ericampire/kube-manifest-template
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
701a92322ed8888d7a96ab88dfc28891e264b181
kube-manifest-template/template-courselit.yml
T
ericampire 701a92322e Add template-courselit.yml 
Add template file
2026-04-10 23:04:10 +00:00

464 lines
12 KiB
YAML
Raw Blame History

apiVersion: v1
kind: Namespace
metadata:
name: courselit
---
# Secret
apiVersion: v1
kind: Secret
metadata:
name: courselit-secrets
namespace: courselit
type: Opaque
stringData:
MONGO_ROOT_PASSWORD: "example"
DB_CONNECTION_STRING_COURSELIT: "mongodb://root:example@courselit-mongo-svc:27017/courselit?authSource=admin"
DB_CONNECTION_STRING_MEDIALIT: "mongodb://root:example@courselit-mongo-svc:27017/medialit?authSource=admin"
BETTER_AUTH_SECRET: "Auth secret"
EMAIL_PASS: "passs"
S3_ACCESS_KEY: "access_key"
S3_SECRET_KEY: "secret_key"
S3_ENDPOINT: "http://10.0.30.12:9001"
MEDIALIT_APIKEY: "key"
ADMIN_EMAIL: "youremail@gmail.com"
---
# MongoDB Service
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: courselit-mongo-pvc
namespace: courselit
spec:
accessModes: [ReadWriteOnce]
storageClassName: your_storage_class
resources:
requests:
storage: 10Gi
---
# MongoDB Service
apiVersion: v1
kind: Service
metadata:
name: courselit-mongo-svc
namespace: courselit
spec:
ports:
- port: 27017
selector:
app: courselit-mongo
---
# Redis Service
apiVersion: v1
kind: Service
metadata:
name: courselit-redis-svc
namespace: courselit
spec:
ports:
- port: 6379
selector:
app: courselit-redis
---
# Medialit load balancer
apiVersion: v1
kind: Service
metadata:
name: medialit-lb
namespace: courselit
annotations:
metallb.universe.tf/loadBalancerIPs: 10.0.25.62
spec:
type: LoadBalancer
externalTrafficPolicy: Local
selector:
app: medialit
ports:
- name: http
port: 80
targetPort: 80
protocol: TCP
---
# Courselit Service
apiVersion: v1
kind: Service
metadata:
name: courselit-svc
namespace: courselit
spec:
selector:
app: courselit
ports:
- port: 80
targetPort: 3000
---
# Courselit-Queue Service
apiVersion: v1
kind: Service
metadata:
name: courselit-queue-svc
namespace: courselit
spec:
ports:
- port: 80
targetPort: 80
selector:
app: courselit-queue
---
# MongoDB Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: courselit-mongo
namespace: courselit
spec:
strategy:
type: Recreate
selector:
matchLabels:
app: courselit-mongo
template:
metadata:
labels:
app: courselit-mongo
spec:
securityContext:
runAsNonRoot: true
runAsUser: 999
runAsGroup: 999
fsGroup: 999
seccompProfile:
type: RuntimeDefault
containers:
- name: mongo
image: mongo:4.4
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
runAsNonRoot: true
env:
- name: MONGO_INITDB_ROOT_USERNAME
value: "root"
- name: MONGO_INITDB_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: courselit-secrets
key: MONGO_ROOT_PASSWORD
ports:
- containerPort: 27017
volumeMounts:
- name: data
mountPath: /data/db
volumes:
- name: data
persistentVolumeClaim:
claimName: courselit-mongo-pvc
---
# Redis Deployment for Queues
apiVersion: apps/v1
kind: Deployment
metadata:
name: courselit-redis
namespace: courselit
spec:
selector:
matchLabels:
app: courselit-redis
template:
metadata:
labels:
app: courselit-redis
spec:
securityContext:
runAsNonRoot: true
runAsUser: 999
runAsGroup: 999
fsGroup: 999
seccompProfile:
type: RuntimeDefault
containers:
- name: redis
image: redis:6-alpine
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
runAsNonRoot: true
ports:
- containerPort: 6379
---
# Courselit Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: courselit
namespace: courselit
spec:
selector:
matchLabels:
app: courselit
template:
metadata:
labels:
app: courselit
spec:
securityContext:
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
seccompProfile:
type: RuntimeDefault
containers:
- name: courselit
image: codelit/courselit-app:latest
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
runAsNonRoot: true
ports:
- containerPort: 3000
env:
- name: NODE_ENV
value: "production"
- name: PORT
value: "3000"
- name: SITE_URL
value: "https://yourdomain.com"
# Mongo
- name: SUPER_ADMIN_EMAIL
valueFrom:
secretKeyRef:
name: courselit-secrets
key: ADMIN_EMAIL
- name: DB_CONNECTION_STRING
valueFrom:
secretKeyRef:
name: courselit-secrets
key: DB_CONNECTION_STRING_COURSELIT
- name: AUTH_SECRET
valueFrom:
secretKeyRef:
name: courselit-secrets
key: BETTER_AUTH_SECRET
# Mail
- name: EMAIL_HOST
value: "smtp.gmail.com"
- name: EMAIL_PORT
value: "465"
- name: EMAIL_USER
valueFrom:
secretKeyRef:
name: courselit-secrets
key: ADMIN_EMAIL
- name: EMAIL_PASS
valueFrom:
secretKeyRef:
name: courselit-secrets
key: EMAIL_PASS
- name: EMAIL_FROM
valueFrom:
secretKeyRef:
name: courselit-secrets
key: ADMIN_EMAIL
# Media
- name: MEDIALIT_SERVER
value: "http://10.0.25.62"
- name: MEDIALIT_APIKEY
valueFrom:
secretKeyRef:
name: courselit-secrets
key: MEDIALIT_APIKEY
# Queue
- name: QUEUE_SERVER
value: "http://courselit-queue-svc"
- name: COURSELIT_JWT_SECRET
valueFrom:
secretKeyRef:
name: courselit-secrets
key: BETTER_AUTH_SECRET
volumeMounts:
- name: next-cache
mountPath: /app/apps/web/.next/cache
volumes:
- name: next-cache
emptyDir: {}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: courselit-queue
namespace: courselit
spec:
selector:
matchLabels:
app: courselit-queue
template:
metadata:
labels:
app: courselit-queue
spec:
securityContext:
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
seccompProfile:
type: RuntimeDefault
containers:
- name: queue
image: codelit/courselit-queue:latest
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: [ "ALL" ]
runAsNonRoot: true
env:
- name: NODE_ENV
value: "production"
- name: REDIS_HOST
value: "courselit-redis-svc"
- name: DOMAIN
value: "yourdomain.com"
- name: DB_CONNECTION_STRING
valueFrom:
secretKeyRef:
name: courselit-secrets
key: DB_CONNECTION_STRING_COURSELIT
- name: COURSELIT_JWT_SECRET
valueFrom:
secretKeyRef:
name: courselit-secrets
key: BETTER_AUTH_SECRET
- name: PIXEL_SIGNING_SECRET
valueFrom:
secretKeyRef:
name: courselit-secrets
key: BETTER_AUTH_SECRET
- name: EMAIL_HOST
value: "smtp.gmail.com"
- name: EMAIL_PORT
value: "465"
- name: EMAIL_USER
valueFrom:
secretKeyRef:
name: courselit-secrets
key: ADMIN_EMAIL
- name: EMAIL_PASS
valueFrom:
secretKeyRef:
name: courselit-secrets
key: EMAIL_PASS
---
# Medialit Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: medialit
namespace: courselit
spec:
selector:
matchLabels:
app: medialit
template:
metadata:
labels:
app: medialit
spec:
securityContext:
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
containers:
- name: medialit
image: codelit/medialit:latest
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
env:
- name: PORT
value: "80"
- name: HOST
value: "0.0.0.0"
- name: ENABLE_TRUST_PROXY
value: "true"
- name: HOSTNAME_OVERRIDE
value: "10.0.25.62"
- name: DB_CONNECTION_STRING
valueFrom:
secretKeyRef:
name: courselit-secrets
key: DB_CONNECTION_STRING_MEDIALIT
# S3 Config
- name: CLOUD_ENDPOINT
valueFrom:
secretKeyRef:
name: courselit-secrets
key: S3_ENDPOINT
- name: CLOUD_ENDPOINT_PUBLIC
valueFrom:
secretKeyRef:
name: courselit-secrets
key: S3_ENDPOINT
- name: CDN_ENDPOINT
value: "http://10.0.30.12:9001/courselit-media"
- name: CLOUD_REGION
value: "us-east-1"
- name: CLOUD_KEY
valueFrom:
secretKeyRef:
name: courselit-secrets
key: S3_ACCESS_KEY
- name: CLOUD_SECRET
valueFrom:
secretKeyRef:
name: courselit-secrets
key: S3_SECRET_KEY
- name: CLOUD_PUBLIC_BUCKET_NAME
value: "courselit-media"
- name: CLOUD_BUCKET_NAME
value: "courselit-media-private"
- name: CLOUD_FORCE_PATH_STYLE
value: "true"
- name: CLOUD_PREFIX
value: "media"
- name: EMAIL
valueFrom:
secretKeyRef:
name: courselit-secrets
key: ADMIN_EMAIL
- name: TEMP_FILE_DIR_FOR_UPLOADS
value: "/tmp"
ports:
- containerPort: 80
---
# INGRESS Course lit
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: courselit-ingress
namespace: courselit
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
cert-manager.io/cluster-issuer: letsencrypt-cloudflare
spec:
ingressClassName: traefik
rules:
- host: yourdomain.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: courselit-svc
port:
number: 80
tls:
- hosts: [yourdomain.com]
secretName: courselit-tls-secret
Reference in New Issue View Git Blame Copy Permalink