apiVersion: v1 kind: Secret metadata: name: nam-backend-dev-secret namespace: nam-backend-dev labels: app.kubernetes.io/name: nam-backend-dev app.kubernetes.io/instance: nam-backend-dev io.portainer.kubernetes.application.name: nam-backend-dev io.portainer.kubernetes.application.owner: admin type: Opaque data: DB_PASSWORD: MTIzUVdFYXNkenhjLQ== --- apiVersion: v1 kind: ConfigMap metadata: name: nam-backend-dev-config namespace: nam-backend-dev labels: app.kubernetes.io/name: nam-backend-dev app.kubernetes.io/instance: nam-backend-dev io.portainer.kubernetes.application.name: nam-backend-dev io.portainer.kubernetes.application.owner: admin data: ".env": | DB_HOST=172.16.224.55 DB_PORT=5433 DB_NAME=db_asset_network DB_USER=cifo_asset_network DB_DRIVER=postgres API_PORT=5678 API_LOGIN_URL=https://demo.api-hrm.winteraccess.id/api/v2/auth/login API_ME_URL=https://demo.api-hrm.winteraccess.id/api/v2/auth/me API_LOGOUT_URL=https://demo.api-hrm.winteraccess.id/api/v2/auth/logout --- apiVersion: v1 kind: PersistentVolumeClaim metadata: annotations: volume.alpha.kubernetes.io/storage-class: generic volume.beta.kubernetes.io/storage-provisioner: cluster.local/nfs-nfs-subdir-external-provisioner volume.kubernetes.io/storage-provisioner: cluster.local/nfs-nfs-subdir-external-provisioner labels: app.kubernetes.io/name: nam-backend-dev app.kubernetes.io/instance: nam-backend-dev io.portainer.kubernetes.application.name: nam-backend-dev io.portainer.kubernetes.application.owner: admin name: nam-backend-dev-storage namespace: nam-backend-dev spec: accessModes: - ReadWriteMany resources: requests: storage: 1Gi storageClassName: nfs volumeMode: Filesystem --- apiVersion: v1 kind: PersistentVolumeClaim metadata: annotations: volume.alpha.kubernetes.io/storage-class: generic volume.beta.kubernetes.io/storage-provisioner: cluster.local/nfs-nfs-subdir-external-provisioner volume.kubernetes.io/storage-provisioner: cluster.local/nfs-nfs-subdir-external-provisioner labels: app.kubernetes.io/instance: nam-backend-dev app.kubernetes.io/name: nam-backend-dev io.portainer.kubernetes.application.name: nam-backend-dev io.portainer.kubernetes.application.owner: admin name: nam-backend-dev-public namespace: nam-backend-dev spec: accessModes: - ReadWriteMany resources: requests: storage: 1Gi storageClassName: nfs volumeMode: Filesystem --- apiVersion: apps/v1 kind: Deployment metadata: name: nam-backend-dev namespace: nam-backend-dev labels: app.kubernetes.io/instance: nam-backend-dev app.kubernetes.io/name: nam-backend-dev io.portainer.kubernetes.application.name: nam-backend-dev io.portainer.kubernetes.application.owner: admin spec: progressDeadlineSeconds: 600 replicas: 3 revisionHistoryLimit: 10 selector: matchLabels: app.kubernetes.io/instance: nam-backend-dev app.kubernetes.io/name: nam-backend-dev strategy: rollingUpdate: maxSurge: 1 maxUnavailable: 1 type: RollingUpdate template: metadata: labels: app.kubernetes.io/instance: nam-backend-dev app.kubernetes.io/name: nam-backend-dev spec: affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 100 podAffinityTerm: labelSelector: matchLabels: app.kubernetes.io/instance: nam-backend-dev app.kubernetes.io/name: nam-backend-dev topologyKey: "kubernetes.io/hostname" imagePullSecrets: - name: winter-registry containers: - name: web image: git.winteraccess.id/winter-access/backend_nam:dev imagePullPolicy: Always env: - name: DB_PASSWORD valueFrom: secretKeyRef: name: nam-backend-dev-secret key: DB_PASSWORD resources: limits: cpu: "500m" memory: 1024M requests: cpu: "100m" memory: 512M ports: - containerPort: 5678 name: http protocol: TCP securityContext: allowPrivilegeEscalation: false capabilities: drop: ["ALL"] add: ["NET_ADMIN", "SYS_TIME"] readOnlyRootFilesystem: false terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /logs name: logs - mountPath: /tmp name: tmp - mountPath: /app/.env subPath: '.env' name: config - mountPath: /public name: public - mountPath: /app/logs name: app-logs dnsPolicy: ClusterFirst restartPolicy: Always schedulerName: default-scheduler securityContext: {} terminationGracePeriodSeconds: 30 volumes: - name: cache emptyDir: {} - name: run emptyDir: {} - name: logs emptyDir: {} - name: tmp emptyDir: {} - name: app-logs emptyDir: {} - name: config configMap: name: nam-backend-dev-config - name: public persistentVolumeClaim: claimName: nam-backend-dev-public - name: storage persistentVolumeClaim: claimName: nam-backend-dev-storage - name: app emptyDir: {} --- apiVersion: v1 kind: Service metadata: name: nam-backend-dev namespace: nam-backend-dev annotations: traefik.ingress.kubernetes.io/service.sticky.cookie: "true" traefik.ingress.kubernetes.io/service.sticky.cookie.name: "backend_nam_dev" traefik.ingress.kubernetes.io/service.sticky.cookie.secure: "true" traefik.ingress.kubernetes.io/service.sticky.cookie.samesite: "none" labels: app.kubernetes.io/name: nam-backend-dev app.kubernetes.io/instance: nam-backend-dev io.portainer.kubernetes.application.name: nam-backend-dev io.portainer.kubernetes.application.owner: admin spec: internalTrafficPolicy: Cluster ipFamilies: - IPv4 ipFamilyPolicy: SingleStack ports: - name: http port: 5678 protocol: TCP targetPort: 5678 selector: app.kubernetes.io/instance: nam-backend-dev app.kubernetes.io/name: nam-backend-dev sessionAffinity: None type: ClusterIP --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: kubernetes.io/ingress.class: traefik traefik.ingress.kubernetes.io/router.entrypoints: web labels: app.kubernetes.io/instance: nam-backend-dev app.kubernetes.io/name: nam-backend-dev io.portainer.kubernetes.application.name: nam-backend-dev io.portainer.kubernetes.application.owner: admin name: nam-backend-dev-http namespace: nam-backend-dev spec: ingressClassName: traefik rules: - host: dev-nam.winteraccess.id http: paths: - backend: service: name: nam-backend-dev port: number: 5678 path: / pathType: Prefix --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: cert-manager.io/cluster-issuer: letsencrypt-production kubernetes.io/ingress.class: traefik traefik.ingress.kubernetes.io/router.entrypoints: websecure labels: app.kubernetes.io/instance: nam-backend-dev app.kubernetes.io/name: nam-backend-dev io.portainer.kubernetes.application.name: nam-backend-dev io.portainer.kubernetes.application.owner: admin name: nam-backend-dev-https namespace: nam-backend-dev spec: ingressClassName: traefik rules: - host: dev-nam.winteraccess.id http: paths: - backend: service: name: nam-backend-dev port: number: 5678 path: / pathType: Prefix tls: - hosts: - dev-nam.winteraccess.id secretName: nam-backend-dev-tls