Overhaul helm

helm-videocall-deployment/.gitignore

@@ -0,0 +1 @@
+digital-ocean-secret

helm-videocall-deployment/README.md

@@ -0,0 +1,38 @@
+# Videocall Deployment Configurations
+
+This directory contains deployment-specific configurations and infrastructure charts for Videocall.rs.
+
+## Structure
+
+```
+helm-videocall-deployment/
+├── infrastructure/     # Infrastructure charts (NATS, Prometheus, Postgres, etc.)
+├── apps/              # Other applications (engineering-vlog, website)
+├── us-east/           # US East region deployment values
+└── singapore/         # Singapore region deployment values
+```
+
+## Infrastructure Charts
+
+Shared infrastructure components:
+- **nats/** - NATS messaging server
+- **postgres/** - PostgreSQL database
+- **prometheus/** - Metrics collection
+- **grafana/** - Metrics visualization
+- **cert-manager/** - TLS certificate management
+- **ingress-nginx/** - Ingress controller
+- **external-dns/** - DNS automation
+- And more...
+
+## Region-Specific Deployments
+
+Each region directory contains Helm value overrides for deploying the videocall chart and infrastructure to that region.
+
+## Usage
+
+The public Videocall application chart is at `../helm/videocall/`
+
+This directory is for:
+1. Infrastructure dependencies
+2. Region-specific configuration values
+3. Other applications deployed alongside Videocall

helm-videocall-deployment/infrastructure/cert-manager-issuer/cloudflare-issuer.yaml

@@ -0,0 +1,18 @@
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: letsencrypt-prod
+  namespace: videocall
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: your-email@yourdomain.com
+    privateKeySecretRef:
+      name: letsencrypt-prod
+    solvers:
+    - dns01:
+        cloudflare:
+          email: your-email@yourdomain.com
+          apiTokenSecretRef:
+            name: cloudflare-api-token-secret
+            key: api-token

helm/cert-manager-issuer/cert-manager-issuer.yaml → helm-videocall-deployment/infrastructure/cert-manager-issuer/digital-ocean.yaml

@@ -7,7 +7,7 @@ spec:
     # The ACME server URL
     server: https://acme-v02.api.letsencrypt.org/directory
     # Email address used for ACME registration
-    email: social@securityunion.dev
+    email: your-email@yourdomain.com
     # Name of a secret used to store the ACME account private key
     privateKeySecretRef:
       name: letsencrypt-prod

helm-videocall-deployment/infrastructure/cert-manager-issuer/route53-issuer.yaml

@@ -0,0 +1,21 @@
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: letsencrypt-prod
+  namespace: videocall
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: your-email@yourdomain.com
+    privateKeySecretRef:
+      name: letsencrypt-prod
+    solvers:
+    - dns01:
+        route53:
+          region: us-east-1
+          accessKeyIDSecretRef:
+            name: route53-creds
+            key: aws_access_key_id
+          secretAccessKeySecretRef:
+            name: route53-creds
+            key: aws_secret_access_key

helm-videocall-deployment/infrastructure/external-dns/route53.yaml

@@ -0,0 +1,20 @@
+# AWS Route53 Provider Configuration
+provider:
+  name: aws
+
+# AWS Credentials Configuration
+env:
+  - name: AWS_SHARED_CREDENTIALS_FILE
+    value: /etc/aws/credentials/dns-creds
+  - name: AWS_DEFAULT_REGION
+    value: us-east-1
+
+# Mount AWS credentials from secret
+extraVolumeMounts:
+  - mountPath: /etc/aws/credentials
+    name: aws-credentials
+    readOnly: true
+extraVolumes:
+  - name: aws-credentials
+    secret:
+      secretName: external-dns

helm-videocall-deployment/infrastructure/grafana/certificate.yaml

@@ -0,0 +1,12 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: grafana-tls
+  namespace: videocall
+spec:
+  secretName: grafana-tls
+  issuerRef:
+    name: letsencrypt-prod
+    kind: Issuer
+  dnsNames:
+    - grafana.YOUR_DOMAIN_NAME

helm-videocall-deployment/infrastructure/grafana/deploy.sh

@@ -0,0 +1,35 @@
+
+#!/bin/bash
+
+
+# Save current working directory and ensure we return to it on script exit
+ORIG_CWD="$(pwd)"
+trap 'cd "$ORIG_CWD"' EXIT
+
+# Change to the directory where the script resides
+cd "$(dirname "$0")"
+
+# Set Grafana credentials from environment variables
+export GRAFANA_ADMIN_USER=${GRAFANA_ADMIN_USER:-admin}
+export GRAFANA_ADMIN_PASSWORD=${GRAFANA_ADMIN_PASSWORD:-videocall-monitoring-2024}
+
+# Update Helm dependencies
+echo "Updating Helm dependencies..."
+helm dependency update .
+
+# Deploy Grafana with credentials from environment
+echo "Deploying Grafana..."
+helm upgrade --install grafana . \
+  --namespace videocall \
+  --debug \
+  --set grafana.adminUser=$GRAFANA_ADMIN_USER \
+  --set grafana.adminPassword=$GRAFANA_ADMIN_PASSWORD \
+  --set grafana.grafana.ini.security.admin_user=$GRAFANA_ADMIN_USER \
+  --set grafana.grafana.ini.security.admin_password=$GRAFANA_ADMIN_PASSWORD
+
+# Apply the certificate resource
+echo "Applying certificate..."
+kubectl apply -f certificate.yaml
+
+echo "Deployment complete!"
+echo "Check status with: kubectl get pods,ingress,certificate -n videocall"

helm-videocall-deployment/infrastructure/grafana/values.yaml

@@ -0,0 +1,90 @@
+# Grafana values for videocall monitoring (minimal resources)
+grafana:
+  # Image configuration
+  image:
+    tag: "10.0.0"
+
+  # Minimal resources for cost optimization
+  resources:
+    limits:
+      cpu: 50m
+      memory: 128Mi
+    requests:
+      cpu: 50m
+      memory: 64Mi
+
+  # Single replica
+  replicas: 1
+
+  # Persistence (minimal)
+  persistence:
+    enabled: true
+    size: 1Gi
+    storageClassName: "local-path"
+
+  # Admin credentials from secret
+  adminUser: admin
+  adminPassword: password
+
+  # Service configuration
+  service:
+    type: ClusterIP
+    port: 80
+
+  # Ingress configuration
+  ingress:
+    enabled: true
+    annotations:
+      kubernetes.io/ingress.class: "nginx"
+      cert-manager.io/issuer: "letsencrypt-prod"
+      nginx.ingress.kubernetes.io/ssl-redirect: "true"
+      nginx.ingress.kubernetes.io/proxy-buffer-size: "16k"
+      nginx.ingress.kubernetes.io/proxy-busy-buffers-size: "16k"
+    hosts:
+      - grafana.YOUR_DOMAIN_NAME
+    tls:
+      - secretName: grafana-tls
+        hosts:
+          - grafana.YOUR_DOMAIN_NAME
+
+  # Grafana configuration
+  grafana.ini:
+    server:
+      domain: grafana.YOUR_DOMAIN_NAME
+      root_url: https://grafana.YOUR_DOMAIN_NAME
+    security:
+      admin_user: admin
+      admin_password: password
+    users:
+      allow_sign_up: false
+    auth.anonymous:
+      enabled: false
+
+  # Datasources
+  datasources:
+    datasources.yaml:
+      apiVersion: 1
+      datasources:
+        - name: Prometheus
+          type: prometheus
+          url: http://prometheus-server:80
+          access: proxy
+          isDefault: true
+
+  # Dashboard provisioning
+  dashboards:
+    default:
+      videocall-health:
+        file: dashboards/videocall-health.json
+
+  # Security context
+  securityContext:
+    runAsUser: 472
+    runAsGroup: 472
+    fsGroup: 472
+
+  # Pod security context
+  podSecurityContext:
+    runAsUser: 472
+    runAsGroup: 472
+    fsGroup: 472

helm-videocall-deployment/infrastructure/nats/values.yaml

@@ -0,0 +1,34 @@
+nats:
+  nats:
+    natsbox:
+      enabled: true
+    # Basic cluster configuration (simplified for single region)
+    cluster:
+      enabled: true
+      replicas: 1  # Single instance for minimal deployment
+      noAdvertise: true
+    # Gateway configuration disabled for simple deployment
+    gateway:
+      enabled: false  # No cross-region needed
+    # JetStream (persistence) disabled for simplicity (can enable if needed)
+    jetstream:
+      enabled: false
+    # Simplified monitoring config
+    exporter:
+      enabled: true
+      serviceMonitor:
+        enabled: false  # Set to true if you have Prometheus operator
+    # Simplified auth configuration
+    auth:
+      enabled: false  # Simplified for basic deployment
+    # Adjusted resource limits for smaller deployments
+    resources:
+      limits:
+        cpu: 300m
+        memory: 256Mi
+      requests:
+        cpu: 100m
+        memory: 128Mi
+    # Service configuration for simple deployment
+    service:
+      type: ClusterIP  # Use ingress instead of LoadBalancer

helm/postgres/Chart.yaml → helm-videocall-deployment/infrastructure/postgres/Chart.yaml

@@ -1,8 +1,10 @@
 apiVersion: v2
-name: rustlemania-postgres
-version: 1.0.0
+name: postgres-us-east
+version: 0.1.0
+description: PostgreSQL database
 
 dependencies:
   - name: postgresql
-    version: 12.5.7
+    version: 18.1.3
     repository: https://charts.bitnami.com/bitnami
+