aurianecodebien · ruben-etu · Oct 16, 2025 · Oct 16, 2025 · Oct 16, 2025 · Oct 16, 2025
diff --git a/INSTALL.md b/INSTALL.md
@@ -15,11 +15,14 @@ https://docs.k3s.io/quick-start
 
 `kubectl create namespace cityapi`
 
-### 2. Installer Argo-CD
+### 2. Installer Argo-CD et Cloudnative-pg
 ```bash
 kubectl -n cityapi apply -k kubernetes
+kubectl apply --server-side -f https://raw.githubusercontent.com/cloudnative-pg/cloudnative-pg/release-1.27/releases/cnpg-1.27.0.yaml
 ```
 
+Note: CLoudnative-pg ne peut pas être installé via kustomize car ses CRD sont trop longs.
+
 ### 3. Déployer ApplicationSet
 `kubectl -n cityapi apply -f kubernetes/base/argo-cd.yaml`
 

diff --git a/kubernetes/cluster-secret.yaml b/kubernetes/cluster-secret.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: city-api-pg-secret
+  labels:
+    app: city-api-pg
+type: Opaque
+data:
+  username: Y2l0eV9hcGk=
+  password: Y2l0eV9hcGk=
diff --git a/kubernetes/cluster.yaml b/kubernetes/cluster.yaml
@@ -0,0 +1,15 @@
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  name: city-api-pg
+spec:
+  instances: 1
+  imageName: postgres:15
+  storage:
+    size: 1Gi
+  bootstrap:
+    initdb:
+      database: city_api
+      owner: city_api
+      secret:
+        name: city-api-pg-secret
diff --git a/kubernetes/database-prod.yaml b/kubernetes/database-prod.yaml
@@ -0,0 +1,57 @@
+apiVersion: postgresql.cnpg.io/v1
+kind: Database
+metadata:
+  name: city-api-prod-db
+  labels:
+    app: city-api-app
+    environment: prod
+spec:
+  databaseReclaimPolicy: retain
+  name: city_api-prod-pg
+  cluster:
+    name: city-api-pg
+  owner: city_api
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: cnpg-manager-role
+  namespace: cityapi
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps", "pods", "services", "persistentvolumeclaims", "events"]
+    verbs: ["get", "list", "watch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: cnpg-manager-rolebinding
+  namespace: cityapi
+subjects:
+  - kind: ServiceAccount
+    name: cnpg-manager
+    namespace: cityapi
+roleRef:
+  kind: Role
+  name: cnpg-manager-role
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: cnpg-controller-manager-config
+  namespace: cnpg-system
+data:
+  INHERITED_ANNOTATIONS: categories
+  INHERITED_LABELS: environment, workload, app
+  ENABLE_INSTANCE_MANAGER_INPLACE_UPDATES: 'true'
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: cnpg-controller-manager-config
+  namespace: cnpg-system
+type: Opaque
+data:
+  CNPG_PASSWORD: eW91ci1wYXNzd29yZA==
+
diff --git a/kubernetes/helm/templates/app-deployment.yaml b/kubernetes/helm/templates/app-deployment.yaml
@@ -2,15 +2,20 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: city-api-app
+  labels:
+    app: city-api-app
+    environment: {{ .Values.app.env_name }}
 spec:
   replicas: 1
   selector:
     matchLabels:
       app: city-api-app
+      environment: {{ .Values.app.env_name }}
   template:
     metadata:
       labels:
         app: city-api-app
+        environment: {{ .Values.app.env_name }}
     spec:
       containers:
         - name: city-api
@@ -23,7 +28,7 @@ spec:
             - name: CITY_API_PORT
               value: {{ .Values.app.port | quote }}
             - name: CITY_API_DB_URL
-              value: {{ .Values.db.host }}
+              value: "postgresql://{{ .Values.db.user }}:{{ .Values.db.password }}@{{ .Values.db.host }}:{{ .Values.db.port }}/{{ .Values.db.name }}"
             - name: CITY_API_DB_USER
               value: {{ .Values.db.user }}
             - name: CITY_API_DB_PWD

diff --git a/kubernetes/helm/templates/app-pvc.yaml b/kubernetes/helm/templates/app-pvc.yaml
@@ -2,6 +2,9 @@ apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
   name: city-api-pvc
+  labels:
+    app: city-api
+    environment: {{ .Values.app.env_name }}
 spec:
   accessModes:
     - ReadWriteOnce

diff --git a/kubernetes/helm/templates/app-service.yaml b/kubernetes/helm/templates/app-service.yaml
@@ -2,6 +2,9 @@ apiVersion: v1
 kind: Service
 metadata:
   name: city-api-app
+  labels:
+    app: city-api-app
+    environment: {{ .Values.app.env_name }}
 spec:
   type: NodePort
   selector:

diff --git a/kubernetes/helm/templates/db-config.yaml b/kubernetes/helm/templates/db-config.yaml
@@ -2,6 +2,9 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: city-api-init
+  labels:
+    app: city-api
+    environment: {{ .Values.app.env_name }}
 data:
   init.sql: |
 {{ .Values.initSql | indent 4 }}
diff --git a/kubernetes/helm/templates/db-deployment.yaml b/kubernetes/helm/templates/db-deployment.yaml
@@ -2,15 +2,20 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: city-api-db
+  labels:
+    app: city-api-db
+    environment: {{ .Values.app.env_name }}
 spec:
   replicas: 1
   selector:
     matchLabels:
       app: city-api-db
+      environment: {{ .Values.app.env_name }}
   template:
     metadata:
       labels:
         app: city-api-db
+        environment: {{ .Values.app.env_name }}
     spec:
       containers:
         - name: postgres

diff --git a/kubernetes/helm/templates/db-postgresdatabase.yaml b/kubernetes/helm/templates/db-postgresdatabase.yaml
@@ -0,0 +1,15 @@
+apiVersion: postgresql.cnpg.io/v1
+kind: Database
+metadata:
+  name: {{ printf "city-api-%s-db" .Values.app.env_name }}
+  labels:
+    app: city-api
+    environment: {{ .Values.app.env_name }}
+spec:
+  databaseReclaimPolicy: delete
+  name: {{ required "db.name is required" .Values.db.name }}
+  cluster:
+    name: {{ .Values.db.clusterName | default "city-api-pg" }}
+  template:
+    name: city_api-prod-pg
+  owner: city_api
diff --git a/kubernetes/helm/templates/db-service.yaml b/kubernetes/helm/templates/db-service.yaml
@@ -2,9 +2,13 @@ apiVersion: v1
 kind: Service
 metadata:
   name: city-api-db
+  labels:
+    app: city-api-db
+    environment: {{ .Values.app.env_name }}
 spec:
   selector:
     app: city-api-db
+    environment: {{ .Values.app.env_name }}
   ports:
     - protocol: TCP
       port: {{ .Values.db.port }}

diff --git a/kubernetes/helm/values.yaml b/kubernetes/helm/values.yaml
@@ -1,15 +1,16 @@
 app:
   image: ghcr.io/aurianecodebien/cityapi
+  env_name: "prod"
   tag: "latest"
   port: 2022
-  nodePort: 30022 # FIXME: Also support ClusterIP + Ingress
+  nodePort: 30022
   addr: "0.0.0.0"
 
 db:
-  image: postgres
+  clusterName: city-api-pg
   port: 5432
   storage: 1Gi
-  name: city_api
+  name: city_api-prod-pg
   user: city_api
   password: city_api
   host: city-api-db

diff --git a/kubernetes/kustomization.yaml b/kubernetes/kustomization.yaml
@@ -3,9 +3,11 @@ kind: Kustomization
 
 namespace: cityapi
 resources:
-  - namespace.yaml
+  - cluster.yaml
+  - database-prod.yaml
   - https://raw.githubusercontent.com/argoproj/argo-cd/v2.7.2/manifests/install.yaml
   - argo-cd.yaml
+  - cluster-secret.yaml
 patches:
   - patch: |-
       - op: replace