Feat: phase deployment

helm-repo/index.yaml

@@ -1,9 +1,29 @@
 apiVersion: v1
 entries:
+  phase:
+  - apiVersion: v2
+    created: "2024-08-15T17:20:48.04662344+05:30"
+    description: A Helm chart for deploying the Phase Secrets Manager
+    digest: 35fb1622a8b3d83e461f8d83c957e90d1afd5c6a69049e92da7594a8af302461
+    home: https://github.com/phasehq/kubernetes-secrets-operator
+    icon: https://phase.dev/apple-touch-icon.png
+    keywords:
+    - phase
+    - deployment
+    maintainers:
+    - email: nimish@phase.dev
+      name: Nimish
+    name: phase
+    sources:
+    - https://github.com/phasehq/console
+    type: application
+    urls:
+    - phase-0.1.0.tgz
+    version: 0.1.0
   phase-kubernetes-operator:
   - apiVersion: v2
     appVersion: 1.2.1
-    created: "2024-07-29T18:55:33.848979547+05:30"
+    created: "2024-08-15T17:20:48.047188122+05:30"
     description: A Helm chart for deploying the Phase Kubernetes Operator
     digest: dc708b49b17107c0bf6efd354777f2ddaf4e080c18f7ab0541968338dfe808c5
     home: https://github.com/phasehq/kubernetes-secrets-operator
@@ -21,6 +41,6 @@ entries:
     - https://github.com/phasehq/kubernetes-secrets-operator
     type: application
     urls:
-    - https://helm.phase.dev/phase-kubernetes-operator-1.2.1.tgz
+    - phase-kubernetes-operator-1.2.1.tgz
     version: 1.2.1
-generated: "2024-07-29T18:55:33.848176069+05:30"
+generated: "2024-08-15T17:20:48.045460903+05:30"

phase-k8s.yaml

@@ -0,0 +1,338 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: phase-config
+data:
+  HOST: "localhost"
+  HTTP_PROTOCOL: "http://" # Need to change to https after TLS
+  SSO_PROVIDERS: "google,github,gitlab"
+  DATABASE_HOST: "phase-postgres"
+  DATABASE_PORT: "5432"
+  DATABASE_NAME: "postgres-db-name"
+  DATABASE_USER: "postgres-user"
+  REDIS_HOST: "phase-redis"
+  REDIS_PORT: "6379"
+  NEXT_TELEMETRY_DISABLED: "1"
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: phase-secrets
+type: Opaque
+stringData:
+  NEXTAUTH_SECRET: "82031b3760ac58352bb2d48fd9f32e9f72a0614343b669038139f18652ed1447"
+  SECRET_KEY: "92d44efc4f9a4c0556cc67d2d033d3217829c263d5ab7d1954cf4b5bfd533e58"
+  SERVER_SECRET: "9e760539415af07b22249b5878593bd4deb9b8961c7dd0570117549f2f32a2"
+  DATABASE_PASSWORD: "a765b221799be364c53c8a32acccf5dd90d5fc832607bdd14fccaaaa0062adfd"
+  GOOGLE_CLIENT_ID:
+  GOOGLE_CLIENT_SECRET:
+  GITHUB_CLIENT_ID:
+  GITHUB_CLIENT_SECRET:
+  GITLAB_CLIENT_ID:
+  GITLAB_CLIENT_SECRET:
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: phase-frontend
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: phase-frontend
+  template:
+    metadata:
+      labels:
+        app: phase-frontend
+    spec:
+      containers:
+      - name: frontend
+        image: phasehq/frontend:bae2759
+        ports:
+        - containerPort: 3000
+        envFrom:
+        - configMapRef:
+            name: phase-config
+        - secretRef:
+            name: phase-secrets
+        env:
+        - name: NEXTAUTH_URL
+          value: "$(HTTP_PROTOCOL)$(HOST)"
+        - name: BACKEND_API_BASE
+          value: "$(HTTP_PROTOCOL)$(HOST)/service"
+        - name: NEXT_PUBLIC_BACKEND_API_BASE
+          value: "$(HTTP_PROTOCOL)$(HOST)/service"
+        - name: NEXT_PUBLIC_NEXTAUTH_PROVIDERS
+          value: "$(SSO_PROVIDERS)"
+        # readinessProbe:
+        #   httpGet:
+        #     path: /api/health
+        #     port: 3000
+        #   initialDelaySeconds: 10
+        #   periodSeconds: 5
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: phase-backend
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: phase-backend
+  template:
+    metadata:
+      labels:
+        app: phase-backend
+    spec:
+      initContainers:
+      - name: wait-for-postgres
+        image: busybox:1.28
+        command: ['sh', '-c', 'until nc -z phase-postgres 5432; do echo waiting for postgres; sleep 2; done;']
+      containers:
+      - name: backend
+        image: phasehq/backend:latest
+        envFrom:
+        - configMapRef:
+            name: phase-config
+        - secretRef:
+            name: phase-secrets
+        env:
+        - name: OAUTH_REDIRECT_URI
+          value: "$(HTTP_PROTOCOL)$(HOST)"
+        - name: ALLOWED_HOSTS
+          value: "$(HOST),phase-backend"
+        - name: ALLOWED_ORIGINS
+          value: "$(HTTP_PROTOCOL)$(HOST)"
+        - name: SESSION_COOKIE_DOMAIN
+          value: "$(HOST)"
+        # readinessProbe:
+        #   httpGet:
+        #     path: /health
+        #     port: 8000
+        #     httpHeaders:
+        #       - name: Host
+        #         value: "phase-backend"
+        #   initialDelaySeconds: 10
+        #   periodSeconds: 5
+        #   timeoutSeconds: 5
+        # livenessProbe:
+        #   httpGet:
+        #     path: /health
+        #     port: 8000
+        #     httpHeaders:
+        #       - name: Host
+        #         value: "phase-backend"
+        #   initialDelaySeconds: 15
+        #   periodSeconds: 20
+        #   timeoutSeconds: 5
+        # lifecycle:
+        #   postStart:
+        #     exec:
+        #       command: ["/bin/sh", "-c", "python manage.py migrate"]
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: phase-worker
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: phase-worker
+  template:
+    metadata:
+      labels:
+        app: phase-worker
+    spec:
+      initContainers:
+      # Wait for Postgresql to boot up before starting worker
+      - name: wait-for-postgres
+        image: busybox
+        command: ['sh', '-c', 'until nc -z $DATABASE_HOST $DATABASE_PORT; do echo waiting for postgres; sleep 2; done;']
+        envFrom:
+        - configMapRef:
+            name: phase-config
+      # Wait for Redis to boot up before starting worker
+      - name: wait-for-redis
+        image: busybox
+        command: ['sh', '-c', 'until nc -z $REDIS_HOST $REDIS_PORT; do echo waiting for redis; sleep 2; done;']
+        envFrom:
+        - configMapRef:
+            name: phase-config
+      containers:
+      - name: worker
+        image: phasehq/backend:latest
+        command: ["python", "manage.py", "rqworker", "default"]
+        envFrom:
+        - configMapRef:
+            name: phase-config
+        - secretRef:
+            name: phase-secrets
+        env:
+        - name: ALLOWED_HOSTS
+          value: "$(HOST),phase-worker"
+        - name: ALLOWED_ORIGINS
+          value: "$(HTTP_PROTOCOL)$(HOST)"
+        - name: SESSION_COOKIE_DOMAIN
+          value: "$(HOST)"
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: phase-postgres
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: phase-postgres
+  template:
+    metadata:
+      labels:
+        app: phase-postgres
+    spec:
+      containers:
+      - name: postgres
+        image: postgres:15.4-alpine3.17
+        envFrom:
+        - configMapRef:
+            name: phase-config
+        - secretRef:
+            name: phase-secrets
+        env:
+        - name: POSTGRES_DB
+          valueFrom:
+            configMapKeyRef:
+              name: phase-config
+              key: DATABASE_NAME
+        - name: POSTGRES_USER
+          valueFrom:
+            configMapKeyRef:
+              name: phase-config
+              key: DATABASE_USER
+        - name: POSTGRES_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: phase-secrets
+              key: DATABASE_PASSWORD
+        volumeMounts:
+        - name: postgres-storage
+          mountPath: /var/lib/postgresql/data
+      volumes:
+      - name: postgres-storage
+        emptyDir: {}
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: phase-redis
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: phase-redis
+  template:
+    metadata:
+      labels:
+        app: phase-redis
+    spec:
+      containers:
+      - name: redis
+        image: redis:alpine3.19
+        readinessProbe:
+          tcpSocket:
+            port: 6379
+          initialDelaySeconds: 5
+          periodSeconds: 5
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: phase-frontend
+spec:
+  selector:
+    app: phase-frontend
+  ports:
+    - protocol: TCP
+      port: 3000
+      targetPort: 3000
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: phase-backend
+spec:
+  selector:
+    app: phase-backend
+  ports:
+    - protocol: TCP
+      port: 8000
+      targetPort: 8000
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: phase-postgres
+spec:
+  selector:
+    app: phase-postgres
+  ports:
+    - protocol: TCP
+      port: 5432
+      targetPort: 5432
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: phase-redis
+spec:
+  selector:
+    app: phase-redis
+  ports:
+    - protocol: TCP
+      port: 6379
+      targetPort: 6379
+
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: phase-ingress
+  annotations:
+    nginx.ingress.kubernetes.io/ssl-redirect: "false"
+spec:
+  rules:
+  - http:
+      paths:
+      - path: /service
+        pathType: Prefix
+        backend:
+          service:
+            name: phase-backend
+            port: 
+              number: 8000
+      - path: /kms
+        pathType: Prefix
+        backend:
+          service:
+            name: phase-backend
+            port: 
+              number: 8000
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: phase-frontend
+            port: 
+              number: 3000

phase/Chart.yaml

@@ -0,0 +1,15 @@
+apiVersion: v2
+name: phase
+icon: https://phase.dev/apple-touch-icon.png
+description: A Helm chart for deploying the Phase Secrets Manager 
+type: application
+version: 0.1.0
+keywords:
+  - phase
+  - deployment
+home: https://github.com/phasehq/kubernetes-secrets-operator
+sources:
+  - https://github.com/phasehq/console
+maintainers:
+  - name: Nimish
+    email: nimish@phase.dev