54a0a77ed5
- Add namespace.yaml to production overlay resources - Ensure proper namespace creation in production deployments - Improve Kubernetes resource management and isolation
129 lines
3.1 KiB
YAML
129 lines
3.1 KiB
YAML
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
kind: Kustomization
|
|
|
|
metadata:
|
|
name: rxminder-production
|
|
|
|
# Reference the base configuration
|
|
resources:
|
|
- ../../base
|
|
- namespace.yaml
|
|
|
|
# Override namespace for production
|
|
namespace: rxminder-prod
|
|
|
|
# Production-specific labels
|
|
labels:
|
|
- pairs:
|
|
environment: production
|
|
tier: prod
|
|
|
|
# Production image tags and configurations
|
|
images:
|
|
- name: frontend-image
|
|
newName: gitea-http.taildb3494.ts.net/will/rxminder
|
|
newTag: v1.0.0
|
|
- name: couchdb-image
|
|
newName: couchdb
|
|
newTag: 3.3.2
|
|
|
|
# Production replicas - higher for availability
|
|
replicas:
|
|
- name: rxminder-frontend
|
|
count: 3
|
|
- name: rxminder-couchdb
|
|
count: 1
|
|
|
|
# Production resource patches
|
|
patchesStrategicMerge:
|
|
- frontend-resources.yaml
|
|
- couchdb-resources.yaml
|
|
- ingress-prod.yaml
|
|
|
|
# Production secrets (to be created manually or via external secret management)
|
|
secretGenerator:
|
|
- name: couchdb-secret
|
|
behavior: replace
|
|
literals:
|
|
- username=admin
|
|
# Note: In production, use external secret management like:
|
|
# - Kubernetes External Secrets Operator
|
|
# - HashiCorp Vault
|
|
# - AWS Secrets Manager
|
|
# This is just a placeholder
|
|
- password=CHANGE_IN_PRODUCTION
|
|
|
|
# Production-specific patches for security and performance
|
|
patches:
|
|
# Production-specific ConfigMap patches
|
|
- target:
|
|
kind: ConfigMap
|
|
name: rxminder-config
|
|
patch: |-
|
|
- op: replace
|
|
path: /data/NODE_ENV
|
|
value: "production"
|
|
- op: replace
|
|
path: /data/LOG_LEVEL
|
|
value: "warn"
|
|
- op: add
|
|
path: /data/ENABLE_MONITORING
|
|
value: "true"
|
|
- op: add
|
|
path: /data/CACHE_TTL
|
|
value: "3600"
|
|
|
|
# Enable HTTPS redirect on ingress
|
|
- target:
|
|
kind: Ingress
|
|
name: rxminder-ingress
|
|
patch: |-
|
|
- op: add
|
|
path: /metadata/annotations/nginx.ingress.kubernetes.io~1ssl-redirect
|
|
value: "true"
|
|
- op: add
|
|
path: /metadata/annotations/cert-manager.io~1cluster-issuer
|
|
value: "letsencrypt-prod"
|
|
|
|
# Add resource limits for production workloads
|
|
- target:
|
|
kind: Deployment
|
|
name: rxminder-frontend
|
|
patch: |-
|
|
- op: replace
|
|
path: /spec/template/spec/containers/0/resources
|
|
value:
|
|
requests:
|
|
memory: "256Mi"
|
|
cpu: "100m"
|
|
limits:
|
|
memory: "512Mi"
|
|
cpu: "500m"
|
|
|
|
# Production storage class and size
|
|
- target:
|
|
kind: StatefulSet
|
|
name: rxminder-couchdb
|
|
patch: |-
|
|
- op: replace
|
|
path: /spec/volumeClaimTemplates/0/spec/storageClassName
|
|
value: "ssd"
|
|
- op: replace
|
|
path: /spec/volumeClaimTemplates/0/spec/resources/requests/storage
|
|
value: "10Gi"
|
|
|
|
# Production CouchDB resources
|
|
- target:
|
|
kind: StatefulSet
|
|
name: rxminder-couchdb
|
|
patch: |-
|
|
- op: replace
|
|
path: /spec/template/spec/containers/0/resources
|
|
value:
|
|
requests:
|
|
memory: "512Mi"
|
|
cpu: "200m"
|
|
limits:
|
|
memory: "1Gi"
|
|
cpu: "1000m"
|