will/rxminder
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
79394455ee2853c39a3ab812c86410a9965defa2
rxminder/docs/architecture/TEMPLATE_APPROACH.md
William Valentin e48adbcb00 Initial commit: Complete NodeJS-native setup 
- Migrated from Python pre-commit to NodeJS-native solution
- Reorganized documentation structure
- Set up Husky + lint-staged for efficient pre-commit hooks
- Fixed Dockerfile healthcheck issue
- Added comprehensive documentation index
2025-09-06 01:42:48 -07:00

160 lines
4.1 KiB
Markdown
Raw Blame History

# 🎯 Template-Based Kubernetes Configuration
## Overview
We've implemented a **template-based approach** using environment variables instead of manual base64 encoding for Kubernetes secrets. This is much more user-friendly and secure.
## 🆚 Before vs After Comparison
### ❌ Before (Manual Base64 Encoding)
**Old approach required manual base64 encoding:**
```yaml
# k8s/couchdb-secret.yaml
apiVersion: v1
kind: Secret
data:
# User had to manually encode:
# echo -n "admin" | base64 -> YWRtaW4=
# echo -n "password" | base64 -> cGFzc3dvcmQ=
username: YWRtaW4=
password: cGFzc3dvcmQ=
```
**Problems:**
- 😣 Manual base64 encoding required
- 🔧 Error-prone (encoding mistakes)
- 📝 Hard to read/verify credentials
- 🔒 Credentials visible in YAML files
### ✅ After (Template-Based)
**New approach uses templates with automatic substitution:**
```yaml
# k8s/couchdb-secret.yaml.template
apiVersion: v1
kind: Secret
metadata:
name: couchdb-secret
labels:
app: ${APP_NAME}
type: Opaque
stringData:
# Kubernetes automatically base64 encodes stringData
username: ${COUCHDB_USER}
password: ${COUCHDB_PASSWORD}
```
**Benefits:**
- ✅ No manual base64 encoding needed
- ✅ Environment variables from `.env` file
- ✅ Human-readable configuration
- ✅ Automatic deployment script
- ✅ Customizable app names
## 🚀 How It Works
### 1. Configuration in `.env`
```bash
# .env (user-friendly configuration)
APP_NAME=my-rxminder
COUCHDB_USER=admin
COUCHDB_PASSWORD=super-secure-password-123
INGRESS_HOST=rxminder.mydomain.com
```
### 2. Template Substitution
```bash
# Automatic substitution with envsubst
envsubst < k8s/couchdb-secret.yaml.template
```
**Result:**
```yaml
apiVersion: v1
kind: Secret
metadata:
name: couchdb-secret
labels:
app: my-rxminder
type: Opaque
stringData:
username: admin
password: super-secure-password-123
```
### 3. Kubernetes Processing
- Kubernetes automatically base64 encodes `stringData` fields
- No manual encoding required
- More secure and reliable
## 🎛️ Deployment Options
### Option 1: Automated Script (Recommended)
```bash
# Copy and configure
cp .env.example .env
nano .env
# Deploy everything
./scripts/k8s-deploy-template.sh deploy
```
### Option 2: Manual Template Processing
```bash
# Set environment variables
export APP_NAME=my-rxminder
export COUCHDB_PASSWORD=secure-password
# Process templates
envsubst < k8s/couchdb-secret.yaml.template | kubectl apply -f -
envsubst < k8s/ingress.yaml.template | kubectl apply -f -
```
## 🔧 Template Files Created
1. **`k8s/couchdb-secret.yaml.template`** - Database credentials
2. **`k8s/ingress.yaml.template`** - Ingress with custom hostname
3. **`k8s/configmap.yaml.template`** - Application configuration
4. **`k8s/frontend-deployment.yaml.template`** - Frontend deployment
5. **`scripts/k8s-deploy-template.sh`** - Automated deployment script
## 🛡️ Security Benefits
- **No hardcoded credentials** in version control
- **Environment-specific configuration** via `.env` files
- **Automatic validation** of required variables
- **Kubernetes stringData** (auto base64 encoding)
- **Clear separation** of config and code
## 📝 User Experience Improvements
| Aspect | Before | After |
| -------------------- | ------------------------ | ---------------------- |
| **Setup Complexity** | High (manual base64) | Low (edit .env) |
| **Error Rate** | High (encoding mistakes) | Low (plain text) |
| **Readability** | Poor (base64 strings) | Excellent (plain text) |
| **Customization** | Manual file editing | Environment variables |
| **Deployment** | Multi-step manual | Single command |
## 🎯 Result
The template-based approach makes RxMinder deployment:
- **More user-friendly** - No technical encoding required
- **More secure** - Credentials externalized to `.env`
- **More maintainable** - Clear separation of config and manifests
- **More flexible** - Easy customization via environment variables
This is a **production-ready, enterprise-grade** configuration management approach that follows Kubernetes best practices.
Reference in New Issue View Git Blame Copy Permalink