From 3e88186ad57f8e1093142b525bf9d312c5b66782 Mon Sep 17 00:00:00 2001
From: divakaivan <timee98@outlook.com>
Date: Wed, 19 Mar 2025 01:03:34 +0900
Subject: [PATCH 1/2] try out adding ingress

---
 kubernetes/api-ingress.yaml | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 kubernetes/api-ingress.yaml

diff --git a/kubernetes/api-ingress.yaml b/kubernetes/api-ingress.yaml
new file mode 100644
index 0000000..2cf01bb
--- /dev/null
+++ b/kubernetes/api-ingress.yaml
@@ -0,0 +1,18 @@
+# apiVersion: networking.k8s.io/v1
+# kind: Ingress
+# metadata:
+#   name: api-service-ingress
+#   labels:
+#     name: api-service-ingress
+# spec:
+#   rules:
+#   - host: rss-agg-api.com
+#     http:
+#       paths:
+#       - pathType: Prefix
+#         path: "/"
+#         backend:
+#           service:
+#             name: api-service
+#             port: 
+#               number: 80

From dbe882d4870e5e654c3b3eaf65ec759cdc16c76c Mon Sep 17 00:00:00 2001
From: divakaivan <timee98@outlook.com>
Date: Thu, 20 Mar 2025 21:03:35 +0900
Subject: [PATCH 2/2] create helm chart from k8s yamls

---
 kubernetes/api-ingress.yaml                   | 36 +++++------
 kubernetes/chart/.helmignore                  | 23 +++++++
 kubernetes/chart/Chart.yaml                   | 21 ++++++
 kubernetes/chart/templates/_helpers.tpl       | 62 ++++++++++++++++++
 .../chart/templates/api-deploy-svc.yaml       | 62 ++++++++++++++++++
 kubernetes/chart/templates/api-ingress.yaml   | 19 ++++++
 kubernetes/chart/templates/db-deploy-svc.yaml | 64 +++++++++++++++++++
 kubernetes/chart/templates/db-pv.yaml         | 15 +++++
 kubernetes/chart/templates/db-pvc.yaml        | 15 +++++
 kubernetes/chart/templates/db-secret.yaml     | 14 ++++
 .../chart/templates/network-policy.yaml       | 23 +++++++
 kubernetes/chart/values.yaml                  | 45 +++++++++++++
 12 files changed, 381 insertions(+), 18 deletions(-)
 create mode 100644 kubernetes/chart/.helmignore
 create mode 100644 kubernetes/chart/Chart.yaml
 create mode 100644 kubernetes/chart/templates/_helpers.tpl
 create mode 100644 kubernetes/chart/templates/api-deploy-svc.yaml
 create mode 100644 kubernetes/chart/templates/api-ingress.yaml
 create mode 100644 kubernetes/chart/templates/db-deploy-svc.yaml
 create mode 100644 kubernetes/chart/templates/db-pv.yaml
 create mode 100644 kubernetes/chart/templates/db-pvc.yaml
 create mode 100644 kubernetes/chart/templates/db-secret.yaml
 create mode 100644 kubernetes/chart/templates/network-policy.yaml
 create mode 100644 kubernetes/chart/values.yaml

diff --git a/kubernetes/api-ingress.yaml b/kubernetes/api-ingress.yaml
index 2cf01bb..692333b 100644
--- a/kubernetes/api-ingress.yaml
+++ b/kubernetes/api-ingress.yaml
@@ -1,18 +1,18 @@
-# apiVersion: networking.k8s.io/v1
-# kind: Ingress
-# metadata:
-#   name: api-service-ingress
-#   labels:
-#     name: api-service-ingress
-# spec:
-#   rules:
-#   - host: rss-agg-api.com
-#     http:
-#       paths:
-#       - pathType: Prefix
-#         path: "/"
-#         backend:
-#           service:
-#             name: api-service
-#             port: 
-#               number: 80
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: api-service-ingress
+  labels:
+    name: api-service-ingress
+spec:
+  rules:
+  - host: rss-agg-api.com
+    http:
+      paths:
+      - pathType: Prefix
+        path: "/"
+        backend:
+          service:
+            name: api-service
+            port: 
+              number: 80
diff --git a/kubernetes/chart/.helmignore b/kubernetes/chart/.helmignore
new file mode 100644
index 0000000..0e8a0eb
--- /dev/null
+++ b/kubernetes/chart/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/kubernetes/chart/Chart.yaml b/kubernetes/chart/Chart.yaml
new file mode 100644
index 0000000..200d973
--- /dev/null
+++ b/kubernetes/chart/Chart.yaml
@@ -0,0 +1,21 @@
+apiVersion: v2
+name: chart
+description: A Helm chart for Kubernetes
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "0.1.0"
diff --git a/kubernetes/chart/templates/_helpers.tpl b/kubernetes/chart/templates/_helpers.tpl
new file mode 100644
index 0000000..7ba5edc
--- /dev/null
+++ b/kubernetes/chart/templates/_helpers.tpl
@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "chart.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "chart.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "chart.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "chart.labels" -}}
+helm.sh/chart: {{ include "chart.chart" . }}
+{{ include "chart.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "chart.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "chart.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "chart.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "chart.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
diff --git a/kubernetes/chart/templates/api-deploy-svc.yaml b/kubernetes/chart/templates/api-deploy-svc.yaml
new file mode 100644
index 0000000..615fc72
--- /dev/null
+++ b/kubernetes/chart/templates/api-deploy-svc.yaml
@@ -0,0 +1,62 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "chart.fullname" . }}-api
+  labels:
+  {{- include "chart.labels" . | nindent 4 }}
+spec:
+  selector:
+    matchLabels:
+      app: api
+    {{- include "chart.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        app: api
+      {{- include "chart.selectorLabels" . | nindent 8 }}
+    spec:
+      containers:
+      - env:
+        - name: PORT
+          value: {{ quote .Values.api.api.env.port }}
+        - name: POSTGRES_DB
+          valueFrom:
+            secretKeyRef:
+              key: POSTGRES_DB
+              name: {{ include "chart.fullname" . }}-db-secret
+        - name: POSTGRES_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              key: POSTGRES_PASSWORD
+              name: {{ include "chart.fullname" . }}-db-secret
+        - name: POSTGRES_USER
+          valueFrom:
+            secretKeyRef:
+              key: POSTGRES_USER
+              name: {{ include "chart.fullname" . }}-db-secret
+        - name: DB_URL
+          value: {{ quote .Values.api.api.env.dbUrl }}
+        - name: KUBERNETES_CLUSTER_DOMAIN
+          value: {{ quote .Values.kubernetesClusterDomain }}
+        image: {{ .Values.api.api.image.repository }}:{{ .Values.api.api.image.tag | default
+          .Chart.AppVersion }}
+        name: api
+        ports:
+        - containerPort: 8080
+          protocol: TCP
+        resources: {{- toYaml .Values.api.api.resources | nindent 10 }}
+      restartPolicy: Always
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "chart.fullname" . }}-api-service
+  labels:
+  {{- include "chart.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.apiService.type }}
+  selector:
+    app: api
+    {{- include "chart.selectorLabels" . | nindent 4 }}
+  ports:
+  {{- .Values.apiService.ports | toYaml | nindent 2 }}
diff --git a/kubernetes/chart/templates/api-ingress.yaml b/kubernetes/chart/templates/api-ingress.yaml
new file mode 100644
index 0000000..cc6d5da
--- /dev/null
+++ b/kubernetes/chart/templates/api-ingress.yaml
@@ -0,0 +1,19 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ include "chart.fullname" . }}-api-service-ingress
+  labels:
+    name: api-service-ingress
+  {{- include "chart.labels" . | nindent 4 }}
+spec:
+  rules:
+  - host: rss-agg-api.com
+    http:
+      paths:
+      - backend:
+          service:
+            name: '{{ include "chart.fullname" . }}-api-service'
+            port:
+              number: 80
+        path: /
+        pathType: Prefix
diff --git a/kubernetes/chart/templates/db-deploy-svc.yaml b/kubernetes/chart/templates/db-deploy-svc.yaml
new file mode 100644
index 0000000..7643498
--- /dev/null
+++ b/kubernetes/chart/templates/db-deploy-svc.yaml
@@ -0,0 +1,64 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "chart.fullname" . }}-db
+  labels:
+  {{- include "chart.labels" . | nindent 4 }}
+spec:
+  selector:
+    matchLabels:
+      app: db
+    {{- include "chart.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        app: db
+      {{- include "chart.selectorLabels" . | nindent 8 }}
+    spec:
+      containers:
+      - env:
+        - name: POSTGRES_DB
+          valueFrom:
+            secretKeyRef:
+              key: POSTGRES_DB
+              name: {{ include "chart.fullname" . }}-db-secret
+        - name: POSTGRES_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              key: POSTGRES_PASSWORD
+              name: {{ include "chart.fullname" . }}-db-secret
+        - name: POSTGRES_USER
+          valueFrom:
+            secretKeyRef:
+              key: POSTGRES_USER
+              name: {{ include "chart.fullname" . }}-db-secret
+        - name: KUBERNETES_CLUSTER_DOMAIN
+          value: {{ quote .Values.kubernetesClusterDomain }}
+        image: {{ .Values.db.db.image.repository }}:{{ .Values.db.db.image.tag | default
+          .Chart.AppVersion }}
+        name: db
+        ports:
+        - containerPort: 5432
+        resources: {{- toYaml .Values.db.db.resources | nindent 10 }}
+        volumeMounts:
+        - mountPath: /var/lib/postgresql/data
+          name: db-data
+      restartPolicy: Always
+      volumes:
+      - name: db-data
+        persistentVolumeClaim:
+          claimName: {{ include "chart.fullname" . }}-db-data
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "chart.fullname" . }}-db-service
+  labels:
+  {{- include "chart.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.dbService.type }}
+  selector:
+    app: db
+    {{- include "chart.selectorLabels" . | nindent 4 }}
+  ports:
+  {{- .Values.dbService.ports | toYaml | nindent 2 }}
diff --git a/kubernetes/chart/templates/db-pv.yaml b/kubernetes/chart/templates/db-pv.yaml
new file mode 100644
index 0000000..0ae69b4
--- /dev/null
+++ b/kubernetes/chart/templates/db-pv.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: {{ include "chart.fullname" . }}-db-pv
+  labels:
+    type: local
+  {{- include "chart.labels" . | nindent 4 }}
+spec:
+  accessModes:
+  - ReadWriteOnce
+  capacity:
+    storage: 1Gi
+  hostPath:
+    path: /mnt/data/db
+  persistentVolumeReclaimPolicy: Retain
diff --git a/kubernetes/chart/templates/db-pvc.yaml b/kubernetes/chart/templates/db-pvc.yaml
new file mode 100644
index 0000000..7cae3fd
--- /dev/null
+++ b/kubernetes/chart/templates/db-pvc.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: {{ include "chart.fullname" . }}-db-data
+  labels:
+  {{- include "chart.labels" . | nindent 4 }}
+spec:
+  accessModes:
+  - ReadWriteOnce
+  resources:
+    requests:
+      storage: {{ .Values.pvc.dbData.storageRequest | quote }}
+  selector:
+    matchLabels:
+      type: local
diff --git a/kubernetes/chart/templates/db-secret.yaml b/kubernetes/chart/templates/db-secret.yaml
new file mode 100644
index 0000000..1454887
--- /dev/null
+++ b/kubernetes/chart/templates/db-secret.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "chart.fullname" . }}-db-secret
+  labels:
+  {{- include "chart.labels" . | nindent 4 }}
+data:
+  POSTGRES_DB: {{ required "dbSecret.postgresDb is required" .Values.dbSecret.postgresDb
+    | b64enc | quote }}
+  POSTGRES_PASSWORD: {{ required "dbSecret.postgresPassword is required" .Values.dbSecret.postgresPassword
+    | b64enc | quote }}
+  POSTGRES_USER: {{ required "dbSecret.postgresUser is required" .Values.dbSecret.postgresUser
+    | b64enc | quote }}
+type: Opaque
diff --git a/kubernetes/chart/templates/network-policy.yaml b/kubernetes/chart/templates/network-policy.yaml
new file mode 100644
index 0000000..a328cfc
--- /dev/null
+++ b/kubernetes/chart/templates/network-policy.yaml
@@ -0,0 +1,23 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ include "chart.fullname" . }}-db-access-policy
+  labels:
+  {{- include "chart.labels" . | nindent 4 }}
+spec:
+  ingress:
+  - from:
+    - podSelector:
+        matchLabels:
+          app: api
+    - podSelector:
+        matchLabels:
+          app.kubernetes.io/name: grafana
+    ports:
+    - port: 5432
+      protocol: TCP
+  podSelector:
+    matchLabels:
+      app: db
+  policyTypes:
+  - Ingress
diff --git a/kubernetes/chart/values.yaml b/kubernetes/chart/values.yaml
new file mode 100644
index 0000000..38728fe
--- /dev/null
+++ b/kubernetes/chart/values.yaml
@@ -0,0 +1,45 @@
+api:
+  api:
+    env:
+      dbUrl: postgres://$(POSTGRES_USER):$(POSTGRES_PASSWORD)@db:5432/$(POSTGRES_DB)?sslmode=disable
+      port: "8080"
+    image:
+      repository: timee98642/rss-agg-api
+      tag: main
+    resources:
+      limits:
+        cpu: 500m
+        memory: 512Mi
+      requests:
+        cpu: 250m
+        memory: 256Mi
+apiService:
+  ports:
+  - port: 80
+    targetPort: 8080
+  type: LoadBalancer
+db:
+  db:
+    image:
+      repository: postgres
+      tag: "15"
+    resources:
+      limits:
+        cpu: 500m
+        memory: 512Mi
+      requests:
+        cpu: 250m
+        memory: 256Mi
+dbSecret:
+  postgresDb: "cnNzYWdn"
+  postgresPassword: "cG9zdGdyZXM="
+  postgresUser: "cG9zdGdyZXM="
+dbService:
+  ports:
+  - port: 5432
+    targetPort: 5432
+  type: ClusterIP
+kubernetesClusterDomain: cluster.local
+pvc:
+  dbData:
+    storageRequest: 1Gi