michael/snauwcounter
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions
snauwcounter/DEPLOYMENT.md
Michael Trip b56e866071
All checks were successful
Build and Push Image / build-and-push (push) Successful in 1m26s
Details
initial commit
2026-01-09 21:58:53 +01:00

173 lines
3.6 KiB
Markdown
Raw Permalink Blame History

# Snauw Counter - Production Setup
## 🐳 Docker
### Build lokaal
```bash
docker build -t snauw-counter .
docker run -p 5000:5000 -e SECRET_KEY=your-secret-key snauw-counter
```
### Met Docker Compose (ontwikkeling)
```bash
docker-compose up -d
```
## 🚀 Kubernetes Deployment
### Vereisten
- Kubernetes cluster (v1.24+)
- kubectl geconfigureerd
- NGINX Ingress Controller
- cert-manager (voor SSL)
### 1. Secrets aanmaken
```bash
# Generate secret key
kubectl create secret generic snauw-counter-secrets \
--from-literal=secret-key=$(openssl rand -base64 32) \
-n snauw-counter
```
### 2. Deploy met script
```bash
# Basis deployment (SQLite)
./deploy.sh deploy
# Met specifieke image tag
./deploy.sh deploy -t v1.0.0
# Status checken
./deploy.sh status
# Logs bekijken
./deploy.sh logs -f
# Schalen
./deploy.sh scale 5
```
### 3. Handmatige deployment
```bash
# Namespace
kubectl apply -f k8s/namespace.yaml
# Config en secrets
kubectl apply -f k8s/configmap.yaml
# SQLite PVC
kubectl apply -f k8s/sqlite-pvc.yaml
# Applicatie
export IMAGE_TAG=latest
envsubst < k8s/deployment.yaml | kubectl apply -f -
kubectl apply -f k8s/service.yaml
kubectl apply -f k8s/ingress.yaml
kubectl apply -f k8s/scaling.yaml
```
## 🔧 Configuratie
### Environment Variables
- `FLASK_ENV`: production
- `SECRET_KEY`: Flask secret key
- `DATABASE_URL`: sqlite:///app/data/snauw_counter.db
### Ingress Configuratie
Update `k8s/ingress.yaml`:
```yaml
rules:
- host: your-domain.com # Verander naar je domein
```
### SSL Certificates
Cert-manager configureren voor automatische SSL:
```bash
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/latest/download/cert-manager.yaml
```
## 🔍 Monitoring
### Health Checks
- `/health` - Applicatie health status
- Liveness probe: elke 30s
- Readiness probe: elke 10s
### Prometheus Metrics
- Automatische metrics export
- Service discovery via annotations
### Logging
```bash
# Applicatie logs
kubectl logs -l app.kubernetes.io/name=snauw-counter -n snauw-counter -f
# Database logs
kubectl logs -l app.kubernetes.io/name=postgres -n snauw-counter -f
```
## 📊 Scaling
### Horizontal Pod Autoscaler
- Min replicas: 2
- Max replicas: 10
- CPU target: 70%
- Memory target: 80%
### Manual Scaling
```bash
kubectl scale deployment/snauw-counter --replicas=5 -n snauw-counter
```
## 🛠️ CI/CD Pipeline
### GitHub Actions Workflows
1. **test.yml**: Test en security scan op push/PR
2. **docker.yml**: Build en push container images
3. **deploy.yml**: Deploy naar productie bij release
### Secrets Required
- `GITHUB_TOKEN`: Voor container registry
- `KUBECONFIG`: Kubernetes configuratie
## 🔒 Security
### Container Security
- Non-root user (1001)
- Read-only root filesystem
- Security contexts
- Vulnerability scanning met Trivy
### Network Security
- NetworkPolicies
- Ingress rate limiting
- TLS encryption
### Database Security
- Encrypted passwords
- Connection pooling
- Regular backups
## 📋 Maintenance
### Database Migrations
```bash
kubectl exec -it deployment/snauw-counter -n snauw-counter -- flask db upgrade
```
### Backup Database
```bash
kubectl exec -it deployment/snauw-counter -n snauw-counter -- cp /app/data/snauw_counter.db /tmp/
kubectl cp snauw-counter/$(kubectl get pods -n snauw-counter -l app.kubernetes.io/name=snauw-counter -o jsonify={.items[0].metadata.name}):/tmp/snauw_counter.db ./backup-$(date +%Y%m%d).db
```
### Rolling Updates
```bash
kubectl set image deployment/snauw-counter snauw-counter=ghcr.io/username/snauw-counter:v2.0.0 -n snauw-counter
```
### Rollback
```bash
kubectl rollout undo deployment/snauw-counter -n snauw-counter
```
Reference in a new issue View git blame Copy permalink