From 899dc7980faaa1d2acdccac61dfa614a7cbc19c8 Mon Sep 17 00:00:00 2001 From: Ryan Moon Date: Fri, 3 Apr 2026 06:49:58 -0500 Subject: [PATCH] feat: add manager deployment manifests --- argocd/manager-app.yaml | 20 ++++++++++++ manager/deployment.yaml | 68 +++++++++++++++++++++++++++++++++++++++++ manager/ingress.yaml | 26 ++++++++++++++++ manager/rbac.yaml | 62 +++++++++++++++++++++++++++++++++++++ manager/service.yaml | 11 +++++++ 5 files changed, 187 insertions(+) create mode 100644 argocd/manager-app.yaml create mode 100644 manager/deployment.yaml create mode 100644 manager/ingress.yaml create mode 100644 manager/rbac.yaml create mode 100644 manager/service.yaml diff --git a/argocd/manager-app.yaml b/argocd/manager-app.yaml new file mode 100644 index 0000000..1197c62 --- /dev/null +++ b/argocd/manager-app.yaml @@ -0,0 +1,20 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: manager + namespace: argocd +spec: + project: default + source: + repoURL: ssh://git@git-ssh.lunarfront.tech/ryan/lunarfront-charts.git + targetRevision: main + path: manager + destination: + server: https://kubernetes.default.svc + namespace: manager + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/manager/deployment.yaml b/manager/deployment.yaml new file mode 100644 index 0000000..cf2aca4 --- /dev/null +++ b/manager/deployment.yaml @@ -0,0 +1,68 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: manager + namespace: manager +spec: + replicas: 1 + selector: + matchLabels: + app: manager + template: + metadata: + labels: + app: manager + spec: + serviceAccountName: manager + containers: + - name: manager + image: git.lunarfront.tech/ryan/lunarfront-manager:latest + ports: + - containerPort: 3000 + env: + - name: PORT + value: "3000" + - name: DO_API_TOKEN + valueFrom: + secretKeyRef: + name: manager-secrets + key: do-api-token + - name: DO_DB_CLUSTER_ID + valueFrom: + secretKeyRef: + name: manager-secrets + key: do-db-cluster-id + - name: GIT_SSH_KEY + valueFrom: + secretKeyRef: + name: manager-secrets + key: git-ssh-key + - name: DATABASE_URL + valueFrom: + secretKeyRef: + name: manager-secrets + key: database-url + - name: DOADMIN_DATABASE_URL + valueFrom: + secretKeyRef: + name: manager-secrets + key: doadmin-database-url + resources: + requests: + cpu: 50m + memory: 128Mi + limits: + cpu: 500m + memory: 256Mi + livenessProbe: + httpGet: + path: /health + port: 3000 + initialDelaySeconds: 10 + periodSeconds: 30 + readinessProbe: + httpGet: + path: /health + port: 3000 + initialDelaySeconds: 5 + periodSeconds: 10 diff --git a/manager/ingress.yaml b/manager/ingress.yaml new file mode 100644 index 0000000..333fdf4 --- /dev/null +++ b/manager/ingress.yaml @@ -0,0 +1,26 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: manager + namespace: manager + annotations: + nginx.ingress.kubernetes.io/ssl-redirect: "true" + nginx.ingress.kubernetes.io/whitelist-source-range: "173.174.129.105/32" + cert-manager.io/cluster-issuer: letsencrypt-prod +spec: + ingressClassName: nginx + rules: + - host: manager.lunarfront.tech + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: manager + port: + number: 3000 + tls: + - secretName: manager-lunarfront-tech-tls + hosts: + - manager.lunarfront.tech diff --git a/manager/rbac.yaml b/manager/rbac.yaml new file mode 100644 index 0000000..50246dc --- /dev/null +++ b/manager/rbac.yaml @@ -0,0 +1,62 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: manager + namespace: manager +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: manager-pgbouncer + namespace: pgbouncer +rules: + - apiGroups: [""] + resources: ["configmaps"] + resourceNames: ["pgbouncer-config"] + verbs: ["get", "patch"] + - apiGroups: [""] + resources: ["secrets"] + resourceNames: ["pgbouncer-userlist"] + verbs: ["get", "patch"] + - apiGroups: ["apps"] + resources: ["deployments"] + resourceNames: ["pgbouncer"] + verbs: ["get", "patch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: manager-pgbouncer + namespace: pgbouncer +subjects: + - kind: ServiceAccount + name: manager + namespace: manager +roleRef: + kind: Role + apiGroup: rbac.authorization.k8s.io + name: manager-pgbouncer +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: manager-argocd + namespace: argocd +rules: + - apiGroups: ["argoproj.io"] + resources: ["applications"] + verbs: ["get", "create", "delete"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: manager-argocd + namespace: argocd +subjects: + - kind: ServiceAccount + name: manager + namespace: manager +roleRef: + kind: Role + apiGroup: rbac.authorization.k8s.io + name: manager-argocd diff --git a/manager/service.yaml b/manager/service.yaml new file mode 100644 index 0000000..8e83b60 --- /dev/null +++ b/manager/service.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Service +metadata: + name: manager + namespace: manager +spec: + selector: + app: manager + ports: + - port: 3000 + targetPort: 3000