underpost 2.8.65 → 2.8.71

package/manifests/deployment/fastapi/frontend-deployment.yml

@@ -0,0 +1,54 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: react-frontend
+  labels:
+    app: react-frontend
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: react-frontend
+  template:
+    metadata:
+      labels:
+        app: react-frontend
+    spec:
+      containers:
+        - name: react-frontend-container
+          image: localhost/fastapi-frontend:latest
+          imagePullPolicy: IfNotPresent
+
+          ports:
+            - containerPort: 80
+              name: http-web
+
+          env:
+            - name: VITE_FASTAPI_URL
+              value: '/api'
+
+          livenessProbe:
+            httpGet:
+              path: /
+              port: 80
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            timeoutSeconds: 3
+            failureThreshold: 3
+
+          readinessProbe:
+            httpGet:
+              path: /
+              port: 80
+            initialDelaySeconds: 3
+            periodSeconds: 5
+            timeoutSeconds: 3
+            failureThreshold: 3
+
+          resources:
+            requests:
+              cpu: 100m
+              memory: 128Mi
+            limits:
+              cpu: 500m
+              memory: 512Mi

package/manifests/deployment/fastapi/frontend-service.yml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: react-frontend-service
+  labels:
+    app: react-frontend
+spec:
+  selector:
+    app: react-frontend
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 80
+      name: http-web
+  type: ClusterIP

package/manifests/deployment/fastapi/initial_data.sh

@@ -0,0 +1,56 @@
+#!/bin/bash
+
+# IMPORTANT: For non-interactive scripts, 'conda activate' can be problematic
+# because it relies on the shell's initialization.
+# A more robust and recommended way to run commands within a Conda environment
+# from a script is to use 'conda run'. This command directly executes a process
+# in the specified environment without needing to manually source 'conda.sh'.
+
+# Navigate to the application's root directory for module discovery.
+# This is crucial for Python to correctly find your 'app' module using 'python -m'.
+#
+# Let's assume a common project structure:
+# full-stack-fastapi-template/
+# ├── backend/
+# │   ├── app/
+# │   │   └── initial_data.py  (the Python script you want to run)
+# │   └── initial_data.sh      (this shell script)
+# └── ...
+#
+# If `initial_data.sh` is located in `full-stack-fastapi-template/backend/`,
+# and `app` is a subdirectory of `backend/`, then the Python command
+# `python -m app.initial_data` needs to be executed from the `backend/` directory.
+#
+# If you are running this shell script from a different directory (e.g., `engine/`),
+# Python's module import system won't automatically find 'app' unless the parent
+# directory of 'app' is in the `PYTHONPATH` or you change the current working directory.
+#
+# The safest way is to change the current working directory to the script's location.
+
+# Store the current directory to return to it later if needed (good practice for multi-step scripts).
+CURRENT_DIR=$(pwd)
+
+# Get the absolute path of the directory where this script is located.
+# This is a robust way to ensure we always navigate to the correct 'backend' directory.
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" &>/dev/null && pwd)"
+cd "$SCRIPT_DIR"
+
+# Execute your Python script within the specified Conda environment using 'conda run'.
+# -n fastapi_env specifies the Conda environment to use.
+# This completely avoids the 'source conda.sh' issue and is generally more reliable.
+conda run -n fastapi_env python -m app.initial_data
+
+# Important Note: The 'ModuleNotFoundError: No module named 'sqlmodel'' indicates that
+# the 'sqlmodel' package is not installed in your 'fastapi_env' Conda environment.
+# After running this script, if you still get the 'sqlmodel' error,
+# you will need to activate your environment manually and install it:
+#
+# conda activate fastapi_env
+# pip install sqlmodel
+# # or if it's a conda package:
+# # conda install sqlmodel
+#
+# Then try running this script again.
+
+# Optional Good Practice: Return to the original directory if the script is part of a larger workflow.
+cd "$CURRENT_DIR"

package/manifests/deployment/kafka/deployment.yaml

@@ -0,0 +1,69 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: kafka
+  namespace: kafka
+  labels:
+    app: kafka-app
+spec:
+  serviceName: kafka-svc
+  replicas: 3
+  selector:
+    matchLabels:
+      app: kafka-app
+  template:
+    metadata:
+      labels:
+        app: kafka-app
+    spec:
+      containers:
+        - name: kafka-container
+          image: doughgle/kafka-kraft
+          ports:
+            - containerPort: 9092
+            - containerPort: 9093
+          env:
+            - name: REPLICAS
+              value: '3'
+            - name: SERVICE
+              value: kafka-svc
+            - name: NAMESPACE
+              value: kafka
+            - name: SHARE_DIR
+              value: /mnt/kafka
+            - name: CLUSTER_ID
+              value: bXktY2x1c3Rlci0xMjM0NQ==
+            - name: DEFAULT_REPLICATION_FACTOR
+              value: '3'
+            - name: DEFAULT_MIN_INSYNC_REPLICAS
+              value: '2'
+          volumeMounts:
+            - name: data
+              mountPath: /mnt/kafka
+  volumeClaimTemplates:
+    - metadata:
+        name: data
+      spec:
+        accessModes:
+          - 'ReadWriteOnce'
+        resources:
+          requests:
+            storage: '1Gi'
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: kafka-svc
+  namespace: kafka
+  labels:
+    app: kafka-app
+spec:
+  type: NodePort
+  ports:
+    - name: '9092'
+      port: 9092
+      protocol: TCP
+      targetPort: 9092
+      nodePort: 30092
+  selector:
+    app: kafka-app

package/manifests/kubeadm-calico-config.yaml

@@ -0,0 +1,119 @@
+# This consolidated YAML file contains configurations for:
+# 1. Calico Installation (Installation and APIServer resources)
+# 2. A permissive Egress NetworkPolicy for the 'default' namespace
+#
+# These are standard Kubernetes resources that can be applied directly using 'kubectl apply'.
+# The kubeadm-specific ClusterConfiguration and InitConfiguration have been removed
+# as they are only processed by the 'kubeadm init' command, not 'kubectl apply'.
+
+# --- Calico Installation: Base configuration for Calico ---
+# For more information, see: https://projectcalico.docs.tigera.io/master/reference/installation/api#operator.tigera.io/v1.Installation
+apiVersion: operator.tigera.io/v1
+kind: Installation
+metadata:
+  name: default
+spec:
+  # Configures Calico networking.
+  calicoNetwork:
+    # Note: The ipPools section cannot be modified post-install.
+    ipPools:
+      - blockSize: 26
+        cidr: 192.168.0.0/16
+        encapsulation: VXLANCrossSubnet
+        natOutgoing: Enabled
+        nodeSelector: all()
+
+---
+# This section configures the Calico API server.
+# For more information, see: https://projectcalico.docs.tigera.io/master/reference/installation/api#operator.tigera.io/v1.APIServer
+apiVersion: operator.tigera.io/v1
+kind: APIServer
+metadata:
+  name: default
+spec: {}
+
+---
+# This consolidated NetworkPolicy file ensures that all pods in the specified namespaces
+# have unrestricted egress (outbound) access.
+# This is useful for troubleshooting or for environments where strict egress control
+# is not immediately required for these system/default namespaces.
+
+---
+# Policy for the 'default' namespace
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-all-egress-default-namespace
+  namespace: default # This policy applies to the 'default' namespace
+spec:
+  podSelector: {} # Selects all pods in this namespace
+  policyTypes:
+    - Egress
+  egress:
+    - to:
+        - ipBlock:
+            cidr: 0.0.0.0/0 # Allows traffic to any IPv4 address
+
+---
+# Policy for the 'kube-system' namespace
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-all-egress-kube-system-namespace
+  namespace: kube-system # This policy applies to the 'kube-system' namespace
+spec:
+  podSelector: {} # Selects all pods in this namespace
+  policyTypes:
+    - Egress
+  egress:
+    - to:
+        - ipBlock:
+            cidr: 0.0.0.0/0 # Allows traffic to any IPv4 address
+
+---
+# Policy for the 'kube-node-lease' namespace
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-all-egress-kube-node-lease-namespace
+  namespace: kube-node-lease # This policy applies to the 'kube-node-lease' namespace
+spec:
+  podSelector: {} # Selects all pods in this namespace
+  policyTypes:
+    - Egress
+  egress:
+    - to:
+        - ipBlock:
+            cidr: 0.0.0.0/0 # Allows traffic to any IPv4 address
+
+---
+# Policy for the 'kube-public' namespace
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-all-egress-kube-public-namespace
+  namespace: kube-public # This policy applies to the 'kube-public' namespace
+spec:
+  podSelector: {} # Selects all pods in this namespace
+  policyTypes:
+    - Egress
+  egress:
+    - to:
+        - ipBlock:
+            cidr: 0.0.0.0/0 # Allows traffic to any IPv4 address
+
+---
+# Policy for the 'tigera-operator' namespace
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-all-egress-tigera-operator-namespace
+  namespace: tigera-operator # This policy applies to the 'tigera-operator' namespace
+spec:
+  podSelector: {} # Selects all pods in this namespace
+  policyTypes:
+    - Egress
+  egress:
+    - to:
+        - ipBlock:
+            cidr: 0.0.0.0/0 # Allows traffic to any IPv4 address

package/manifests/mongodb-4.4/service-deployment.yaml

@@ -16,7 +16,7 @@ spec:
       hostname: mongo
       containers:
         - name: mongodb
-          image: docker.io/library/mongo:4.4
+          image: mongo:4.4
           command: ['mongod', '--replSet', 'rs0', '--bind_ip_all']
           # -- bash
           # mongo

package/manifests/postgresql/configmap.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: postgres-config
+  labels:
+    app: postgres
+data:
+  POSTGRES_DB: postgresdb
+  POSTGRES_USER: admin

package/manifests/postgresql/kustomization.yaml

@@ -0,0 +1,10 @@
+---
+# kubectl apply -k postgresql/.
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - pv.yaml
+  - pvc.yaml
+  - configmap.yaml
+  - statefulset.yaml
+  - service.yaml

package/manifests/postgresql/pv.yaml

@@ -0,0 +1,15 @@
+kind: PersistentVolume
+apiVersion: v1
+metadata:
+  name: postgres-pv-volume
+  labels:
+    type: local
+    app: postgres
+spec:
+  storageClassName: manual
+  capacity:
+    storage: 5Gi
+  accessModes:
+    - ReadWriteMany
+  hostPath:
+    path: '/mnt/data'

package/manifests/postgresql/pvc.yaml

@@ -0,0 +1,13 @@
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: postgres-pv-claim
+  labels:
+    app: postgres
+spec:
+  storageClassName: manual
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 5Gi

package/manifests/postgresql/service.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: postgres-service
+spec:
+  clusterIP: None
+  selector:
+    app: postgres
+  ports:
+    - port: 5432

package/manifests/postgresql/statefulset.yaml

@@ -0,0 +1,37 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: postgres
+spec:
+  serviceName: postgres
+  replicas: 1
+  selector:
+    matchLabels:
+      app: postgres
+  template:
+    metadata:
+      labels:
+        app: postgres
+    spec:
+      containers:
+        - name: postgres
+          image: postgres:latest
+          imagePullPolicy: Never
+          ports:
+            - containerPort: 5432
+          envFrom:
+            - configMapRef:
+                name: postgres-config
+          env:
+            - name: POSTGRES_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: postgres-secret
+                  key: password
+          volumeMounts:
+            - mountPath: /var/lib/postgresql/data
+              name: postgredb
+      volumes:
+        - name: postgredb
+          persistentVolumeClaim:
+            claimName: postgres-pv-claim

package/manifests/valkey/statefulset.yaml

@@ -1,4 +1,3 @@
----
 apiVersion: apps/v1
 kind: StatefulSet
 metadata:
@@ -15,9 +14,14 @@ spec:
       labels:
         app: service-valkey
     spec:
+      # Prevent automatic token mounting if you're not using the default ServiceAccount
+      automountServiceAccountToken: false
+
       containers:
         - name: service-valkey
-          image: docker.io/valkey/valkey:latest
+          image: valkey/valkey:latest
+          # Ensure you pull only if not present (Never will error if missing)
+          imagePullPolicy: Never
           env:
             - name: TZ
               value: Europe/Zurich
@@ -35,5 +39,3 @@ spec:
             failureThreshold: 2
             periodSeconds: 30
             timeoutSeconds: 5
-      restartPolicy: Always
-      automountServiceAccountToken: false

package/package.json

@@ -2,7 +2,7 @@
     "type": "module",
     "main": "src/index.js",
     "name": "underpost",
-    "version": "2.8.65",
+    "version": "2.8.71",
     "description": "pwa api rest template",
     "scripts": {
         "start": "env-cmd -f .env.production node --max-old-space-size=8192 src/server",
@@ -11,6 +11,7 @@
         "dev": "env-cmd -f .env.development node src/client.dev default",
         "dev-img": "env-cmd -f .env.development node src/server",
         "prod-img": "env-cmd -f .env.production node src/server",
+        "monitor": "pm2 start bin/deploy.js --name monitor -- monitor",
         "dev-api": "env-cmd -f .env.development nodemon --watch src --ignore src/client src/api",
         "dev-client": "env-cmd -f .env.development node src/client.dev",
         "proxy": "node src/proxy proxy",