apiVersion: v1 kind: Namespace metadata: name: courselit --- # Secret apiVersion: v1 kind: Secret metadata: name: courselit-secrets namespace: courselit type: Opaque stringData: MONGO_ROOT_PASSWORD: "example" DB_CONNECTION_STRING_COURSELIT: "mongodb://root:example@courselit-mongo-svc:27017/courselit?authSource=admin" DB_CONNECTION_STRING_MEDIALIT: "mongodb://root:example@courselit-mongo-svc:27017/medialit?authSource=admin" BETTER_AUTH_SECRET: "Auth secret" EMAIL_PASS: "passs" S3_ACCESS_KEY: "access_key" S3_SECRET_KEY: "secret_key" S3_ENDPOINT: "http://10.0.30.12:9001" MEDIALIT_APIKEY: "key" ADMIN_EMAIL: "youremail@gmail.com" --- # MongoDB Service apiVersion: v1 kind: PersistentVolumeClaim metadata: name: courselit-mongo-pvc namespace: courselit spec: accessModes: [ReadWriteOnce] storageClassName: your_storage_class resources: requests: storage: 10Gi --- # MongoDB Service apiVersion: v1 kind: Service metadata: name: courselit-mongo-svc namespace: courselit spec: ports: - port: 27017 selector: app: courselit-mongo --- # Redis Service apiVersion: v1 kind: Service metadata: name: courselit-redis-svc namespace: courselit spec: ports: - port: 6379 selector: app: courselit-redis --- # Medialit load balancer apiVersion: v1 kind: Service metadata: name: medialit-lb namespace: courselit annotations: metallb.universe.tf/loadBalancerIPs: 10.0.25.62 spec: type: LoadBalancer externalTrafficPolicy: Local selector: app: medialit ports: - name: http port: 80 targetPort: 80 protocol: TCP --- # Courselit Service apiVersion: v1 kind: Service metadata: name: courselit-svc namespace: courselit spec: selector: app: courselit ports: - port: 80 targetPort: 3000 --- # Courselit-Queue Service apiVersion: v1 kind: Service metadata: name: courselit-queue-svc namespace: courselit spec: ports: - port: 80 targetPort: 80 selector: app: courselit-queue --- # MongoDB Deployment apiVersion: apps/v1 kind: Deployment metadata: name: courselit-mongo namespace: courselit spec: strategy: type: Recreate selector: matchLabels: app: courselit-mongo template: metadata: labels: app: courselit-mongo spec: securityContext: runAsNonRoot: true runAsUser: 999 runAsGroup: 999 fsGroup: 999 seccompProfile: type: RuntimeDefault containers: - name: mongo image: mongo:4.4 securityContext: allowPrivilegeEscalation: false capabilities: drop: ["ALL"] runAsNonRoot: true env: - name: MONGO_INITDB_ROOT_USERNAME value: "root" - name: MONGO_INITDB_ROOT_PASSWORD valueFrom: secretKeyRef: name: courselit-secrets key: MONGO_ROOT_PASSWORD ports: - containerPort: 27017 volumeMounts: - name: data mountPath: /data/db volumes: - name: data persistentVolumeClaim: claimName: courselit-mongo-pvc --- # Redis Deployment for Queues apiVersion: apps/v1 kind: Deployment metadata: name: courselit-redis namespace: courselit spec: selector: matchLabels: app: courselit-redis template: metadata: labels: app: courselit-redis spec: securityContext: runAsNonRoot: true runAsUser: 999 runAsGroup: 999 fsGroup: 999 seccompProfile: type: RuntimeDefault containers: - name: redis image: redis:6-alpine securityContext: allowPrivilegeEscalation: false capabilities: drop: ["ALL"] runAsNonRoot: true ports: - containerPort: 6379 --- # Courselit Deployment apiVersion: apps/v1 kind: Deployment metadata: name: courselit namespace: courselit spec: selector: matchLabels: app: courselit template: metadata: labels: app: courselit spec: securityContext: runAsNonRoot: true runAsUser: 1000 runAsGroup: 1000 fsGroup: 1000 seccompProfile: type: RuntimeDefault containers: - name: courselit image: codelit/courselit-app:latest securityContext: allowPrivilegeEscalation: false capabilities: drop: ["ALL"] runAsNonRoot: true ports: - containerPort: 3000 env: - name: NODE_ENV value: "production" - name: PORT value: "3000" - name: SITE_URL value: "https://yourdomain.com" # Mongo - name: SUPER_ADMIN_EMAIL valueFrom: secretKeyRef: name: courselit-secrets key: ADMIN_EMAIL - name: DB_CONNECTION_STRING valueFrom: secretKeyRef: name: courselit-secrets key: DB_CONNECTION_STRING_COURSELIT - name: AUTH_SECRET valueFrom: secretKeyRef: name: courselit-secrets key: BETTER_AUTH_SECRET # Mail - name: EMAIL_HOST value: "smtp.gmail.com" - name: EMAIL_PORT value: "465" - name: EMAIL_USER valueFrom: secretKeyRef: name: courselit-secrets key: ADMIN_EMAIL - name: EMAIL_PASS valueFrom: secretKeyRef: name: courselit-secrets key: EMAIL_PASS - name: EMAIL_FROM valueFrom: secretKeyRef: name: courselit-secrets key: ADMIN_EMAIL # Media - name: MEDIALIT_SERVER value: "http://10.0.25.62" - name: MEDIALIT_APIKEY valueFrom: secretKeyRef: name: courselit-secrets key: MEDIALIT_APIKEY # Queue - name: QUEUE_SERVER value: "http://courselit-queue-svc" - name: COURSELIT_JWT_SECRET valueFrom: secretKeyRef: name: courselit-secrets key: BETTER_AUTH_SECRET volumeMounts: - name: next-cache mountPath: /app/apps/web/.next/cache volumes: - name: next-cache emptyDir: {} --- apiVersion: apps/v1 kind: Deployment metadata: name: courselit-queue namespace: courselit spec: selector: matchLabels: app: courselit-queue template: metadata: labels: app: courselit-queue spec: securityContext: runAsNonRoot: true runAsUser: 1000 runAsGroup: 1000 fsGroup: 1000 seccompProfile: type: RuntimeDefault containers: - name: queue image: codelit/courselit-queue:latest securityContext: allowPrivilegeEscalation: false capabilities: drop: [ "ALL" ] runAsNonRoot: true env: - name: NODE_ENV value: "production" - name: REDIS_HOST value: "courselit-redis-svc" - name: DOMAIN value: "yourdomain.com" - name: DB_CONNECTION_STRING valueFrom: secretKeyRef: name: courselit-secrets key: DB_CONNECTION_STRING_COURSELIT - name: COURSELIT_JWT_SECRET valueFrom: secretKeyRef: name: courselit-secrets key: BETTER_AUTH_SECRET - name: PIXEL_SIGNING_SECRET valueFrom: secretKeyRef: name: courselit-secrets key: BETTER_AUTH_SECRET - name: EMAIL_HOST value: "smtp.gmail.com" - name: EMAIL_PORT value: "465" - name: EMAIL_USER valueFrom: secretKeyRef: name: courselit-secrets key: ADMIN_EMAIL - name: EMAIL_PASS valueFrom: secretKeyRef: name: courselit-secrets key: EMAIL_PASS --- # Medialit Deployment apiVersion: apps/v1 kind: Deployment metadata: name: medialit namespace: courselit spec: selector: matchLabels: app: medialit template: metadata: labels: app: medialit spec: securityContext: runAsNonRoot: true runAsUser: 1000 seccompProfile: type: RuntimeDefault containers: - name: medialit image: codelit/medialit:latest securityContext: allowPrivilegeEscalation: false capabilities: drop: ["ALL"] env: - name: PORT value: "80" - name: HOST value: "0.0.0.0" - name: ENABLE_TRUST_PROXY value: "true" - name: HOSTNAME_OVERRIDE value: "10.0.25.62" - name: DB_CONNECTION_STRING valueFrom: secretKeyRef: name: courselit-secrets key: DB_CONNECTION_STRING_MEDIALIT # S3 Config - name: CLOUD_ENDPOINT valueFrom: secretKeyRef: name: courselit-secrets key: S3_ENDPOINT - name: CLOUD_ENDPOINT_PUBLIC valueFrom: secretKeyRef: name: courselit-secrets key: S3_ENDPOINT - name: CDN_ENDPOINT value: "http://10.0.30.12:9001/courselit-media" - name: CLOUD_REGION value: "us-east-1" - name: CLOUD_KEY valueFrom: secretKeyRef: name: courselit-secrets key: S3_ACCESS_KEY - name: CLOUD_SECRET valueFrom: secretKeyRef: name: courselit-secrets key: S3_SECRET_KEY - name: CLOUD_PUBLIC_BUCKET_NAME value: "courselit-media" - name: CLOUD_BUCKET_NAME value: "courselit-media-private" - name: CLOUD_FORCE_PATH_STYLE value: "true" - name: CLOUD_PREFIX value: "media" - name: EMAIL valueFrom: secretKeyRef: name: courselit-secrets key: ADMIN_EMAIL - name: TEMP_FILE_DIR_FOR_UPLOADS value: "/tmp" ports: - containerPort: 80 --- # INGRESS Course lit apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: courselit-ingress namespace: courselit annotations: traefik.ingress.kubernetes.io/router.entrypoints: web,websecure cert-manager.io/cluster-issuer: letsencrypt-cloudflare spec: ingressClassName: traefik rules: - host: yourdomain.com http: paths: - path: / pathType: Prefix backend: service: name: courselit-svc port: number: 80 tls: - hosts: [yourdomain.com] secretName: courselit-tls-secret