ops-deployment
This repository contains declarative Kubernetes configurations (deployments, services, persistent volumes) for all application services. Changes are automatically synchronized to the cluster by Flux.
Structure
Each service directory contains:
deployment.yaml- Pod specifications, container images, environment variables, volume mountsservice.yaml- Service exposure (ClusterIP, NodePort)- Additional resources as needed (PVCs, ConfigMaps, etc.)
Workflow
- CI/CD Pipeline: Build process generates new container image
- Automatic Update: Pipeline commits updated image tag to this repository
- Flux Synchronization: Flux detects changes and applies to cluster
- Rolling Deployment: Kubernetes performs rolling update
Secrets Management
Secrets are managed directly in Kubernetes using kubectl or sealed-secrets:
- Never committed to this repository
- Mounted as volumes at
/etc/secretsin containers - Referenced via
secretNamein deployment manifests
Persistent Storage
Services requiring data persistence (MySQL, RabbitMQ) use PersistentVolumeClaims:
- Storage classes define volume provisioning
- Data survives pod restarts and redeployments
- Backups handled separately
Example Service
apiVersion: apps/v1
kind: Deployment
metadata:
name: backend-push-notifications
namespace: app-notifications
spec:
replicas: 1
template:
spec:
containers:
- name: backend-push-notifications
image: ghcr.io/user/service:2
ports:
- containerPort: 9000
volumeMounts:
- name: secrets
mountPath: /etc/secrets
readOnly: true
volumes:
- name: secrets
secret:
secretName: backend-push-notifications
---
apiVersion: v1
kind: Service
metadata:
name: backend-push-notifications
spec:
selector:
app: backend-push-notifications
ports:
- port: 9000
targetPort: 9000
nodePort: 30904
type: NodePort
Monitoring
Services expose Prometheus metrics endpoints where applicable, on port 9000 and exposed via NodePort.