feat: add kubernetes manifests

Author: Fraguinha

.github/workflows/docker.yaml

@@ -9,7 +9,7 @@ on:
       - ".github/workflows/docker.yml"
 
 jobs:
-  build:
+  build-website:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
@@ -35,3 +35,30 @@ jobs:
           tags: fraguinha/a50passos.com:latest
           context: ./src/website
           file: ./src/website/Dockerfile
+
+  build-assets:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        with:
+          push: true
+          platforms: linux/amd64,linux/arm/v7
+          tags: fraguinha/a50passos.com-assets:latest
+          context: .
+          file: ./src/website/Dockerfile.assets

k8s/ingress.yml

@@ -0,0 +1,57 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: a50passos-ingress
+  namespace: a50passos
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+    kubernetes.io/ingress.class: traefik
+spec:
+  rules:
+  - host: a50passos.com
+    http:
+      paths:
+      - backend:
+          service:
+            name: website
+            port:
+              number: 8080
+        path: /
+        pathType: Prefix
+  - host: www.a50passos.com
+    http:
+      paths:
+      - backend:
+          service:
+            name: website
+            port:
+              number: 8080
+        path: /
+        pathType: Prefix
+  - host: a50passos.pt
+    http:
+      paths:
+      - backend:
+          service:
+            name: website
+            port:
+              number: 8080
+        path: /
+        pathType: Prefix
+  - host: www.a50passos.pt
+    http:
+      paths:
+      - backend:
+          service:
+            name: website
+            port:
+              number: 8080
+        path: /
+        pathType: Prefix
+  tls:
+  - hosts:
+    - a50passos.com
+    - www.a50passos.com
+    - a50passos.pt
+    - www.a50passos.pt
+    secretName: a50passos-tls-secret

k8s/kustomization.yml

@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: a50passos
+resources:
+  - namespace.yml
+  - website.yml
+  - ingress.yml
+  - update-automation.yml

k8s/namespace.yml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: a50passos

k8s/update-automation.yml

@@ -0,0 +1,32 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: GitRepository
+metadata:
+  name: a50passos-git
+  namespace: a50passos
+spec:
+  interval: 1m0s
+  ref:
+    branch: main
+  url: https://github.com/fraguinha/a50passos.com
+  secretRef:
+    name: git-credentials
+---
+apiVersion: image.toolkit.fluxcd.io/v1
+kind: ImageUpdateAutomation
+metadata:
+  name: a50passos-update-automation
+  namespace: a50passos
+spec:
+  interval: 10m
+  sourceRef:
+    kind: GitRepository
+    name: a50passos-git
+  git:
+    commit:
+      author:
+        email: fluxcdbot@users.noreply.github.com
+        name: fluxcdbot
+    push:
+      branch: main
+  update:
+    path: ./k8s

k8s/website.yml

@@ -0,0 +1,134 @@
+apiVersion: image.toolkit.fluxcd.io/v1
+kind: ImageRepository
+metadata:
+  name: a50passos-website-image
+  namespace: flux-system
+spec:
+  image: fraguinha/a50passos.com
+  interval: 1m0s
+---
+apiVersion: image.toolkit.fluxcd.io/v1
+kind: ImagePolicy
+metadata:
+  name: a50passos-website-policy
+  namespace: flux-system
+spec:
+  digestReflectionPolicy: Always
+  interval: 1m0s
+  imageRepositoryRef:
+    name: a50passos-website-image
+  filterTags:
+    pattern: '^latest$'
+  policy:
+    alphabetical:
+      order: asc
+---
+apiVersion: image.toolkit.fluxcd.io/v1
+kind: ImageRepository
+metadata:
+  name: a50passos-website-assets-image
+  namespace: flux-system
+spec:
+  image: fraguinha/a50passos.com-assets
+  interval: 1m0s
+---
+apiVersion: image.toolkit.fluxcd.io/v1
+kind: ImagePolicy
+metadata:
+  name: a50passos-website-assets-policy
+  namespace: flux-system
+spec:
+  digestReflectionPolicy: Always
+  interval: 1m0s
+  imageRepositoryRef:
+    name: a50passos-website-assets-image
+  filterTags:
+    pattern: '^latest$'
+  policy:
+    alphabetical:
+      order: asc
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: website
+  namespace: a50passos
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: website
+  template:
+    metadata:
+      labels:
+        app: website
+    spec:
+      initContainers:
+        - name: create-uploads-dir
+          image: busybox
+          command: ['sh', '-c', 'mkdir -p /app/dist/public/images/uploads && chmod -R 755 /app/dist/public/images/uploads']
+          volumeMounts:
+            - name: images
+              mountPath: /app/dist/public/images
+        - name: copy-image-assets
+          image: fraguinha/a50passos.com-assets:latest@sha256:d46169856e31c652330351b0a86fd8126ca359a7fdf08d9372ed1bf6704248e0 # {"$imagepolicy": "a50passos:a50passos-website-assets-policy"}
+          imagePullPolicy: Always
+          command: ['sh', '-c', 'cp -r /assets/* /app/dist/public/images/']
+          volumeMounts:
+            - name: images
+              mountPath: /app/dist/public/images
+      containers:
+        - name: website
+          image: fraguinha/a50passos.com:latest@sha256:55228dd1c67f964934d3aca79bfa43bdadcc43731a59ff3f4b032e2c490cdf2b # {"$imagepolicy": "a50passos:a50passos-website-policy"}
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 8080
+          env:
+            - name: PORT
+              value: "8080"
+            - name: NODE_ENV
+              value: "production"
+            - name: APPNAME
+              value: "a50passos"
+            - name: DATABASE
+              valueFrom:
+                secretKeyRef:
+                  name: a50passos-secrets
+                  key: DATABASE
+            - name: SESSION_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: a50passos-secrets
+                  key: SESSION_SECRET
+          volumeMounts:
+            - name: images
+              mountPath: /app/dist/public/images
+      volumes:
+        - name: images
+          persistentVolumeClaim:
+            claimName: a50passos-images-pvc
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: website
+  namespace: a50passos
+spec:
+  selector:
+    app: website
+  ports:
+    - port: 8080
+      targetPort: 8080
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: a50passos-images-pvc
+  namespace: a50passos
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: longhorn
+  resources:
+    requests:
+      storage: 1Gi

src/website/Dockerfile

@@ -10,6 +10,7 @@ RUN npm ci --verbose
 COPY . .
 
 RUN npm run deploy
+RUN rm -rf /app/dist/public/images
 
 FROM node:22-slim
 
@@ -19,4 +20,4 @@ COPY --from=builder /app/dist ./dist
 COPY --from=builder /app/node_modules ./node_modules
 COPY --from=builder /app/package.json .
 
-CMD ["npm", "start"]
+CMD ["npm", "start"]

src/website/Dockerfile.assets

@@ -0,0 +1,3 @@
+FROM busybox
+
+COPY src/website/src/public/images /assets