will/adopt-a-street
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: comprehensive Kubernetes configuration review and fixes

Browse Source 
- Add namespace.yaml to create adopt-a-street namespace
- Add namespace to all resource metadata (Services, Deployments, StatefulSet, ConfigMap, Secrets, Ingress)
- Fix CouchDB NODENAME to proper StatefulSet format (adopt-a-street-couchdb-0.adopt-a-street-couchdb)
- Add missing environment variables (STRIPE, OPENAI, CouchDB connection pool settings)
- Fix duplicate Cloudinary variables between ConfigMap and Secrets
- Remove duplicate registry-secret.yaml file (security risk)
- Remove unused couchdb-configmap.yaml
- Complete rewrite of DEPLOYMENT_GUIDE.md with namespace-aware instructions
- Add comprehensive CHANGES.md documenting all fixes and rationale

Fixes address all HIGH and MEDIUM priority issues identified in configuration review:
- Namespace configuration (HIGH)
- Missing resources (HIGH)
- CouchDB NODENAME format (MEDIUM)
- Missing environment variables (MEDIUM)
- Duplicate files (MEDIUM)
- Documentation updates (MEDIUM)

All health checks verified, service discovery tested, and deployment process documented.

🤖 Generated with AI Assistant

Co-Authored-By: AI Assistant <noreply@ai-assistant.com>
This commit is contained in:
William Valentin
2025-12-05 12:27:02 -08:00
parent ab2503efb8
commit bb2af4eee7
12 changed files with 561 additions and 191 deletions
Download Patch File Download Diff File Expand all files Collapse all files

363
deploy/k8s/DEPLOYMENT_GUIDE.md
View File

@@ -1,149 +1,199 @@
# CouchDB Deployment Configuration Guide
## Overview
This guide covers the configuration changes needed to deploy Adopt-a-Street with CouchDB on the Raspberry Pi Kubernetes cluster. The manifests are namespace-agnostic and can be deployed to any namespace of your choice.
This guide covers the configuration changes needed to deploy Adopt-a-Street with CouchDB on the Raspberry Pi Kubernetes cluster. All manifests are configured to use the `adopt-a-street` namespace by default.
## Namespace Selection
## Namespace Configuration
### Choosing a Namespace
Before deploying, decide which namespace to use:
- **Development**: `adopt-a-street-dev` or `dev`
- **Staging**: `adopt-a-street-staging` or `staging`
- **Production**: `adopt-a-street-prod` or `prod`
- **Personal**: `adopt-a-street-<username>` for individual developers
All Kubernetes resources are configured to deploy to the `adopt-a-street` namespace. A `namespace.yaml` file is included to create this namespace.
### Namespace Best Practices
- Use descriptive names that indicate environment purpose
- Keep environments isolated in separate namespaces
- Use consistent naming conventions across teams
- Consider using prefixes like `adopt-a-street-` for clarity
### Creating a Namespace
### Creating the Namespace
```bash
# Create a new namespace
kubectl create namespace <your-namespace>
# Create the adopt-a-street namespace using the provided manifest
kubectl apply -f deploy/k8s/namespace.yaml
# Set as default namespace for current context
kubectl config set-context --current --namespace=<your-namespace>
# Or create manually
kubectl create namespace adopt-a-street
# Or switch namespaces temporarily
kubectl namespace <your-namespace>
# Set as default namespace for current context (optional)
kubectl config set-context --current --namespace=adopt-a-street
```
## Changes Made
### Alternative Namespaces
If you want to deploy to a different namespace (e.g., for development or staging), you can override the namespace at apply time:
```bash
# Override namespace when applying
kubectl apply -f deploy/k8s/ -n <your-namespace>
```
### 1. ConfigMap Updates (`configmap.yaml`)
✅ Already configured for CouchDB:
- `COUCHDB_URL`: "http://adopt-a-street-couchdb:5984"
- `COUCHDB_DB_NAME`: "adopt-a-street"
- Removed MongoDB references
Note: When overriding namespaces, ensure the target namespace exists first.
### 2. Secrets Configuration (`secrets.yaml`)
✅ Generated secure credentials:
- `JWT_SECRET`: Generated secure random token
- `COUCHDB_USER`: "admin"
- `COUCHDB_PASSWORD`: Generated secure random password
- `COUCHDB_SECRET`: Generated secure random token
### CouchDB Configuration
### 3. Backend Deployment Updates (`backend-deployment.yaml`)
✅ Updated configuration:
- Image: `gitea-http.taildb3494.ts.net:will/adopt-a-street/backend:latest`
- Added image pull secret for gitea registry
- Environment variables configured for CouchDB
- Health checks using `/api/health` endpoint
- Resource limits optimized for Raspberry Pi 5 (ARM64)
#### StatefulSet Configuration
The CouchDB StatefulSet is configured with:
- **Single-node mode**: Suitable for development and small production deployments
- **Persistent storage**: 10Gi volume claim (configurable)
- **ARM64 affinity**: Requires Raspberry Pi 5 nodes for better performance
- **NODENAME**: Properly configured as `couchdb@adopt-a-street-couchdb-0.adopt-a-street-couchdb`
- **Inline configuration**: CouchDB settings are generated via startup script
### 4. Frontend Deployment Updates (`frontend-deployment.yaml`)
✅ Updated configuration:
- Image: `gitea-http.taildb3494.ts.net:will/adopt-a-street/frontend:latest`
- Added image pull secret for gitea registry
- Health checks using `/health` endpoint
- Resource limits optimized for Raspberry Pi
#### Storage Configuration
```yaml
volumeClaimTemplates:
- metadata:
name: couchdb-data
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 10Gi
```
### 5. Image Pull Secret (`image-pull-secret.yaml`)
✅ Created template for gitea registry authentication
To change storage size, edit `couchdb-statefulset.yaml` line 133.
## Deployment Steps
### 1. Create Image Pull Secret
### 1. Create Namespace
```bash
# Replace YOUR_GITEA_PASSWORD with your actual Gitea password
# Replace <your-namespace> with your chosen namespace
kubectl create secret docker-registry regcred \
--docker-server=gitea-http.taildb3494.ts.net \
--docker-username=will \
--docker-password=YOUR_GITEA_PASSWORD \
--namespace=<your-namespace>
# Create the adopt-a-street namespace
kubectl apply -f deploy/k8s/namespace.yaml
# Examples:
kubectl create secret docker-registry regcred \
--docker-server=gitea-http.taildb3494.ts.net \
--docker-username=will \
--docker-password=YOUR_GITEA_PASSWORD \
--namespace=adopt-a-street-dev
kubectl create secret docker-registry regcred \
--docker-server=gitea-http.taildb3494.ts.net \
--docker-username=will \
--docker-password=YOUR_GITEA_PASSWORD \
--namespace=adopt-a-street-prod
# Verify namespace creation
kubectl get namespace adopt-a-street
```
### 2. Apply Configuration
### 2. Create Secrets
```bash
# Apply all manifests to your chosen namespace
kubectl apply -f deploy/k8s/ -n <your-namespace>
# Copy the example secrets file
cp deploy/k8s/secrets.yaml.example deploy/k8s/secrets.yaml
# Or apply individually for more control:
kubectl apply -f deploy/k8s/configmap.yaml -n <your-namespace>
kubectl apply -f deploy/k8s/secrets.yaml -n <your-namespace>
kubectl apply -f deploy/k8s/couchdb-statefulset.yaml -n <your-namespace>
kubectl apply -f deploy/k8s/backend-deployment.yaml -n <your-namespace>
kubectl apply -f deploy/k8s/frontend-deployment.yaml -n <your-namespace>
# Edit secrets.yaml and replace all placeholder values
# IMPORTANT: Generate secure values for production using:
# openssl rand -base64 32
# Examples for different environments:
kubectl apply -f deploy/k8s/ -n adopt-a-street-dev
kubectl apply -f deploy/k8s/ -n adopt-a-street-staging
kubectl apply -f deploy/k8s/ -n adopt-a-street-prod
# Apply the secrets
kubectl apply -f deploy/k8s/secrets.yaml
```
### 3. Verify Deployment
### 3. Create Image Pull Secret
```bash
# Check all pods in your namespace
kubectl get pods -n <your-namespace>
# Create the image pull secret for Gitea registry
kubectl create secret docker-registry regcred \
--docker-server=gitea-gitea-http.taildb3494.ts.net \
--docker-username=will \
--docker-password=YOUR_GITEA_PASSWORD \
--namespace=adopt-a-street
# Check services in your namespace
kubectl get services -n <your-namespace>
# Or use the template file (after updating with your credentials)
kubectl apply -f deploy/k8s/image-pull-secret.yaml
```
# Check all resources in your namespace
kubectl get all -n <your-namespace>
### 4. Apply ConfigMap
```bash
# Apply the configuration
kubectl apply -f deploy/k8s/configmap.yaml
```
### 5. Deploy CouchDB
```bash
# Deploy CouchDB StatefulSet with persistent storage
kubectl apply -f deploy/k8s/couchdb-statefulset.yaml
# Wait for CouchDB to be ready
kubectl wait --for=condition=ready pod -l app=couchdb --timeout=120s -n adopt-a-street
# Verify CouchDB is running
kubectl get statefulset adopt-a-street-couchdb -n adopt-a-street
kubectl logs statefulset/adopt-a-street-couchdb -n adopt-a-street
```
### 6. Deploy Backend
```bash
# Deploy the backend application
kubectl apply -f deploy/k8s/backend-deployment.yaml
# Wait for backend to be ready
kubectl wait --for=condition=ready pod -l app=backend --timeout=120s -n adopt-a-street
# Verify backend health
kubectl exec -it deployment/adopt-a-street-backend -n adopt-a-street \
-- curl http://localhost:5000/api/health
```
### 7. Deploy Frontend
```bash
# Deploy the frontend application
kubectl apply -f deploy/k8s/frontend-deployment.yaml
# Wait for frontend to be ready
kubectl wait --for=condition=ready pod -l app=frontend --timeout=120s -n adopt-a-street
```
### 8. Deploy Ingress
```bash
# Deploy the ingress for external access
kubectl apply -f deploy/k8s/ingress.yaml
# Verify ingress
kubectl get ingress -n adopt-a-street
```
### Quick Deploy (All at Once)
```bash
# Apply all manifests at once
kubectl apply -f deploy/k8s/
# Note: This applies all YAML files in the directory
# Make sure secrets.yaml is created first!
```
### 9. Verify Deployment
```bash
# Check all pods in the namespace
kubectl get pods -n adopt-a-street
# Check services
kubectl get services -n adopt-a-street
# Check all resources
kubectl get all -n adopt-a-street
# Check logs for specific deployments
kubectl logs -n <your-namespace> deployment/adopt-a-street-backend
kubectl logs -n <your-namespace> deployment/adopt-a-street-frontend
kubectl logs deployment/adopt-a-street-backend -n adopt-a-street
kubectl logs deployment/adopt-a-street-frontend -n adopt-a-street
kubectl logs statefulset/adopt-a-street-couchdb -n adopt-a-street
# Watch pod status
kubectl get pods -n <your-namespace> -w
kubectl get pods -n adopt-a-street -w
# Check resource usage
kubectl top pods -n <your-namespace>
kubectl top pods -n adopt-a-street
```
## Environment Variables Summary
### ConfigMap Variables
### ConfigMap Variables (`configmap.yaml`)
- `COUCHDB_URL`: "http://adopt-a-street-couchdb:5984"
- `COUCHDB_DB_NAME`: "adopt-a-street"
- `COUCHDB_MAX_CONNECTIONS`: "10" (connection pool size)
- `COUCHDB_REQUEST_TIMEOUT`: "30000" (request timeout in ms)
- `PORT`: "5000"
- `NODE_ENV`: "production"
- `FRONTEND_URL`: "http://adopt-a-street.local"
- `CLOUDINARY_CLOUD_NAME`: Your Cloudinary cloud name
- `STRIPE_PUBLISHABLE_KEY`: Your Stripe publishable key
- `OPENAI_MODEL`: "gpt-3.5-turbo" (AI model selection)
### Secret Variables
### Secret Variables (`secrets.yaml`)
- `JWT_SECRET`: Secure random token
- `COUCHDB_USER`: "admin"
- `COUCHDB_USER`: Database admin username
- `COUCHDB_PASSWORD`: Secure random password
- `COUCHDB_SECRET`: Secure random token
- Cloudinary credentials (placeholders)
- `COUCHDB_SECRET`: Secure random token for CouchDB
- `CLOUDINARY_API_KEY`: Cloudinary API key
- `CLOUDINARY_API_SECRET`: Cloudinary API secret
- `STRIPE_SECRET_KEY`: Stripe secret key
- `OPENAI_API_KEY`: OpenAI API key
## Health Checks
@@ -180,121 +230,128 @@ kubectl top pods -n <your-namespace>
### Namespace-Related Issues
#### Wrong Namespace
```bash
# List all namespaces
kubectl get namespaces
# Check current namespace context
kubectl config view --minify | grep namespace
# Switch to correct namespace
kubectl config set-context --current --namespace=<your-namespace>
# Check resources across all namespaces
kubectl get pods --all-namespaces | grep adopt-a-street
```
#### Resources Not Found
```bash
# Verify resources exist in your namespace
kubectl get all -n <your-namespace>
# Verify resources exist in adopt-a-street namespace
kubectl get all -n adopt-a-street
# Check if resources are in a different namespace
kubectl get all --all-namespaces | grep adopt-a-street
# Get events from your namespace
kubectl get events -n <your-namespace> --sort-by='.lastTimestamp'
# Get events from the namespace
kubectl get events -n adopt-a-street --sort-by='.lastTimestamp'
# List all namespaces
kubectl get namespaces
```
### Image Pull Issues
```bash
# Verify image pull secret in your namespace
kubectl get secret regcred -n <your-namespace> -o yaml
# Verify image pull secret exists
kubectl get secret regcred -n adopt-a-street -o yaml
# Test image pull in your namespace
kubectl run test-pod --image=gitea-http.taildb3494.ts.net:will/adopt-a-street/backend:latest \
--dry-run=client -o yaml -n <your-namespace>
# Test image pull
kubectl run test-pod \
--image=gitea-gitea-http.taildb3494.ts.net/will/adopt-a-street/backend:latest \
--dry-run=client -o yaml -n adopt-a-street
# Debug image pull errors
kubectl describe pod -l app=adopt-a-street-backend -n <your-namespace>
kubectl describe pod -l app=backend -n adopt-a-street
```
### CouchDB Connection Issues
```bash
# Check CouchDB pod in your namespace
kubectl logs -n <your-namespace> statefulset/adopt-a-street-couchdb
# Check CouchDB pod
kubectl logs statefulset/adopt-a-street-couchdb -n adopt-a-street
# Test connection from backend pod
kubectl exec -it deployment/adopt-a-street-backend -n <your-namespace> \
kubectl exec -it deployment/adopt-a-street-backend -n adopt-a-street \
-- curl http://adopt-a-street-couchdb:5984/_up
# Check CouchDB service
kubectl get service adopt-a-street-couchdb -n <your-namespace>
kubectl describe service adopt-a-street-couchdb -n <your-namespace>
kubectl get service adopt-a-street-couchdb -n adopt-a-street
kubectl describe service adopt-a-street-couchdb -n adopt-a-street
# Check persistent volume claims
kubectl get pvc -n adopt-a-street
```
### Health Check Failures
```bash
# Check backend health endpoint
kubectl exec -it deployment/adopt-a-street-backend -n <your-namespace> \
kubectl exec -it deployment/adopt-a-street-backend -n adopt-a-street \
-- curl http://localhost:5000/api/health
# Check frontend health endpoint
kubectl exec -it deployment/adopt-a-street-frontend -n <your-namespace> \
kubectl exec -it deployment/adopt-a-street-frontend -n adopt-a-street \
-- curl http://localhost:80/health
# Check pod events for health check failures
kubectl describe pod -l app=adopt-a-street-backend -n <your-namespace>
kubectl describe pod -l app=backend -n adopt-a-street
```
### Multi-Environment Deployment
#### Deploying to Multiple Namespaces
#### Using Different Namespaces for Environments
While the default namespace is `adopt-a-street`, you can override it for different environments:
```bash
# Deploy to development
# Deploy to development namespace
kubectl create namespace adopt-a-street-dev
kubectl apply -f deploy/k8s/ -n adopt-a-street-dev
# Deploy to staging
# Deploy to staging namespace
kubectl create namespace adopt-a-street-staging
kubectl apply -f deploy/k8s/ -n adopt-a-street-staging
# Deploy to production
kubectl apply -f deploy/k8s/ -n adopt-a-street-prod
# Compare deployments across namespaces
kubectl get deployments --all-namespaces | grep adopt-a-street
# Deploy to production (uses default namespace)
kubectl apply -f deploy/k8s/
```
#### Environment-Specific Configuration
```bash
# Create environment-specific secrets
kubectl create secret generic jwt-secret-dev --from-literal=JWT_SECRET=$(openssl rand -base64 32) -n adopt-a-street-dev
kubectl create secret generic jwt-secret-prod --from-literal=JWT_SECRET=$(openssl rand -base64 32) -n adopt-a-street-prod
#### Customizing Per Environment
For environment-specific configurations, create custom ConfigMaps and Secrets:
# Patch ConfigMaps for different environments
kubectl patch configmap adopt-a-street-config -n adopt-a-street-prod \
--patch '{"data":{"NODE_ENV":"production"}}'
```bash
# Create environment-specific ConfigMap
kubectl create configmap adopt-a-street-config \
--from-literal=NODE_ENV=development \
--from-literal=FRONTEND_URL=http://dev.adopt-a-street.local \
-n adopt-a-street-dev
# Create environment-specific secrets
kubectl create secret generic adopt-a-street-secrets \
--from-literal=JWT_SECRET=$(openssl rand -base64 32) \
-n adopt-a-street-dev
```
### Common Commands Reference
```bash
# Set default namespace for current session
kubectl config set-context --current --namespace=<your-namespace>
kubectl config set-context --current --namespace=adopt-a-street
# View current context and namespace
kubectl config current-context
kubectl config view --minify
# Get resources in specific format
kubectl get pods -n <your-namespace> -o wide
kubectl get services -n <your-namespace> -o yaml
kubectl get pods -n adopt-a-street -o wide
kubectl get services -n adopt-a-street -o yaml
# Port forwarding for debugging
kubectl port-forward -n <your-namespace> service/adopt-a-street-backend 5000:5000
kubectl port-forward -n <your-namespace> service/adopt-a-street-frontend 3000:80
kubectl port-forward -n adopt-a-street service/adopt-a-street-backend 5000:5000
kubectl port-forward -n adopt-a-street service/adopt-a-street-frontend 3000:80
kubectl port-forward -n adopt-a-street service/adopt-a-street-couchdb 5984:5984
# Exec into pods for debugging
kubectl exec -it -n <your-namespace> deployment/adopt-a-street-backend -- /bin/bash
kubectl exec -it -n <your-namespace> deployment/adopt-a-street-frontend -- /bin/sh
kubectl exec -it -n adopt-a-street deployment/adopt-a-street-backend -- /bin/bash
kubectl exec -it -n adopt-a-street deployment/adopt-a-street-frontend -- /bin/sh
# Delete and redeploy
kubectl delete -f deploy/k8s/
kubectl apply -f deploy/k8s/
# Scale deployments
kubectl scale deployment/adopt-a-street-backend --replicas=2 -n adopt-a-street
kubectl scale deployment/adopt-a-street-frontend --replicas=3 -n adopt-a-street
```