Addressing PR feedback: fix probes, image version, and add docs

2025-12-10 02:42:49 +01:00 · 2025-11-28 14:29:57 +01:00 · 2025-11-28 14:29:57 +01:00 · cd0b94cbe9
commit cd0b94cbe9
parent 1894faa7d2
6 changed files with 77 additions and 36 deletions
--- a/kubernetes/README.md
+++ b/kubernetes/README.md
@ -0,0 +1,46 @@
+# Rallly Kubernetes Manifests
+
+This directory contains base Kubernetes manifests to self-host Rallly. It separates configuration (ConfigMaps) from sensitive data (Secrets) and uses a StatefulSet for the PostgreSQL database.
+
+## Prerequisites
+
+- A Kubernetes cluster.
+- `kubectl` configured to talk to your cluster.
+- An Ingress Controller (e.g., NGINX) installed.
+
+## Configuration
+
+1.  **Secrets (`secrets.yaml`):**
+    - **Important:** Do not commit the `secrets.yaml` file with real credentials to version control.
+    - Update `POSTGRES_PASSWORD` and `SECRET_PASSWORD` (use `openssl rand -hex 32` to generate).
+    - Update `DATABASE_URL` to match your postgres password.
+
+2.  **Config (`rallly-config.yaml`):**
+    - Update `NEXT_PUBLIC_BASE_URL` to match your domain.
+    - Configure your SMTP settings for emails.
+
+3.  **Ingress (`ingress.yaml`):**
+    - Change `host: rallly.example.com` to your actual domain.
+    - Ensure `ingressClassName` matches your cluster's controller (default is set to `nginx`).
+
+## Deployment Order
+
+Apply the manifests in the following order to ensure dependencies are met:
+
+```bash
+# 1. Apply Secrets and Config first
+kubectl apply -f secrets.yaml
+kubectl apply -f rallly-config.yaml
+
+# 2. Apply Database (StatefulSet)
+kubectl apply -f postgres.yaml
+
+# 3. Apply Application (Deployment)
+kubectl apply -f rallly.yaml
+
+# 4. Apply Ingress
+kubectl apply -f ingress.yaml
+
+# 5. Check that the pods are running - should show '1/1 Running' for each pod.
+kubectl get pods
+```
--- a/kubernetes/README.pdf
+++ b/kubernetes/README.pdf
--- a/kubernetes/ingress.yaml
+++ b/kubernetes/ingress.yaml
@ -10,6 +10,8 @@ metadata:
    # Example for NGINX ingress controller size limit
    # nginx.ingress.kubernetes.io/proxy-body-size: "10m"
 spec:
+  # NOTE: Explicitly set to 'nginx'. Remove this line if using a different Ingress Controller
+  # or if you wish to use the cluster default.
  ingressClassName: nginx
  rules:
    - host: rallly.example.com
--- a/kubernetes/postgres.yaml
+++ b/kubernetes/postgres.yaml
@ -1,4 +1,3 @@
-# kubernetes/postgres.yaml
 apiVersion: v1
 kind: Service
 metadata:
@ -33,7 +32,8 @@ spec:
        runAsUser: 999
      containers:
        - name: postgres
-          image: postgres:15-alpine
+          # Switched to 14-alpine to align with official docker-compose
+          image: postgres:14-alpine
          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
@ -52,6 +52,9 @@ spec:
                  key: POSTGRES_PASSWORD
            - name: POSTGRES_DB
              value: rallly
+            # Fix: Point PGDATA to a generic subpath to avoid mount errors (lost+found)
+            - name: PGDATA
+              value: /var/lib/postgresql/data/pgdata
          ports:
            - containerPort: 5432
              name: postgres
@ -61,7 +64,8 @@ spec:
              command:
                - /bin/sh
                - -c
-                - pg_isready -U rallly
+                # Uses env var and adds timeout to prevent hanging
+                - pg_isready -U $POSTGRES_USER -t 5
            initialDelaySeconds: 30
            periodSeconds: 10
          readinessProbe:
@ -69,7 +73,8 @@ spec:
              command:
                - /bin/sh
                - -c
-                - pg_isready -U rallly
+                # Uses env var and adds timeout to prevent hanging
+                - pg_isready -U $POSTGRES_USER -t 5
            initialDelaySeconds: 10
            periodSeconds: 5
          volumeMounts:
@ -89,5 +94,4 @@ spec:
        accessModes: ["ReadWriteOnce"]
        resources:
          requests:
-            # Note: Adjust storage size based on your data retention needs.
            storage: 1Gi
--- a/kubernetes/rallly.yaml
+++ b/kubernetes/rallly.yaml
@ -1,4 +1,3 @@
-# kubernetes/rallly.yaml
 apiVersion: v1
 kind: Service
 metadata:
@ -38,7 +37,7 @@ spec:
        runAsUser: 1000
      containers:
        - name: rallly
-          # Pinned version for stability (latest stable at time of refactoring)
+          # Pinned version for stability and reproducibility
          image: lukevella/rallly:v4.5.4
          imagePullPolicy: IfNotPresent
          ports:
@ -87,7 +86,6 @@ spec:
                configMapKeyRef:
                  name: rallly-config
                  key: SMTP_SECURE
-
            # 2. Secrets (from Secret)
            - name: DATABASE_URL
              valueFrom:
@ -104,19 +102,6 @@ spec:
                secretKeyRef:
                  name: rallly-secrets
                  key: INITIAL_ADMIN_EMAIL
-
-            # SMTP User/Password (optional usage)
-            # - name: SMTP_USER
-            #   valueFrom:
-            #     secretKeyRef:
-            #       name: rallly-secrets
-            #       key: SMTP_USER
-            # - name: SMTP_PASSWORD
-            #   valueFrom:
-            #     secretKeyRef:
-            #       name: rallly-secrets
-            #       key: SMTP_PASSWORD
-
          resources:
            limits:
              cpu: "1"
@ -135,5 +120,6 @@ spec:
            httpGet:
              path: /
              port: 3000
-            initialDelaySeconds: 30
+            # Reduced delay so the pod becomes ready faster once running
+            initialDelaySeconds: 10
            periodSeconds: 5
--- a/kubernetes/secrets.yaml
+++ b/kubernetes/secrets.yaml
@ -1,4 +1,7 @@
 # kubernetes/secrets.yaml
+# WARNING: This file uses 'stringData' for demonstration.
+# For production, DO NOT commit this file to Git.
+# Use SealedSecrets, ExternalSecrets, or manually create the secret on the cluster.
 apiVersion: v1
 kind: Secret
 metadata: