initial commit

2026-01-09 21:58:53 +01:00 · 2026-01-09 21:58:53 +01:00 · b56e866071
commit b56e866071
parent 3bba1f6db6
36 changed files with 4160 additions and 0 deletions
--- a/DEPLOYMENT.md
+++ b/DEPLOYMENT.md
@ -0,0 +1,173 @@
+# Snauw Counter - Production Setup
+
+## 🐳 Docker
+
+### Build lokaal
+```bash
+docker build -t snauw-counter .
+docker run -p 5000:5000 -e SECRET_KEY=your-secret-key snauw-counter
+```
+
+### Met Docker Compose (ontwikkeling)
+```bash
+docker-compose up -d
+```
+
+## 🚀 Kubernetes Deployment
+
+### Vereisten
+- Kubernetes cluster (v1.24+)
+- kubectl geconfigureerd
+- NGINX Ingress Controller
+- cert-manager (voor SSL)
+
+### 1. Secrets aanmaken
+```bash
+# Generate secret key
+kubectl create secret generic snauw-counter-secrets \
+    --from-literal=secret-key=$(openssl rand -base64 32) \
+    -n snauw-counter
+```
+
+### 2. Deploy met script
+```bash
+# Basis deployment (SQLite)
+./deploy.sh deploy
+
+# Met specifieke image tag
+./deploy.sh deploy -t v1.0.0
+
+# Status checken
+./deploy.sh status
+
+# Logs bekijken
+./deploy.sh logs -f
+
+# Schalen
+./deploy.sh scale 5
+```
+
+### 3. Handmatige deployment
+```bash
+# Namespace
+kubectl apply -f k8s/namespace.yaml
+
+# Config en secrets
+kubectl apply -f k8s/configmap.yaml
+
+# SQLite PVC
+kubectl apply -f k8s/sqlite-pvc.yaml
+
+# Applicatie
+export IMAGE_TAG=latest
+envsubst < k8s/deployment.yaml | kubectl apply -f -
+kubectl apply -f k8s/service.yaml
+kubectl apply -f k8s/ingress.yaml
+kubectl apply -f k8s/scaling.yaml
+```
+
+## 🔧 Configuratie
+
+### Environment Variables
+- `FLASK_ENV`: production
+- `SECRET_KEY`: Flask secret key
+- `DATABASE_URL`: sqlite:///app/data/snauw_counter.db
+
+### Ingress Configuratie
+Update `k8s/ingress.yaml`:
+```yaml
+rules:
+- host: your-domain.com  # Verander naar je domein
+```
+
+### SSL Certificates
+Cert-manager configureren voor automatische SSL:
+```bash
+kubectl apply -f https://github.com/cert-manager/cert-manager/releases/latest/download/cert-manager.yaml
+```
+
+## 🔍 Monitoring
+
+### Health Checks
+- `/health` - Applicatie health status
+- Liveness probe: elke 30s
+- Readiness probe: elke 10s
+
+### Prometheus Metrics
+- Automatische metrics export
+- Service discovery via annotations
+
+### Logging
+```bash
+# Applicatie logs
+kubectl logs -l app.kubernetes.io/name=snauw-counter -n snauw-counter -f
+
+# Database logs
+kubectl logs -l app.kubernetes.io/name=postgres -n snauw-counter -f
+```
+
+## 📊 Scaling
+
+### Horizontal Pod Autoscaler
+- Min replicas: 2
+- Max replicas: 10
+- CPU target: 70%
+- Memory target: 80%
+
+### Manual Scaling
+```bash
+kubectl scale deployment/snauw-counter --replicas=5 -n snauw-counter
+```
+
+## 🛠️ CI/CD Pipeline
+
+### GitHub Actions Workflows
+
+1. **test.yml**: Test en security scan op push/PR
+2. **docker.yml**: Build en push container images
+3. **deploy.yml**: Deploy naar productie bij release
+
+### Secrets Required
+- `GITHUB_TOKEN`: Voor container registry
+- `KUBECONFIG`: Kubernetes configuratie
+
+## 🔒 Security
+
+### Container Security
+- Non-root user (1001)
+- Read-only root filesystem
+- Security contexts
+- Vulnerability scanning met Trivy
+
+### Network Security
+- NetworkPolicies
+- Ingress rate limiting
+- TLS encryption
+
+### Database Security
+- Encrypted passwords
+- Connection pooling
+- Regular backups
+
+## 📋 Maintenance
+
+### Database Migrations
+```bash
+kubectl exec -it deployment/snauw-counter -n snauw-counter -- flask db upgrade
+```
+
+### Backup Database
+```bash
+kubectl exec -it deployment/snauw-counter -n snauw-counter -- cp /app/data/snauw_counter.db /tmp/
+kubectl cp snauw-counter/$(kubectl get pods -n snauw-counter -l app.kubernetes.io/name=snauw-counter -o jsonify={.items[0].metadata.name}):/tmp/snauw_counter.db ./backup-$(date +%Y%m%d).db
+```
+
+### Rolling Updates
+```bash
+kubectl set image deployment/snauw-counter snauw-counter=ghcr.io/username/snauw-counter:v2.0.0 -n snauw-counter
+```
+
+### Rollback
+```bash
+kubectl rollout undo deployment/snauw-counter -n snauw-counter
+```