From ebeb9945dbbd843b1f71b3acc3754dd021658d67 Mon Sep 17 00:00:00 2001 From: Mayne0213 Date: Mon, 5 Jan 2026 01:55:49 +0900 Subject: [PATCH] INIT(repo): add jovies, portfolio, todo apps - Add ArgoCD Application definitions for each app - Add Kubernetes Deployment, Service, Ingress for each app - Add ExternalSecret for todo (Vault integration) - Configure Traefik ingress with Let's Encrypt TLS Domains: - jovies.kro.kr - minjo0213.kro.kr - todo0213.kro.kr --- jovies/argocd.yaml | 35 ++++++++++++++++++++++ jovies/deployment.yaml | 51 ++++++++++++++++++++++++++++++++ jovies/ingress.yaml | 34 ++++++++++++++++++++++ jovies/kustomization.yaml | 7 +++++ jovies/service.yaml | 15 ++++++++++ kustomization.yaml | 7 +++++ portfolio/argocd.yaml | 35 ++++++++++++++++++++++ portfolio/deployment.yaml | 53 ++++++++++++++++++++++++++++++++++ portfolio/ingress.yaml | 34 ++++++++++++++++++++++ portfolio/kustomization.yaml | 7 +++++ portfolio/service.yaml | 15 ++++++++++ todo/argocd.yaml | 35 ++++++++++++++++++++++ todo/deployment.yaml | 56 ++++++++++++++++++++++++++++++++++++ todo/external-secret.yaml | 18 ++++++++++++ todo/ingress.yaml | 34 ++++++++++++++++++++++ todo/kustomization.yaml | 8 ++++++ todo/service.yaml | 15 ++++++++++ 17 files changed, 459 insertions(+) create mode 100644 jovies/argocd.yaml create mode 100644 jovies/deployment.yaml create mode 100644 jovies/ingress.yaml create mode 100644 jovies/kustomization.yaml create mode 100644 jovies/service.yaml create mode 100644 kustomization.yaml create mode 100644 portfolio/argocd.yaml create mode 100644 portfolio/deployment.yaml create mode 100644 portfolio/ingress.yaml create mode 100644 portfolio/kustomization.yaml create mode 100644 portfolio/service.yaml create mode 100644 todo/argocd.yaml create mode 100644 todo/deployment.yaml create mode 100644 todo/external-secret.yaml create mode 100644 todo/ingress.yaml create mode 100644 todo/kustomization.yaml create mode 100644 todo/service.yaml diff --git a/jovies/argocd.yaml b/jovies/argocd.yaml new file mode 100644 index 0000000..8edf9b1 --- /dev/null +++ b/jovies/argocd.yaml @@ -0,0 +1,35 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: jovies + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: default + sources: + - repoURL: https://github.com/K3S-HOME/web-apps.git + targetRevision: main + path: jovies + destination: + server: https://kubernetes.default.svc + namespace: jovies + syncPolicy: + automated: + prune: true + selfHeal: true + allowEmpty: false + syncOptions: + - CreateNamespace=true + - PrunePropagationPolicy=foreground + - PruneLast=true + retry: + limit: 5 + backoff: + duration: 5s + factor: 2 + maxDuration: 3m + managedNamespaceMetadata: + labels: + goldilocks.fairwinds.com/enabled: 'true' + revisionHistoryLimit: 10 diff --git a/jovies/deployment.yaml b/jovies/deployment.yaml new file mode 100644 index 0000000..61fb2df --- /dev/null +++ b/jovies/deployment.yaml @@ -0,0 +1,51 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: jovies + labels: + app: jovies +spec: + replicas: 1 + selector: + matchLabels: + app: jovies + strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 0 + maxSurge: 1 + revisionHistoryLimit: 3 + template: + metadata: + labels: + app: jovies + spec: + containers: + - name: jovies + image: ghcr.io/mayne0213/jovies:latest + imagePullPolicy: Always + ports: + - containerPort: 3000 + protocol: TCP + env: + - name: NODE_ENV + value: production + resources: + requests: + memory: 40Mi + cpu: 5m + limits: + memory: 100Mi + livenessProbe: + httpGet: + path: / + port: 3000 + initialDelaySeconds: 30 + periodSeconds: 10 + readinessProbe: + httpGet: + path: / + port: 3000 + initialDelaySeconds: 5 + periodSeconds: 5 + restartPolicy: Always diff --git a/jovies/ingress.yaml b/jovies/ingress.yaml new file mode 100644 index 0000000..b13bdb4 --- /dev/null +++ b/jovies/ingress.yaml @@ -0,0 +1,34 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: jovies-ingress + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod +spec: + ingressClassName: traefik + tls: + - hosts: + - jovies.kro.kr + - www.jovies.kro.kr + secretName: jovies-tls + rules: + - host: jovies.kro.kr + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: jovies + port: + number: 80 + - host: www.jovies.kro.kr + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: jovies + port: + number: 80 diff --git a/jovies/kustomization.yaml b/jovies/kustomization.yaml new file mode 100644 index 0000000..d901f70 --- /dev/null +++ b/jovies/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: jovies +resources: +- deployment.yaml +- service.yaml +- ingress.yaml diff --git a/jovies/service.yaml b/jovies/service.yaml new file mode 100644 index 0000000..c8cd7b6 --- /dev/null +++ b/jovies/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: jovies + labels: + app: jovies +spec: + type: ClusterIP + ports: + - name: http + port: 80 + targetPort: 3000 + protocol: TCP + selector: + app: jovies diff --git a/kustomization.yaml b/kustomization.yaml new file mode 100644 index 0000000..bd16bf8 --- /dev/null +++ b/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - jovies/argocd.yaml + - portfolio/argocd.yaml + - todo/argocd.yaml diff --git a/portfolio/argocd.yaml b/portfolio/argocd.yaml new file mode 100644 index 0000000..1a88dfb --- /dev/null +++ b/portfolio/argocd.yaml @@ -0,0 +1,35 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: portfolio + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: default + sources: + - repoURL: https://github.com/K3S-HOME/web-apps.git + targetRevision: main + path: portfolio + destination: + server: https://kubernetes.default.svc + namespace: portfolio + syncPolicy: + automated: + prune: true + selfHeal: true + allowEmpty: false + syncOptions: + - CreateNamespace=true + - PrunePropagationPolicy=foreground + - PruneLast=true + retry: + limit: 5 + backoff: + duration: 5s + factor: 2 + maxDuration: 3m + managedNamespaceMetadata: + labels: + goldilocks.fairwinds.com/enabled: 'true' + revisionHistoryLimit: 10 diff --git a/portfolio/deployment.yaml b/portfolio/deployment.yaml new file mode 100644 index 0000000..5a2db69 --- /dev/null +++ b/portfolio/deployment.yaml @@ -0,0 +1,53 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: portfolio + labels: + app: portfolio +spec: + replicas: 1 + selector: + matchLabels: + app: portfolio + strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 0 + maxSurge: 1 + revisionHistoryLimit: 3 + template: + metadata: + labels: + app: portfolio + spec: + containers: + - name: portfolio + image: ghcr.io/mayne0213/portfolio:latest + imagePullPolicy: Always + ports: + - containerPort: 3000 + protocol: TCP + env: + - name: NODE_ENV + value: production + - name: PROMETHEUS_URL + value: http://prometheus.prometheus.svc.cluster.local:9090 + resources: + requests: + memory: 80Mi + cpu: 20m + limits: + memory: 150Mi + livenessProbe: + httpGet: + path: / + port: 3000 + initialDelaySeconds: 30 + periodSeconds: 10 + readinessProbe: + httpGet: + path: / + port: 3000 + initialDelaySeconds: 5 + periodSeconds: 5 + restartPolicy: Always diff --git a/portfolio/ingress.yaml b/portfolio/ingress.yaml new file mode 100644 index 0000000..cf69f1d --- /dev/null +++ b/portfolio/ingress.yaml @@ -0,0 +1,34 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: portfolio-ingress + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod +spec: + ingressClassName: traefik + tls: + - hosts: + - minjo0213.kro.kr + - www.minjo0213.kro.kr + secretName: portfolio-tls + rules: + - host: minjo0213.kro.kr + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: portfolio + port: + number: 80 + - host: www.minjo0213.kro.kr + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: portfolio + port: + number: 80 diff --git a/portfolio/kustomization.yaml b/portfolio/kustomization.yaml new file mode 100644 index 0000000..16fdea0 --- /dev/null +++ b/portfolio/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: portfolio +resources: +- deployment.yaml +- service.yaml +- ingress.yaml diff --git a/portfolio/service.yaml b/portfolio/service.yaml new file mode 100644 index 0000000..ccd7009 --- /dev/null +++ b/portfolio/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: portfolio + labels: + app: portfolio +spec: + type: ClusterIP + ports: + - name: http + port: 80 + targetPort: 3000 + protocol: TCP + selector: + app: portfolio diff --git a/todo/argocd.yaml b/todo/argocd.yaml new file mode 100644 index 0000000..11a050c --- /dev/null +++ b/todo/argocd.yaml @@ -0,0 +1,35 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: todo + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: default + sources: + - repoURL: https://github.com/K3S-HOME/web-apps.git + targetRevision: main + path: todo + destination: + server: https://kubernetes.default.svc + namespace: todo + syncPolicy: + automated: + prune: true + selfHeal: true + allowEmpty: false + syncOptions: + - CreateNamespace=true + - PrunePropagationPolicy=foreground + - PruneLast=true + retry: + limit: 5 + backoff: + duration: 5s + factor: 2 + maxDuration: 3m + managedNamespaceMetadata: + labels: + goldilocks.fairwinds.com/enabled: 'true' + revisionHistoryLimit: 10 diff --git a/todo/deployment.yaml b/todo/deployment.yaml new file mode 100644 index 0000000..037d709 --- /dev/null +++ b/todo/deployment.yaml @@ -0,0 +1,56 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: todo + labels: + app: todo +spec: + replicas: 1 + selector: + matchLabels: + app: todo + strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 0 + maxSurge: 1 + revisionHistoryLimit: 3 + template: + metadata: + labels: + app: todo + spec: + containers: + - name: todo + image: ghcr.io/mayne0213/todo:latest + imagePullPolicy: Always + ports: + - containerPort: 3000 + protocol: TCP + env: + - name: NODE_ENV + value: production + - name: DATABASE_URL + valueFrom: + secretKeyRef: + name: todo-secrets + key: database-url + resources: + requests: + memory: 50Mi + cpu: 20m + limits: + memory: 120Mi + livenessProbe: + httpGet: + path: /api/health + port: 3000 + initialDelaySeconds: 30 + periodSeconds: 10 + readinessProbe: + httpGet: + path: /api/health + port: 3000 + initialDelaySeconds: 5 + periodSeconds: 5 + restartPolicy: Always diff --git a/todo/external-secret.yaml b/todo/external-secret.yaml new file mode 100644 index 0000000..800781a --- /dev/null +++ b/todo/external-secret.yaml @@ -0,0 +1,18 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: todo-secrets +spec: + refreshInterval: 1h + secretStoreRef: + name: vault-backend + kind: ClusterSecretStore + target: + name: todo-secrets + creationPolicy: Owner + deletionPolicy: Retain + data: + - secretKey: database-url + remoteRef: + key: todo/prod + property: DATABASE_URL diff --git a/todo/ingress.yaml b/todo/ingress.yaml new file mode 100644 index 0000000..2ecf9cb --- /dev/null +++ b/todo/ingress.yaml @@ -0,0 +1,34 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: todo-ingress + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod +spec: + ingressClassName: traefik + tls: + - hosts: + - todo0213.kro.kr + - www.todo0213.kro.kr + secretName: todo-tls + rules: + - host: todo0213.kro.kr + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: todo + port: + number: 80 + - host: www.todo0213.kro.kr + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: todo + port: + number: 80 diff --git a/todo/kustomization.yaml b/todo/kustomization.yaml new file mode 100644 index 0000000..9cd30b6 --- /dev/null +++ b/todo/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: todo +resources: +- deployment.yaml +- service.yaml +- ingress.yaml +- external-secret.yaml diff --git a/todo/service.yaml b/todo/service.yaml new file mode 100644 index 0000000..820d5be --- /dev/null +++ b/todo/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: todo + labels: + app: todo +spec: + type: ClusterIP + ports: + - name: http + port: 80 + targetPort: 3000 + protocol: TCP + selector: + app: todo