feat: add helm chart for deploying the app on k8s

deploy/k8s/Chart.yaml

@@ -0,0 +1,4 @@
+apiVersion: v2
+name: backoffice-api
+description: A Helm chart for Kubernetes
+version: 0.0.0

deploy/k8s/templates/NOTES.txt

@@ -0,0 +1,3 @@
+{{- if .Values.ingress.enabled }}
+URL: https://{{ .Values.ingress.host }}
+{{- end }}

deploy/k8s/templates/config.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Release.Name }}
+data:
+  APP_ENV: "production"
+  APP_PORT: {{ .Values.config.port | quote }}
+  DATABASE_URL_FILE: "/etc/backoffice-api/secrets/database_url"

deploy/k8s/templates/deployment.yaml

@@ -0,0 +1,65 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ .Release.Name }}
+  labels:
+    app.kubernetes.io/name: {{ .Chart.Name }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/component: "backend-api"
+spec:
+  replicas: {{ .Values.replicas }}
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 0
+      maxUnavailable: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ .Chart.Name }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      app.kubernetes.io/component: "backend-api"
+  template:
+    metadata:
+      annotations:
+        checksum/config: {{ include (print $.Template.BasePath "/config.yaml") . | sha256sum }}
+        checksum/secret: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }}
+      labels:
+        app.kubernetes.io/name: {{ .Chart.Name }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        app.kubernetes.io/component: "backend-api"
+    spec:
+      automountServiceAccountToken: false
+      {{- with .Values.image.pullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      containers:
+        - name: api
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          imagePullPolicy: Always
+          ports:
+            - name: {{ .Values.service.port.name }}
+              containerPort: {{ .Values.config.port }}
+              protocol: TCP
+          #          livenessProbe:
+          #            httpGet:
+          #              path: /livez
+          #              port: {{ .Values.service.port.name }}
+          #          readinessProbe:
+          #            httpGet:
+          #              path: /readyz
+          #              port: {{ .Values.service.port.name }}
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+          envFrom:
+            - configMapRef:
+                name: {{ .Release.Name }}
+          volumeMounts:
+            - mountPath: /etc/backoffice-api/secrets
+              name: secrets
+              readOnly: true
+      volumes:
+        - name: secrets
+          secret:
+            secretName: {{ .Release.Name }}
+

deploy/k8s/templates/ingress.yaml

@@ -0,0 +1,27 @@
+{{- if .Values.api.ingress.enabled -}}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ .Release.Name }}
+  annotations:
+    {{- if .Values.ingress.annotations }}
+    {{- toYaml .Values.ingress.annotations | nindent 8 }}
+    {{- end }}
+spec:
+  ingressClassName: {{ .Values.ingress.className }}
+  tls:
+    - hosts:
+        - {{ .Values.ingress.host | quote }}
+      secretName: {{ .Release.Name }}-ingress-tls
+  rules:
+    - host: {{ .Values.ingress.host | quote }}
+      http:
+        paths:
+          - path: {{ .Values.ingress.path }}
+            pathType: {{ .Values.ingress.pathType }}
+            backend:
+              service:
+                name: {{ .Release.Name }}
+                port:
+                  name: {{ .Values.service.port.name }}
+{{- end -}}

deploy/k8s/templates/migration-job.yaml

@@ -0,0 +1,46 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ .Release.Name }}-migrations-{{ now | unixEpoch }}
+  labels:
+    app.kubernetes.io/name: {{ .Chart.Name }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/component: "database-migrations"
+    batch.kubernetes.io/job-name: {{ .Release.Name }}-migrations-{{ now | unixEpoch }}
+spec:
+  ttlSecondsAfterFinished: 604800 # 1 week in seconds
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ .Chart.Name }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        app.kubernetes.io/component: "database-migrations"
+        batch.kubernetes.io/job-name: {{ .Release.Name }}-migrations-{{ now | unixEpoch }}
+    spec:
+      automountServiceAccountToken: false
+      {{- with .Values.migrations.image.pullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      containers:
+        - name: migrations
+          image: "{{ .Values.migrations.image.repository }}:{{ .Values.migrations.image.tag }}"
+          command: ["/bin/ash"]
+          args:
+            - -c
+            - |
+              migrate -path /srv/migrations -database $(cat /etc/backoffice-api/secrets/database_url) up
+          {{- with .Values.migrations.resources }}
+          resources:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          volumeMounts:
+            - mountPath: /etc/backoffice-api/secrets
+              name: secrets
+              readOnly: true
+      volumes:
+        - name: secrets
+          secret:
+            secretName: {{ .Release.Name }}-migrations
+      restartPolicy: Never
+  backoffLimit: 0

deploy/k8s/templates/migration-secrets.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Release.Name }}-migrations
+stringData:
+  database_url: |
+    {{ .Values.migrations.config.databaseURL }}

deploy/k8s/templates/poddisruptionbudget.yaml

@@ -0,0 +1,13 @@
+{{- if gt (.Values.replicas | int) 1 -}}
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: {{ .Release.Name }}
+spec:
+  minAvailable: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ .Chart.Name }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      app.kubernetes.io/component: "backend-api"
+{{- end -}}

deploy/k8s/templates/secrets.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Release.Name }}
+stringData:
+  database_url: |
+    {{ .Values.config.databaseURL }}

deploy/k8s/templates/service.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Release.Name }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.port.number }}
+      targetPort: {{ .Values.service.port.name }}
+      protocol: TCP
+      name: {{ .Values.service.port.name }}
+  selector:
+    app.kubernetes.io/name: {{ .Chart.Name }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/component: "backend-api"

deploy/k8s/values.staging.yaml

@@ -0,0 +1,6 @@
+api:
+  ingress:
+    enabled: true
+    host: staging.backoffice-api.vmdevel.cz
+    path: /
+    className: nginx

deploy/k8s/values.test.yaml

@@ -0,0 +1,9 @@
+ingress:
+  enabled: true
+  host: backoffice-api.example.com
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-staging
+
+config:
+  database:
+    url: postgres://user:pass@127.0.0.1:5432/db?sslmode=disable

deploy/k8s/values.yaml

@@ -0,0 +1,51 @@
+image:
+  pullSecrets: []
+  pullPolicy: IfNotPresent
+  repository: registry.mareshq.com/hq/backoffice/backoffice-api/api
+  tag: latest
+
+replicas: 2
+
+ingress:
+  enabled: false
+  host: example.com
+  className: nginx
+  path: /
+  pathType: Prefix
+  annotations: {}
+
+service:
+  type: ClusterIP
+  port:
+    name: http
+    number: 80
+
+resources:
+  limits:
+    cpu: 200m
+    memory: 256Mi
+  requests:
+    cpu: 200m
+    memory: 256Mi
+
+config:
+  port: 8080
+  databaseURL: ""
+
+migrations:
+  image:
+    pullSecrets: []
+    pullPolicy: IfNotPresent
+    repository: registry.mareshq.com/hq/backoffice/backoffice-api/migrations
+    tag: latest
+
+  resources:
+    limits:
+      cpu: 100m
+      memory: 128Mi
+    requests:
+      cpu: 100m
+      memory: 128Mi
+
+  config:
+    databaseURL: ""