feat(lasuite): add Projects (Planka Kanban) service
Deploy Planka-based project management at projects.DOMAIN_SUFFIX: - ConfigMap with OIDC, S3, SMTP, La Gaufre widget config - Deployment + Service (init container for DB migrations, Sails on 1337) - OAuth2Client (client_secret_basic, redirect to /oidc-callback) - VaultDynamicSecret for DATABASE_URL, VaultStaticSecret for SECRET_KEY - Pingora route with websocket support (Socket.io) - Image overrides in both local and production overlays - TLS cert dnsNames updated for projects subdomain - Integration service.json updated with Projects entry - seaweedfs-s3-credentials rolloutRestartTargets includes projects
This commit is contained in:
121
base/lasuite/projects-deployment.yaml
Normal file
121
base/lasuite/projects-deployment.yaml
Normal file
@@ -0,0 +1,121 @@
|
||||
# Planka-based Kanban project management — single container (SPA bundled into Sails backend).
|
||||
# Image: src.DOMAIN_SUFFIX/studio/projects:latest
|
||||
# Built from projects/Dockerfile
|
||||
#
|
||||
# Secrets injected via env vars:
|
||||
# - projects-db-url (VaultDynamicSecret): DATABASE_URL
|
||||
# - projects-app-secrets (VaultStaticSecret): SECRET_KEY
|
||||
# - oidc-projects (Hydra Maester): CLIENT_ID, CLIENT_SECRET
|
||||
# - seaweedfs-s3-credentials (VaultStaticSecret): S3_ACCESS_KEY, S3_SECRET_KEY
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: projects
|
||||
namespace: lasuite
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: projects
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: projects
|
||||
spec:
|
||||
initContainers:
|
||||
- name: db-migrate
|
||||
image: projects
|
||||
command: ["node", "db/init.js"]
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: projects-config
|
||||
env:
|
||||
- name: DATABASE_URL
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: projects-db-url
|
||||
key: url
|
||||
- name: SECRET_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: projects-app-secrets
|
||||
key: SECRET_KEY
|
||||
resources:
|
||||
limits:
|
||||
memory: 256Mi
|
||||
requests:
|
||||
memory: 128Mi
|
||||
cpu: 50m
|
||||
containers:
|
||||
- name: projects
|
||||
image: projects
|
||||
command: ["node", "app.js", "--prod"]
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 1337
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: projects-config
|
||||
env:
|
||||
- name: DATABASE_URL
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: projects-db-url
|
||||
key: url
|
||||
- name: SECRET_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: projects-app-secrets
|
||||
key: SECRET_KEY
|
||||
- name: OIDC_CLIENT_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: oidc-projects
|
||||
key: CLIENT_ID
|
||||
- name: OIDC_CLIENT_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: oidc-projects
|
||||
key: CLIENT_SECRET
|
||||
- name: S3_ACCESS_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: seaweedfs-s3-credentials
|
||||
key: S3_ACCESS_KEY
|
||||
- name: S3_SECRET_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: seaweedfs-s3-credentials
|
||||
key: S3_SECRET_KEY
|
||||
resources:
|
||||
limits:
|
||||
memory: 512Mi
|
||||
requests:
|
||||
memory: 256Mi
|
||||
cpu: 50m
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
port: http
|
||||
initialDelaySeconds: 15
|
||||
periodSeconds: 30
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
port: http
|
||||
initialDelaySeconds: 10
|
||||
periodSeconds: 10
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: projects
|
||||
namespace: lasuite
|
||||
spec:
|
||||
selector:
|
||||
app: projects
|
||||
ports:
|
||||
- name: http
|
||||
port: 80
|
||||
targetPort: 1337
|
||||
Reference in New Issue
Block a user