kube: update deployment yamls

.github/workflows/action.yml

@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        service: [frontend, backend, harvester, statcruncher, pongbot]
+        service: [frontend, backend, harvester, statcruncher, pongbot, certs]
 
     steps:
     - name: Checkout code

docs/deploy-k8s/config.yml

@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: trans-config
+  name: app-config
 data:
   JWT_SECRET: change_me
   POSTGRES_DB: transcendence

docs/deploy-k8s/ingree.yml → docs/deploy-k8s/ingress.yml

@@ -3,7 +3,7 @@ kind: Ingress
 metadata:
   name: trans-propelapp-dev-ingress
   annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-production
+    cert-manager.io/cluster-issuer: letsencrypt-prod
     traefik.ingress.kubernetes.io/router.entrypoints: websecure
 spec:
   rules:
@@ -16,7 +16,7 @@ spec:
               service:
                 name: frontend
                 port:
-                  number: 443
+                  number: 80
   tls:
     - hosts:
         - trans.propelapp.dev

docs/deploy-k8s/secrets.yml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: certs
+type: Opaque
+data:
+  server.crt: base_64_content_of_server_crt
+  server.key: base_64_content_of_server_key

docs/deploy-k8s/services/backend.yml

@@ -12,24 +12,38 @@ spec:
       labels:
         app: backend
     spec:
+      runtimeClassName: kata
       containers:
         - name: backend
           image: registry.propel.sh/transcendence/backend:latest
           envFrom:
             - configMapRef:
                 name: app-config
+          resources:
+            limits:
+              cpu: "1"
+              memory: "1Gi"
+            requests:
+              cpu: "0.5"
+              memory: "512Mi"
           volumeMounts:
             - name: exports-storage
               mountPath: /exports
+            - name: certs
+              mountPath: /certs
+              readOnly: true
       volumes:
         - name: exports-storage
           persistentVolumeClaim:
             claimName: exports-data
+        - name: certs
+          secret:
+            secretName: certs
 ---
 apiVersion: v1
 kind: Service
 metadata:
-  name: backend-svc
+  name: backend
 spec:
   selector:
     app: backend

docs/deploy-k8s/services/frontend.yml

@@ -12,19 +12,36 @@ spec:
       labels:
         app: frontend
     spec:
+      runtimeClassName: kata
       containers:
         - name: frontend
           image: registry.propel.sh/transcendence/frontend:latest
           envFrom:
             - configMapRef:
                 name: app-config
+          resources:
+            limits:
+              cpu: "1"
+              memory: "1Gi"
+            requests:
+              cpu: "0.5"
+              memory: "512Mi"
+          volumeMounts:
+            - name: certs
+              mountPath: /certs
+          ports:
+            - containerPort: 80
+      volumes:
+        - name: certs
+          secret:
+            secretName: certs
 ---
 apiVersion: v1
 kind: Service
 metadata:
-  name: frontend-svc
+  name: frontend
 spec:
   selector:
     app: frontend
   ports:
-    - port: 443
+    - port: 80

docs/deploy-k8s/services/harvester.yml

@@ -12,12 +12,20 @@ spec:
       labels:
         app: harvester
     spec:
+      runtimeClassName: kata
       containers:
         - name: harvester
           image: registry.propel.sh/transcendence/harvester:latest
           envFrom:
             - configMapRef:
                 name: app-config
+          resources:
+            limits:
+              cpu: "1"
+              memory: "1Gi"
+            requests:
+              cpu: "0.5"
+              memory: "512Mi"
           volumeMounts:
             - name: exports-storage
               mountPath: /exports

docs/deploy-k8s/services/pongbot.yml

@@ -12,12 +12,27 @@ spec:
       labels:
         app: pongbot
     spec:
+      runtimeClassName: kata
       containers:
         - name: pongbot
           image: registry.propel.sh/transcendence/pongbot:latest
           envFrom:
             - configMapRef:
                 name: app-config
+          resources:
+            limits:
+              cpu: "1"
+              memory: "1Gi"
+            requests:
+              cpu: "0.5"
+              memory: "512Mi"
+          volumeMounts:
+            - name: certs-volume
+              mountPath: /certs
+      volumes:
+        - name: certs-volume
+          secret:
+            secretName: certs
 ---
 apiVersion: v1
 kind: Service
@@ -27,4 +42,4 @@ spec:
   selector:
     app: pongbot
   ports:
-    - port: 5000
+    - port: 5443

docs/deploy-k8s/services/postgres.yml

@@ -12,15 +12,24 @@ spec:
       labels:
         app: postgres
     spec:
+      runtimeClassName: kata
       containers:
         - name: postgres
           image: postgres
           envFrom:
             - configMapRef:
                 name: app-config
+          resources:
+            limits:
+              cpu: "1"
+              memory: "1Gi"
+            requests:
+              cpu: "0.5"
+              memory: "512Mi"
           volumeMounts:
             - name: postgres-storage
               mountPath: /var/lib/postgresql/data
+              subPath: pgdata
       volumes:
         - name: postgres-storage
           persistentVolumeClaim:

docs/deploy-k8s/services/statcruncher.yml

@@ -12,18 +12,32 @@ spec:
       labels:
         app: statcruncher
     spec:
+      runtimeClassName: kata
       containers:
         - name: statcruncher
           image: registry.propel.sh/transcendence/statcruncher:latest
           envFrom:
             - configMapRef:
                 name: app-config
-
+          resources:
+            limits:
+              cpu: "1"
+              memory: "1Gi"
+            requests:
+              cpu: "0.5"
+              memory: "512Mi"
+          volumeMounts:
+            - name: certs-volume
+              mountPath: /certs
+      volumes:
+        - name: certs-volume
+          secret:
+            secretName: certs
 ---
 apiVersion: v1
 kind: Service
 metadata:
-  name: statcruncher-svc
+  name: statcruncher
 spec:
   selector:
     app: statcruncher

frontend/config/nginx/nginx.conf

@@ -6,7 +6,7 @@ map $http_upgrade $connection_upgrade {
 
 server {
     listen 443 ssl;
-    server_name localhost;
+    server_name localhost trans.propelapp.dev;
 
     ssl_certificate /certs/server.crt;
     ssl_certificate_key /certs/server.key;
@@ -60,11 +60,27 @@ server {
 
 server {
     listen 80;
-    server_name localhost;
+    server_name localhost trans.propelapp.dev;
+
+    # SSL settings for proxying to HTTPS backends
+    proxy_ssl_certificate /certs/server.crt;
+    proxy_ssl_certificate_key /certs/server.key;
+    proxy_ssl_trusted_certificate /certs/server.crt;
+    proxy_ssl_verify off;
 
     # Set max upload file size to 5MB
     client_max_body_size 5M;
 
+    # Serve frontend files from a local directory
+    root /app;
+    index index.html;
+
+    location / {
+        root /usr/share/nginx/html;
+        index index.html index.htm;
+        try_files $uri $uri/ /index.html =404;
+    }
+
     location /api/ {
         proxy_pass https://backend:8443;
         proxy_http_version 1.1;
@@ -83,4 +99,12 @@ server {
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
     }
+
+    location /bot/ {
+        proxy_pass https://pongbot:5443;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Host $host;
+    }
 }

frontend/public/index.html

@@ -7,7 +7,7 @@
     <meta name="theme-color" content="#000000" />
     <meta
       name="description"
-      content="Web site created using create-react-app"
+      content="by bsoubaig, kquetat-, hanmpark, and evmorvan"
     />
     <link rel="apple-touch-icon" href="%PUBLIC_URL%/favicon.ico" />
     <!--