fa66a69120
Chi requires middleware to be defined before routes. Moved setupHealthEndpoints() from New() to Run() to allow callers to add middleware before routes are registered. Also: - Updated rdev-api.yaml with DB env vars, RBAC, ServiceAccount - Added Dockerfile.api.simple for pre-built binary deployment Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
140 lines
3.0 KiB
YAML
140 lines
3.0 KiB
YAML
# rdev-api - Go REST API for controlling claudebox pods
|
|
# v0.5 - API Server with Authentication
|
|
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: rdev-api
|
|
namespace: rdev
|
|
labels:
|
|
app.kubernetes.io/name: rdev-api
|
|
app.kubernetes.io/part-of: rdev
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: rdev-api
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: rdev-api
|
|
app.kubernetes.io/name: rdev-api
|
|
app.kubernetes.io/part-of: rdev
|
|
spec:
|
|
serviceAccountName: rdev-api
|
|
containers:
|
|
- name: rdev-api
|
|
image: ghcr.io/orchard9/rdev-api:v0.5.0
|
|
imagePullPolicy: Always
|
|
|
|
ports:
|
|
- containerPort: 8080
|
|
name: http
|
|
|
|
resources:
|
|
requests:
|
|
cpu: "100m"
|
|
memory: "128Mi"
|
|
limits:
|
|
cpu: "500m"
|
|
memory: "256Mi"
|
|
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /health
|
|
port: http
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 30
|
|
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /ready
|
|
port: http
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 10
|
|
|
|
env:
|
|
- name: NAMESPACE
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: metadata.namespace
|
|
- name: PORT
|
|
value: "8080"
|
|
- name: DB_HOST
|
|
value: "postgres.databases.svc"
|
|
- name: DB_PORT
|
|
value: "5432"
|
|
- name: DB_USER
|
|
value: "appuser"
|
|
- name: DB_NAME
|
|
value: "rdev"
|
|
- name: DB_SSL_MODE
|
|
value: "disable"
|
|
- name: DB_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: rdev-credentials
|
|
key: DB_PASSWORD
|
|
- name: RDEV_ADMIN_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: rdev-credentials
|
|
key: RDEV_ADMIN_KEY
|
|
|
|
imagePullSecrets:
|
|
- name: ghcr-secret
|
|
---
|
|
# Service for rdev-api
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: rdev-api
|
|
namespace: rdev
|
|
labels:
|
|
app.kubernetes.io/name: rdev-api
|
|
app.kubernetes.io/part-of: rdev
|
|
spec:
|
|
type: ClusterIP
|
|
selector:
|
|
app: rdev-api
|
|
ports:
|
|
- port: 8080
|
|
targetPort: http
|
|
name: http
|
|
---
|
|
# ServiceAccount for rdev-api
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: rdev-api
|
|
namespace: rdev
|
|
---
|
|
# Role for rdev-api to exec into claudebox pods
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: Role
|
|
metadata:
|
|
name: rdev-api
|
|
namespace: rdev
|
|
rules:
|
|
- apiGroups: [""]
|
|
resources: ["pods"]
|
|
verbs: ["get", "list", "watch"]
|
|
- apiGroups: [""]
|
|
resources: ["pods/exec"]
|
|
verbs: ["create"]
|
|
---
|
|
# RoleBinding for rdev-api
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: RoleBinding
|
|
metadata:
|
|
name: rdev-api
|
|
namespace: rdev
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: rdev-api
|
|
namespace: rdev
|
|
roleRef:
|
|
kind: Role
|
|
name: rdev-api
|
|
apiGroup: rbac.authorization.k8s.io
|