looztra/deploy-app.yml

## deploy-app.yml
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: api
  labels:
    app: platform
    component: api
  annotations:
    company.com/owner: devel
spec:
  replicas: 1
  minReadySeconds: 5
  revisionHistoryLimit: 3
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: 0
  selector:
    matchLabels:
      app: platform
      component: api
  template:
    metadata:
      labels:
        app: platform
        component: api
      annotations:
        company.com/owner: devel
        data.company.com/dns-name: postgres
    spec:
      initContainers:
        - name: init-wait-for-db
          image: busybox:latest
          env:
            - name: DB_DNS_NAME
              valueFrom:
                fieldRef:
                  fieldPath: metadata.annotations['data.company.com/dns-name']
          command:
            - "/bin/sh"
          args:
            - "-c"
            - |
              IN_ARGS_DB_DNS_NAME=$(DB_DNS_NAME)
              echo "Searching for DB at [$IN_ARGS_DB_DNS_NAME]"
              while true
              do
                rt=$(nc -z -w 1 ${IN_ARGS_DB_DNS_NAME} 5432)
                if [ $? -eq 0 ]; then
                  echo "DB is UP"
                  break
                fi
                echo "DB is not yet reachable at [$IN_ARGS_DB_DNS_NAME];sleep for 10s before retry"
                sleep 10
              done
      containers:
        - name: api
          image: looztra/guestbook-filter:0.6.2-aio
          imagePullPolicy: Always
          envFrom:
            - configMapRef:
                name: api-configuration
          env:
            - name: SPRING_PROFILES_ACTIVE
              value: prod
            - name: JHIPSTER_SECURITY_AUTHENTICATION_JWT_BASE64_SECRET
              valueFrom:
                secretKeyRef:
                  name: jwt-secret
                  key: secret
            - name: DB_DNS_NAME
              valueFrom:
                fieldRef:
                  fieldPath: metadata.annotations['data.company.com/dns-name']
            - name: SPRING_DATASOURCE_URL
              value: jdbc:postgresql://$(DB_DNS_NAME):5432/companyPlatformAPI
            - name: SPRING_DATASOURCE_USERNAME
              value: companyplatformapi
            - name: SPRING_DATASOURCE_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: postgres-creds
                  key: postgres-password
            - name: SPRING_MAIL_PROTOCOL
              value: smtps
            - name: SPRING_MAIL_HOST
              value: email-smtp.us-east-1.amazonaws.com
            - name: SPRING_MAIL_PORT
              value: "465"
            - name: SPRING_MAIL_PROPERTIES_MAIL_SMTP_STARTTLS_ENABLE
              value: "true"
            - name: SPRING_MAIL_PROPERTIES_MAIL_SMTP_STARTTLS_REQUIRED
              value: "true"
            - name: SPRING_MAIL_PROPERTIES_MAIL_SMTP_SSL_ENABLE
              value: "true"
            - name: SPRING_MAIL_PROPERTIES_MAIL_SMTPS_AUTH
              value: "true"
            - name: SPRING_MAIL_PROPERTIES_MAIL_TRANSPORT_PROTOCOL
              value: smtps
            - name: SPRING_MAIL_USERNAME
              valueFrom:
                secretKeyRef:
                  name: ses-smtp-creds
                  key: smtp-user
            - name: SPRING_MAIL_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: ses-smtp-creds
                  key: smtp-password
            - name: JHIPSTER_MAIL_FROM
              value: no-reply@company.com
            - name: JHIPSTER_MAIL_BASE_URL
              value: $(JHIPSTER_MAIL_BASE_URL)
          resources:
            requests:
              memory: "512Mi"
              cpu: "100m"
            limits:
              memory: "512Mi"
              cpu: "1000m"
          ports:
            - name: http
              containerPort: 8080
          livenessProbe:
            httpGet:
              path: /admin/info
              port: http
            initialDelaySeconds: 50
            timeoutSeconds: 1
            failureThreshold: 3
            successThreshold: 1
            periodSeconds: 10
          readinessProbe:
            httpGet:
              path: /admin/health
              port: http
            initialDelaySeconds: 50
            timeoutSeconds: 1
            failureThreshold: 3
            successThreshold: 1
            periodSeconds: 10

## gittrack.yml
---
apiVersion: faros.pusher.com/v1alpha1
kind: GitTrack
metadata:
  name: apps-integration
  annotations:
    gitops.company.com/target: integration
spec:
  # Repository accepts any valid Git repository reference, the most common formats
  # are:
  #   https://<server>/<organisation>/<repository>
  #   <user>@<server>:<organisation>/<repository>
  repository: https://github.com/company/k8s-apps-descriptors.git
  # Reference accepts any valid Git reference, this could be a branch name, tag
  # or commit SHA, eg:
  #   master or refs/remotes/origin/master
  #   v1.0.0 or refs/tags/v1.0.0
  #   ec32c240b7f9b440aa727c9d931751fdd0c40b49
  reference: integration
  # (Optional) SubPath expects a path to a folder within the repository.
  # Note: Faros loads all .yml/.yaml/.json files recursively within the path.
  subPath: auto/environments/integration
  # (Optional) DeployKey allows you to specify credentials for repository access
  # over SSH
  deployKey:
    # SecretName is the name of the secret containing the secret
    secretName: companybot-gitops-apps-integration
    # Key is the Secret's key containing the secret
    key: companybot-faros-token
    # (Optional) Type is the type of credential. Accepted values are "SSH", "HTTPBasicAuth". Defaults to "SSH"
    # When set to "HTTPBasicAuth" the expected secret format is "<username>:<password>".
    type: HTTPBasicAuth

## postgres-all-in-one.yml
---
apiVersion: v1
kind: Secret
metadata:
  name: postgres-creds
  labels:
    app: api
  annotations:
    company.com/owner: devel
type: Opaque
data:
  postgres-password: d2UtdXNlLWZhcm9z
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: postgres
  labels:
    app: platform
    component: postgres
  annotations:
    company.com/owner: devel
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: platform
        component: postgres
    spec:
      volumes:
        - name: data
          emptyDir: {}
      containers:
        - name: postgres
          image: postgres:9.6
          env:
            - name: PGDATA
              value: /var/lib/postgresql/data/pgdata
            - name: POSTGRES_DB
              value: companyPlatformAPI
            - name: POSTGRES_USER
              value: companyplatformapi
            - name: POSTGRES_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: postgres-creds
                  key: postgres-password
            - name: POD_IP
              valueFrom:
                fieldRef:
                  fieldPath: status.podIP
          ports:
            - name: pg
              containerPort: 5432
          volumeMounts:
            - name: data
              mountPath: /var/lib/postgresql/data
          resources:
            requests:
              cpu: 100m
            limits:
              memory: 128Mi
              cpu: 500m
          livenessProbe:
            exec:
              command:
                - sh
                - -c
                - exec pg_isready --host $POD_IP
            initialDelaySeconds: 60
            timeoutSeconds: 5
            failureThreshold: 6
            successThreshold: 1
            periodSeconds: 10
          readinessProbe:
            exec:
              command:
                - sh
                - -c
                - exec pg_isready --host $POD_IP
            initialDelaySeconds: 5
            timeoutSeconds: 3
            failureThreshold: 3
            successThreshold: 1
            periodSeconds: 10
---
apiVersion: v1
kind: Service
metadata:
  name: postgres
spec:
  selector:
    app: platform
    component: postgres
  ports:
    - name: pg
      port: 5432
      targetPort: pg
	---
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	name: api
	labels:
	app: platform
	component: api
	annotations:
	company.com/owner: devel
	spec:
	replicas: 1
	minReadySeconds: 5
	revisionHistoryLimit: 3
	strategy:
	type: RollingUpdate
	rollingUpdate:
	maxSurge: 1
	maxUnavailable: 0
	selector:
	matchLabels:
	app: platform
	component: api
	template:
	metadata:
	labels:
	app: platform
	component: api
	annotations:
	company.com/owner: devel
	data.company.com/dns-name: postgres
	spec:
	initContainers:
	- name: init-wait-for-db
	image: busybox:latest
	env:
	- name: DB_DNS_NAME
	valueFrom:
	fieldRef:
	fieldPath: metadata.annotations['data.company.com/dns-name']
	command:
	- "/bin/sh"
	args:
	- "-c"
	- \|
	IN_ARGS_DB_DNS_NAME=$(DB_DNS_NAME)
	echo "Searching for DB at [$IN_ARGS_DB_DNS_NAME]"
	while true
	do
	rt=$(nc -z -w 1 ${IN_ARGS_DB_DNS_NAME} 5432)
	if [ $? -eq 0 ]; then
	echo "DB is UP"
	break
	fi
	echo "DB is not yet reachable at [$IN_ARGS_DB_DNS_NAME];sleep for 10s before retry"
	sleep 10
	done
	containers:
	- name: api
	image: looztra/guestbook-filter:0.6.2-aio
	imagePullPolicy: Always
	envFrom:
	- configMapRef:
	name: api-configuration
	env:
	- name: SPRING_PROFILES_ACTIVE
	value: prod
	- name: JHIPSTER_SECURITY_AUTHENTICATION_JWT_BASE64_SECRET
	valueFrom:
	secretKeyRef:
	name: jwt-secret
	key: secret
	- name: DB_DNS_NAME
	valueFrom:
	fieldRef:
	fieldPath: metadata.annotations['data.company.com/dns-name']
	- name: SPRING_DATASOURCE_URL
	value: jdbc:postgresql://$(DB_DNS_NAME):5432/companyPlatformAPI
	- name: SPRING_DATASOURCE_USERNAME
	value: companyplatformapi
	- name: SPRING_DATASOURCE_PASSWORD
	valueFrom:
	secretKeyRef:
	name: postgres-creds
	key: postgres-password
	- name: SPRING_MAIL_PROTOCOL
	value: smtps
	- name: SPRING_MAIL_HOST
	value: email-smtp.us-east-1.amazonaws.com
	- name: SPRING_MAIL_PORT
	value: "465"
	- name: SPRING_MAIL_PROPERTIES_MAIL_SMTP_STARTTLS_ENABLE
	value: "true"
	- name: SPRING_MAIL_PROPERTIES_MAIL_SMTP_STARTTLS_REQUIRED
	value: "true"
	- name: SPRING_MAIL_PROPERTIES_MAIL_SMTP_SSL_ENABLE
	value: "true"
	- name: SPRING_MAIL_PROPERTIES_MAIL_SMTPS_AUTH
	value: "true"
	- name: SPRING_MAIL_PROPERTIES_MAIL_TRANSPORT_PROTOCOL
	value: smtps
	- name: SPRING_MAIL_USERNAME
	valueFrom:
	secretKeyRef:
	name: ses-smtp-creds
	key: smtp-user
	- name: SPRING_MAIL_PASSWORD
	valueFrom:
	secretKeyRef:
	name: ses-smtp-creds
	key: smtp-password
	- name: JHIPSTER_MAIL_FROM
	value: no-reply@company.com
	- name: JHIPSTER_MAIL_BASE_URL
	value: $(JHIPSTER_MAIL_BASE_URL)
	resources:
	requests:
	memory: "512Mi"
	cpu: "100m"
	limits:
	memory: "512Mi"
	cpu: "1000m"
	ports:
	- name: http
	containerPort: 8080
	livenessProbe:
	httpGet:
	path: /admin/info
	port: http
	initialDelaySeconds: 50
	timeoutSeconds: 1
	failureThreshold: 3
	successThreshold: 1
	periodSeconds: 10
	readinessProbe:
	httpGet:
	path: /admin/health
	port: http
	initialDelaySeconds: 50
	timeoutSeconds: 1
	failureThreshold: 3
	successThreshold: 1
	periodSeconds: 10
	---
	apiVersion: faros.pusher.com/v1alpha1
	kind: GitTrack
	metadata:
	name: apps-integration
	annotations:
	gitops.company.com/target: integration
	spec:
	# Repository accepts any valid Git repository reference, the most common formats
	# are:
	# https://<server>/<organisation>/<repository>
	# <user>@<server>:<organisation>/<repository>
	repository: https://github.com/company/k8s-apps-descriptors.git
	# Reference accepts any valid Git reference, this could be a branch name, tag
	# or commit SHA, eg:
	# master or refs/remotes/origin/master
	# v1.0.0 or refs/tags/v1.0.0
	# ec32c240b7f9b440aa727c9d931751fdd0c40b49
	reference: integration
	# (Optional) SubPath expects a path to a folder within the repository.
	# Note: Faros loads all .yml/.yaml/.json files recursively within the path.
	subPath: auto/environments/integration
	# (Optional) DeployKey allows you to specify credentials for repository access
	# over SSH
	deployKey:
	# SecretName is the name of the secret containing the secret
	secretName: companybot-gitops-apps-integration
	# Key is the Secret's key containing the secret
	key: companybot-faros-token
	# (Optional) Type is the type of credential. Accepted values are "SSH", "HTTPBasicAuth". Defaults to "SSH"
	# When set to "HTTPBasicAuth" the expected secret format is "<username>:<password>".
	type: HTTPBasicAuth
	---
	apiVersion: v1
	kind: Secret
	metadata:
	name: postgres-creds
	labels:
	app: api
	annotations:
	company.com/owner: devel
	type: Opaque
	data:
	postgres-password: d2UtdXNlLWZhcm9z
	---
	apiVersion: extensions/v1beta1
	kind: Deployment
	metadata:
	name: postgres
	labels:
	app: platform
	component: postgres
	annotations:
	company.com/owner: devel
	spec:
	replicas: 1
	template:
	metadata:
	labels:
	app: platform
	component: postgres
	spec:
	volumes:
	- name: data
	emptyDir: {}
	containers:
	- name: postgres
	image: postgres:9.6
	env:
	- name: PGDATA
	value: /var/lib/postgresql/data/pgdata
	- name: POSTGRES_DB
	value: companyPlatformAPI
	- name: POSTGRES_USER
	value: companyplatformapi
	- name: POSTGRES_PASSWORD
	valueFrom:
	secretKeyRef:
	name: postgres-creds
	key: postgres-password
	- name: POD_IP
	valueFrom:
	fieldRef:
	fieldPath: status.podIP
	ports:
	- name: pg
	containerPort: 5432
	volumeMounts:
	- name: data
	mountPath: /var/lib/postgresql/data
	resources:
	requests:
	cpu: 100m
	limits:
	memory: 128Mi
	cpu: 500m
	livenessProbe:
	exec:
	command:
	- sh
	- -c
	- exec pg_isready --host $POD_IP
	initialDelaySeconds: 60
	timeoutSeconds: 5
	failureThreshold: 6
	successThreshold: 1
	periodSeconds: 10
	readinessProbe:
	exec:
	command:
	- sh
	- -c
	- exec pg_isready --host $POD_IP
	initialDelaySeconds: 5
	timeoutSeconds: 3
	failureThreshold: 3
	successThreshold: 1
	periodSeconds: 10
	---
	apiVersion: v1
	kind: Service
	metadata:
	name: postgres
	spec:
	selector:
	app: platform
	component: postgres
	ports:
	- name: pg
	port: 5432
	targetPort: pg