old-portfolio/storage-hideyoshi.com
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: implements a better kubernetes deployment setup

Browse Source
This commit is contained in:
Vitor Hideyoshi
2025-11-08 19:59:07 -03:00
parent 114cc99a52
commit c615a71277
12 changed files with 184 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
.k8s/.sops.yaml Normal file
View File

@@ -0,0 +1,5 @@
creation_rules:
- path_regex: ^secrets(\.enc)?\.yml$
encrypted_regex: '^(data|stringData)$'
pgp: >-
8C8D94A7639C87559B0F2F64B7E1F62F69798EB6

12
.k8s/config.template.yml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: storage-config
namespace: ${KUBE_NAMESPACE}
data:
SERVER_PORT: "8000"
REDIS_HOST: "storage-redis-service"
REDIS_PORT: "6379"
EXPIRES_IN: "1800000"

63
.k8s/deployment.template.yml Normal file
View File

@@ -0,0 +1,63 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: storage-deployment
namespace: ${KUBE_NAMESPACE}
spec:
replicas: 1
selector:
matchLabels:
app: storage
template:
metadata:
labels:
app: storage
spec:
nodeSelector:
${WORKER_NODE_LABEL}
imagePullSecrets:
- name: ghcr-secret
containers:
- name: storage
image: ${IMAGE_BASE}:${IMAGE_TAG}
imagePullPolicy: Always
resources:
requests:
memory: "256Mi"
cpu: "250m"
limits:
memory: "256Mi"
cpu: "1000m"
ports:
- containerPort: 8000
readinessProbe:
httpGet:
path: /health
port: 8000
initialDelaySeconds: 60
livenessProbe:
httpGet:
path: /health
port: 8000
initialDelaySeconds: 60
envFrom:
- configMapRef:
name: storage-config
- secretRef:
name: storage-secret
---
apiVersion: v1
kind: Service
metadata:
namespace: ${KUBE_NAMESPACE}
name: storage-service
spec:
selector:
app: backend
ports:
- port: 8000
protocol: TCP
targetPort: 8000
type: ClusterIP

47
.k8s/redis.template.yml Normal file
View File

@@ -0,0 +1,47 @@
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: ${KUBE_NAMESPACE}
name: storage-redis-deployment
spec:
replicas: 1
selector:
matchLabels:
app: storage-redis
template:
metadata:
labels:
app: storage-redis
spec:
containers:
- name: redis
image: valkey/valkey:8.0.6-alpine
imagePullPolicy: "IfNotPresent"
resources:
requests:
memory: "256Mi"
cpu: "75m"
limits:
memory: "256Mi"
cpu: "256m"
ports:
- containerPort: 6379
env:
- name: VALKEY_PASSWORD
valueFrom:
secretKeyRef:
name: storage-secret
key: REDIS_PASSWORD
---
apiVersion: v1
kind: Service
metadata:
namespace: ${KUBE_NAMESPACE}
name: storage-redis-service
spec:
selector:
app: storage-redis
ports:
- port: 6379
type: ClusterIP

38
.k8s/secrets.enc.yml Normal file
View File

@@ -0,0 +1,38 @@
apiVersion: v1
kind: Secret
metadata:
name: storage-secret
namespace: ${KUBE_NAMESPACE}
data:
REDIS_PASSWORD: ENC[AES256_GCM,data:QAjxHjGqOIun8jTN,iv:tfOsGEP0+kGfqvL90Ek6ZNOcueUFnYpYGE6f7r2EvoM=,tag:lAxPPRGE2dO//3hLFItOnA==,type:str]
AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:AtT8rcJxkxgWQ7SEPj5UEVvR+1b/CJt1Rc2zZQ==,iv:862ChLY0MkOwj+HG/sI+NqWFeK1mz6L3m8mWSKDqH4E=,tag:jpRNIXo7jMTYX/BAQG/7aQ==,type:str]
AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:vudblTMIDdRZiAmJeYqYtCXd4Jdv++QnvdIUH8PX3IJceW/vES2UybfcKwtKGJgMt6ZPnskOamM=,iv:JHbcu/Tv81d9NWPqPXcFZBSTmrml8xBEU4+G/pVgjGM=,tag:HnAf3tGcmv3CBUOA9px/rw==,type:str]
AWS_REGION_NAME: ENC[AES256_GCM,data:GfwdCPgAe7vAtrZPYRp0Ng==,iv:RkZ69hQkuobcOL9DSfhcmLIKsK0rnevHTWF+0Mbw7Dg=,tag:0XAm2oXhETKeUbuN2UPgyA==,type:str]
AWS_BUCKET_NAME: ENC[AES256_GCM,data:atzKtMWzlco3rZf5vsFmse1zd+f3xWHUYldeF8O2egmQOmkf,iv:lYw2tM65fszSG8+MhN6edZgvGlwxw0mhOIDvp93LWnE=,tag:iNR7JJzksrFkXrg4/87E/w==,type:str]
VIRUS_CHECKER_API_KEY: ENC[AES256_GCM,data:4Ick9JIfUIIZ/LEp09kMiJM9T4FaLmXKiksoeW0BiTGJlYcps5fZFgDEYBUzEcQTGMK8SD5yPZhEbytXXAvyNFanASsVa8rXX+sO98Xr6XFJqVZEjCJbiw==,iv:5/yl9sUEF7cFqf1RKhoV0oGWTLBxTeJDxShUns8/Qsg=,tag:LvEbdmPIeWQBw6G7wnWQkg==,type:str]
sops:
lastmodified: "2025-11-08T22:29:57Z"
mac: ENC[AES256_GCM,data:s15EYKavUjMl9CNqHY6D6XHJZMSwcWhdfW6IFeGhYtjHi6SXGnx/Vpj+L96011xuDca20gU8YS/m69ML2qPV3D5wTMogXYNYGW70LCnXm4YQK+QAIJmhRYPqjlZoQpI85c698+abWuh25zER4tukSZ/ZmmNxnNGZQEyOOnaw8oU=,iv:4nMkWcFmYzBFRoiqoFLO3pR0NTb3QXxqduBqQxfQ0Sc=,tag:uwcqo8+ErSMCOuZM/eUoQA==,type:str]
pgp:
- created_at: "2025-11-08T22:29:57Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwzdivR1H/BQAQ//WSCkM5pDyRMbSSMEP8lfREjwHszaXZLF0MkNfjlDsAEC
h1yVM2+v5snJj5clipD+8FRiTl69Jho7GGjCEDfoahNyhtgr7t/UH7XVDJKJeI8W
55JrWU/T8PBvXo+Ld0c3lKqqdNQ18nWYoEMJeHyUT0MBWYmYlJbvmxKlrgLyQPs5
EUBG77aJUXIn3j0O39GEUTTmHLNITNyincZQsx4Hndgi9T7IriJfGwqQP1+9WMYw
2Hzld8Qb3VeByrVn+Ybykem6vB8IR5aULpfTU9bKvOrQh1iSgVew9bSXZcqO34Kl
OA+DpfJ8LhspPd/00zfto+2h/pwo7tAxaaJtE3NjZfAysFuSF6lX+pkPqj7FOoxh
P/ps7wzsk3F3nI/z62ITh91m/O+WhSBVsOou4xAGIatDBapH2YYy9qF/31IP9u3W
OOiXNoY1AOOu1/+c9/2ROjQ9/ENhJxiDU/Vl921+PoA+E4EGsFtgXdYiulG5TqZu
rkF9eOYw/ds/ptviA4YafFOCmk2oKxDRwhb3oNChqEFQ5hGZ/FqwcwMU+NEI8Blu
nmA/UHR/MBdxAWH/H6HMf/DJ1CNLNSgMDaEkvAA/QLPMswuoecpPLstwpOeGC/nL
qULiv7+wqlXhggT6QcmekKaw6tjOkMOA/sjqpZMpVnXMA0RpV1lPbK52Z8jINufS
XgEyDLyvaqEPLzhG7rNx1IXNBDymXKPmySvopbzjVWXao75verYNK3o/cV+OFihL
sgPoqDMMRHhLA6oepxqw9fK5f5jLOVJEc4TPbpjANZIOTIaxvir3E6avoaO3Qx8=
=7oeD
-----END PGP MESSAGE-----
fp: 8C8D94A7639C87559B0F2F64B7E1F62F69798EB6
encrypted_regex: ^(data|stringData)$
version: 3.11.0