feat: add module3-6

module5/.gitignore

@@ -0,0 +1,4 @@
+jwt.key
+
+secret-scrumlr-backend.yaml
+ingress-scrumlr.yaml

module5/k8s/helm/cert-manager/README.md

@@ -0,0 +1,21 @@
+# cert-manager
+
+Docs: https://cert-manager.io/docs/
+Github Repo: https://github.com/cert-manager/cert-manager
+
+```sh
+helm repo add jetstack https://charts.jetstack.io --force-update
+helm upgrade \
+  --install \
+  cert-manager jetstack/cert-manager \
+  --namespace cert-manager \
+  --create-namespace \
+  --version v1.17.2 \
+  --values values.yaml
+```
+
+Install [ClusterIssuer](https://cert-manager.io/docs/concepts/issuer/) for [Let's Encrypt](https://letsencrypt.org/)
+
+```sh
+kubectl apply -f clusterissuer-letsencrypt-production.yaml
+```

module5/k8s/helm/cert-manager/clusterissuer-letsencrypt-production.yaml

@@ -0,0 +1,13 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-production
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      name: letsencrypt-production
+    solvers:
+      - http01:
+          ingress:
+            ingressClassName: nginx

module5/k8s/helm/cert-manager/values.yaml

@@ -0,0 +1,2 @@
+crds:
+  enabled: true

module5/k8s/helm/ingress-nginx/README.md

@@ -0,0 +1,15 @@
+# ingress-nginx
+
+Docs: https://kubernetes.github.io/ingress-nginx/
+Github Repo: https://github.com/kubernetes/ingress-nginx
+
+```sh
+helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx --force-update
+helm upgrade \
+  ingress-nginx ingress-nginx/ingress-nginx \
+  --install \
+  --namespace ingress-nginx \
+  --create-namespace \
+  --version 4.12.1 \
+  --values values.yaml
+```

module5/k8s/helm/ingress-nginx/values.yaml

@@ -0,0 +1 @@
+# Note: This file is intentionally empty and is more of a placeholder to ensure consistency.

module5/k8s/helm/nats/README.md

@@ -0,0 +1,15 @@
+# NATS
+
+Docs: https://docs.nats.io/
+Github Repo: https://github.com/nats-io/k8s
+
+```sh
+helm repo add nats https://nats-io.github.io/k8s/helm/charts/ --force-update
+helm upgrade \
+  --install \
+  nats nats/nats \
+  --namespace nats \
+  --create-namespace \
+  --version 1.3.3 \
+  --values values.yaml
+```

module5/k8s/helm/nats/values.yaml

@@ -0,0 +1,10 @@
+config:
+  cluster:
+    enabled: true
+    replicas: 3
+
+podTemplate:
+  topologySpreadConstraints:
+    kubernetes.io/hostname:
+      maxSkew: 1
+      whenUnsatisfiable: ScheduleAnyway

module5/k8s/kustomize/scrumlr/backend/configmap-scrumlr-backend.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: scrumlr-backend
+  labels:
+    app.kubernetes.io/name: "scrumlr"
+    app.kubernetes.io/component: "backend"
+    app.kubernetes.io/part-of: "scrumlr"
+data:
+  SCRUMLR_SERVER_PORT: "8080"
+  SCRUMLR_BASE_PATH: "/api"
+  SCRUMLR_SERVER_NATS_URL: "nats.nats.svc.cluster.local:4222"

module5/k8s/kustomize/scrumlr/backend/deployment-scrumlr-backend.yaml

@@ -0,0 +1,70 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: scrumlr-backend
+  labels:
+    app.kubernetes.io/name: "scrumlr"
+    app.kubernetes.io/component: "backend"
+    app.kubernetes.io/part-of: "scrumlr"
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: "scrumlr"
+      app.kubernetes.io/component: "backend"
+      app.kubernetes.io/part-of: "scrumlr"
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: "scrumlr"
+        app.kubernetes.io/component: "backend"
+        app.kubernetes.io/part-of: "scrumlr"
+    spec:
+      topologySpreadConstraints:
+        - maxSkew: 1
+          topologyKey: kubernetes.io/hostname
+          whenUnsatisfiable: ScheduleAnyway
+          labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: "scrumlr"
+              app.kubernetes.io/component: "backend"
+              app.kubernetes.io/part-of: "scrumlr"
+      containers:
+        - name: backend
+          image: ghcr.io/inovex/scrumlr.io/scrumlr-server:3.10.3
+          args:
+            - "/app/main"
+            - "-disable-check-origin"
+          resources:
+            requests:
+              cpu: "50m"
+              memory: "200Mi"
+            limits:
+              memory: "200Mi"
+          startupProbe:
+            httpGet:
+              path: /api/health
+              port: 8080
+            failureThreshold: 30
+            periodSeconds: 10
+          livenessProbe:
+            httpGet:
+              path: /api/health
+              port: 8080
+          readinessProbe:
+            httpGet:
+              path: /api/health
+              port: 8080
+          envFrom:
+            - configMapRef:
+                name: scrumlr-backend
+            - secretRef:
+                name: scrumlr-backend
+          env:
+            - name: SCRUMLR_PRIVATE_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: scrumlr-ecdsa-key
+                  key: jwt.key
+          ports:
+            - containerPort: 8080

module5/k8s/kustomize/scrumlr/backend/kustomization.yaml

@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - configmap-scrumlr-backend.yaml
+  - secret-scrumlr-backend.yaml
+  - deployment-scrumlr-backend.yaml
+  - service-scrumlr-backend.yaml
+  - poddisruptionbudget-backend.yaml

module5/k8s/kustomize/scrumlr/backend/poddisruptionbudget-backend.yaml

@@ -0,0 +1,11 @@
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: backend
+spec:
+  minAvailable: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: "scrumlr"
+      app.kubernetes.io/component: "backend"
+      app.kubernetes.io/part-of: "scrumlr"

module5/k8s/kustomize/scrumlr/backend/secret-scrumlr-backend.yaml.example

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: scrumlr-backend
+  labels:
+    app.kubernetes.io/name: "scrumlr"
+    app.kubernetes.io/component: "backend"
+    app.kubernetes.io/part-of: "scrumlr"
+type: Opaque
+data:
+  # echo -n 'postgres://user:PASSWORD@INSTANCE-ID.postgresql.eu01.onstackit.cloud:5432/scrumlr' | base64
+  SCRUMLR_SERVER_DATABASE_URL: "CHANGE-ME"

module5/k8s/kustomize/scrumlr/backend/service-scrumlr-backend.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: scrumlr-backend
+spec:
+  selector:
+    app.kubernetes.io/name: "scrumlr"
+    app.kubernetes.io/component: "backend"
+    app.kubernetes.io/part-of: "scrumlr"
+  ports:
+    - port: 8080
+      targetPort: 8080

module5/k8s/kustomize/scrumlr/frontend/configmap-scrumlr-frontend.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: scrumlr-frontend
+  labels:
+    app.kubernetes.io/name: "scrumlr"
+    app.kubernetes.io/component: "frontend"
+    app.kubernetes.io/part-of: "scrumlr"
+data:
+  SCRUMLR_SERVER_URL: "/api"
+  SCRUMLR_SERVER_PORT: "8080"
+  SCRUMLR_SHOW_LEGAL_DOCUMENTS: "true"

module5/k8s/kustomize/scrumlr/frontend/deployment-scrumlr-frontend.yaml

@@ -0,0 +1,45 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: scrumlr-frontend
+  labels:
+    app.kubernetes.io/name: "scrumlr"
+    app.kubernetes.io/component: "frontend"
+    app.kubernetes.io/part-of: "scrumlr"
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: "scrumlr"
+      app.kubernetes.io/component: "frontend"
+      app.kubernetes.io/part-of: "scrumlr"
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: "scrumlr"
+        app.kubernetes.io/component: "frontend"
+        app.kubernetes.io/part-of: "scrumlr"
+    spec:
+      topologySpreadConstraints:
+        - maxSkew: 1
+          topologyKey: kubernetes.io/hostname
+          whenUnsatisfiable: ScheduleAnyway
+          labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: "scrumlr"
+              app.kubernetes.io/component: "frontend"
+              app.kubernetes.io/part-of: "scrumlr"
+      containers:
+        - name: frontend
+          image: ghcr.io/inovex/scrumlr.io/scrumlr-frontend:3.10.3
+          resources:
+            requests:
+              cpu: "25m"
+              memory: "100Mi"
+            limits:
+              memory: "100Mi"
+          envFrom:
+            - configMapRef:
+                name: scrumlr-frontend
+          ports:
+            - containerPort: 8080

module5/k8s/kustomize/scrumlr/frontend/kustomization.yaml

@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - configmap-scrumlr-frontend.yaml
+  - deployment-scrumlr-frontend.yaml
+  - service-scrumlr-frontend.yaml
+  - poddisruptionbudget-frontend.yaml

module5/k8s/kustomize/scrumlr/frontend/poddisruptionbudget-frontend.yaml

@@ -0,0 +1,11 @@
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: frontend
+spec:
+  minAvailable: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: "scrumlr"
+      app.kubernetes.io/component: "frontend"
+      app.kubernetes.io/part-of: "scrumlr"

module5/k8s/kustomize/scrumlr/frontend/service-scrumlr-frontend.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: scrumlr-frontend
+spec:
+  selector:
+    app.kubernetes.io/name: "scrumlr"
+    app.kubernetes.io/component: "frontend"
+    app.kubernetes.io/part-of: "scrumlr"
+  ports:
+    - port: 80
+      targetPort: 8080

module5/k8s/kustomize/scrumlr/ingress-scrumlr.yaml.example

@@ -0,0 +1,37 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: scrumlr
+  labels:
+    app.kubernetes.io/name: "scrumlr"
+    app.kubernetes.io/part-of: "scrumlr"
+  annotations:
+    nginx.ingress.kubernetes.io/limit-connections: "100"
+    # Websocket optimization https://kubernetes.github.io/ingress-nginx/user-guide/miscellaneous/#websockets
+    nginx.ingress.kubernetes.io/proxy-send-timeout: "7200"
+    nginx.ingress.kubernetes.io/proxy-read-timeout: "7200"
+    cert-manager.io/cluster-issuer: "letsencrypt-production"
+spec:
+  ingressClassName: nginx
+  tls:
+    - hosts:
+      - CHANGE-ME.domain.tld
+      secretName: scrumlr-tls
+  rules:
+    - host: CHANGE-ME.domain.tld
+      http:
+        paths:
+          - path: /api
+            pathType: Prefix
+            backend:
+              service:
+                name: scrumlr-backend
+                port:
+                  number: 8080
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: scrumlr-frontend
+                port:
+                  number: 80

module5/k8s/kustomize/scrumlr/kustomization.yaml

@@ -0,0 +1,14 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: scrumlr
+resources:
+  - namespace-scrumlr.yaml
+  - backend/
+  - frontend/
+  - ingress-scrumlr.yaml
+
+# Create key: openssl ecparam -genkey -name secp521r1 -noout -out jwt.key
+secretGenerator:
+- name: scrumlr-ecdsa-key
+  files:
+  - jwt.key

module5/k8s/kustomize/scrumlr/namespace-scrumlr.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: scrumlr