improve k8s deployment

00_db-statefulset.yaml

@@ -0,0 +1,96 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: glvd-database
+  labels:
+    app.kubernetes.io/name: glvd
+    gardenlinux.io/glvd-component: database
+spec:
+  selector:
+    app.kubernetes.io/name: glvd
+    gardenlinux.io/glvd-component: database
+  ports:
+    - protocol: TCP
+      port: 5432
+      name: postgres
+      targetPort: postgres
+  type: ClusterIP
+  clusterIP: None
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: postgres-credentials
+  labels:
+    app.kubernetes.io/name: glvd
+    gardenlinux.io/glvd-component: database
+stringData:
+  username: glvd
+  password: change-me-i-am-not-secure123
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: glvd-database
+  labels:
+    app.kubernetes.io/name: glvd
+    gardenlinux.io/glvd-component: database
+spec:
+  replicas: 1
+  serviceName: "glvd-database"
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: glvd
+      gardenlinux.io/glvd-component: database
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: glvd
+        gardenlinux.io/glvd-component: database
+    spec:
+      containers:
+      - image: ghcr.io/gardenlinux/glvd-postgres:edgefulldata
+        name: glvd-postgres
+        resources:
+          requests:
+            cpu: "1"
+            memory: "2Gi"
+          limits:
+            cpu: "2"
+            memory: "4Gi"
+        ports:
+          - containerPort: 5432
+            protocol: TCP
+            name: postgres
+        env:
+          - name: POSTGRES_DATABASE
+            value: glvd
+          - name: POSTGRES_USER
+            valueFrom:
+              secretKeyRef:
+                name: postgres-credentials
+                key: username
+          - name: POSTGRES_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: postgres-credentials
+                key: password
+          - name: POSTGRES_HOST
+            value: glvd-postgres
+          - name: POSTGRES_PORT
+            value: "5432"
+          - name: PGDATA
+            value: /var/lib/postgresql/data/pgdata
+        volumeMounts:
+        - mountPath: "/var/lib/postgresql/data"
+          name: postgres-storage
+  volumeClaimTemplates:
+  - metadata:
+      name: postgres-storage
+    spec:
+      accessModes:
+      - ReadWriteOnce
+      resources:
+        requests:
+          storage: 5Gi
+      storageClassName: 'default'

01_glvd-deployment.yaml

@@ -0,0 +1,118 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: glvd-config
+  labels:
+    app.kubernetes.io/name: glvd
+    gardenlinux.io/glvd-component: glvd-tracker
+data:
+  connectionString: jdbc:postgresql://glvd-database-0.glvd-database:5432/glvd
+  databaseName: glvd
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: glvd
+  labels:
+    app.kubernetes.io/name: glvd
+    gardenlinux.io/glvd-component: glvd-tracker
+spec:
+  ports:
+  - port: 8080
+    protocol: TCP
+    targetPort: glvd
+  selector:
+    app.kubernetes.io/name: glvd
+    gardenlinux.io/glvd-component: glvd-tracker
+  type: ClusterIP
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: glvd
+  labels:
+    app.kubernetes.io/name: glvd
+    gardenlinux.io/glvd-component: glvd-tracker
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: glvd
+      gardenlinux.io/glvd-component: glvd-tracker
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: glvd
+        gardenlinux.io/glvd-component: glvd-tracker
+    spec:
+      containers:
+      - image: ghcr.io/gardenlinux/glvd-api:edge
+        name: glvd-api
+        # resources:
+        #   requests:
+        #     cpu: "1"
+        #     memory: "2Gi"
+        #   limits:
+        #     cpu: "2"
+        #     memory: "4Gi"
+        ports:
+        - containerPort: 8080
+          protocol: TCP
+          name: glvd
+        env:
+        # cf https://github.com/spring-projects/spring-lifecycle-smoke-tests/tree/main/data/data-jpa#prevent-early-database-interaction
+        - name: SPRING_DATASOURCE_URL
+          valueFrom:
+            configMapKeyRef:
+              name: glvd-config
+              key: connectionString
+        - name: SPRING_DATASOURCE_USERNAME
+          valueFrom:
+            secretKeyRef:
+              name: postgres-credentials
+              key: username
+        - name: SPRING_DATASOURCE_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: postgres-credentials
+              key: password
+        - name: SPRING_JPA_DATABASEPLATFORM
+          value: "org.hibernate.dialect.PostgreSQLDialect"
+        - name: SPRING_JPA_PROPERTIES_HIBERNATE_BOOT_ALLOW_JDBC_METADATA_ACCESS
+          value: "false"
+        - name: SPRING_JPA_HIBERNATE_DDLAUTO
+          value: "none"
+        - name: SPRING_SQL_INIT_MODE
+          value: "never"
+        livenessProbe:
+          httpGet:
+            path: "/actuator/health/liveness"
+            port: 8080
+        readinessProbe:
+          httpGet:
+            path: "/actuator/health/readiness"
+            port: 8080
+
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: glvd-api-ingress
+  annotations:
+    cert.gardener.cloud/purpose: managed
+spec:
+  rules:
+  - host: glvd.ingress.glvd.gardnlinux.shoot.canary.k8s-hana.ondemand.com
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: glvd
+            port: 
+              number: 8080
+  tls:
+  - hosts:
+    - glvd.ingress.glvd.gardnlinux.shoot.canary.k8s-hana.ondemand.com
+    secretName: glvd-ingress-tls