265 lines
5.8 KiB
YAML
265 lines
5.8 KiB
YAML
# Student Enrollment System - K3s All-in-One Deployment
|
|
# Deploy: kubectl apply -f all-in-one.yaml
|
|
# Delete: kubectl delete -f all-in-one.yaml
|
|
---
|
|
apiVersion: v1
|
|
kind: Namespace
|
|
metadata:
|
|
name: student-enrollment
|
|
---
|
|
# ===== SECRETS =====
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: app-secrets
|
|
namespace: student-enrollment
|
|
type: Opaque
|
|
stringData:
|
|
SA_PASSWORD: "Admin123!"
|
|
JWT_SECRET: "super-secret-key-for-jwt-tokens-minimum-32-chars-long!"
|
|
ADMIN_PASSWORD: "admin123"
|
|
---
|
|
# ===== SQL SERVER =====
|
|
apiVersion: v1
|
|
kind: PersistentVolumeClaim
|
|
metadata:
|
|
name: mssql-data
|
|
namespace: student-enrollment
|
|
spec:
|
|
accessModes: [ReadWriteOnce]
|
|
resources:
|
|
requests:
|
|
storage: 2Gi
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: mssql
|
|
namespace: student-enrollment
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: mssql
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: mssql
|
|
spec:
|
|
containers:
|
|
- name: mssql
|
|
image: mcr.microsoft.com/mssql/server:2022-latest
|
|
ports:
|
|
- containerPort: 1433
|
|
env:
|
|
- name: ACCEPT_EULA
|
|
value: "Y"
|
|
- name: MSSQL_SA_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: app-secrets
|
|
key: SA_PASSWORD
|
|
resources:
|
|
limits:
|
|
memory: "2Gi"
|
|
cpu: "1000m"
|
|
requests:
|
|
memory: "1Gi"
|
|
cpu: "500m"
|
|
volumeMounts:
|
|
- name: mssql-data
|
|
mountPath: /var/opt/mssql
|
|
readinessProbe:
|
|
exec:
|
|
command: ["/opt/mssql-tools18/bin/sqlcmd", "-S", "localhost", "-U", "sa", "-P", "$(MSSQL_SA_PASSWORD)", "-C", "-Q", "SELECT 1"]
|
|
initialDelaySeconds: 30
|
|
periodSeconds: 10
|
|
volumes:
|
|
- name: mssql-data
|
|
persistentVolumeClaim:
|
|
claimName: mssql-data
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: mssql
|
|
namespace: student-enrollment
|
|
spec:
|
|
selector:
|
|
app: mssql
|
|
ports:
|
|
- port: 1433
|
|
targetPort: 1433
|
|
---
|
|
# ===== BACKEND API =====
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: api
|
|
namespace: student-enrollment
|
|
spec:
|
|
replicas: 2
|
|
selector:
|
|
matchLabels:
|
|
app: api
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: api
|
|
spec:
|
|
initContainers:
|
|
- name: wait-for-db
|
|
image: busybox:1.36
|
|
command: ['sh', '-c', 'until nc -z mssql 1433; do echo waiting for mssql; sleep 5; done']
|
|
containers:
|
|
- name: api
|
|
image: student-enrollment-api:latest
|
|
imagePullPolicy: IfNotPresent
|
|
ports:
|
|
- containerPort: 8080
|
|
env:
|
|
- name: ASPNETCORE_ENVIRONMENT
|
|
value: "Production"
|
|
- name: ASPNETCORE_URLS
|
|
value: "http://+:8080"
|
|
- name: ConnectionStrings__DefaultConnection
|
|
value: "Server=mssql;Database=StudentEnrollment;User Id=sa;Password=$(SA_PASSWORD);TrustServerCertificate=True"
|
|
- name: SA_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: app-secrets
|
|
key: SA_PASSWORD
|
|
- name: JwtSettings__Secret
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: app-secrets
|
|
key: JWT_SECRET
|
|
- name: JwtSettings__Issuer
|
|
value: "student-enrollment-api"
|
|
- name: JwtSettings__Audience
|
|
value: "student-enrollment-app"
|
|
- name: JwtSettings__ExpirationMinutes
|
|
value: "60"
|
|
- name: ADMIN_USERNAME
|
|
value: "admin"
|
|
- name: ADMIN_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: app-secrets
|
|
key: ADMIN_PASSWORD
|
|
resources:
|
|
limits:
|
|
memory: "512Mi"
|
|
cpu: "500m"
|
|
requests:
|
|
memory: "256Mi"
|
|
cpu: "250m"
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /health
|
|
port: 8080
|
|
initialDelaySeconds: 15
|
|
periodSeconds: 10
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /health
|
|
port: 8080
|
|
initialDelaySeconds: 30
|
|
periodSeconds: 30
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: api
|
|
namespace: student-enrollment
|
|
spec:
|
|
selector:
|
|
app: api
|
|
ports:
|
|
- port: 5000
|
|
targetPort: 8080
|
|
---
|
|
# ===== FRONTEND =====
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: frontend
|
|
namespace: student-enrollment
|
|
spec:
|
|
replicas: 2
|
|
selector:
|
|
matchLabels:
|
|
app: frontend
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: frontend
|
|
spec:
|
|
containers:
|
|
- name: frontend
|
|
image: student-enrollment-frontend:latest
|
|
imagePullPolicy: IfNotPresent
|
|
ports:
|
|
- containerPort: 80
|
|
resources:
|
|
limits:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
requests:
|
|
memory: "64Mi"
|
|
cpu: "50m"
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /
|
|
port: 80
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 10
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: frontend
|
|
namespace: student-enrollment
|
|
spec:
|
|
selector:
|
|
app: frontend
|
|
ports:
|
|
- port: 80
|
|
targetPort: 80
|
|
---
|
|
# ===== INGRESS =====
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
name: student-enrollment-ingress
|
|
namespace: student-enrollment
|
|
annotations:
|
|
nginx.ingress.kubernetes.io/rewrite-target: /
|
|
spec:
|
|
ingressClassName: traefik
|
|
rules:
|
|
- host: students.local
|
|
http:
|
|
paths:
|
|
- path: /graphql
|
|
pathType: Prefix
|
|
backend:
|
|
service:
|
|
name: api
|
|
port:
|
|
number: 5000
|
|
- path: /health
|
|
pathType: Prefix
|
|
backend:
|
|
service:
|
|
name: api
|
|
port:
|
|
number: 5000
|
|
- path: /
|
|
pathType: Prefix
|
|
backend:
|
|
service:
|
|
name: frontend
|
|
port:
|
|
number: 80
|