Merge 1894faa7d28e4f71ac776a57700e3946b66239c9 into 297e04f69bcd32f311ed3928ef3141389b701bc9

kubernetes/README.md

@@ -1,46 +0,0 @@
-# Rallly Kubernetes Manifests
-
-This directory contains base Kubernetes manifests to self-host Rallly. It separates configuration (ConfigMaps) from sensitive data (Secrets) and uses a StatefulSet for the PostgreSQL database.
-
-## Prerequisites
-
-- A Kubernetes cluster.
-- `kubectl` configured to talk to your cluster.
-- An Ingress Controller (e.g., NGINX) installed.
-
-## Configuration
-
-1.  **Secrets (`secrets.yaml`):**
-    - **Important:** Do not commit the `secrets.yaml` file with real credentials to version control.
-    - Update `POSTGRES_PASSWORD` and `SECRET_PASSWORD` (use `openssl rand -hex 32` to generate).
-    - Update `DATABASE_URL` to match your postgres password.
-
-2.  **Config (`rallly-config.yaml`):**
-    - Update `NEXT_PUBLIC_BASE_URL` to match your domain.
-    - Configure your SMTP settings for emails.
-
-3.  **Ingress (`ingress.yaml`):**
-    - Change `host: rallly.example.com` to your actual domain.
-    - Ensure `ingressClassName` matches your cluster's controller (default is set to `nginx`).
-
-## Deployment Order
-
-Apply the manifests in the following order to ensure dependencies are met:
-
-```bash
-# 1. Apply Secrets and Config first
-kubectl apply -f secrets.yaml
-kubectl apply -f rallly-config.yaml
-
-# 2. Apply Database (StatefulSet)
-kubectl apply -f postgres.yaml
-
-# 3. Apply Application (Deployment)
-kubectl apply -f rallly.yaml
-
-# 4. Apply Ingress
-kubectl apply -f ingress.yaml
-
-# 5. Check that the pods are running - should show '1/1 Running' for each pod.
-kubectl get pods
-```

kubernetes/ingress.yaml

@@ -10,21 +10,19 @@ metadata:
     # Example for NGINX ingress controller size limit
     # nginx.ingress.kubernetes.io/proxy-body-size: "10m"
 spec:
-  # NOTE: Explicitly set to 'nginx'. Remove this line if using a different Ingress Controller
-  # or if you wish to use the cluster default.
   ingressClassName: nginx
   rules:
-    - host: rallly.example.com
+  - host: rallly.example.com
-      http:
+    http:
-        paths:
+      paths:
-          - path: /
+      - path: /
-            pathType: Prefix
+        pathType: Prefix
-            backend:
+        backend:
-              service:
+          service:
-                name: rallly
+            name: rallly
-                port:
+            port:
-                  number: 80
+              number: 80
   tls:
-    - hosts:
+  - hosts:
-        - rallly.example.com
+    - rallly.example.com
-      secretName: rallly-tls
+    secretName: rallly-tls

kubernetes/postgres.yaml

@@ -1,3 +1,4 @@
+# kubernetes/postgres.yaml
 apiVersion: v1
 kind: Service
 metadata:
@@ -32,8 +33,7 @@ spec:
         runAsUser: 999
       containers:
         - name: postgres
-          # Switched to 14-alpine to align with official docker-compose
+          image: postgres:15-alpine
-          image: postgres:14-alpine
           securityContext:
             allowPrivilegeEscalation: false
             capabilities:
@@ -52,9 +52,6 @@ spec:
                   key: POSTGRES_PASSWORD
             - name: POSTGRES_DB
               value: rallly
-            # Fix: Point PGDATA to a generic subpath to avoid mount errors (lost+found)
-            - name: PGDATA
-              value: /var/lib/postgresql/data/pgdata
           ports:
             - containerPort: 5432
               name: postgres
@@ -64,8 +61,7 @@ spec:
               command:
                 - /bin/sh
                 - -c
-                # Uses env var and adds timeout to prevent hanging
+                - pg_isready -U rallly
-                - pg_isready -U $POSTGRES_USER -t 5
             initialDelaySeconds: 30
             periodSeconds: 10
           readinessProbe:
@@ -73,8 +69,7 @@ spec:
               command:
                 - /bin/sh
                 - -c
-                # Uses env var and adds timeout to prevent hanging
+                - pg_isready -U rallly
-                - pg_isready -U $POSTGRES_USER -t 5
             initialDelaySeconds: 10
             periodSeconds: 5
           volumeMounts:
@@ -94,4 +89,5 @@ spec:
         accessModes: ["ReadWriteOnce"]
         resources:
           requests:
+            # Note: Adjust storage size based on your data retention needs.
             storage: 1Gi

kubernetes/rallly.yaml

@@ -1,3 +1,4 @@
+# kubernetes/rallly.yaml
 apiVersion: v1
 kind: Service
 metadata:
@@ -37,7 +38,7 @@ spec:
         runAsUser: 1000
       containers:
         - name: rallly
-          # Pinned version for stability and reproducibility
+          # Pinned version for stability (latest stable at time of refactoring)
           image: lukevella/rallly:v4.5.4
           imagePullPolicy: IfNotPresent
           ports:
@@ -86,6 +87,7 @@ spec:
                 configMapKeyRef:
                   name: rallly-config
                   key: SMTP_SECURE
+
             # 2. Secrets (from Secret)
             - name: DATABASE_URL
               valueFrom:
@@ -102,6 +104,19 @@ spec:
                 secretKeyRef:
                   name: rallly-secrets
                   key: INITIAL_ADMIN_EMAIL
+
+            # SMTP User/Password (optional usage)
+            # - name: SMTP_USER
+            #   valueFrom:
+            #     secretKeyRef:
+            #       name: rallly-secrets
+            #       key: SMTP_USER
+            # - name: SMTP_PASSWORD
+            #   valueFrom:
+            #     secretKeyRef:
+            #       name: rallly-secrets
+            #       key: SMTP_PASSWORD
+
           resources:
             limits:
               cpu: "1"
@@ -120,6 +135,5 @@ spec:
             httpGet:
               path: /
               port: 3000
-            # Reduced delay so the pod becomes ready faster once running
+            initialDelaySeconds: 30
-            initialDelaySeconds: 10
             periodSeconds: 5

kubernetes/secrets.yaml

@@ -1,7 +1,4 @@
 # kubernetes/secrets.yaml
-# WARNING: This file uses 'stringData' for demonstration.
-# For production, DO NOT commit this file to Git.
-# Use SealedSecrets, ExternalSecrets, or manually create the secret on the cluster.
 apiVersion: v1
 kind: Secret
 metadata: