Add kubernetes config (#239)

Author: vertism

config/kubernetes/production/config_map.yml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: family-mediators-api-configmap-production
+  namespace: family-mediators-api-production
+data:
+  LOG_LEVEL: info
+  RACK_ENV: production

config/kubernetes/production/deployment.yml

@@ -0,0 +1,81 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: family-mediators-api-deployment-production
+  namespace: family-mediators-api-production
+spec:
+  replicas: 2
+  revisionHistoryLimit: 5
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: 0
+      maxSurge: 100%
+  selector:
+    matchLabels:
+      app: family-mediators-api-web-production
+  template:
+    metadata:
+      labels:
+        app: family-mediators-api-web-production
+        tier: frontend
+    spec:
+      containers:
+      - name: webapp
+        image: 754256621582.dkr.ecr.eu-west-2.amazonaws.com/family-justice/family-mediators-api:production.latest
+        imagePullPolicy: Always
+        ports:
+          - containerPort: 9292
+        resources:
+          requests:
+            cpu: 125m
+            memory: 1Gi
+          limits:
+            cpu: 250m
+            memory: 2Gi
+        readinessProbe:
+          httpGet:
+            path: /ping
+            port: 9292
+          initialDelaySeconds: 5
+          periodSeconds: 10
+        livenessProbe:
+          httpGet:
+            path: /ping
+            port: 9292
+          initialDelaySeconds: 15
+          periodSeconds: 10
+        # non-secret env vars defined in `config_map.yaml`
+        envFrom:
+          - configMapRef:
+              name: family-mediators-api-configmap-production
+        env:
+          # external secrets defined in kubernetes
+          - name: USERNAME
+            valueFrom:
+              secretKeyRef:
+                name: family-mediators-api-secrets-production
+                key: username
+          - name: PASSWORD_HASH
+            valueFrom:
+              secretKeyRef:
+                name: family-mediators-api-secrets-production
+                key: password_hash
+          - name: SESSION_SECRET
+            valueFrom:
+              secretKeyRef:
+                name: family-mediators-api-secrets-production
+                key: session_secret
+          - name: SENTRY_DSN
+            valueFrom:
+              secretKeyRef:
+                name: family-mediators-api-secrets-production
+                key: sentry_dsn
+          #
+          # secrets created by `terraform`
+          #
+          - name: DATABASE_URL
+            valueFrom:
+              secretKeyRef:
+                name: rds-instance-family-mediators-api-production
+                key: url

config/kubernetes/production/disruption.yml

@@ -0,0 +1,10 @@
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+  name: family-mediators-api-pdb-production
+  namespace: family-mediators-api-production
+spec:
+  maxUnavailable: 50%
+  selector:
+    matchLabels:
+      app: family-mediators-api-web-production

config/kubernetes/production/ingress.yml

@@ -0,0 +1,42 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: family-mediators-api-ingress-production
+  namespace: family-mediators-api-production
+  annotations:
+    external-dns.alpha.kubernetes.io/set-identifier: family-mediators-api-ingress-production-family-mediators-api-production-green
+    external-dns.alpha.kubernetes.io/aws-weight: "100"
+    nginx.ingress.kubernetes.io/server-snippet: |
+      location = /.well-known/security.txt {
+        return 301 https://raw.githubusercontent.com/ministryofjustice/security-guidance/main/contact/vulnerability-disclosure-security.txt;
+      }
+      location ~* \.(php|cgi|xml)$ { deny all; access_log off; }
+spec:
+  ingressClassName: default
+  tls:
+  - hosts:
+    - family-mediators-api-production.apps.live.cloud-platform.service.justice.gov.uk
+  - hosts:
+    - familymediators.service.justice.gov.uk
+    secretName: family-mediators-api-tls-certificate
+  rules:
+  - host: family-mediators-api-production.apps.live.cloud-platform.service.justice.gov.uk
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: family-mediators-api-service-production
+            port:
+              number: 80
+  - host: familymediators.service.justice.gov.uk
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: family-mediators-api-service-production
+            port:
+              number: 80

config/kubernetes/production/service.yml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: family-mediators-api-service-production
+  namespace: family-mediators-api-production
+  labels:
+    app: family-mediators-api-web-production
+spec:
+  ports:
+  - port: 80
+    name: http
+    targetPort: 9292
+  selector:
+    app: family-mediators-api-web-production

config/kubernetes/staging/config_map.yml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: family-mediators-api-configmap-staging
+  namespace: family-mediators-api-staging
+data:
+  LOG_LEVEL: debug
+  RACK_ENV: production