# ops-deployment This repository contains declarative Kubernetes configurations (deployments, services, persistent volumes) for all application services. Changes are automatically synchronized to the cluster by Flux. ## Structure Each service directory contains: - `deployment.yaml` - Pod specifications, container images, environment variables, volume mounts - `service.yaml` - Service exposure (ClusterIP, NodePort) - Additional resources as needed (PVCs, ConfigMaps, etc.) ## Workflow 1. **CI/CD Pipeline**: Build process generates new container image 2. **Automatic Update**: Pipeline commits updated image tag to this repository 3. **Flux Synchronization**: Flux detects changes and applies to cluster 4. **Rolling Deployment**: Kubernetes performs rolling update ## Secrets Management Secrets are managed directly in Kubernetes using `kubectl` or sealed-secrets: - Never committed to this repository - Mounted as volumes at `/etc/secrets` in containers - Referenced via `secretName` in deployment manifests ## Persistent Storage Services requiring data persistence (MySQL, RabbitMQ) use PersistentVolumeClaims: - Storage classes define volume provisioning - Data survives pod restarts and redeployments - Backups handled separately ## Example Service ```yaml apiVersion: apps/v1 kind: Deployment metadata: name: backend-push-notifications namespace: app-notifications spec: replicas: 1 template: spec: containers: - name: backend-push-notifications image: ghcr.io/user/service:2 ports: - containerPort: 9000 volumeMounts: - name: secrets mountPath: /etc/secrets readOnly: true volumes: - name: secrets secret: secretName: backend-push-notifications --- apiVersion: v1 kind: Service metadata: name: backend-push-notifications spec: selector: app: backend-push-notifications ports: - port: 9000 targetPort: 9000 nodePort: 30904 type: NodePort ``` ## Monitoring Services expose Prometheus metrics endpoints where applicable, on port 9000 and exposed via NodePort.