hvg-dev/blog
1
0
Fork 0
Code Actions Activity

+ ADD kubernetes deployment
All checks were successful
/ build-and-deploy (push) Successful in 1m48s
Details

Browse Source
This commit is contained in:
felegy
2025-10-01 07:42:27 +00:00
parent 28c75bf5c0
commit 423fbde37c
24 changed files with 547 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
k8s/manifests/app/templates/1-db-user.yaml Normal file
View File

@@ -0,0 +1,33 @@
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
name: "{{ template 'common.robustName' .Release.Name }}-db-pass"
namespace: {{ .Release.Namespace }}
labels:
{{- include "helm-chart.labels" . | nindent 4 }}
annotations:
sealedsecrets.bitnami.com/cluster-wide: "true"
spec:
encryptedData:
password: {{ .Values.db.sealedPassword | quote }}
template:
metadata:
annotations:
sealedsecrets.bitnami.com/cluster-wide: "true"
name: "{{ template 'common.robustName' .Release.Name }}-db-pass"
namespace: {{ .Release.Namespace }}
---
apiVersion: k8s.mariadb.com/v1alpha1
kind: User
metadata:
name: "{{ template 'common.robustName' .Release.Name }}-db-user"
spec:
name: {{ .Values.db.username | quote }}
mariaDbRef:
name: mariadb
namespace: default
passwordSecretKeyRef:
name: "{{ template 'common.robustName' .Release.Name }}-db-pass"
key: password
# This field is immutable and defaults to 10
maxUserConnections: 0

14
k8s/manifests/app/templates/2-database.yaml Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: k8s.mariadb.com/v1alpha1
kind: Database
metadata:
name: {{ template "common.robustName" .Release.Name }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "helm-chart.labels" . | nindent 4 }}
spec:
name: {{ .Values.db.name | quote }}
mariaDbRef:
name: mariadb
namespace: default
characterSet: utf8
collate: utf8_general_ci

26
k8s/manifests/app/templates/3-db-grant.yaml Normal file
View File

@@ -0,0 +1,26 @@
apiVersion: k8s.mariadb.com/v1alpha1
kind: Grant
metadata:
name: {{ template "common.robustName" .Release.Name }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "helm-chart.labels" . | nindent 4 }}
spec:
mariaDbRef:
name: mariadb
namespace: default
privileges:
- "SELECT"
- "INSERT"
- "UPDATE"
- "DELETE"
- "CREATE"
- "DROP"
- "INDEX"
- "ALTER"
- "LOCK TABLES"
- "EXECUTE"
database: {{ .Values.db.name | quote }}
table: "*"
username: {{ .Values.db.username | quote }}
grantOption: true

28
k8s/manifests/app/templates/4-db-connection.yaml Normal file
View File

@@ -0,0 +1,28 @@
apiVersion: k8s.mariadb.com/v1alpha1
kind: Connection
metadata:
name: {{ template "common.robustName" .Release.Name }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "helm-chart.labels" . | nindent 4 }}
spec:
mariaDbRef:
name: mariadb
namespace: default
username: dev
passwordSecretKeyRef:
name: dev-db-pass
key: password
database: dev
secretName: dev-db-connection
secretTemplate:
key: dsn
usernameKey: DB_USER
passwordKey: DB_PASSWORD
hostKey: DB_HOST
portKey: DB_PORT
databaseKey: DB_NAME
healthCheck:
interval: 60s
retryInterval: 30s
serviceName: mariadb

13
k8s/manifests/app/templates/5-configmap-env.yaml Normal file
View File

@@ -0,0 +1,13 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "common.robustName" .Release.Name }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "helm-chart.labels" . | nindent 4 }}
data:
WP_HOME: "https://{{ .Values.host }}"
WP_SITEURL: "https://{{ .Values.host }}/wp"
{{- range $key, $val := .Values.env }}
{{ $key }}: {{ $val | quote }}
{{- end }}

15
k8s/manifests/app/templates/6-secret-env.yaml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
annotations:
sealedsecrets.bitnami.com/cluster-wide: "true"
name: dev-secret-env
spec:
encryptedData:
template:
metadata:
annotations:
sealedsecrets.bitnami.com/cluster-wide: "true"
name: dev-secret-env
type: Opaque

86
k8s/manifests/app/templates/7-wp-deployment.yaml Normal file
View File

@@ -0,0 +1,86 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "common.robustName" .Release.Name }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "helm-chart.labels" . | nindent 4 }}
app: {{ template "common.robustName" .Release.Name }}
spec:
replicas: 1
# revisionHistoryLimit: 3
selector:
matchLabels:
app: {{ template "common.robustName" .Release.Name }}
template:
metadata:
labels:
app: {{ template "common.robustName" .Release.Name }}
spec:
imagePullSecrets:
- name: github-container-registry
containers:
- name: {{ template "common.robustName" .Release.Name }}
image: {{ .Values.image }}
imagePullPolicy: Always
command:
- {{ .Values.command | default "web" | quote }}
resources:
requests:
memory: 128M
cpu: 100m
limits:
memory: 512M
ports:
- containerPort: 5000
envFrom:
- configMapRef:
name: dev-env
- secretRef:
name: dev-secret-env
- secretRef:
name: dev-db-connection
livenessProbe:
failureThreshold: 3
httpGet:
httpHeaders:
- name: Host
value: {{ .Values.host }}
- name: X-Forwarded-Proto
value: https
path: /wp/wp-cron.php?nocache
port: 5000
initialDelaySeconds: 10
periodSeconds: 60
successThreshold: 1
timeoutSeconds: 30
readinessProbe:
failureThreshold: 3
httpGet:
httpHeaders:
- name: Host
value: {{ .Values.host }}
- name: X-Forwarded-Proto
value: https
path: /?nocache
port: 5000
initialDelaySeconds: 10
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 30
---
apiVersion: v1
kind: Service
metadata:
name: {{ template "common.robustName" .Release.Name }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "helm-chart.labels" . | nindent 4 }}
spec:
selector:
app: {{ template "common.robustName" .Release.Name }}
ports:
- name: wp
protocol: TCP
port: 5000
targetPort: 5000