bluejay-infra/apps/fc-messageboard/fc-messageboard.yaml

# FlowerCore MessageBoard — Message board service
---
apiVersion: v1
kind: Namespace
metadata:
  name: fc-messageboard
  labels:
    app.kubernetes.io/part-of: bluejay-infra
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: messageboard-web-config
  namespace: fc-messageboard
data:
  ASPNETCORE_ENVIRONMENT: Production
  ASPNETCORE_URLS: http://+:8080
  ASPNETCORE_FORWARDEDHEADERS_ENABLED: "true"
  Security__AllowedOrigins__0: https://messageboard.iamworkin.lan
  FlowerCore__Database__ConnectionStrings__Sqlite: Data Source=/data/messageboard.db
  OTEL_SERVICE_NAME: FlowerCore.MessageBoard
  OTEL_EXPORTER_OTLP_ENDPOINT: http://otel-collector.monitoring.svc.cluster.local:4317
  OTEL_EXPORTER_OTLP_PROTOCOL: grpc
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: messageboard-web
  namespace: fc-messageboard
  labels:
    app: messageboard-web
spec:
  replicas: 1
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app: messageboard-web
  template:
    metadata:
      labels:
        app: messageboard-web
      annotations:
        prometheus.io/scrape: "true"
        prometheus.io/port: "8080"
        prometheus.io/path: "/metrics/prometheus"
    spec:
      containers:
        - name: messageboard-web
          image: localhost/fc-messageboard-web:latest
          imagePullPolicy: Never
          ports:
            - containerPort: 8080
              name: http
          envFrom:
            - configMapRef:
                name: messageboard-web-config
            - secretRef:
                name: messageboard-web-secrets
                optional: true
          volumeMounts:
            - name: data
              mountPath: /data
          resources:
            requests:
              memory: "128Mi"
              cpu: "100m"
            limits:
              memory: "512Mi"
              cpu: "500m"
          livenessProbe:
            httpGet:
              path: /health
              port: 8080
            initialDelaySeconds: 10
            periodSeconds: 30
            timeoutSeconds: 5
            failureThreshold: 3
          readinessProbe:
            httpGet:
              path: /health
              port: 8080
            initialDelaySeconds: 10
            periodSeconds: 10
            timeoutSeconds: 5
            failureThreshold: 6
      volumes:
        - name: data
          persistentVolumeClaim:
            claimName: messageboard-web-data
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: messageboard-web-data
  namespace: fc-messageboard
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 1Gi
---
apiVersion: v1
kind: Service
metadata:
  name: messageboard-web
  namespace: fc-messageboard
spec:
  selector:
    app: messageboard-web
  ports:
    - port: 80
      targetPort: 8080
      name: http
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: messageboard-web-tls
  namespace: fc-messageboard
spec:
  secretName: messageboard-web-tls
  issuerRef:
    name: step-ca-acme
    kind: ClusterIssuer
  dnsNames:
    - messageboard.iamworkin.lan
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
  name: messageboard-web
  namespace: fc-messageboard
spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(`messageboard.iamworkin.lan`)
      kind: Rule
      services:
        - name: messageboard-web
          port: 80
  tls:
    secretName: messageboard-web-tls