hvg-dev/blog
1
0
Fork 0
Code Actions Activity

+ ADD kubernetes deployment
All checks were successful
/ build-and-deploy (push) Successful in 1m24s
Details

Browse Source
This commit is contained in:
felegy
2025-10-01 07:42:27 +00:00
parent 28c75bf5c0
commit d306608edf
27 changed files with 576 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
k8s/manifests/app/templates/0-github-container-registry.yaml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
annotations:
sealedsecrets.bitnami.com/cluster-wide: "true"
name: github-container-registry
spec:
encryptedData:
.dockerconfigjson: {{ .Values.imagePullSealedSecret | quote }}
template:
metadata:
annotations:
sealedsecrets.bitnami.com/cluster-wide: "true"
name: github-container-registry
type: kubernetes.io/dockerconfigjson

31
k8s/manifests/app/templates/1-db-user.yaml Normal file
View File

@@ -0,0 +1,31 @@
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
name: "{{ .Release.Name }}-db-pass"
namespace: {{ .Release.Namespace }}
annotations:
sealedsecrets.bitnami.com/cluster-wide: "true"
spec:
encryptedData:
password: {{ .Values.db.sealedPassword | quote }}
template:
metadata:
annotations:
sealedsecrets.bitnami.com/cluster-wide: "true"
name: "{{ .Release.Name }}-db-pass"
namespace: {{ .Release.Namespace }}
---
apiVersion: k8s.mariadb.com/v1alpha1
kind: User
metadata:
name: "{{ .Release.Name }}-db-user"
spec:
name: {{ .Values.db.username | quote }}
mariaDbRef:
name: mariadb
namespace: default
passwordSecretKeyRef:
name: "{{ .Release.Name }}-db-pass"
key: password
# This field is immutable and defaults to 10
maxUserConnections: 0

12
k8s/manifests/app/templates/2-database.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: k8s.mariadb.com/v1alpha1
kind: Database
metadata:
name: {{ .Release.Name }}
namespace: {{ .Release.Namespace }}
spec:
name: {{ .Values.db.name | quote }}
mariaDbRef:
name: mariadb
namespace: default
characterSet: utf8
collate: utf8_general_ci

24
k8s/manifests/app/templates/3-db-grant.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: k8s.mariadb.com/v1alpha1
kind: Grant
metadata:
name: {{ .Release.Name }}
namespace: {{ .Release.Namespace }}
spec:
mariaDbRef:
name: mariadb
namespace: default
privileges:
- "SELECT"
- "INSERT"
- "UPDATE"
- "DELETE"
- "CREATE"
- "DROP"
- "INDEX"
- "ALTER"
- "LOCK TABLES"
- "EXECUTE"
database: {{ .Values.db.name | quote }}
table: "*"
username: {{ .Values.db.username | quote }}
grantOption: true

26
k8s/manifests/app/templates/4-db-connection.yaml Normal file
View File

@@ -0,0 +1,26 @@
apiVersion: k8s.mariadb.com/v1alpha1
kind: Connection
metadata:
name: {{ .Release.Name }}
namespace: {{ .Release.Namespace }}
spec:
mariaDbRef:
name: mariadb
namespace: default
username: {{ .Values.db.username | quote }}
passwordSecretKeyRef:
name: "{{ .Release.Name }}-db-pass"
key: password
database: {{ .Values.db.name | quote }}
secretName: "{{ .Release.Name }}-db-connection"
secretTemplate:
key: dsn
usernameKey: DB_USER
passwordKey: DB_PASSWORD
hostKey: DB_HOST
portKey: DB_PORT
databaseKey: DB_NAME
healthCheck:
interval: 60s
retryInterval: 30s
serviceName: mariadb

11
k8s/manifests/app/templates/5-configmap-env.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Release.Name }}
namespace: {{ .Release.Namespace }}
data:
WP_HOME: "https://{{ .Values.host }}"
WP_SITEURL: "https://{{ .Values.host }}/wp"
{{- range $key, $val := .Values.env }}
{{ $key }}: {{ $val | quote }}
{{- end }}

18
k8s/manifests/app/templates/6-secret-env.yaml Normal file
View File

@@ -0,0 +1,18 @@
{{- if .Values.sealedSecretEnv }}
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
name: {{ .Release.Name }}
namespace: {{ .Release.Namespace }}
annotations:
sealedsecrets.bitnami.com/cluster-wide: "true"
spec:
encryptedData:
{{- range $key, $val := .Values.sealedSecretEnv }}
{{ $key }}: {{ $val | quote }}
{{- end }}
template:
metadata:
name: {{ .Release.Name }}
namespace: {{ .Release.Namespace }}
{{- end }}

83
k8s/manifests/app/templates/7-wp-deployment.yaml Normal file
View File

@@ -0,0 +1,83 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .Release.Name }}
namespace: {{ .Release.Namespace }}
labels:
app: {{ .Release.Name }}
spec:
replicas: 1
# revisionHistoryLimit: 3
selector:
matchLabels:
app: {{ .Release.Name }}
template:
metadata:
labels:
app: {{ .Release.Name }}
spec:
imagePullSecrets:
- name: github-container-registry
containers:
- name: {{ .Release.Name }}
image: {{ .Values.image }}
imagePullPolicy: Always
command:
- {{ .Values.command | default "web" | quote }}
resources:
requests:
memory: 128M
cpu: 100m
limits:
memory: 512M
ports:
- containerPort: 5000
envFrom:
- configMapRef:
name: {{ .Release.Name }}
- secretRef:
name: {{ .Release.Name }}
- secretRef:
name: "{{ .Release.Name }}-db-connection"
livenessProbe:
failureThreshold: 3
httpGet:
httpHeaders:
- name: Host
value: {{ .Values.host }}
- name: X-Forwarded-Proto
value: https
path: /wp/wp-cron.php?nocache
port: 5000
initialDelaySeconds: 10
periodSeconds: 60
successThreshold: 1
timeoutSeconds: 30
readinessProbe:
failureThreshold: 3
httpGet:
httpHeaders:
- name: Host
value: {{ .Values.host }}
- name: X-Forwarded-Proto
value: https
path: /?nocache
port: 5000
initialDelaySeconds: 10
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 30
---
apiVersion: v1
kind: Service
metadata:
name: {{ .Release.Name }}
namespace: {{ .Release.Namespace }}
spec:
selector:
app: {{ .Release.Name }}
ports:
- name: wp
protocol: TCP
port: 5000
targetPort: 5000

22
k8s/manifests/app/templates/8-ingress.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ .Release.Name }}
namespace: {{ .Release.Namespace }}
spec:
ingressClassName: nginx
rules:
- host: {{ .Values.host }}
http:
paths:
- backend:
service:
name: {{ .Release.Name }}
port:
number: 5000
path: /
pathType: Prefix
tls:
- hosts:
- {{ .Values.host }}
secretName: "{{ .Release.Name }}-tls"