CiallooWeb/www.cialloo.com
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
00c02e83933aefd875ce8751091e805194953e9c
www.cialloo.com/DEPLOYMENT.md

4.9 KiB
Raw Blame History

Kubernetes Deployment Setup

This document explains how to set up the GitHub Actions workflow for deploying your React application to a Kubernetes cluster.

Required GitHub Secrets

You need to configure the following secrets in your GitHub repository settings (SettingsSecrets and variablesActions):

Docker Registry Secrets

  • DOCKER_REGISTRY: Your Docker registry URL (e.g., docker.io, ghcr.io, your-registry.com)
  • DOCKER_REPOSITORY: Your Docker repository name (e.g., username/www-cialloo-com)
  • DOCKER_USERNAME: Username for Docker registry authentication
  • DOCKER_PASSWORD: Password or access token for Docker registry authentication

Kubernetes Secrets

  • KUBECONFIG: Base64-encoded kubeconfig file for your Kubernetes cluster

Setting up GitHub Secrets

1. Docker Registry Configuration

For Docker Hub:

DOCKER_REGISTRY=docker.io
DOCKER_REPOSITORY=yourusername/www-cialloo-com
DOCKER_USERNAME=yourusername
DOCKER_PASSWORD=your-docker-hub-token

For GitHub Container Registry:

DOCKER_REGISTRY=ghcr.io
DOCKER_REPOSITORY=yourusername/www-cialloo-com
DOCKER_USERNAME=yourusername
DOCKER_PASSWORD=your-github-token

2. Kubernetes Configuration

To get your base64-encoded kubeconfig:

# Encode your kubeconfig file
cat ~/.kube/config | base64 -w 0

Copy the output and paste it as the value for the KUBECONFIG secret.

GitHub Environments (Optional but Recommended)

You can set up GitHub environments for better security and approval workflows:

  1. Go to SettingsEnvironments
  2. Create environments: production, staging
  3. Configure protection rules (e.g., required reviewers)
  4. Add environment-specific secrets if needed

Kubernetes Cluster Requirements

Your Kubernetes cluster should have the following components:

1. Traefik Ingress Controller

# Install Traefik using Helm
helm repo add traefik https://traefik.github.io/charts
helm repo update
helm install traefik traefik/traefik

# Or using kubectl with CRDs
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.0/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.0/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml

2. Cert-Manager (for SSL certificates)

kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.0/cert-manager.yaml

3. Docker Registry Secret

Create a secret for pulling images from your private registry:

kubectl create secret docker-registry docker-registry-secret \
  --docker-server=your-registry.com \
  --docker-username=your-username \
  --docker-password=your-password \
  --docker-email=your-email@example.com \
  -n www-cialloo-com-production

Customization

Update Domain Name

In k8s/ingress.yaml, replace www.cialloo.com with your actual domain:

spec:
  tls:
  - hosts:
    - your-domain.com  # Change this
    secretName: www-cialloo-com-tls
  rules:
  - host: your-domain.com  # Change this

Adjust Resource Limits

In k8s/deployment.yaml, modify resource requests and limits based on your needs:

resources:
  requests:
    memory: "64Mi"
    cpu: "50m"
  limits:
    memory: "128Mi"
    cpu: "100m"

Scaling

Adjust the number of replicas in k8s/deployment.yaml:

spec:
  replicas: 2  # Change this number

Manual Deployment

To manually trigger the deployment:

  1. Go to your GitHub repository
  2. Click on "Actions" tab
  3. Select "Deploy to Kubernetes" workflow
  4. Click "Run workflow"
  5. Choose environment and optionally specify an image tag
  6. Click "Run workflow"

Monitoring and Troubleshooting

Check deployment status:

kubectl get pods -n www-cialloo-com-production
kubectl get services -n www-cialloo-com-production
kubectl get ingress -n www-cialloo-com-production

View logs:

kubectl logs -l app=www-cialloo-com -n www-cialloo-com-production

Describe problematic pods:

kubectl describe pod <pod-name> -n www-cialloo-com-production

Security Considerations

  1. Least Privilege: Ensure your kubeconfig has minimal required permissions
  2. Secret Rotation: Regularly rotate Docker registry credentials and kubeconfig
  3. Environment Separation: Use different namespaces/clusters for production and staging
  4. Network Policies: Consider implementing Kubernetes network policies
  5. RBAC: Configure proper Role-Based Access Control in your cluster

Workflow Features

  • Manual Trigger Only: Workflow only runs when manually dispatched
  • Environment Selection: Choose between production and staging
  • Custom Image Tags: Optionally specify custom Docker image tags
  • Health Checks: Includes liveness and readiness probes
  • Rolling Updates: Zero-downtime deployments
  • Status Reporting: Detailed deployment status in GitHub Actions summary
Reference in New Issue View Git Blame Copy Permalink