update: refine Kubernetes deployment configs and scripts

tkspuk · tkspuk · commit dbd47fe75037 · 2025-11-09T05:17:00.000Z
diff --git a/k8s/00-secrets.yaml b/k8s/00-secrets.yaml
@@ -3,6 +3,7 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: netpulse-secrets
+  namespace: netpulse
 type: Opaque
 stringData:
   # IMPORTANT: Replace these placeholder passwords with secure values before deploying to production
diff --git a/k8s/01-redis.yaml b/k8s/01-redis.yaml
@@ -3,6 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
   name: redis-nodes
+  namespace: netpulse
   labels: {app: redis}
 spec:
   clusterIP: None # Headless Service
@@ -17,6 +18,7 @@ apiVersion: apps/v1
 kind: StatefulSet
 metadata:
   name: redis-nodes
+  namespace: netpulse
 spec:
   serviceName: redis-nodes
   replicas: 3 # redis-0 is initial master
@@ -89,6 +91,7 @@ apiVersion: v1
 kind: Service
 metadata:
   name: redis-sentinel
+  namespace: netpulse
   labels: {app: redis-sentinel}
 spec:
   ports:
@@ -101,6 +104,7 @@ apiVersion: apps/v1
 kind: StatefulSet
 metadata:
   name: redis-sentinel
+  namespace: netpulse
 spec:
   serviceName: redis-sentinel
   replicas: 3
@@ -173,6 +177,7 @@ apiVersion: policy/v1
 kind: PodDisruptionBudget
 metadata:
   name: pdb-redis
+  namespace: netpulse
 spec:
   minAvailable: 2
   selector:
@@ -183,6 +188,7 @@ apiVersion: policy/v1
 kind: PodDisruptionBudget
 metadata:
   name: pdb-redis-sentinel
+  namespace: netpulse
 spec:
   minAvailable: 2
   selector:
diff --git a/k8s/02-netpulse.yaml b/k8s/02-netpulse.yaml
@@ -5,6 +5,7 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: netpulse-config
+  namespace: netpulse
   labels:
     app: netpulse
     component: shared
@@ -26,6 +27,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: netpulse-controller
+  namespace: netpulse
 spec:
   replicas: 3
   selector:
@@ -42,6 +44,13 @@ spec:
       - name: controller
         image: localhost/netpulse-controller:latest
         imagePullPolicy: IfNotPresent
+        resources:
+          requests:
+            memory: "4Gi"
+            cpu: "2000m"
+          limits:
+            memory: "8Gi"
+            cpu: "8000m"
         envFrom:
         - configMapRef:
             name: netpulse-config
@@ -69,8 +78,9 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: netpulse-node-worker
+  namespace: netpulse
 spec:
-  replicas: 3
+  replicas: 6
   selector:
     matchLabels:
       app: netpulse
@@ -85,6 +95,13 @@ spec:
       - name: node-worker
         image: localhost/netpulse-node-worker:latest
         imagePullPolicy: IfNotPresent
+        resources:
+          requests:
+            memory: "2Gi"
+            cpu: "1000m"
+          limits:
+            memory: "4Gi"
+            cpu: "4000m"
         envFrom:
         - configMapRef:
             name: netpulse-config
@@ -110,8 +127,9 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: netpulse-fifo-worker
+  namespace: netpulse
 spec:
-  replicas: 3
+  replicas: 6
   selector:
     matchLabels:
       app: netpulse
@@ -126,6 +144,13 @@ spec:
       - name: fifo-worker
         image: localhost/netpulse-fifo-worker:latest
         imagePullPolicy: IfNotPresent
+        resources:
+          requests:
+            memory: "2Gi"
+            cpu: "1000m"
+          limits:
+            memory: "4Gi"
+            cpu: "4000m"
         envFrom:
         - configMapRef:
             name: netpulse-config
@@ -151,6 +176,7 @@ apiVersion: v1
 kind: Service
 metadata:
   name: netpulse
+  namespace: netpulse
 spec:
   selector:
     app: netpulse
diff --git a/k8s/03-ingress.yaml b/k8s/03-ingress.yaml
@@ -3,14 +3,13 @@ apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   name: netpulse-ingress
-  namespace: default
+  namespace: netpulse
   annotations:
     nginx.ingress.kubernetes.io/rewrite-target: /
 spec:
   ingressClassName: nginx
   rules:
-  - host: netpulse.local
-    http:
+  - http:
       paths:
       - path: /
         pathType: Prefix
diff --git a/k8s/04-nodeport.yaml b/k8s/04-nodeport.yaml
@@ -0,0 +1,19 @@
+# 04-nodeport/nodeport.yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: netpulse-nodeport
+  namespace: netpulse
+  labels:
+    app: netpulse
+spec:
+  type: NodePort
+  ports:
+  - port: 9000
+    targetPort: 9000
+    nodePort: 30090
+    protocol: TCP
+    name: http
+  selector:
+    app: netpulse
+    component: controller
diff --git a/scripts/k8s_setup_secrets.sh b/scripts/k8s_setup_secrets.sh
@@ -0,0 +1,170 @@
+#!/bin/bash
+
+# NetPulse Kubernetes Secrets Setup Script
+
+set -e
+
+COLOR_RED='\033[0;31m'
+COLOR_GREEN='\033[0;32m'
+COLOR_YELLOW='\033[1;33m'
+COLOR_BLUE='\033[0;34m'
+COLOR_NC='\033[0m' # No Color
+
+print_status() {
+    echo -e "${COLOR_BLUE}[INFO]${COLOR_NC} $1"
+}
+
+print_success() {
+    echo -e "${COLOR_GREEN}[SUCCESS]${COLOR_NC} $1"
+}
+
+print_warning() {
+    echo -e "${COLOR_YELLOW}[WARNING]${COLOR_NC} $1"
+}
+
+print_error() {
+    echo -e "${COLOR_RED}[ERROR]${COLOR_NC} $1"
+}
+
+generate_secure_values() {
+    print_status "Generating secure values for Kubernetes secrets..."
+    
+    local redis_password=$(openssl rand -base64 32 | tr -d "=+/" | cut -c1-25)
+    local api_key="np_$(openssl rand -hex 32)"
+    
+    # Create deployment secrets file (not in git)
+    cat > k8s/00-secrets-deploy.yaml << SECRETSEOF
+# 00-secrets/netpulse-secrets.yaml
+# Generated on $(date) - DO NOT commit to version control
+apiVersion: v1
+kind: Secret
+metadata:
+  name: netpulse-secrets
+  namespace: netpulse
+type: Opaque
+stringData:
+  # Generated secure passwords - DO NOT commit to version control
+  password: "$redis_password"
+  api-key: "$api_key"
+SECRETSEOF
+    
+    print_success "Secure secrets generated in k8s/00-secrets-deploy.yaml!"
+    print_warning "Your API Key: $api_key"
+    print_warning "Your Redis Password: $redis_password"
+    print_warning "Please save these credentials securely!"
+    print_status "Use: kubectl apply -f k8s/00-secrets-deploy.yaml"
+}
+
+apply_secrets() {
+    print_status "Applying secrets to Kubernetes cluster..."
+    
+    # Check for deploy file first, then fall back to original
+    local secrets_file=""
+    if [ -f "k8s/00-secrets-deploy.yaml" ]; then
+        secrets_file="k8s/00-secrets-deploy.yaml"
+        print_status "Using generated secrets file: $secrets_file"
+    elif [ -f "k8s/00-secrets.yaml" ]; then
+        secrets_file="k8s/00-secrets.yaml"
+        print_warning "Using original secrets file: $secrets_file"
+        print_warning "Make sure you have updated the placeholder passwords!"
+    else
+        print_error "No secrets file found. Run 'generate' first or ensure k8s/00-secrets.yaml exists."
+        return 1
+    fi
+    
+    kubectl apply -f "$secrets_file"
+    
+    print_success "Secrets applied to Kubernetes cluster!"
+    
+    # Verify secrets were created
+    if kubectl get secret netpulse-secrets >/dev/null 2>&1; then
+        print_success "Secret 'netpulse-secrets' created successfully"
+    else
+        print_error "Failed to create secret 'netpulse-secrets'"
+        return 1
+    fi
+}
+
+check_prerequisites() {
+    print_status "Checking prerequisites..."
+    
+    # Check if kubectl is available
+    if ! command -v kubectl >/dev/null 2>&1; then
+        print_error "kubectl is required but not installed"
+        return 1
+    fi
+    
+    # Check if we can connect to cluster
+    if ! kubectl cluster-info >/dev/null 2>&1; then
+        print_error "Cannot connect to Kubernetes cluster"
+        return 1
+    fi
+    
+    print_success "Prerequisites check passed"
+}
+
+cleanup() {
+    print_status "Cleaning up deployment files..."
+    
+    if [ -f "k8s/00-secrets-deploy.yaml" ]; then
+        rm k8s/00-secrets-deploy.yaml
+        print_success "Deployment secrets file removed"
+    fi
+}
+
+main() {
+    echo "NetPulse Kubernetes Secrets Setup"
+    echo "=================================="
+    
+    case "${1:-help}" in
+        "generate")
+            check_prerequisites
+            generate_secure_values
+            print_success "Secrets generation complete!"
+            print_status "Next step: kubectl apply -f k8s/00-secrets-deploy.yaml"
+            ;;
+        "apply")
+            check_prerequisites
+            apply_secrets
+            print_success "Secrets applied to cluster!"
+            print_status "Next step: kubectl apply -f k8s/01-redis.yaml"
+            ;;
+        "auto")
+            check_prerequisites
+            generate_secure_values
+            apply_secrets
+            print_success "Complete setup finished!"
+            print_status "Next step: kubectl apply -f k8s/01-redis.yaml"
+            print_warning "Deployment file k8s/00-secrets-deploy.yaml kept for reference"
+            print_status "Run '$0 cleanup' to remove deployment files when done"
+            ;;
+        "cleanup")
+            cleanup
+            ;;
+        "help"|*)
+            echo "Usage: $0 {generate|apply|auto|cleanup}"
+            echo ""
+            echo "Commands:"
+            echo "  generate - Generate secure secrets file (k8s/00-secrets-deploy.yaml)"
+            echo "  apply    - Apply secrets to Kubernetes cluster (auto-detect file)"
+            echo "  auto     - Generate and apply secrets in one step (recommended)"
+            echo "  cleanup  - Remove deployment files"
+            echo ""
+            echo "Deployment Options:"
+            echo "  Option 1 (Auto): $0 auto"
+            echo "  Option 2 (Manual): Edit k8s/00-secrets.yaml, then kubectl apply -f k8s/00-secrets.yaml"
+            echo ""
+            echo "File Management:"
+            echo "  k8s/00-secrets-deploy.yaml - Deployment file (auto-generated, not in git)"
+            echo "  $0 cleanup                 - Remove deployment files when done"
+            echo ""
+            echo "Examples:"
+            echo "  $0 auto                    # Generate and apply secrets automatically"
+            echo "  $0 generate && $0 apply    # Generate first, then apply"
+            echo "  kubectl apply -f k8s/00-secrets.yaml  # Use manually edited file"
+            echo "  $0 cleanup                 # Clean up temporary files"
+            ;;
+    esac
+}
+
+main "$@"
