commit 701a92322ed8888d7a96ab88dfc28891e264b181 Author: Eric Ampire Date: Fri Apr 10 23:04:10 2026 +0000 Add template-courselit.yml Add template file diff --git a/template-courselit.yml b/template-courselit.yml new file mode 100644 index 0000000..487cac4 --- /dev/null +++ b/template-courselit.yml @@ -0,0 +1,463 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: courselit +--- +# Secret +apiVersion: v1 +kind: Secret +metadata: + name: courselit-secrets + namespace: courselit +type: Opaque +stringData: + MONGO_ROOT_PASSWORD: "example" + DB_CONNECTION_STRING_COURSELIT: "mongodb://root:example@courselit-mongo-svc:27017/courselit?authSource=admin" + DB_CONNECTION_STRING_MEDIALIT: "mongodb://root:example@courselit-mongo-svc:27017/medialit?authSource=admin" + BETTER_AUTH_SECRET: "Auth secret" + EMAIL_PASS: "passs" + S3_ACCESS_KEY: "access_key" + S3_SECRET_KEY: "secret_key" + S3_ENDPOINT: "http://10.0.30.12:9001" + MEDIALIT_APIKEY: "key" + ADMIN_EMAIL: "youremail@gmail.com" +--- +# MongoDB Service +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: courselit-mongo-pvc + namespace: courselit +spec: + accessModes: [ReadWriteOnce] + storageClassName: your_storage_class + resources: + requests: + storage: 10Gi +--- +# MongoDB Service +apiVersion: v1 +kind: Service +metadata: + name: courselit-mongo-svc + namespace: courselit +spec: + ports: + - port: 27017 + selector: + app: courselit-mongo +--- +# Redis Service +apiVersion: v1 +kind: Service +metadata: + name: courselit-redis-svc + namespace: courselit +spec: + ports: + - port: 6379 + selector: + app: courselit-redis +--- +# Medialit load balancer +apiVersion: v1 +kind: Service +metadata: + name: medialit-lb + namespace: courselit + annotations: + metallb.universe.tf/loadBalancerIPs: 10.0.25.62 +spec: + type: LoadBalancer + externalTrafficPolicy: Local + selector: + app: medialit + ports: + - name: http + port: 80 + targetPort: 80 + protocol: TCP +--- +# Courselit Service +apiVersion: v1 +kind: Service +metadata: + name: courselit-svc + namespace: courselit +spec: + selector: + app: courselit + ports: + - port: 80 + targetPort: 3000 +--- +# Courselit-Queue Service +apiVersion: v1 +kind: Service +metadata: + name: courselit-queue-svc + namespace: courselit +spec: + ports: + - port: 80 + targetPort: 80 + selector: + app: courselit-queue +--- +# MongoDB Deployment +apiVersion: apps/v1 +kind: Deployment +metadata: + name: courselit-mongo + namespace: courselit +spec: + strategy: + type: Recreate + selector: + matchLabels: + app: courselit-mongo + template: + metadata: + labels: + app: courselit-mongo + spec: + securityContext: + runAsNonRoot: true + runAsUser: 999 + runAsGroup: 999 + fsGroup: 999 + seccompProfile: + type: RuntimeDefault + containers: + - name: mongo + image: mongo:4.4 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + runAsNonRoot: true + env: + - name: MONGO_INITDB_ROOT_USERNAME + value: "root" + - name: MONGO_INITDB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: courselit-secrets + key: MONGO_ROOT_PASSWORD + ports: + - containerPort: 27017 + volumeMounts: + - name: data + mountPath: /data/db + volumes: + - name: data + persistentVolumeClaim: + claimName: courselit-mongo-pvc +--- +# Redis Deployment for Queues +apiVersion: apps/v1 +kind: Deployment +metadata: + name: courselit-redis + namespace: courselit +spec: + selector: + matchLabels: + app: courselit-redis + template: + metadata: + labels: + app: courselit-redis + spec: + securityContext: + runAsNonRoot: true + runAsUser: 999 + runAsGroup: 999 + fsGroup: 999 + seccompProfile: + type: RuntimeDefault + containers: + - name: redis + image: redis:6-alpine + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + runAsNonRoot: true + ports: + - containerPort: 6379 +--- +# Courselit Deployment +apiVersion: apps/v1 +kind: Deployment +metadata: + name: courselit + namespace: courselit +spec: + selector: + matchLabels: + app: courselit + template: + metadata: + labels: + app: courselit + spec: + securityContext: + runAsNonRoot: true + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + seccompProfile: + type: RuntimeDefault + containers: + - name: courselit + image: codelit/courselit-app:latest + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + runAsNonRoot: true + ports: + - containerPort: 3000 + env: + - name: NODE_ENV + value: "production" + - name: PORT + value: "3000" + - name: SITE_URL + value: "https://yourdomain.com" + # Mongo + - name: SUPER_ADMIN_EMAIL + valueFrom: + secretKeyRef: + name: courselit-secrets + key: ADMIN_EMAIL + - name: DB_CONNECTION_STRING + valueFrom: + secretKeyRef: + name: courselit-secrets + key: DB_CONNECTION_STRING_COURSELIT + - name: AUTH_SECRET + valueFrom: + secretKeyRef: + name: courselit-secrets + key: BETTER_AUTH_SECRET + # Mail + - name: EMAIL_HOST + value: "smtp.gmail.com" + - name: EMAIL_PORT + value: "465" + - name: EMAIL_USER + valueFrom: + secretKeyRef: + name: courselit-secrets + key: ADMIN_EMAIL + - name: EMAIL_PASS + valueFrom: + secretKeyRef: + name: courselit-secrets + key: EMAIL_PASS + - name: EMAIL_FROM + valueFrom: + secretKeyRef: + name: courselit-secrets + key: ADMIN_EMAIL + # Media + - name: MEDIALIT_SERVER + value: "http://10.0.25.62" + - name: MEDIALIT_APIKEY + valueFrom: + secretKeyRef: + name: courselit-secrets + key: MEDIALIT_APIKEY + # Queue + - name: QUEUE_SERVER + value: "http://courselit-queue-svc" + - name: COURSELIT_JWT_SECRET + valueFrom: + secretKeyRef: + name: courselit-secrets + key: BETTER_AUTH_SECRET + volumeMounts: + - name: next-cache + mountPath: /app/apps/web/.next/cache + volumes: + - name: next-cache + emptyDir: {} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: courselit-queue + namespace: courselit +spec: + selector: + matchLabels: + app: courselit-queue + template: + metadata: + labels: + app: courselit-queue + spec: + securityContext: + runAsNonRoot: true + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + seccompProfile: + type: RuntimeDefault + containers: + - name: queue + image: codelit/courselit-queue:latest + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: [ "ALL" ] + runAsNonRoot: true + env: + - name: NODE_ENV + value: "production" + - name: REDIS_HOST + value: "courselit-redis-svc" + - name: DOMAIN + value: "yourdomain.com" + - name: DB_CONNECTION_STRING + valueFrom: + secretKeyRef: + name: courselit-secrets + key: DB_CONNECTION_STRING_COURSELIT + - name: COURSELIT_JWT_SECRET + valueFrom: + secretKeyRef: + name: courselit-secrets + key: BETTER_AUTH_SECRET + - name: PIXEL_SIGNING_SECRET + valueFrom: + secretKeyRef: + name: courselit-secrets + key: BETTER_AUTH_SECRET + - name: EMAIL_HOST + value: "smtp.gmail.com" + - name: EMAIL_PORT + value: "465" + - name: EMAIL_USER + valueFrom: + secretKeyRef: + name: courselit-secrets + key: ADMIN_EMAIL + - name: EMAIL_PASS + valueFrom: + secretKeyRef: + name: courselit-secrets + key: EMAIL_PASS +--- +# Medialit Deployment +apiVersion: apps/v1 +kind: Deployment +metadata: + name: medialit + namespace: courselit +spec: + selector: + matchLabels: + app: medialit + template: + metadata: + labels: + app: medialit + spec: + securityContext: + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + containers: + - name: medialit + image: codelit/medialit:latest + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + env: + - name: PORT + value: "80" + - name: HOST + value: "0.0.0.0" + - name: ENABLE_TRUST_PROXY + value: "true" + - name: HOSTNAME_OVERRIDE + value: "10.0.25.62" + - name: DB_CONNECTION_STRING + valueFrom: + secretKeyRef: + name: courselit-secrets + key: DB_CONNECTION_STRING_MEDIALIT + # S3 Config + - name: CLOUD_ENDPOINT + valueFrom: + secretKeyRef: + name: courselit-secrets + key: S3_ENDPOINT + - name: CLOUD_ENDPOINT_PUBLIC + valueFrom: + secretKeyRef: + name: courselit-secrets + key: S3_ENDPOINT + - name: CDN_ENDPOINT + value: "http://10.0.30.12:9001/courselit-media" + - name: CLOUD_REGION + value: "us-east-1" + - name: CLOUD_KEY + valueFrom: + secretKeyRef: + name: courselit-secrets + key: S3_ACCESS_KEY + - name: CLOUD_SECRET + valueFrom: + secretKeyRef: + name: courselit-secrets + key: S3_SECRET_KEY + - name: CLOUD_PUBLIC_BUCKET_NAME + value: "courselit-media" + - name: CLOUD_BUCKET_NAME + value: "courselit-media-private" + - name: CLOUD_FORCE_PATH_STYLE + value: "true" + - name: CLOUD_PREFIX + value: "media" + - name: EMAIL + valueFrom: + secretKeyRef: + name: courselit-secrets + key: ADMIN_EMAIL + - name: TEMP_FILE_DIR_FOR_UPLOADS + value: "/tmp" + ports: + - containerPort: 80 +--- +# INGRESS Course lit +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: courselit-ingress + namespace: courselit + annotations: + traefik.ingress.kubernetes.io/router.entrypoints: web,websecure + cert-manager.io/cluster-issuer: letsencrypt-cloudflare +spec: + ingressClassName: traefik + rules: + - host: yourdomain.com + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: courselit-svc + port: + number: 80 + tls: + - hosts: [yourdomain.com] + secretName: courselit-tls-secret +