added file base-manifest and overlays kustomization for argocd

csa-dashboard/Dockerfile

@@ -1,14 +1,27 @@
 # Build Stage
 FROM node:20 AS builder
 WORKDIR /app
+
 COPY package*.json ./
 RUN npm install
+
 COPY . .
 RUN npm run build
 
-# Production Image
+# Production Stage - HANYA FILE BUILD STATIC
 FROM node:20-alpine
 WORKDIR /app
-COPY --from=builder /app ./
+
+# install dependencies production only
+COPY package*.json ./
+RUN npm install --omit=dev
+
+# copy hasil build
+COPY --from=builder /app/build ./build
+# atau untuk Next.js: COPY --from=builder /app/.next ./ .next
+
+RUN chown -R node:node /app
+USER node
+
 EXPOSE 3000
 CMD ["npm", "start"]

csa-dashboard/Jenkinsfile

@@ -15,9 +15,6 @@ pipeline {
             }
         }
 
-        /* =====================================
-           BUILD & PUSH NEXT.JS IMAGE
-        ====================================== */
         stage('Build & Push Image') {
             steps {
                 script {
@@ -45,9 +42,6 @@ pipeline {
             }
         }
 
-        /* =====================================
-           UPDATE GITOPS
-        ====================================== */
         stage('Update GitOps (dev, staging, prod)') {
             steps {
                 script {

csa-manifest/argocd/csa-application.yaml

@@ -2,7 +2,7 @@ apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
   name: csa-dashboard
-  namespace: argocd
+  namespace: 
 spec:
   project: csa-project
   source:
@@ -11,7 +11,7 @@ spec:
     path: 
   destination:
     server: https://kubernetes.default.svc
-    namespace: argocd
+    namespace: 
   syncPolicy:
     automated:
       prune: true

csa-manifest/argocd/csa-project.yaml

@@ -2,13 +2,13 @@ apiVersion: argoproj.io/v1alpha1
 kind: AppProject
 metadata:
   name: csa-project
-  namespace: argocd
+  namespace: 
 spec:
   description: ArgoCD Project Csa Dashboard
   sourceRepos:
     - ''
   destinations:
-    - namespace: argocd
+    - namespace: 
       server: https://kubernetes.default.svc
   clusterResourceWhitelist:
     - group: '*'

csa-manifest/base-k8s/csa-deployment.yaml

@@ -0,0 +1,57 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: admin-csa-app
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: admin-csa
+  template:
+    metadata:
+      labels:
+        app: admin-csa
+    spec:
+      serviceAccountName: admin-csa-sa
+      securityContext:
+        runAsUser: 1000
+        runAsGroup: 3000
+        fsGroup: 2000
+      containers:
+        - name: admin-csa
+          image: usn/admin-csa:v1
+          ports:
+            - containerPort: 3000
+          envFrom:
+            - configMapRef:
+                name: admin-csa-config
+            - secretRef:
+                name: admin-csa-secret
+          resources:
+            requests:
+              memory: "256Mi"
+              cpu: "250m"
+            limits:
+              memory: "512Mi"
+              cpu: "500m"
+
+          readinessProbe:
+            httpGet:
+              path: /
+              port: 3000
+            initialDelaySeconds: 40
+            timeoutSeconds: 10
+            periodSeconds: 5
+
+          livenessProbe:
+            httpGet:
+              path: /
+              port: 3000
+            initialDelaySeconds: 50
+            timeoutSeconds: 5
+            periodSeconds: 10
+
+          securityContext:
+            allowPrivilegeEscalation: false
+            runAsNonRoot: true
+            readOnlyRootFilesystem: false

csa-manifest/base-k8s/csa-rbac.yaml

@@ -0,0 +1,29 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: admin-csa-sa
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: admin-csa-role
+rules:
+  - apiGroups: [""]
+    resources: ["configmaps", "secrets"]
+    verbs: ["get", "list", "watch"]
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: admin-csa-rolebinding
+subjects:
+  - kind: ServiceAccount
+    name: admin-csa-sa
+roleRef:
+  kind: Role
+  name: admin-csa-role
+  apiGroup: rbac.authorization.k8s.io

csa-manifest/base-k8s/csa-secret.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: admin-csa-secret
+type: Opaque
+stringData:
+  ADMIN_PASSWORD: " "
+  ADMIN_EMAIL: " "

csa-manifest/base-k8s/csa-service.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: admin-csa-service
+spec:
+  type: NodePort
+  selector:
+    app: admin-csa
+  ports:
+    - port: 3000
+      targetPort: 3000
+      nodePort: 30099
+      protocol: TCP

csa-manifest/base-k8s/csa.configmap.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: admin-csa-config
+data:
+  NEXT_PUBLIC_API_BASE_URL: "https://api-management.cifo.co.id"
+  NEXT_PUBLIC_API_KEY: "cifosuperapp"
+  NEXT_PUBLIC_API_MANAGEMENT: "api-management"
+  NEXT_PUBLIC_CMS_MANAGEMENT: "cms-management"
+  NEXT_PUBLIC_BUCKET_MANAGEMENT: "bucket-management"
+  NEXT_PUBLIC_USER_MANAGEMENT: "user-management"
+  NEXT_PUBLIC_ADMIN_MANAGEMENT: "admin-management"

csa-manifest/base-k8s/kustomization.yaml

@@ -0,0 +1,9 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - csa-deployment.yaml
+  - csa-configmap.yaml
+  - csa-secret.yaml
+  - csa-rbac.yaml
+  - csa-netpol.yaml

csa-manifest/overlays/dev/kustomization.yaml

@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ../../base-k8s
+
+patchesStrategicMerge:
+  - patch.yaml