From e97a42a753460ae3b0d20f514cdd0d0246a74c0b Mon Sep 17 00:00:00 2001 From: Syifa Date: Fri, 28 Nov 2025 10:08:52 +0700 Subject: [PATCH] added file base-manifest and overlays kustomization for argocd --- csa-dashboard/Dockerfile | 19 ++++++- csa-dashboard/Jenkinsfile | 6 -- csa-manifest/argocd/csa-application.yaml | 4 +- csa-manifest/argocd/csa-project.yaml | 4 +- csa-manifest/base-k8s/csa-deployment.yaml | 57 +++++++++++++++++++ .../csa-netpol.yaml} | 0 csa-manifest/base-k8s/csa-rbac.yaml | 29 ++++++++++ csa-manifest/base-k8s/csa-secret.yaml | 8 +++ csa-manifest/base-k8s/csa-service.yaml | 13 +++++ csa-manifest/base-k8s/csa.configmap.yaml | 12 ++++ csa-manifest/base-k8s/kustomization.yaml | 9 +++ csa-manifest/overlays/dev/kustomization.yaml | 8 +++ csa-manifest/overlays/{ => dev}/patch.yaml | 0 csa-manifest/overlays/prod/kustomization.yaml | 0 csa-manifest/overlays/prod/patch.yaml | 0 .../overlays/staging/kustomization.yaml | 0 16 files changed, 156 insertions(+), 13 deletions(-) rename csa-manifest/{overlays/kustomization.yaml => base-k8s/csa-netpol.yaml} (100%) create mode 100644 csa-manifest/base-k8s/csa-rbac.yaml create mode 100644 csa-manifest/base-k8s/csa-secret.yaml create mode 100644 csa-manifest/base-k8s/csa-service.yaml create mode 100644 csa-manifest/base-k8s/csa.configmap.yaml create mode 100644 csa-manifest/overlays/dev/kustomization.yaml rename csa-manifest/overlays/{ => dev}/patch.yaml (100%) create mode 100644 csa-manifest/overlays/prod/kustomization.yaml create mode 100644 csa-manifest/overlays/prod/patch.yaml create mode 100644 csa-manifest/overlays/staging/kustomization.yaml diff --git a/csa-dashboard/Dockerfile b/csa-dashboard/Dockerfile index 3f37487..4a3d022 100644 --- a/csa-dashboard/Dockerfile +++ b/csa-dashboard/Dockerfile @@ -1,14 +1,27 @@ # Build Stage FROM node:20 AS builder WORKDIR /app + COPY package*.json ./ RUN npm install + COPY . . RUN npm run build -# Production Image +# Production Stage - HANYA FILE BUILD STATIC FROM node:20-alpine WORKDIR /app -COPY --from=builder /app ./ + +# install dependencies production only +COPY package*.json ./ +RUN npm install --omit=dev + +# copy hasil build +COPY --from=builder /app/build ./build +# atau untuk Next.js: COPY --from=builder /app/.next ./ .next + +RUN chown -R node:node /app +USER node + EXPOSE 3000 -CMD ["npm", "start"] +CMD ["npm", "start"] \ No newline at end of file diff --git a/csa-dashboard/Jenkinsfile b/csa-dashboard/Jenkinsfile index ed2c952..5d86ba0 100644 --- a/csa-dashboard/Jenkinsfile +++ b/csa-dashboard/Jenkinsfile @@ -15,9 +15,6 @@ pipeline { } } - /* ===================================== - BUILD & PUSH NEXT.JS IMAGE - ====================================== */ stage('Build & Push Image') { steps { script { @@ -45,9 +42,6 @@ pipeline { } } - /* ===================================== - UPDATE GITOPS - ====================================== */ stage('Update GitOps (dev, staging, prod)') { steps { script { diff --git a/csa-manifest/argocd/csa-application.yaml b/csa-manifest/argocd/csa-application.yaml index 4a3495b..e483324 100644 --- a/csa-manifest/argocd/csa-application.yaml +++ b/csa-manifest/argocd/csa-application.yaml @@ -2,7 +2,7 @@ apiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: csa-dashboard - namespace: argocd + namespace: spec: project: csa-project source: @@ -11,7 +11,7 @@ spec: path: destination: server: https://kubernetes.default.svc - namespace: argocd + namespace: syncPolicy: automated: prune: true diff --git a/csa-manifest/argocd/csa-project.yaml b/csa-manifest/argocd/csa-project.yaml index e06ee3f..85d5aef 100644 --- a/csa-manifest/argocd/csa-project.yaml +++ b/csa-manifest/argocd/csa-project.yaml @@ -2,13 +2,13 @@ apiVersion: argoproj.io/v1alpha1 kind: AppProject metadata: name: csa-project - namespace: argocd + namespace: spec: description: ArgoCD Project Csa Dashboard sourceRepos: - '' destinations: - - namespace: argocd + - namespace: server: https://kubernetes.default.svc clusterResourceWhitelist: - group: '*' diff --git a/csa-manifest/base-k8s/csa-deployment.yaml b/csa-manifest/base-k8s/csa-deployment.yaml index e69de29..183b1f0 100644 --- a/csa-manifest/base-k8s/csa-deployment.yaml +++ b/csa-manifest/base-k8s/csa-deployment.yaml @@ -0,0 +1,57 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: admin-csa-app +spec: + replicas: 1 + selector: + matchLabels: + app: admin-csa + template: + metadata: + labels: + app: admin-csa + spec: + serviceAccountName: admin-csa-sa + securityContext: + runAsUser: 1000 + runAsGroup: 3000 + fsGroup: 2000 + containers: + - name: admin-csa + image: usn/admin-csa:v1 + ports: + - containerPort: 3000 + envFrom: + - configMapRef: + name: admin-csa-config + - secretRef: + name: admin-csa-secret + resources: + requests: + memory: "256Mi" + cpu: "250m" + limits: + memory: "512Mi" + cpu: "500m" + + readinessProbe: + httpGet: + path: / + port: 3000 + initialDelaySeconds: 40 + timeoutSeconds: 10 + periodSeconds: 5 + + livenessProbe: + httpGet: + path: / + port: 3000 + initialDelaySeconds: 50 + timeoutSeconds: 5 + periodSeconds: 10 + + securityContext: + allowPrivilegeEscalation: false + runAsNonRoot: true + readOnlyRootFilesystem: false \ No newline at end of file diff --git a/csa-manifest/overlays/kustomization.yaml b/csa-manifest/base-k8s/csa-netpol.yaml similarity index 100% rename from csa-manifest/overlays/kustomization.yaml rename to csa-manifest/base-k8s/csa-netpol.yaml diff --git a/csa-manifest/base-k8s/csa-rbac.yaml b/csa-manifest/base-k8s/csa-rbac.yaml new file mode 100644 index 0000000..25168cf --- /dev/null +++ b/csa-manifest/base-k8s/csa-rbac.yaml @@ -0,0 +1,29 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: admin-csa-sa + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: admin-csa-role +rules: + - apiGroups: [""] + resources: ["configmaps", "secrets"] + verbs: ["get", "list", "watch"] + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: admin-csa-rolebinding +subjects: + - kind: ServiceAccount + name: admin-csa-sa +roleRef: + kind: Role + name: admin-csa-role + apiGroup: rbac.authorization.k8s.io \ No newline at end of file diff --git a/csa-manifest/base-k8s/csa-secret.yaml b/csa-manifest/base-k8s/csa-secret.yaml new file mode 100644 index 0000000..171c30d --- /dev/null +++ b/csa-manifest/base-k8s/csa-secret.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: admin-csa-secret +type: Opaque +stringData: + ADMIN_PASSWORD: " " + ADMIN_EMAIL: " " \ No newline at end of file diff --git a/csa-manifest/base-k8s/csa-service.yaml b/csa-manifest/base-k8s/csa-service.yaml new file mode 100644 index 0000000..4e7534b --- /dev/null +++ b/csa-manifest/base-k8s/csa-service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: admin-csa-service +spec: + type: NodePort + selector: + app: admin-csa + ports: + - port: 3000 + targetPort: 3000 + nodePort: 30099 + protocol: TCP \ No newline at end of file diff --git a/csa-manifest/base-k8s/csa.configmap.yaml b/csa-manifest/base-k8s/csa.configmap.yaml new file mode 100644 index 0000000..9218bca --- /dev/null +++ b/csa-manifest/base-k8s/csa.configmap.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: admin-csa-config +data: + NEXT_PUBLIC_API_BASE_URL: "https://api-management.cifo.co.id" + NEXT_PUBLIC_API_KEY: "cifosuperapp" + NEXT_PUBLIC_API_MANAGEMENT: "api-management" + NEXT_PUBLIC_CMS_MANAGEMENT: "cms-management" + NEXT_PUBLIC_BUCKET_MANAGEMENT: "bucket-management" + NEXT_PUBLIC_USER_MANAGEMENT: "user-management" + NEXT_PUBLIC_ADMIN_MANAGEMENT: "admin-management" diff --git a/csa-manifest/base-k8s/kustomization.yaml b/csa-manifest/base-k8s/kustomization.yaml index e69de29..8ef0d2d 100644 --- a/csa-manifest/base-k8s/kustomization.yaml +++ b/csa-manifest/base-k8s/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - csa-deployment.yaml + - csa-configmap.yaml + - csa-secret.yaml + - csa-rbac.yaml + - csa-netpol.yaml \ No newline at end of file diff --git a/csa-manifest/overlays/dev/kustomization.yaml b/csa-manifest/overlays/dev/kustomization.yaml new file mode 100644 index 0000000..25c2c9b --- /dev/null +++ b/csa-manifest/overlays/dev/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../base-k8s + +patchesStrategicMerge: + - patch.yaml \ No newline at end of file diff --git a/csa-manifest/overlays/patch.yaml b/csa-manifest/overlays/dev/patch.yaml similarity index 100% rename from csa-manifest/overlays/patch.yaml rename to csa-manifest/overlays/dev/patch.yaml diff --git a/csa-manifest/overlays/prod/kustomization.yaml b/csa-manifest/overlays/prod/kustomization.yaml new file mode 100644 index 0000000..e69de29 diff --git a/csa-manifest/overlays/prod/patch.yaml b/csa-manifest/overlays/prod/patch.yaml new file mode 100644 index 0000000..e69de29 diff --git a/csa-manifest/overlays/staging/kustomization.yaml b/csa-manifest/overlays/staging/kustomization.yaml new file mode 100644 index 0000000..e69de29