Skip to content

split stateless deployment

Aqui temos um serviço stateless com:

  • namespace
  • configmap
  • secrets
  • deployment
  • service
  • ingress
  • clusterissuer

Em arquivos separados

namespace.yaml

kind: Namespace
apiVersion: v1
metadata:
  name: bolha

configmap.yaml

apiVersion: v1
kind: ConfigMap
metadata:
  name: backend-config
  namespace: bolha
data:
  adm_email: "contato@bolha.io"
  app_url: "https://localhost:3000"
  environment: "production"

secrets.yaml

apiVersion: v1
kind: Secret
metadata:
  name: backend-secrets
  namespace: bolha
type: Opaque
stringData:
  jwt_secret: change_me_now_and_use_base64
  adm_password: change_me_now_and_use_base64
  database_url: postgresql://user:pass@ip:5432/backend?schema=public

deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: bolha-backend
  namespace: bolha
spec:
  replicas: 1
  revisionHistoryLimit: 2
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxSurge: 25%
      maxUnavailable: 25%
  selector:
    matchLabels:
      app: bolha-backend
  template:
    metadata:
      labels:
        app: bolha-backend
    spec:
      containers:
        - image: registry.bolha.dev/images/bolha-backend:latest
          imagePullPolicy: Always
          name: bolha-backend
          ports:
            - name: http
              containerPort: 3000
              protocol: TCP
          resources:
            requests:
              memory: 500Mi
              cpu: 10m
            limits:
              memory: 600Mi
              cpu: 1000m
          env:
            - name: TZ
              value: America/Sao_Paulo
            - name: ADM_EMAIL
              valueFrom:
                configMapKeyRef:
                  name: backend-config           
                  key: adm_email
            - name: APP_URL
              valueFrom:
                configMapKeyRef:
                  name: backend-config           
                  key: app__url
            - name: ADM_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: backend-secrets
                  key: adm_password
            - name: JWT_SECRET
              valueFrom:
                secretKeyRef:
                  name: backend-secrets
                  key: jwt_secret
            - name: DATABASE_URL
              valueFrom:
                secretKeyRef:
                  name: backend-secrets
                  key: database_url           
      imagePullSecrets:
      - name: registry-bolha-dev

service.yaml

apiVersion: v1
kind: Service
metadata:
  name: service-bolha-backend
  namespace: bolha
spec:
  selector:
    app: bolha-backend
  ports:
    - name: http
      protocol: TCP
      port: 80
      targetPort: 3000
  type: ClusterIP

ingress.yaml

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ingress-bolha-backend
  namespace: bolha
  annotations:
    cert-manager.io/cluster-issuer: "letsencrypt-production"
    kubernetes.io/ingress.class: "nginx"
spec:
  ingressClassName: nginx
  rules:
    - host: backend.bolha.dev
      http:
        paths:
        - path: /
          backend:
            service:
              name: service-bolha-backend
              port:
                number: 80
          pathType: Prefix
  tls:
  - hosts:
    - backend.bolha.dev
    secretName: backend-bolha-dev-pem

clusterissuer.yaml

apiVersion: cert-manager.io/v1
kind: ClusterIssuer # I'm using ClusterIssuer here
metadata:
  name: letsencrypt-prod
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: <your-email-address>
    privateKeySecretRef:
      name: letsencrypt-prod
    solvers:
    - http01:
        ingress:
          class: nginx