values.yaml

ingress:
  ingressClassName: ingress-nginx
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
    nginx.ingress.kubernetes.io/ssl-redirect: true
  hosts:
    - host: web.cozy-todo.click
      service:
        name: frontend
        port: 81

    - host: api.cozy-todo.click
      service:
        name: backend
        port: 3001
  tls:
    secretName: tls-certificate
    wildcardDomain: "*.cozy-todo.click"

certManager:
  issuerName: letsencrypt-prod
  email: thangphan.onthego@gmail.com
  server: https://acme-v02.api.letsencrypt.org/directory
  privateKeySecretName: letsencrypt-prod-issuer
  dnsSolver:
    dnsZones:
      - cozy-todo.click
    provider: route53
    region: ap-southeast-1
    hostedZoneID: Z05835622XT8SM6G0VX1B

secretServiceAccountName: app-secrets

secretProvider:
  name: aws-secrets
  provider: aws
  region: ap-southeast-1
  usePodIdentity: true
  objectName: nonprod/app_config
  objectType: secretsmanager
  jmesPath:
    - path: API_URL
      objectAlias: API_URL_ALIAS
    - path: WEB_URL
      objectAlias: WEB_URL_ALIAS
    - path: API_APP_PORT
      objectAlias: API_APP_PORT_ALIAS
    - path: METRICS_SERVER_PORT
      objectAlias: METRICS_SERVER_PORT_ALIAS
    - path: DB_HOST_SOURCE
      objectAlias: DB_HOST_SOURCE_ALIAS
    - path: DB_HOST_REPLICA
      objectAlias: DB_HOST_REPLICA_ALIAS
    - path: DB_USERNAME
      objectAlias: DB_USERNAME_ALIAS
    - path: DB_PASSWORD
      objectAlias: DB_PASSWORD_ALIAS
    - path: DB_NAME
      objectAlias: DB_NAME_ALIAS
    - path: DB_PORT
      objectAlias: DB_PORT_ALIAS
  secretObjects:
    name: app-config-secret
    type: Opaque
    data:
      - objectName: API_URL_ALIAS
        key: k8s-api-url
      - objectName: WEB_URL_ALIAS
        key: k8s-web-url
      - objectName: API_APP_PORT_ALIAS
        key: k8s-api-app-port
      - objectName: METRICS_SERVER_PORT_ALIAS
        key: k8s-metrics-server-port
      - objectName: DB_HOST_SOURCE_ALIAS
        key: k8s-db-host-source
      - objectName: DB_HOST_REPLICA_ALIAS
        key: k8s-db-host-replica
      - objectName: DB_USERNAME_ALIAS
        key: k8s-db-username
      - objectName: DB_PASSWORD_ALIAS
        key: k8s-db-password
      - objectName: DB_NAME_ALIAS
        key: k8s-db-name
      - objectName: DB_PORT_ALIAS
        key: k8s-db-port

services:
  frontend:
    name: frontend
    type: ClusterIP
    ports:
      - name: frontend-app
        protocol: TCP
        port: 81
        targetPort: 8080

  backend:
    name: backend
    type: ClusterIP
    labels:
      service: backend
    port: 3001
    ports:
      - name: backend-app
        protocol: TCP
        port: 3001
        targetPort: 3000
      - name: backend-metrics-server
        protocol: TCP
        port: 3002
        targetPort: 9200

deployments:
  frontend:
    image:
      repository: 864899847999.dkr.ecr.ap-southeast-1.amazonaws.com/nonprod-cozy-todo-frontend
      pullPolicy: Always
      tag: latest
    port: 8080
    replicaCount: 1
    secretName: app-config-secret
    volumeName: app-secrets
    secrets:
      - name: APP_CONFIG_API_URL
        key: k8s-api-url
    resources:
      requests:
        cpu: "100m"
        memory: "156Mi"
      limits:
        memory: "200Mi"
    readinessProbe:
      httpGet:
        path: /
        port: 8080
      failureThreshold: 3
      initialDelaySeconds: 4
      periodSeconds: 15
      successThreshold: 1
      timeoutSeconds: 1

  backend:
    image:
      repository: 864899847999.dkr.ecr.ap-southeast-1.amazonaws.com/nonprod-cozy-todo-backend
      pullPolicy: Always
      tag: latest
    port: 3000
    replicaCount: 1
    secretName: app-config-secret
    volumeName: app-secrets
    secrets:
      - name: WEB_URL
        key: k8s-web-url
      - name: APP_PORT
        key: k8s-api-app-port
      - name: METRICS_SERVER_PORT
        key: k8s-metrics-server-port
      - name: DB_HOST_SOURCE
        key: k8s-db-host-source
      - name: DB_HOST_REPLICA
        key: k8s-db-host-replica
      - name: DB_USERNAME
        key: k8s-db-username
      - name: DB_PASSWORD
        key: k8s-db-password
      - name: DB_NAME
        key: k8s-db-name
      - name: DB_PORT
        key: k8s-db-port
    resources:
      requests:
        cpu: "100m"
        memory: "256Mi"
      limits:
        memory: "312Mi"
    readinessProbe:
      httpGet:
        path: /api/health
        port: 3000
      failureThreshold: 3
      initialDelaySeconds: 10
      periodSeconds: 15
      successThreshold: 1
      timeoutSeconds: 1

serviceMonitor:
  release: prometheus
  matchLabels:
    service: backend
  port: backend-metrics-server
  path: /metrics
  scheme: http
  interval: 15s