diff --git a/kube/deploy/apps/reactive-resume/app/hr.yaml b/kube/deploy/apps/reactive-resume/app/hr.yaml index 43a3076d39..ed62667ea9 100644 --- a/kube/deploy/apps/reactive-resume/app/hr.yaml +++ b/kube/deploy/apps/reactive-resume/app/hr.yaml @@ -30,41 +30,47 @@ spec: containers: main: image: - repository: "ghcr.io/amruthpillai/reactive-resume" - tag: "v4.0.5" + repository: "ghcr.io/jjgadgets/reactive-resume" + tag: "server-3.7.5" env: &env TZ: "${CONFIG_TZ}" - PORT: "3100" - NODE_ENV: "production" - PUBLIC_URL: "https://${APP_DNS_REACTIVE_RESUME}" - STORAGE_URL: "https://${APP_DNS_RGW_S3}/reactive-resume-media" - REDIS_URL: "redis://127.0.0.1:6379" - CHROME_URL: "wss://${APP_DNS_REACTIVE_RESUME_PRINTER}" - CHROME_TOKEN: &chrome + PUBLIC_URL: "http://${APP_IP_REACTIVE_RESUME}:3000" + PUBLIC_SERVER_URL: "http://${APP_IP_REACTIVE_RESUME}:3100" + STORAGE_URL_PREFIX: "https://${APP_DNS_RGW_S3}/reactive-resume-media" + POSTGRES_HOST: valueFrom: secretKeyRef: - name: "reactive-resume-secrets" - key: "CHROME_TOKEN" - DATABASE_URL: + name: "pg-home-pguser-reactive-resume" + key: "host" + POSTGRES_DB: + valueFrom: + secretKeyRef: + name: "pg-home-pguser-reactive-resume" + key: "dbname" + POSTGRES_USER: valueFrom: secretKeyRef: name: "pg-home-pguser-reactive-resume" - key: "uri" - ACCESS_TOKEN_SECRET: + key: "user" + POSTGRES_PASSWORD: + valueFrom: + secretKeyRef: + name: "pg-home-pguser-reactive-resume" + key: "password" + SECRET_KEY: valueFrom: secretKeyRef: name: "reactive-resume-secrets" - key: "ACCESS_TOKEN_SECRET" - REFRESH_TOKEN_SECRET: + key: "SECRET_KEY" + JWT_SECRET: valueFrom: secretKeyRef: name: "reactive-resume-secrets" - key: "REFRESH_TOKEN_SECRET" - STORAGE_ENDPOINT: "rook-ceph-rgw-${CLUSTER_NAME}.rook-ceph.svc" - STORAGE_PORT: "6953" + key: "JWT_SECRET" + JWT_EXPIRY_TIME: "604800" + STORAGE_ENDPOINT: "http://rook-ceph-rgw-${CLUSTER_NAME}.rook-ceph.svc:6953/reactive-resume-media" STORAGE_BUCKET: "reactive-resume-media" STORAGE_REGION: "us-east-1" - STORAGE_USE_SSL: "false" STORAGE_ACCESS_KEY: valueFrom: secretKeyRef: @@ -75,11 +81,6 @@ spec: secretKeyRef: name: "reactive-resume-media-s3" key: "AWS_SECRET_ACCESS_KEY" - securityContext: &sc - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] resources: requests: cpu: "10m" @@ -87,41 +88,11 @@ spec: limits: cpu: "3000m" memory: "6Gi" - redis: + frontend: image: - repository: "public.ecr.aws/docker/library/redis" - tag: "7.2.4-bookworm@sha256:e647cfe134bf5e8e74e620f66346f93418acfc240b71dd85640325cb7cd01402" - command: [ - "redis-server", - "--save", - "''", - "--appendonly", - "no", - "--port", - "6379", - "--bind", - "127.0.0.1", - ] # save and appendonly options forcibly disable RDB and AOF persistence entirely - securityContext: *sc - resources: - requests: - cpu: "10m" - memory: "32Mi" - limits: - cpu: "1000m" - memory: "512Mi" - chrome: - image: - repository: "docker.io/browserless/chrome" - tag: "1.61.0-puppeteer-21.4.1" - env: - TOKEN: *chrome - EXIT_ON_HEALTH_FAILURE: "true" - PRE_REQUEST_HEALTH_CHECK: "true" - PROXY_HOST: "${APP_DNS_REACTIVE_RESUME_PRINTER}" - PROXY_PORT: "443" - PROXY_SSL: "true" - securityContext: *sc + repository: "ghcr.io/jjgadgets/reactive-resume" + tag: "client-3.7.5" + env: *env resources: requests: cpu: "10m" @@ -131,58 +102,59 @@ spec: memory: "6Gi" service: main: + enabled: true + primary: true + controller: main + type: LoadBalancer + externalTrafficPolicy: Cluster + annotations: + "io.cilium/lb-ipam-ips": "${APP_IP_REACTIVE_RESUME}" ports: http: port: 3100 - chrome: - port: 3000 # listens on 3000 by default + frontend: + port: 3000 ingress: main: - enabled: true - primary: true - className: "nginx-internal" - hosts: - - host: &host "${APP_DNS_REACTIVE_RESUME}" - paths: - - path: / - pathType: Prefix - service: - name: main - port: http - tls: - - hosts: [*host] - chrome: - enabled: true - primary: false - className: "nginx-internal" - hosts: - - host: "${APP_DNS_REACTIVE_RESUME_PRINTER}" - paths: - - path: / - pathType: Prefix - service: - name: main - port: chrome - tls: - - hosts: [*host] + enabled: false + # primary: true + # className: "nginx-internal" + # annotations: + # nginx.ingress.kubernetes.io/use-regex: "true" + # nginx.ingress.kubernetes.io/rewrite-target: "/$2" + # hosts: + # - host: &host "${APP_DNS_REACTIVE_RESUME}" + # paths: + # - path: "/api(/|$)(.*)" + # pathType: ImplementationSpecific + # service: + # name: main + # port: http + # tls: + # - hosts: [*host] + backend: + enabled: false + # primary: false + # className: "nginx-internal" + # hosts: + # - host: *host + # paths: + # - path: / + # pathType: Prefix + # service: + # name: main + # port: frontend + # tls: + # - hosts: [*host] persistence: config: enabled: false - tmp: - enabled: true - type: emptyDir - medium: Memory - globalMounts: - - subPath: "tmp" - path: "/tmp" - - subPath: "nodecache" - path: "/app/node_modules/.cache" defaultPodOptions: automountServiceAccountToken: false enableServiceLinks: false securityContext: - runAsNonRoot: true - runAsUser: &uid ${APP_UID_REACTIVE_RESUME} + runAsNonRoot: false + runAsUser: &uid 0 runAsGroup: *uid fsGroup: *uid fsGroupChangePolicy: "Always"