feat: k8s yaml (#234)

.env.example

@@ -10,11 +10,7 @@ NUXT_TWITCH_OAUTH_CODE=""
 # Will redirect to from Twitch
 NUXT_PUBLIC_SIGN_IN_REDIRECT_URL=""
 
-# Where will be all session data
-NUXT_PUBLIC_COOKIE_KEY=""
-
 # Our secret...
-NUXT_JWT_SECRET_KEY=""
 NUXT_WEBSITE_BEARER=""
 NUXT_SESSION_PASSWORD=""
 

apps/website/nuxt.config.ts

@@ -13,7 +13,6 @@ export default defineNuxtConfig({
   css: ['~/assets/css/styles.css'],
   runtimeConfig: {
     websiteBearer: '', // NUXT_WEBSITE_BEARER
-    jwtSecretKey: '', // NUXT_JWT_SECRET_KEY
     twitchChannelName: '', // NUXT_TWITCH_CHANNEL_NAME
     twitchChannelId: '', // NUXT_TWITCH_CHANNEL_ID
     twitchOauthCode: '', // NUXT_TWITCH_OAUTH_CODE
@@ -23,7 +22,6 @@ export default defineNuxtConfig({
     oauthTwitchClientSecret: '', // NUXT_OAUTH_TWITCH_CLIENT_SECRET
     public: {
       signInRedirectUrl: '', // NUXT_PUBLIC_SIGN_IN_REDIRECT_URL
-      cookieKey: '', // NUXT_PUBLIC_COOKIE_KEY
     },
   },
   modules: ['@vueuse/nuxt', 'nuxt-auth-utils'],

k8s/config/cert-manager/production.issuer.yaml

@@ -0,0 +1,19 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-prod
+  namespace: cert-manager
+spec:
+  acme:
+    # The ACME server URL
+    server: https://acme-v02.api.letsencrypt.org/directory
+    # Email address used for ACME registration
+    email: [email protected]
+    # Name of a secret used to store the ACME account private key
+    privateKeySecretRef:
+      name: letsencrypt-prod
+    # Enable the HTTP-01 challenge provider
+    solvers:
+      - http01:
+          ingress:
+            class: nginx

k8s/config/chat-game/env.secret.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: env
+  namespace: chat-game
+type: Opaque
+stringData:
+  DATABASE_URL: ""
+  NUXT_SESSION_PASSWORD: ""
+  NUXT_OAUTH_TWITCH_CLIENT_ID: ""
+  NUXT_OAUTH_TWITCH_CLIENT_SECRET: ""
+  NUXT_YOOKASSA_SHOP_ID: ""
+  NUXT_YOOKASSA_API_KEY: ""
+  NUXT_TWITCH_CHANNEL_NAME: ""
+  NUXT_TWITCH_CHANNEL_ID: ""

k8s/config/chat-game/ghcr.secret.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: ghcr-login-secret
+  namespace: chat-game
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: |
+    To generate use command:
+    kubectl create secret docker-registry ghcr-login-secret --namespace=chat-game --docker-email=$EMAIL --docker-username=$GITHUB_USERNAME --docker-server=https://ghcr.io --docker-password=$GITHUB_TOKEN

k8s/website/deployment.yaml

@@ -0,0 +1,89 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: website-deployment
+  namespace: chat-game
+spec:
+  selector:
+    matchLabels:
+      app: website
+  replicas: 1
+  revisionHistoryLimit: 1
+  minReadySeconds: 20
+  template:
+    metadata:
+      labels:
+        app: website
+    spec:
+      securityContext:
+        runAsUser: 1001
+      imagePullSecrets:
+        - name: ghcr-login-secret
+      containers:
+        - name: website
+          image: ghcr.io/chat-game/website:nightly
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 3000
+          env:
+            - name: DATABASE_URL
+              valueFrom:
+                secretKeyRef:
+                  name: env
+                  key: DATABASE_URL
+            - name: NUXT_SESSION_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: env
+                  key: NUXT_SESSION_PASSWORD
+            - name: NUXT_OAUTH_TWITCH_CLIENT_ID
+              valueFrom:
+                secretKeyRef:
+                  name: env
+                  key: NUXT_OAUTH_TWITCH_CLIENT_ID
+            - name: NUXT_OAUTH_TWITCH_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: env
+                  key: NUXT_OAUTH_TWITCH_CLIENT_SECRET
+            - name: NUXT_YOOKASSA_SHOP_ID
+              valueFrom:
+                secretKeyRef:
+                  name: env
+                  key: NUXT_YOOKASSA_SHOP_ID
+            - name: NUXT_YOOKASSA_API_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: env
+                  key: NUXT_YOOKASSA_API_KEY
+            - name: NUXT_TWITCH_CHANNEL_NAME
+              valueFrom:
+                secretKeyRef:
+                  name: env
+                  key: NUXT_TWITCH_CHANNEL_NAME
+            - name: NUXT_TWITCH_CHANNEL_ID
+              valueFrom:
+                secretKeyRef:
+                  name: env
+                  key: NUXT_TWITCH_CHANNEL_ID
+          resources:
+            limits:
+              cpu: 250m
+              memory: 256Mi
+            requests:
+              cpu: 10m
+              memory: 64Mi
+          livenessProbe:
+            httpGet:
+              port: 3000
+              path: /
+            initialDelaySeconds: 20
+            periodSeconds: 30
+          securityContext:
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: false
+            runAsNonRoot: true
+            capabilities:
+              drop:
+                - ALL

k8s/website/ingress.yaml

@@ -0,0 +1,27 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: website-ingress
+  namespace: chat-game
+  labels:
+    app: website
+  annotations:
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+spec:
+  ingressClassName: nginx
+  tls:
+    - hosts:
+        - staging.chatgame.space
+      secretName: staging.chatgame.space
+  rules:
+    - host: staging.chatgame.space
+      http:
+        paths:
+          - pathType: Prefix
+            path: "/"
+            backend:
+              service:
+                name: website-service
+                port:
+                  number: 3000

k8s/website/service.yaml

@@ -0,0 +1,14 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: website-service
+  namespace: chat-game
+spec:
+  selector:
+    app: website
+  ports:
+    - name: id
+      protocol: TCP
+      port: 3000
+      targetPort: 3000