diff --git a/.env.example b/.env.example index 384c7dd6..7ccc7b7f 100644 --- a/.env.example +++ b/.env.example @@ -10,11 +10,7 @@ NUXT_TWITCH_OAUTH_CODE="" # Will redirect to from Twitch NUXT_PUBLIC_SIGN_IN_REDIRECT_URL="" -# Where will be all session data -NUXT_PUBLIC_COOKIE_KEY="" - # Our secret... -NUXT_JWT_SECRET_KEY="" NUXT_WEBSITE_BEARER="" NUXT_SESSION_PASSWORD="" diff --git a/apps/website/nuxt.config.ts b/apps/website/nuxt.config.ts index 880d93cc..18994893 100644 --- a/apps/website/nuxt.config.ts +++ b/apps/website/nuxt.config.ts @@ -13,7 +13,6 @@ export default defineNuxtConfig({ css: ['~/assets/css/styles.css'], runtimeConfig: { websiteBearer: '', // NUXT_WEBSITE_BEARER - jwtSecretKey: '', // NUXT_JWT_SECRET_KEY twitchChannelName: '', // NUXT_TWITCH_CHANNEL_NAME twitchChannelId: '', // NUXT_TWITCH_CHANNEL_ID twitchOauthCode: '', // NUXT_TWITCH_OAUTH_CODE @@ -23,7 +22,6 @@ export default defineNuxtConfig({ oauthTwitchClientSecret: '', // NUXT_OAUTH_TWITCH_CLIENT_SECRET public: { signInRedirectUrl: '', // NUXT_PUBLIC_SIGN_IN_REDIRECT_URL - cookieKey: '', // NUXT_PUBLIC_COOKIE_KEY }, }, modules: ['@vueuse/nuxt', 'nuxt-auth-utils'], diff --git a/k8s/config/cert-manager/production.issuer.yaml b/k8s/config/cert-manager/production.issuer.yaml new file mode 100644 index 00000000..ef71dea4 --- /dev/null +++ b/k8s/config/cert-manager/production.issuer.yaml @@ -0,0 +1,19 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-prod + namespace: cert-manager +spec: + acme: + # The ACME server URL + server: https://acme-v02.api.letsencrypt.org/directory + # Email address used for ACME registration + email: user@example.com + # Name of a secret used to store the ACME account private key + privateKeySecretRef: + name: letsencrypt-prod + # Enable the HTTP-01 challenge provider + solvers: + - http01: + ingress: + class: nginx diff --git a/k8s/config/chat-game/env.secret.yaml b/k8s/config/chat-game/env.secret.yaml new file mode 100644 index 00000000..38e68574 --- /dev/null +++ b/k8s/config/chat-game/env.secret.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Secret +metadata: + name: env + namespace: chat-game +type: Opaque +stringData: + DATABASE_URL: "" + NUXT_SESSION_PASSWORD: "" + NUXT_OAUTH_TWITCH_CLIENT_ID: "" + NUXT_OAUTH_TWITCH_CLIENT_SECRET: "" + NUXT_YOOKASSA_SHOP_ID: "" + NUXT_YOOKASSA_API_KEY: "" + NUXT_TWITCH_CHANNEL_NAME: "" + NUXT_TWITCH_CHANNEL_ID: "" diff --git a/k8s/config/chat-game/ghcr.secret.yaml b/k8s/config/chat-game/ghcr.secret.yaml new file mode 100644 index 00000000..909e4167 --- /dev/null +++ b/k8s/config/chat-game/ghcr.secret.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Secret +metadata: + name: ghcr-login-secret + namespace: chat-game +type: kubernetes.io/dockerconfigjson +data: + .dockerconfigjson: | + To generate use command: + kubectl create secret docker-registry ghcr-login-secret --namespace=chat-game --docker-email=$EMAIL --docker-username=$GITHUB_USERNAME --docker-server=https://ghcr.io --docker-password=$GITHUB_TOKEN diff --git a/k8s/website/deployment.yaml b/k8s/website/deployment.yaml new file mode 100644 index 00000000..1c40535a --- /dev/null +++ b/k8s/website/deployment.yaml @@ -0,0 +1,89 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: website-deployment + namespace: chat-game +spec: + selector: + matchLabels: + app: website + replicas: 1 + revisionHistoryLimit: 1 + minReadySeconds: 20 + template: + metadata: + labels: + app: website + spec: + securityContext: + runAsUser: 1001 + imagePullSecrets: + - name: ghcr-login-secret + containers: + - name: website + image: ghcr.io/chat-game/website:nightly + imagePullPolicy: Always + ports: + - containerPort: 3000 + env: + - name: DATABASE_URL + valueFrom: + secretKeyRef: + name: env + key: DATABASE_URL + - name: NUXT_SESSION_PASSWORD + valueFrom: + secretKeyRef: + name: env + key: NUXT_SESSION_PASSWORD + - name: NUXT_OAUTH_TWITCH_CLIENT_ID + valueFrom: + secretKeyRef: + name: env + key: NUXT_OAUTH_TWITCH_CLIENT_ID + - name: NUXT_OAUTH_TWITCH_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: env + key: NUXT_OAUTH_TWITCH_CLIENT_SECRET + - name: NUXT_YOOKASSA_SHOP_ID + valueFrom: + secretKeyRef: + name: env + key: NUXT_YOOKASSA_SHOP_ID + - name: NUXT_YOOKASSA_API_KEY + valueFrom: + secretKeyRef: + name: env + key: NUXT_YOOKASSA_API_KEY + - name: NUXT_TWITCH_CHANNEL_NAME + valueFrom: + secretKeyRef: + name: env + key: NUXT_TWITCH_CHANNEL_NAME + - name: NUXT_TWITCH_CHANNEL_ID + valueFrom: + secretKeyRef: + name: env + key: NUXT_TWITCH_CHANNEL_ID + resources: + limits: + cpu: 250m + memory: 256Mi + requests: + cpu: 10m + memory: 64Mi + livenessProbe: + httpGet: + port: 3000 + path: / + initialDelaySeconds: 20 + periodSeconds: 30 + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: false + runAsNonRoot: true + capabilities: + drop: + - ALL diff --git a/k8s/website/ingress.yaml b/k8s/website/ingress.yaml new file mode 100644 index 00000000..8820ed2d --- /dev/null +++ b/k8s/website/ingress.yaml @@ -0,0 +1,27 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: website-ingress + namespace: chat-game + labels: + app: website + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-prod" +spec: + ingressClassName: nginx + tls: + - hosts: + - staging.chatgame.space + secretName: staging.chatgame.space + rules: + - host: staging.chatgame.space + http: + paths: + - pathType: Prefix + path: "/" + backend: + service: + name: website-service + port: + number: 3000 diff --git a/k8s/website/service.yaml b/k8s/website/service.yaml new file mode 100644 index 00000000..910197c1 --- /dev/null +++ b/k8s/website/service.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: website-service + namespace: chat-game +spec: + selector: + app: website + ports: + - name: id + protocol: TCP + port: 3000 + targetPort: 3000