# Snauw Counter - Production Setup ## 🐳 Docker ### Build lokaal ```bash docker build -t snauw-counter . docker run -p 5000:5000 -e SECRET_KEY=your-secret-key snauw-counter ``` ### Met Docker Compose (ontwikkeling) ```bash docker-compose up -d ``` ## 🚀 Kubernetes Deployment ### Vereisten - Kubernetes cluster (v1.24+) - kubectl geconfigureerd - NGINX Ingress Controller - cert-manager (voor SSL) ### 1. Secrets aanmaken ```bash # Generate secret key kubectl create secret generic snauw-counter-secrets \ --from-literal=secret-key=$(openssl rand -base64 32) \ -n snauw-counter ``` ### 2. Deploy met script ```bash # Basis deployment (SQLite) ./deploy.sh deploy # Met specifieke image tag ./deploy.sh deploy -t v1.0.0 # Status checken ./deploy.sh status # Logs bekijken ./deploy.sh logs -f # Schalen ./deploy.sh scale 5 ``` ### 3. Handmatige deployment ```bash # Namespace kubectl apply -f k8s/namespace.yaml # Config en secrets kubectl apply -f k8s/configmap.yaml # SQLite PVC kubectl apply -f k8s/sqlite-pvc.yaml # Applicatie export IMAGE_TAG=latest envsubst < k8s/deployment.yaml | kubectl apply -f - kubectl apply -f k8s/service.yaml kubectl apply -f k8s/ingress.yaml kubectl apply -f k8s/scaling.yaml ``` ## 🔧 Configuratie ### Environment Variables - `FLASK_ENV`: production - `SECRET_KEY`: Flask secret key - `DATABASE_URL`: sqlite:///app/data/snauw_counter.db ### Ingress Configuratie Update `k8s/ingress.yaml`: ```yaml rules: - host: your-domain.com # Verander naar je domein ``` ### SSL Certificates Cert-manager configureren voor automatische SSL: ```bash kubectl apply -f https://github.com/cert-manager/cert-manager/releases/latest/download/cert-manager.yaml ``` ## 🔍 Monitoring ### Health Checks - `/health` - Applicatie health status - Liveness probe: elke 30s - Readiness probe: elke 10s ### Prometheus Metrics - Automatische metrics export - Service discovery via annotations ### Logging ```bash # Applicatie logs kubectl logs -l app.kubernetes.io/name=snauw-counter -n snauw-counter -f # Database logs kubectl logs -l app.kubernetes.io/name=postgres -n snauw-counter -f ``` ## 📊 Scaling ### Horizontal Pod Autoscaler - Min replicas: 2 - Max replicas: 10 - CPU target: 70% - Memory target: 80% ### Manual Scaling ```bash kubectl scale deployment/snauw-counter --replicas=5 -n snauw-counter ``` ## 🛠️ CI/CD Pipeline ### GitHub Actions Workflows 1. **test.yml**: Test en security scan op push/PR 2. **docker.yml**: Build en push container images 3. **deploy.yml**: Deploy naar productie bij release ### Secrets Required - `GITHUB_TOKEN`: Voor container registry - `KUBECONFIG`: Kubernetes configuratie ## 🔒 Security ### Container Security - Non-root user (1001) - Read-only root filesystem - Security contexts - Vulnerability scanning met Trivy ### Network Security - NetworkPolicies - Ingress rate limiting - TLS encryption ### Database Security - Encrypted passwords - Connection pooling - Regular backups ## 📋 Maintenance ### Database Migrations ```bash kubectl exec -it deployment/snauw-counter -n snauw-counter -- flask db upgrade ``` ### Backup Database ```bash kubectl exec -it deployment/snauw-counter -n snauw-counter -- cp /app/data/snauw_counter.db /tmp/ kubectl cp snauw-counter/$(kubectl get pods -n snauw-counter -l app.kubernetes.io/name=snauw-counter -o jsonify={.items[0].metadata.name}):/tmp/snauw_counter.db ./backup-$(date +%Y%m%d).db ``` ### Rolling Updates ```bash kubectl set image deployment/snauw-counter snauw-counter=ghcr.io/username/snauw-counter:v2.0.0 -n snauw-counter ``` ### Rollback ```bash kubectl rollout undo deployment/snauw-counter -n snauw-counter ```