michael/snauwcounter
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions
snauwcounter/DEPLOYMENT.md
Michael Trip b56e866071
All checks were successful
Build and Push Image / build-and-push (push) Successful in 1m26s
Details
initial commit
2026-01-09 21:58:53 +01:00

3.6 KiB
Raw Blame History

Snauw Counter - Production Setup

🐳 Docker

Build lokaal

docker build -t snauw-counter .
docker run -p 5000:5000 -e SECRET_KEY=your-secret-key snauw-counter

Met Docker Compose (ontwikkeling)

docker-compose up -d

🚀 Kubernetes Deployment

Vereisten

  • Kubernetes cluster (v1.24+)
  • kubectl geconfigureerd
  • NGINX Ingress Controller
  • cert-manager (voor SSL)

1. Secrets aanmaken

# Generate secret key
kubectl create secret generic snauw-counter-secrets \
    --from-literal=secret-key=$(openssl rand -base64 32) \
    -n snauw-counter

2. Deploy met script

# Basis deployment (SQLite)
./deploy.sh deploy

# Met specifieke image tag
./deploy.sh deploy -t v1.0.0

# Status checken
./deploy.sh status

# Logs bekijken
./deploy.sh logs -f

# Schalen
./deploy.sh scale 5

3. Handmatige deployment

# Namespace
kubectl apply -f k8s/namespace.yaml

# Config en secrets
kubectl apply -f k8s/configmap.yaml

# SQLite PVC
kubectl apply -f k8s/sqlite-pvc.yaml

# Applicatie
export IMAGE_TAG=latest
envsubst < k8s/deployment.yaml | kubectl apply -f -
kubectl apply -f k8s/service.yaml
kubectl apply -f k8s/ingress.yaml
kubectl apply -f k8s/scaling.yaml

🔧 Configuratie

Environment Variables

  • FLASK_ENV: production
  • SECRET_KEY: Flask secret key
  • DATABASE_URL: sqlite:///app/data/snauw_counter.db

Ingress Configuratie

Update k8s/ingress.yaml:

rules:
- host: your-domain.com  # Verander naar je domein

SSL Certificates

Cert-manager configureren voor automatische SSL:

kubectl apply -f https://github.com/cert-manager/cert-manager/releases/latest/download/cert-manager.yaml

🔍 Monitoring

Health Checks

  • /health - Applicatie health status
  • Liveness probe: elke 30s
  • Readiness probe: elke 10s

Prometheus Metrics

  • Automatische metrics export
  • Service discovery via annotations

Logging

# Applicatie logs
kubectl logs -l app.kubernetes.io/name=snauw-counter -n snauw-counter -f

# Database logs
kubectl logs -l app.kubernetes.io/name=postgres -n snauw-counter -f

📊 Scaling

Horizontal Pod Autoscaler

  • Min replicas: 2
  • Max replicas: 10
  • CPU target: 70%
  • Memory target: 80%

Manual Scaling

kubectl scale deployment/snauw-counter --replicas=5 -n snauw-counter

🛠️ CI/CD Pipeline

GitHub Actions Workflows

  1. test.yml: Test en security scan op push/PR
  2. docker.yml: Build en push container images
  3. deploy.yml: Deploy naar productie bij release

Secrets Required

  • GITHUB_TOKEN: Voor container registry
  • KUBECONFIG: Kubernetes configuratie

🔒 Security

Container Security

  • Non-root user (1001)
  • Read-only root filesystem
  • Security contexts
  • Vulnerability scanning met Trivy

Network Security

  • NetworkPolicies
  • Ingress rate limiting
  • TLS encryption

Database Security

  • Encrypted passwords
  • Connection pooling
  • Regular backups

📋 Maintenance

Database Migrations

kubectl exec -it deployment/snauw-counter -n snauw-counter -- flask db upgrade

Backup Database

kubectl exec -it deployment/snauw-counter -n snauw-counter -- cp /app/data/snauw_counter.db /tmp/
kubectl cp snauw-counter/$(kubectl get pods -n snauw-counter -l app.kubernetes.io/name=snauw-counter -o jsonify={.items[0].metadata.name}):/tmp/snauw_counter.db ./backup-$(date +%Y%m%d).db

Rolling Updates

kubectl set image deployment/snauw-counter snauw-counter=ghcr.io/username/snauw-counter:v2.0.0 -n snauw-counter

Rollback

kubectl rollout undo deployment/snauw-counter -n snauw-counter