feat(ops): kubernetes deployment

microblogpub-certificate.yaml

@@ -0,0 +1,13 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: microblogpub-tls
+  namespace: microblogpub
+spec:
+  secretName: microblogpub-tls
+  issuerRef:
+    name: letsencrypt-regru
+    kind: ClusterIssuer
+  dnsNames:
+    - titer.b1-66er.ru
+

microblogpub-deployment.yaml

@@ -0,0 +1,40 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: microblogpub
+  namespace: microblogpub
+  labels:
+    app: microblogpub
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: microblogpub
+  template:
+    metadata:
+      labels:
+        app: microblogpub
+    spec:
+      securityContext:
+        runAsUser: 1000
+        runAsGroup: 1000
+      containers:
+        - name: microblogpub
+          image: microblogpub:latest
+          imagePullPolicy: Never
+          ports:
+            - containerPort: 8000
+          volumeMounts:
+            - name: data-volume
+              mountPath: /app/data
+            - name: static-volume
+              mountPath: /app/app/static
+      volumes:
+        - name: data-volume
+          hostPath:
+            path: /home/u/server_one/common/b1-66er.tld/data
+            type: DirectoryOrCreate
+        - name: static-volume
+          hostPath:
+            path: /home/u/server_one/common/b1-66er.tld/app/static
+            type: DirectoryOrCreate

microblogpub-dev.yaml

@@ -0,0 +1,38 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: microblogpub-compile-css
+  namespace: microblogpub
+spec:
+  template:
+    spec:
+      containers:
+      - name: css-compiler
+        image: python:3.11-slim
+        command: ["/bin/bash", "-c"]
+        args:
+        - |
+          apt-get update
+          apt-get install -y --no-install-recommends curl build-essential gcc libffi-dev libssl-dev libxml2-dev libxslt1-dev zlib1g-dev libxslt-dev gcc libjpeg-dev zlib1g-dev libwebp-dev make git
+          curl -sSL https://install.python-poetry.org | python3 -
+          export PATH="/root/.local/bin:$PATH"
+          cd /app
+          git clone https://git.sr.ht/~tsileo/microblog.pub .
+          poetry install
+          poetry run inv compile-scss
+          cp -r app/static/css/* /compiled-css/
+        volumeMounts:
+        - name: app-data
+          mountPath: /app/data
+        - name: compiled-css
+          mountPath: /compiled-css
+        workingDir: /app
+      volumes:
+      - name: app-data
+        persistentVolumeClaim:
+          claimName: microblogpub-data
+      - name: compiled-css
+        persistentVolumeClaim:
+          claimName: microblogpub-css
+      restartPolicy: Never
+

microblogpub-ingress.yaml

@@ -0,0 +1,30 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: microblogpub
+  namespace: microblogpub
+  annotations:
+    kubernetes.io/ingress.class: traefik
+    cert-manager.io/cluster-issuer: letsencrypt-regru
+    traefik.enable: "true"
+    traefik.http.routers.microblogpub.rule: "Host(`titer.b1-66er.ru`)"
+    traefik.http.routers.microblogpub.entrypoints: websecure
+    traefik.http.routers.microblogpub.tls.certresolver: letsencrypt
+    traefik.http.services.microblogpub.loadbalancer.server.port: "8000"
+spec:
+  ingressClassName: traefik
+  rules:
+    - host: titer.b1-66er.ru
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: microblogpub
+                port:
+                  number: 80
+  tls:
+    - secretName: microblogpub-tls
+      hosts:
+        - titer.b1-66er.ru

microblogpub-namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: microblogpub

microblogpub-service.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: microblogpub
+  namespace: microblogpub
+spec:
+  type: ClusterIP
+  selector:
+    app: microblogpub
+  ports:
+    - port: 80
+      targetPort: 8000
+      name: http

update-microblogpub.sh

@@ -0,0 +1,25 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+IMAGE="microblogpub:latest"
+TAR="microblogpub.tar"
+NAMESPACE="microblogpub"
+APP_LABEL="app=microblogpub"
+
+echo "ℹ️  Пересборка образа…"
+docker build -t "${IMAGE}" .
+
+echo "ℹ️  Экспорт в ${TAR}…"
+docker save "${IMAGE}" -o "${TAR}"
+
+echo "ℹ️  Импорт в k3s containerd…"
+sudo k3s ctr images import "${TAR}"
+
+echo "ℹ️  Очистка tar-файла…"
+rm -f "${TAR}"
+
+echo "ℹ️  Перезапуск Pods…"
+kubectl -n "${NAMESPACE}" rollout restart deployment/microblogpub
+
+echo "✅  Готово!"
+