cert.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: mal-tls
spec:
secretName: mal-tls
issuerRef:
name: letsencrypt-prod
kind: ClusterIssuer
dnsNames:
- mal.melosh.tech

View File

@@ -0,0 +1,72 @@
# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
apiVersion: apps/v1
kind: Deployment
metadata:
name: mal
labels:
app: mal
spec:
replicas: 1
selector:
matchLabels:
app: mal
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
annotations:
kubectl.kubernetes.io/default-container: mal
labels:
app: mal
spec:
containers:
- name: mal
image: main
imagePullPolicy: IfNotPresent
ports:
- containerPort: 3000
name: http
resources:
requests:
cpu: 100m
memory: 100Mi
limits:
cpu: 100m
memory: 100Mi
livenessProbe:
tcpSocket:
port: 3000
initialDelaySeconds: 5
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
periodSeconds: 10
readinessProbe:
tcpSocket:
port: 3000
initialDelaySeconds: 2
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
periodSeconds: 10
env:
- name: DATABASE_FILE
value: /app/data/mal.db
- name: GIN_MODE
value: release
- name: PLAYBACK_PROXY_SECRET
valueFrom:
secretKeyRef:
name: mal
key: PLAYBACK_PROXY_SECRET
volumeMounts:
- name: data
mountPath: /app/data
volumes:
- name: data
persistentVolumeClaim:
claimName: mal-data
restartPolicy: Always

16
deploy/base/ingress.yaml Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: mal-ingress
spec:
entryPoints:
- websecure
- web
routes:
- match: Host(`mal.melosh.tech`)
kind: Rule
services:
- name: mal
port: 3000
tls:
secretName: mal-tls

View File

@@ -0,0 +1,11 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: mal
resources:
- ./deployment.yaml
- ./ingress.yaml
- ./cert.yaml
- ./service.yaml
- ./pvc.yaml
- ./app-secret.yaml

10
deploy/base/pvc.yaml Normal file
View File

@@ -0,0 +1,10 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mal-data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi

14
deploy/base/service.yaml Normal file
View File

@@ -0,0 +1,14 @@
# https://kubernetes.io/docs/concepts/services-networking/service/
apiVersion: v1
kind: Service
metadata:
name: mal
spec:
selector:
app: mal
type: ClusterIP
ports:
- name: mal
protocol: TCP
port: 3000
targetPort: 3000

View File

@@ -0,0 +1,20 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: mal
spec:
replicas: 1
template:
spec:
containers:
- name: mal
resources:
limits:
cpu: "1"
memory: "1Gi"
requests:
cpu: "500m"
memory: "512Mi"
env:
- name: ENV
value: production

View File

@@ -0,0 +1,20 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
# 1. Point to the base manifests
resources:
- ../../base
# 2. Apply the production-specific changes
patches:
- path: deployment.yaml
target:
kind: Deployment
name: mal
namespace: mal
images:
- name: main
newName: reg.milasholsting.dk/apps/mal
newTag: latest