feat: initial Helm chart scaffold for lunarfront per-customer deployments

argocd/app-template.yaml

@@ -0,0 +1,23 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: lunarfront-CUSTOMER
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://git.lunarfront.tech/ryan/lunarfront-charts.git
+    targetRevision: main
+    path: charts/lunarfront
+    helm:
+      valueFiles:
+        - ../../customers/CUSTOMER/values.yaml
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: CUSTOMER
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true

charts/lunarfront/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v2
+name: lunarfront
+description: LunarFront small business management platform
+type: application
+version: 0.1.0
+appVersion: "0.0.1"

charts/lunarfront/templates/deployment.yaml

@@ -0,0 +1,58 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: lunarfront
+  namespace: {{ .Values.customer.name }}
+  labels:
+    app: lunarfront
+    customer: {{ .Values.customer.name }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      app: lunarfront
+      customer: {{ .Values.customer.name }}
+  template:
+    metadata:
+      labels:
+        app: lunarfront
+        customer: {{ .Values.customer.name }}
+    spec:
+      containers:
+        - name: backend
+          image: "{{ .Values.image.backend.repository }}:{{ .Values.image.backend.tag }}"
+          imagePullPolicy: {{ .Values.image.backend.pullPolicy }}
+          ports:
+            - containerPort: 8000
+          env:
+            - name: DATABASE_URL
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.database.secretName }}
+                  key: url
+            - name: REDIS_URL
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.redis.secretName }}
+                  key: url
+            - name: JWT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.auth.secretName }}
+                  key: secret
+          resources:
+            {{- toYaml .Values.resources.backend | nindent 12 }}
+          livenessProbe:
+            httpGet:
+              path: /v1/health
+              port: 8000
+            initialDelaySeconds: 15
+            periodSeconds: 30
+
+        - name: frontend
+          image: "{{ .Values.image.frontend.repository }}:{{ .Values.image.frontend.tag }}"
+          imagePullPolicy: {{ .Values.image.frontend.pullPolicy }}
+          ports:
+            - containerPort: 80
+          resources:
+            {{- toYaml .Values.resources.frontend | nindent 12 }}

charts/lunarfront/templates/ingress.yaml

@@ -0,0 +1,24 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: lunarfront
+  namespace: {{ .Values.customer.name }}
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+spec:
+  ingressClassName: nginx
+  tls:
+    - hosts:
+        - {{ .Values.customer.domain }}
+      secretName: lunarfront-tls
+  rules:
+    - host: {{ .Values.customer.domain }}
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: lunarfront
+                port:
+                  number: 80

charts/lunarfront/templates/service.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: lunarfront
+  namespace: {{ .Values.customer.name }}
+spec:
+  selector:
+    app: lunarfront
+    customer: {{ .Values.customer.name }}
+  ports:
+    - name: http
+      port: 80
+      targetPort: 80

charts/lunarfront/values.yaml

@@ -0,0 +1,56 @@
+# Default values — override per customer in customers/<name>/values.yaml
+
+image:
+  backend:
+    repository: registry.lunarfront.tech/ryan/lunarfront-app
+    tag: latest
+    pullPolicy: Always
+  frontend:
+    repository: registry.lunarfront.tech/ryan/lunarfront-frontend
+    tag: latest
+    pullPolicy: Always
+
+# Customer-specific — must be overridden
+customer:
+  name: ""       # used for namespace and labels
+  domain: ""     # e.g. customer.lunarfront.tech
+
+# Database — each customer gets their own database on the shared cluster
+database:
+  host: ""
+  port: 5432
+  name: ""
+  # credentials come from a Secret
+  secretName: lunarfront-db-credentials
+
+# Redis/Valkey
+redis:
+  host: ""
+  port: 6379
+  secretName: lunarfront-redis-credentials
+
+# JWT secret
+auth:
+  secretName: lunarfront-auth-secret
+
+# Storage
+storage:
+  secretName: lunarfront-storage-secret
+
+replicaCount: 1
+
+resources:
+  backend:
+    requests:
+      cpu: 100m
+      memory: 128Mi
+    limits:
+      cpu: 500m
+      memory: 512Mi
+  frontend:
+    requests:
+      cpu: 50m
+      memory: 64Mi
+    limits:
+      cpu: 200m
+      memory: 128Mi

customers/example/values.yaml

@@ -0,0 +1,16 @@
+customer:
+  name: example
+  domain: example.lunarfront.tech
+
+database:
+  host: your-managed-postgres-host.db.ondigitalocean.com
+  name: example_lunarfront
+
+redis:
+  host: your-managed-redis-host.db.ondigitalocean.com
+
+image:
+  backend:
+    tag: "0.0.1"
+  frontend:
+    tag: "0.0.1"