simplifique/Vendaweb-api
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f2b2572a35be8c85b53650d804b2e4b511b10f62
Vendaweb-api/k8s
History

README.md

Kubernetes Infra (k8s) - vendaweb-api

Este diretorio contem os manifests Kubernetes do vendaweb-api usando Kustomize (base + overlays).

Visao geral

  • App: vendaweb-api (Deployment + Service)
  • Porta HTTP do container/Service: 8067
  • Healthcheck usado pelos probes: GET /v1/health
  • Config via ConfigMap + Secret (injetados com envFrom)
  • Overlay prod:
    • Namespace: vendaweb-prod
    • Service: NodePort (porta externa 30001)
    • Replicas: 15

Estrutura

  • k8s/base/

    • deployment.yaml: deployment padrao (replicas 3), porta 8067, probes /v1/health, imagePullSecrets: gitea-auth
    • service.yaml: ClusterIP expondo 8067
    • configmap.yaml: variaveis nao sensiveis (ex.: Redis/DB host/port)
    • secret.yaml: variaveis sensiveis (ex.: usuario/senha do DB)
    • kustomization.yaml: agrega os recursos do base

  • k8s/overlays/prod/

    • kustomization.yaml: aplica patches e define namespace: vendaweb-prod
    • service-patch.yaml: muda Service para NodePort e fixa nodePort: 30001
    • deployment-prod-patch.yaml: ajusta replicas: 15
    • deployment-image-digest-patch.yaml: sobrescreve a image: do container

  • k8s/argocd/application-prod.yaml

    • Aplica o overlay k8s/overlays/prod via Argo CD
    • Sync automatizado com selfHeal e prune

Portas e acesso

  • Dentro do cluster: Service vendaweb-api:8067
  • Overlay prod (NodePort): porta externa 30001 (mapeia para 8067)

Notas:

  • O processo Node/Nest escuta em 8067 (ver src/main.ts).
  • A variavel PORT em .env nao e usada pelo bootstrap atual; o k8s esta configurado para 8067.

Deploy com kubectl/kustomize

Gerar o YAML final (sem aplicar):

kubectl kustomize k8s/overlays/prod

Aplicar o overlay prod:

kubectl apply -k k8s/overlays/prod

Validar o que sera aplicado (dry-run):

kubectl apply -k k8s/overlays/prod --dry-run=server

Ver diffs (se seu kubectl suportar):

kubectl diff -k k8s/overlays/prod

Argo CD (prod)

O Argo CD esta configurado em k8s/argocd/application-prod.yaml para:

  • path: k8s/overlays/prod
  • targetRevision: main
  • destination.namespace: vendaweb-prod (com CreateNamespace=true)

Se voce esta usando Argo CD, o fluxo recomendado e:

  • atualizar manifests no Git (overlay prod)
  • deixar o Argo CD sincronizar automaticamente

Configuracao (ConfigMap/Secret)

  • k8s/base/configmap.yaml (vendaweb-api-config)
    • REDIS_HOST, REDIS_PORT, DB_HOST, DB_PORT, DB_SERVICE_NAME
  • k8s/base/secret.yaml (vendaweb-api-secrets)
    • DB_USERNAME, DB_PASSWORD

Importante:

  • O Secret esta em stringData no repositorio (texto puro). Para ambiente real, prefira um gerenciador de segredos (ExternalSecrets, SOPS, Vault etc.) e nao commite credenciais.

Imagem e pipeline

O workflow .gitea/workflows/deploy-api.yaml:

  • builda e publica git.simplifiquehc.com.br/simplifique/vendaweb-api:<sha7> e :latest
  • atualiza k8s/overlays/prod/deployment-image-digest-patch.yaml para apontar para o tag do commit

Isso e pensado para o Argo CD detectar a alteracao no Git e aplicar.

Comandos uteis (day-2)

Assumindo namespace vendaweb-prod:

kubectl -n vendaweb-prod get all
kubectl -n vendaweb-prod get pods -l app=vendaweb-api -o wide
kubectl -n vendaweb-prod describe deploy/vendaweb-api
kubectl -n vendaweb-prod describe pod -l app=vendaweb-api

Logs:

kubectl -n vendaweb-prod logs deploy/vendaweb-api --tail=200
kubectl -n vendaweb-prod logs -l app=vendaweb-api --tail=200 --all-containers
kubectl -n vendaweb-prod logs -l app=vendaweb-api -f

Rollout:

kubectl -n vendaweb-prod rollout status deploy/vendaweb-api
kubectl -n vendaweb-prod rollout history deploy/vendaweb-api
kubectl -n vendaweb-prod rollout restart deploy/vendaweb-api

Exec/Debug:

kubectl -n vendaweb-prod exec -it deploy/vendaweb-api -- sh
kubectl -n vendaweb-prod port-forward svc/vendaweb-api 8067:8067

Troubleshooting rapido

  • ImagePullBackOff:

    • conferir imagePullSecrets: gitea-auth no namespace (kubectl -n vendaweb-prod get secret gitea-auth)
    • conferir o valor de image: no overlay prod

  • CrashLoopBackOff:

    • ver logs do pod e eventos (kubectl -n vendaweb-prod describe pod ...)
    • validar variaveis do ConfigMap/Secret

  • Probes falhando:

    • garantir que a rota /v1/health responde 200 e que a app esta ouvindo em 8067

Mudancas comuns

  • Alterar porta externa (NodePort): k8s/overlays/prod/service-patch.yaml
  • Alterar replicas em prod: k8s/overlays/prod/deployment-prod-patch.yaml
  • Alterar imagem/tag em prod: k8s/overlays/prod/deployment-image-digest-patch.yaml
  • Alterar envs: k8s/base/configmap.yaml e k8s/base/secret.yaml
Reference in New Issue View Git Blame Copy Permalink