fix: improving k8s usecase support

.dockerignore

@@ -2,4 +2,5 @@ node_modules/
 static/
 build/
 *log
-.env
+.env
+deployment/

.gitignore

@@ -108,4 +108,8 @@ build/
 
 *.DS_Store
 
-*log
+*log
+
+# Deployment Internal
+
+internal-k8s.yaml

Dockerfile.Caddy

@@ -1,10 +1,11 @@
 FROM node:18-alpine AS modules
 WORKDIR /app
 COPY . .
-RUN npm ci && npm run build && \
-adduser -u 1002 -D appuser appuser
+RUN adduser -u 1002 -h /home/appuser -D appuser appuser && \
+npm ci && npm run build
 
-FROM caddy:2.6.4-alpine as caddy
+
+FROM caddy:2.7.6-alpine as caddy
 
 FROM node:18-alpine AS production
 LABEL org.opencontainers.image.source="https://github.com/spectrocloud/hello-universe"
@@ -14,10 +15,12 @@ WORKDIR /app
 ENV NODE_ENV production
 ENV NEXT_TELEMETRY_DISABLED 1
 ENV PORT 8080
+ENV API_PORT 3000
 ENV API_URI ""
 ENV SVC_URI ""
 ENV API_VERSION 1
 ENV TOKEN ""
+ENV QUERY_K8S_API ""
 
 COPY --from=modules /etc/passwd /etc/passwd
 COPY --from=modules /etc/group /etc/group
@@ -27,12 +30,13 @@ COPY --from=modules --chown=appuser:appuser /app/build ./build
 COPY --from=modules --chown=appuser:appuser /app/package.json ./package.json
 COPY --from=caddy --chown=appuser:appuser /usr/bin/caddy /usr/bin/caddy
 COPY --from=modules --chown=appuser:appuser /app/Caddyfile /etc/caddy/Caddyfile
+COPY --from=modules --chown=appuser:appuser /app/scripts/service-ip.sh /app/service-ip.sh
 
 RUN apk update && apk upgrade && apk add --no-cache curl ca-certificates bash jq && \
 mkdir -p /var/log/caddy/ && chown -R appuser:appuser /var/log/caddy/ && \
 chmod -R 700 /var/log/caddy/
 
 USER appuser
 EXPOSE 8080 3000
-CMD ["/bin/bash", "-c", "REACT_APP_API_URI=$API_URI REACT_APP_API_VERSION=$API_VERSION npx react-inject-env set && \
+CMD ["/bin/bash", "-c", "/app/service-ip.sh && REACT_APP_API_URI=$API_URI REACT_APP_API_VERSION=$API_VERSION npx react-inject-env set && \
 caddy run --config /etc/caddy/Caddyfile --adapter caddyfile"]

deployment/k8s.yaml

@@ -0,0 +1,263 @@
+# Copyright (c) Spectro Cloud
+# SPDX-License-Identifier: Apache-2.0
+
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: hello-universe
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: service-reader
+rules:
+  - apiGroups: [""]
+    resources: ["services"]
+    verbs: ["get", "list", "watch"]
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: hello-universe-role
+  namespace: hello-universe
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: service-reader-binding
+subjects:
+  - kind: ServiceAccount
+    name: hello-universe-role
+    namespace: hello-universe
+roleRef:
+  kind: ClusterRole
+  name: service-reader
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: ui
+  namespace: hello-universe
+spec:
+  selector:
+    app: ui
+  ports:
+    - protocol: TCP
+      name: ui
+      port: 80
+      targetPort: 8080
+    - protocol: TCP
+      name: api
+      port: 3000
+      targetPort: 3000
+  type: LoadBalancer
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: db-password
+  namespace: hello-universe
+type: Opaque
+data:
+  db-password: <REPLACE_ME> # Replace with your own base64 encoded Slack signing secret
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: auth-token
+  namespace: hello-universe
+type: Opaque
+data:
+  auth-token: <REPLACE_ME> # Replace with your own base64 encoded Slack signing secret
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: postgres
+  namespace: hello-universe
+spec:
+  selector:
+    matchLabels:
+      app: postgres
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: postgres
+    spec:
+      containers:
+        - name: postgres
+          image: ghcr.io/spectrocloud/hello-universe-db:1.0.2
+          ports:
+            - containerPort: 5432
+              name: postgres
+          resources:
+            limits:
+              memory: "500Mi"
+              cpu: "500m"
+            requests:
+              memory: "500Mi"
+              cpu: "500m"
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: postgres
+  namespace: hello-universe
+spec:
+  selector:
+    app: postgres
+  ports:
+    - protocol: TCP
+      port: 5432
+      targetPort: 5432
+  type: ClusterIP
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: api
+  namespace: hello-universe
+spec:
+  selector:
+    matchLabels:
+      app: api
+  replicas: 2
+  template:
+    metadata:
+      labels:
+        app: api
+    spec:
+      serviceAccountName: hello-universe-role
+      containers:
+        - name: api
+          image: ghcr.io/spectrocloud/hello-universe-api:1.0.11
+          ports:
+            - containerPort: 3000
+              name: api
+          env:
+            - name: db-password
+              valueFrom:
+                secretKeyRef:
+                  name: db-password
+                  key: db-password
+            - name: DB_HOST
+              value: "postgres.hello-universe.svc.cluster.local"
+            - name: PORT
+              value: "3000"
+            - name: DB_USER
+              value: "postgres"
+            - name: DB_NAME
+              value: "counter"
+            - name: DB_ENCRYPTION
+              value: "disable"
+            - name: DB_INIT
+              value: "false"
+            - name: AUTHORIZATION
+              value: "false"
+          resources:
+            limits:
+              memory: "500Mi"
+              cpu: "500m"
+            requests:
+              memory: "500Mi"
+              cpu: "500m"
+          # securityContext:
+          #   allowPrivilegeEscalation: false
+          #   runAsNonRoot: true
+          #   capabilities:
+          #     drop:
+          #       - ALL
+          #   seccompProfile:
+          #     type: "RuntimeDefault"
+          livenessProbe:
+            httpGet:
+              path: /api/v1/health
+              port: 3000
+            initialDelaySeconds: 10
+            periodSeconds: 3
+          readinessProbe:
+            httpGet:
+              path: /api/v1/health
+              port: 3000
+            initialDelaySeconds: 5
+            periodSeconds: 3
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: api
+  namespace: hello-universe
+spec:
+  selector:
+    app: api
+  ports:
+    - protocol: TCP
+      port: 3000
+      targetPort: 3000
+  type: ClusterIP
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: ui
+  namespace: hello-universe
+spec:
+  selector:
+    matchLabels:
+      app: ui
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: ui
+    spec:
+      serviceAccountName: hello-universe-role
+      containers:
+        - name: ui
+          image: ghcr.io/spectrocloud/hello-universe:1.1.0-proxy
+          ports:
+            - containerPort: 8080
+              name: ui
+          env:
+            - name: TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: auth-token
+                  key: auth-token
+            - name: API_URI
+              value: "" # Leave empty and set QUERY_K8S_API to true when in a Kubernetes cluster
+            - name: SVC_URI
+              value: "api.hello-universe.svc.cluster.local:3000"
+            - name: API_VERSION
+              value: "1"
+            - name: QUERY_K8S_API
+              value: "true"
+          resources:
+            limits:
+              memory: "500Mi"
+              cpu: "500m"
+            requests:
+              memory: "500Mi"
+              cpu: "500m"
+          # securityContext:
+          #   allowPrivilegeEscalation: false
+          #   runAsNonRoot: true
+          #   capabilities:
+          #     drop:
+          #       - ALL
+          #   seccompProfile:
+          #     type: "RuntimeDefault"
+          # livenessProbe:
+          #   httpGet:
+          #     path: /
+          #     port: 80
+          #   initialDelaySeconds: 10
+          #   periodSeconds: 3
+          # readinessProbe:
+          #   httpGet:
+          #     path: /
+          #     port: 80
+          #   initialDelaySeconds: 5
+          #   periodSeconds: 3

scripts/service-ip.sh

@@ -0,0 +1,47 @@
+#!/bin/sh
+#########################################
+# This script is used to query the Kubernetes API for the hostname of the hello-universe service
+# and set the API_URI environment variable to the service IP.
+# The script is only executed if the QUERY_K8S_API environment variable is set.
+#########################################
+
+if [ -n "$QUERY_K8S_API" ]; then
+
+# Point to the internal API server hostname
+APISERVER=https://kubernetes.default.svc
+
+# Path to ServiceAccount token
+SERVICEACCOUNT=/var/run/secrets/kubernetes.io/serviceaccount
+
+# Read this Pod's namespace
+NAMESPACE=$(cat ${SERVICEACCOUNT}/namespace)
+
+# Read the ServiceAccount bearer token
+TOKEN=$(cat ${SERVICEACCOUNT}/token)
+
+# Reference the internal certificate authority (CA)
+CACERT=${SERVICEACCOUNT}/ca.crt
+
+echo "Acquiring service IP for hello-universe service"
+echo ""
+
+HELLO_UNIVERSE_SERVICE=$(curl --silent --cacert ${CACERT} --header "Authorization: Bearer ${TOKEN}" -X GET ${APISERVER}/api/v1/namespaces/hello-universe/services/ui | jq -r '.status.loadBalancer.ingress[0].hostname')
+
+  if [ -z "$HELLO_UNIVERSE_SERVICE" ]; then
+    echo "Failed to get service IP for hello-universe service"
+    exit 1
+  fi
+
+  # Set API_URI only if QUERY_K8S_API is not empty
+  echo "Setting API_URI to ${HELLO_UNIVERSE_SERVICE}:3000"
+  export API_URI=$HELLO_UNIVERSE_SERVICE:$PORT
+
+
+  echo "Hello Universe service IP: ${HELLO_UNIVERSE_SERVICE}:3000"
+
+else
+  echo "QUERY_K8S_API is not set. Skipping service IP query."
+  exit 0
+fi
+
+