ryan/turbovault-app
1
0
Fork 0
mirror of https://github.com/ryankazokas/turbovault-app.git synced 2026-04-16 22:12:53 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
turbovault-app/k8s/README.md
Ryan Kazokas 55fe839882 Condenses Documentation
2026-03-29 02:55:42 -04:00

307 lines
6.8 KiB
Markdown
Raw Permalink Blame History

# TurboVault Kubernetes Deployment
This directory contains Kubernetes manifests for deploying TurboVault to your k3s cluster.
## Prerequisites
- Kubernetes cluster (k3s, k8s, or any other)
- `kubectl` configured to access your cluster
- Docker registry (Docker Hub, GitHub Container Registry, or private registry)
- PostgreSQL database (external or in-cluster)
## Quick Start
### 1. Build and Push Docker Image
**Option A: Use GitHub Actions (Recommended)**
Push a tag and GitHub Actions will build and push automatically:
```bash
git tag v1.0.0
git push origin v1.0.0
```
Image will be at: `ghcr.io/your-username/turbovault:v1.0.0`
**Option B: Build Locally**
```bash
# Build the image
docker build -t ghcr.io/your-username/turbovault:latest .
# Login to GitHub Container Registry
echo $GITHUB_TOKEN | docker login ghcr.io -u your-username --password-stdin
# Push to registry
docker push ghcr.io/your-username/turbovault:latest
```
### 1.5. Create Registry Secret (if using private registry)
**For Public GitHub Container Registry:** No secret needed!
**For Private Registry:**
```bash
kubectl create secret docker-registry registry-secret \
--docker-server=your-registry.com \
--docker-username=your-username \
--docker-password=your-token \
--docker-email=your-email@example.com \
--namespace=turbovault
```
Then uncomment `imagePullSecrets` in `deployment.yaml` and `migrate-job.yaml`.
### 2. Configure Secrets
```bash
# Copy the example secrets file
cp k8s/secrets.yaml.example k8s/secrets.yaml
# Edit with your actual values
nano k8s/secrets.yaml
# Generate a SECRET_KEY_BASE
rails secret
# Copy the output to secrets.yaml
```
### 3. Update Configuration
Edit `k8s/deployment.yaml` and update:
- `image: your-registry/turbovault:latest` (line 28)
- Database configuration in `k8s/configmap.yaml`
- Domain in `k8s/ingress.yaml`
### 4. Deploy to Kubernetes
```bash
# Create namespace
kubectl apply -f k8s/namespace.yaml
# Create ConfigMap
kubectl apply -f k8s/configmap.yaml
# Create Secrets
kubectl apply -f k8s/secrets.yaml
# Run database migrations
kubectl apply -f k8s/migrate-job.yaml
# Wait for migration to complete
kubectl wait --for=condition=complete --timeout=300s job/turbovault-migrate -n turbovault
# Deploy application
kubectl apply -f k8s/deployment.yaml
# Create service
kubectl apply -f k8s/service.yaml
# Create ingress (for external access)
kubectl apply -f k8s/ingress.yaml
```
### 5. Verify Deployment
```bash
# Check pods
kubectl get pods -n turbovault
# Check logs
kubectl logs -f deployment/turbovault -n turbovault
# Check service
kubectl get svc -n turbovault
# Check ingress
kubectl get ingress -n turbovault
```
## Database Setup
### Option 1: External PostgreSQL
Update `k8s/configmap.yaml` with your external PostgreSQL details:
```yaml
DATABASE_HOST: "your-postgres-host"
DATABASE_PORT: "5432"
DATABASE_NAME: "turbovault_production"
DATABASE_USERNAME: "turbovault"
```
And add the password to `k8s/secrets.yaml`:
```yaml
DATABASE_PASSWORD: "your-secure-password"
```
### Option 2: In-Cluster PostgreSQL
Deploy PostgreSQL in your cluster:
```bash
# Using Helm
helm repo add bitnami https://charts.bitnami.com/bitnami
helm install postgres bitnami/postgresql \
--namespace turbovault \
--set auth.database=turbovault_production \
--set auth.username=turbovault \
--set auth.password=changeme
```
## Environment Variables
### Required
- `DATABASE_HOST` - PostgreSQL host
- `DATABASE_PASSWORD` - PostgreSQL password
- `SECRET_KEY_BASE` - Rails secret key (generate with `rails secret`)
### Optional
- `IGDB_CLIENT_ID` - IGDB API client ID (for game metadata)
- `IGDB_CLIENT_SECRET` - IGDB API client secret
- `SMTP_ADDRESS` - SMTP server for emails
- `SMTP_PORT` - SMTP port
- `SMTP_USERNAME` - SMTP username
- `SMTP_PASSWORD` - SMTP password
## Scaling
Scale the deployment:
```bash
kubectl scale deployment turbovault --replicas=3 -n turbovault
```
## Updating
### Deploy New Version
```bash
# Option 1: Use GitHub Actions (Recommended)
git tag v2.0.0
git push origin v2.0.0
# Wait for build to complete in Actions tab
# Option 2: Build locally
docker build -t ghcr.io/username/turbovault:v2.0.0 .
docker push ghcr.io/username/turbovault:v2.0.0
# Update deployment image
kubectl set image deployment/turbovault turbovault=ghcr.io/username/turbovault:v2.0.0 -n turbovault
# Run migrations if needed
kubectl delete job turbovault-migrate -n turbovault
kubectl apply -f k8s/migrate-job.yaml
kubectl wait --for=condition=complete --timeout=300s job/turbovault-migrate -n turbovault
```
## Troubleshooting
### Pods Not Starting
```bash
# Check pod status
kubectl describe pod -l app=turbovault -n turbovault
# Check logs
kubectl logs -l app=turbovault -n turbovault
```
### Database Connection Issues
```bash
# Test database connection
kubectl run -it --rm debug --image=postgres:15 --restart=Never -n turbovault -- \
psql -h postgres-service -U turbovault -d turbovault_production
```
### Migration Failures
```bash
# Check migration job logs
kubectl logs job/turbovault-migrate -n turbovault
# Re-run migrations
kubectl delete job turbovault-migrate -n turbovault
kubectl apply -f k8s/migrate-job.yaml
```
## Monitoring
### Check Application Health
```bash
# Via kubectl
kubectl port-forward svc/turbovault-service 3000:80 -n turbovault
# Visit http://localhost:3000/up in your browser
```
### View Logs
```bash
# All pods
kubectl logs -f -l app=turbovault -n turbovault
# Specific pod
kubectl logs -f turbovault-xxxxx-xxxxx -n turbovault
# Previous logs (if pod crashed)
kubectl logs --previous turbovault-xxxxx-xxxxx -n turbovault
```
## Backup
### Database Backup
```bash
# Backup database
kubectl exec -it postgres-xxxxx -n turbovault -- \
pg_dump -U turbovault turbovault_production > backup.sql
# Restore database
kubectl exec -i postgres-xxxxx -n turbovault -- \
psql -U turbovault turbovault_production < backup.sql
```
## Security
### Best Practices
1. **Use secrets management** - Consider using Sealed Secrets or External Secrets Operator
2. **Enable TLS** - Uncomment TLS section in `ingress.yaml`
3. **Network policies** - Restrict pod-to-pod communication
4. **Resource limits** - Already configured in deployment.yaml
5. **Regular updates** - Keep dependencies and images up to date
### Sealed Secrets (Recommended)
```bash
# Install Sealed Secrets controller
kubectl apply -f https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.18.0/controller.yaml
# Create sealed secret
kubeseal --format yaml < k8s/secrets.yaml > k8s/sealed-secrets.yaml
# Apply sealed secret (safe to commit)
kubectl apply -f k8s/sealed-secrets.yaml
```
## Clean Up
Remove TurboVault from cluster:
```bash
kubectl delete namespace turbovault
```
## Support
For issues or questions:
- GitHub Issues: https://github.com/ryankazokas/turbovault-app/issues
- Documentation: https://github.com/ryankazokas/turbovault-app
Reference in New Issue View Git Blame Copy Permalink