kunthar · December 11, 2024 15:02
diff --git a/deployment.yaml b/deployment.yaml
 apiVersion: v1
 kind: Namespace
 metadata:
  name: hophop
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: hoppscotch-backend
  namespace: hophop
  labels:
    app: hoppscotch-backend
 spec:
  replicas: 1
  selector:
    matchLabels:
      app: hoppscotch-backend
  template:
    metadata:
      labels:
        app: hoppscotch-backend
    spec:
      containers:
        - name: hoppscotch-backend
          image: hoppscotch/hoppscotch-backend:latest # Use the latest version of Hoppscotch backend
          # run this migration task on first run. also check and run again from time to time. 
          # i had no time for initcontainers.
          #command: ["pnpx", "prisma", "migrate", "deploy"]
          ports:
            - containerPort: 3170 # Default port for backend
          envFrom:
            - configMapRef:
                name: hophop-env-vars

 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: hoppscotch-frontend
  namespace: hophop
  labels:
    app: hoppscotch-frontend
 spec:
  replicas: 1
  selector:
    matchLabels:
      app: hoppscotch-frontend
  template:
    metadata:
      labels:
        app: hoppscotch-frontend
    spec:
      containers:
        - name: hoppscotch-frontend
          image: hoppscotch/hoppscotch-frontend:latest # Use the latest version of Hoppscotch frontend
          ports:
            - containerPort: 3000 # Default port for frontend
          envFrom:
            - configMapRef:
                name: hophop-env-vars


 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: hoppscotch-admin
  namespace: hophop
  labels:
    app: hoppscotch-admin
 spec:
  replicas: 1
  selector:
    matchLabels:
      app: hoppscotch-admin
  template:
    metadata:
      labels:
        app: hoppscotch-admin
    spec:
      containers:
        - name: hoppscotch-admin
          image: hoppscotch/hoppscotch-admin:latest # Use the latest version of Hoppscotch admin dashboard
          ports:
            - containerPort: 3100 # Default port for admin dashboard
          envFrom:
            - configMapRef:
                name: hophop-env-vars

 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: hoppscotch-backend-service
  namespace: hophop 
 spec:
  selector:
    app: hoppscotch-backend
  ports:
    - protocol: TCP
      port: 3170 
      targetPort: 3170 # Port exposed by the backend container

 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: hoppscotch-frontend-service
  namespace: hophop 
 spec:
  selector:
    app: hoppscotch-frontend 
  ports:
    - protocol: TCP 
      port: 80 
      targetPort: 3000 # Port exposed by the frontend container

 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: hoppscotch-admin-service 
  namespace: hophop 
 spec:
  selector:
    app: hoppscotch-admin
  ports:
    - protocol: TCP 
      port: 3100 # Port exposed by the admin container
      targetPort: 3100

 ---
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: hophop-env-vars
  namespace: hophop
 data:
  DATABASE_URL: "postgresql://hophopuser:[email protected]:5432/hophop"
  JWT_SECRET: "vzguwyer7548MNRe43SdERaW32494nHTYasdfpeincksp90784nmHJ" #random chars
  TOKEN_SALT_COMPLEXITY: "10"
  MAGIC_LINK_TOKEN_VALIDITY: "3"
  REFRESH_TOKEN_VALIDITY: "604800000" # Default validity is 7 days (604800000 ms) in ms
  ACCESS_TOKEN_VALIDITY: "604800000"
  SESSION_SECRET: "NMSGrtsdvvvEhgasfdsjhU834n&bhf73hacfsT43ghb" #random
  DATA_ENCRYPTION_KEY: "GklDBHGunpHxBUI4hPrKNhRcUO2sfQZF"  #should be 32 chars. be careful no more, no less.
  ALLOW_SECURE_COOKIES: "true"
  VITE_ALLOWED_AUTH_PROVIDERS: "EMAIL,MICROSOFT" # i had M$ setup. you can disable and go with email only.
  WHITELISTED_ORIGINS: "https://hs.example.com,https://hs.example.com/v1,https://hs.example.com/admin,https://hs.example.com/graphql"
  MICROSOFT_AUTH_ENABLED: "true" # Enable Microsoft authentication
  MICROSOFT_CLIENT_ID: "your_client_id" 
  MICROSOFT_CLIENT_SECRET: "your_secret" 
  MICROSOFT_CALLBACK_URL: "https://hs.example.com/v1/auth/microsoft/callback" 
  MICROSOFT_SCOPE: "user.read" 
  MICROSOFT_TENANT: "common" 
  VITE_BASE_URL: "https://hs.example.com"
  VITE_SHORTCODE_BASE_URL: "https://hs.example.com"
  VITE_ADMIN_URL: "https://hs.example.com/admin"
  ENABLE_SUBPATH_BASED_ACCESS: "true"  # if you are not using AIO. you should use this. 
  REDIRECT_URL: "https://hs.example.com"
  VITE_BACKEND_GQL_URL: "https://hs.example.com/graphql"
  VITE_BACKEND_WS_URL: "wss://https://hs.example.com/graphql"
  VITE_BACKEND_API_URL: "https://hs.example.com/v1"
  MAILER_SMTP_ENABLE: "true"
  MAILER_USE_CUSTOM_CONFIGS: "true"
  MAILER_ADDRESS_FROM: "[email protected]"
  MAILER_SMTP_URL: "smtps://youremailuser:[email protected]"
  MAILER_SMTP_HOST: "mail.yoursmtpprovider.com"
  MAILER_SMTP_PORT: "587"
  MAILER_SMTP_SECURE: "false"
  MAILER_SMTP_USER: "youremailuser"
  MAILER_SMTP_PASSWORD: "verysecret"
  MAILER_TLS_REJECT_UNAUTHORIZED: "false"
  RATE_LIMIT_TTL: "246"
  RATE_LIMIT_MAX: "200"

 # Notes:
 # You should have postgres installation in cluster. 
 # You should have ingress nginx installed. 
 # redis can be added later. 
 # pls. pay attention, env vars added to all three containers.

diff --git a/ingress.yaml b/ingress.yaml
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: hoppscotch-ingress
  namespace: hophop
  annotations:    
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    cert-manager.io/cluster-issuer: "cloudflare"
    cert-manager.io/acme-challenge-type: http01
    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
    nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
    acme.cert-manager.io/http01-edit-in-place: "true" # important!
    nginx.ingress.kubernetes.io/websocket-services: "graphql"
    nginx.ingress.kubernetes.io/proxy-set-headers: "ingress-proxy-headers"
    nginx.ingress.kubernetes.io/configuration-snippet: |
      add_header Cache-Control "no-cache, no-store, must-revalidate";
      add_header Pragma "no-cache";
      add_header Expires "0";
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/websocket-services: "graphql"

 spec:
  ingressClassName: nginx
  rules:
    - host: hs.example.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: hoppscotch-frontend-service # Frontend service name
                port:
                  number: 80
          - path: /admin
            pathType: Prefix
            backend:
              service:
                name: hoppscotch-admin-service # Admin service name
                port:
                  number: 3100
          - path: /graphql
            pathType: Prefix
            backend:
              service:
                name: hoppscotch-backend-service
                port:
                  number: 3170
          - path: /v1/
            pathType: Prefix
            backend:
              service:
                name: hoppscotch-backend-service
                port:
                  number: 3170

  tls:
  - hosts:
    - hs.example.com
    secretName: hs.example.com-tls


 ---
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: ingress-proxy-headers
  namespace: hophop
 data:
  X-Forwarded-For: "$proxy_add_x_forwarded_for"
  X-Forwarded-Proto: "$scheme"
  X-Real-IP: "$remote_addr"
  Host: "$host"

 # Notes:
 # If you are not using Cloudflare provider, adjust accordingly. 
 # service worker works in funny ways for admin. always do check after ctlr+shift+R
	apiVersion: v1
	kind: Namespace
	metadata:
	name: hophop
	---
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	name: hoppscotch-backend
	namespace: hophop
	labels:
	app: hoppscotch-backend
	spec:
	replicas: 1
	selector:
	matchLabels:
	app: hoppscotch-backend
	template:
	metadata:
	labels:
	app: hoppscotch-backend
	spec:
	containers:
	- name: hoppscotch-backend
	image: hoppscotch/hoppscotch-backend:latest # Use the latest version of Hoppscotch backend
	# run this migration task on first run. also check and run again from time to time.
	# i had no time for initcontainers.
	#command: ["pnpx", "prisma", "migrate", "deploy"]
	ports:
	- containerPort: 3170 # Default port for backend
	envFrom:
	- configMapRef:
	name: hophop-env-vars

	---
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	name: hoppscotch-frontend
	namespace: hophop
	labels:
	app: hoppscotch-frontend
	spec:
	replicas: 1
	selector:
	matchLabels:
	app: hoppscotch-frontend
	template:
	metadata:
	labels:
	app: hoppscotch-frontend
	spec:
	containers:
	- name: hoppscotch-frontend
	image: hoppscotch/hoppscotch-frontend:latest # Use the latest version of Hoppscotch frontend
	ports:
	- containerPort: 3000 # Default port for frontend
	envFrom:
	- configMapRef:
	name: hophop-env-vars


	---
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	name: hoppscotch-admin
	namespace: hophop
	labels:
	app: hoppscotch-admin
	spec:
	replicas: 1
	selector:
	matchLabels:
	app: hoppscotch-admin
	template:
	metadata:
	labels:
	app: hoppscotch-admin
	spec:
	containers:
	- name: hoppscotch-admin
	image: hoppscotch/hoppscotch-admin:latest # Use the latest version of Hoppscotch admin dashboard
	ports:
	- containerPort: 3100 # Default port for admin dashboard
	envFrom:
	- configMapRef:
	name: hophop-env-vars

	---
	apiVersion: v1
	kind: Service
	metadata:
	name: hoppscotch-backend-service
	namespace: hophop
	spec:
	selector:
	app: hoppscotch-backend
	ports:
	- protocol: TCP
	port: 3170
	targetPort: 3170 # Port exposed by the backend container

	---
	apiVersion: v1
	kind: Service
	metadata:
	name: hoppscotch-frontend-service
	namespace: hophop
	spec:
	selector:
	app: hoppscotch-frontend
	ports:
	- protocol: TCP
	port: 80
	targetPort: 3000 # Port exposed by the frontend container

	---
	apiVersion: v1
	kind: Service
	metadata:
	name: hoppscotch-admin-service
	namespace: hophop
	spec:
	selector:
	app: hoppscotch-admin
	ports:
	- protocol: TCP
	port: 3100 # Port exposed by the admin container
	targetPort: 3100

	---
	apiVersion: v1
	kind: ConfigMap
	metadata:
	name: hophop-env-vars
	namespace: hophop
	data:
	DATABASE_URL: "postgresql://hophopuser:[email protected]:5432/hophop"
	JWT_SECRET: "vzguwyer7548MNRe43SdERaW32494nHTYasdfpeincksp90784nmHJ" #random chars
	TOKEN_SALT_COMPLEXITY: "10"
	MAGIC_LINK_TOKEN_VALIDITY: "3"
	REFRESH_TOKEN_VALIDITY: "604800000" # Default validity is 7 days (604800000 ms) in ms
	ACCESS_TOKEN_VALIDITY: "604800000"
	SESSION_SECRET: "NMSGrtsdvvvEhgasfdsjhU834n&bhf73hacfsT43ghb" #random
	DATA_ENCRYPTION_KEY: "GklDBHGunpHxBUI4hPrKNhRcUO2sfQZF" #should be 32 chars. be careful no more, no less.
	ALLOW_SECURE_COOKIES: "true"
	VITE_ALLOWED_AUTH_PROVIDERS: "EMAIL,MICROSOFT" # i had M$ setup. you can disable and go with email only.
	WHITELISTED_ORIGINS: "https://hs.example.com,https://hs.example.com/v1,https://hs.example.com/admin,https://hs.example.com/graphql"
	MICROSOFT_AUTH_ENABLED: "true" # Enable Microsoft authentication
	MICROSOFT_CLIENT_ID: "your_client_id"
	MICROSOFT_CLIENT_SECRET: "your_secret"
	MICROSOFT_CALLBACK_URL: "https://hs.example.com/v1/auth/microsoft/callback"
	MICROSOFT_SCOPE: "user.read"
	MICROSOFT_TENANT: "common"
	VITE_BASE_URL: "https://hs.example.com"
	VITE_SHORTCODE_BASE_URL: "https://hs.example.com"
	VITE_ADMIN_URL: "https://hs.example.com/admin"
	ENABLE_SUBPATH_BASED_ACCESS: "true" # if you are not using AIO. you should use this.
	REDIRECT_URL: "https://hs.example.com"
	VITE_BACKEND_GQL_URL: "https://hs.example.com/graphql"
	VITE_BACKEND_WS_URL: "wss://https://hs.example.com/graphql"
	VITE_BACKEND_API_URL: "https://hs.example.com/v1"
	MAILER_SMTP_ENABLE: "true"
	MAILER_USE_CUSTOM_CONFIGS: "true"
	MAILER_ADDRESS_FROM: "[email protected]"
	MAILER_SMTP_URL: "smtps://youremailuser:[email protected]"
	MAILER_SMTP_HOST: "mail.yoursmtpprovider.com"
	MAILER_SMTP_PORT: "587"
	MAILER_SMTP_SECURE: "false"
	MAILER_SMTP_USER: "youremailuser"
	MAILER_SMTP_PASSWORD: "verysecret"
	MAILER_TLS_REJECT_UNAUTHORIZED: "false"
	RATE_LIMIT_TTL: "246"
	RATE_LIMIT_MAX: "200"

	# Notes:
	# You should have postgres installation in cluster.
	# You should have ingress nginx installed.
	# redis can be added later.
	# pls. pay attention, env vars added to all three containers.
	apiVersion: networking.k8s.io/v1
	kind: Ingress
	metadata:
	name: hoppscotch-ingress
	namespace: hophop
	annotations:
	nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
	cert-manager.io/cluster-issuer: "cloudflare"
	cert-manager.io/acme-challenge-type: http01
	nginx.ingress.kubernetes.io/ssl-passthrough: "true"
	nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
	acme.cert-manager.io/http01-edit-in-place: "true" # important!
	nginx.ingress.kubernetes.io/websocket-services: "graphql"
	nginx.ingress.kubernetes.io/proxy-set-headers: "ingress-proxy-headers"
	nginx.ingress.kubernetes.io/configuration-snippet: \|
	add_header Cache-Control "no-cache, no-store, must-revalidate";
	add_header Pragma "no-cache";
	add_header Expires "0";
	nginx.ingress.kubernetes.io/ssl-redirect: "true"
	nginx.ingress.kubernetes.io/websocket-services: "graphql"

	spec:
	ingressClassName: nginx
	rules:
	- host: hs.example.com
	http:
	paths:
	- path: /
	pathType: Prefix
	backend:
	service:
	name: hoppscotch-frontend-service # Frontend service name
	port:
	number: 80
	- path: /admin
	pathType: Prefix
	backend:
	service:
	name: hoppscotch-admin-service # Admin service name
	port:
	number: 3100
	- path: /graphql
	pathType: Prefix
	backend:
	service:
	name: hoppscotch-backend-service
	port:
	number: 3170
	- path: /v1/
	pathType: Prefix
	backend:
	service:
	name: hoppscotch-backend-service
	port:
	number: 3170

	tls:
	- hosts:
	- hs.example.com
	secretName: hs.example.com-tls


	---
	apiVersion: v1
	kind: ConfigMap
	metadata:
	name: ingress-proxy-headers
	namespace: hophop
	data:
	X-Forwarded-For: "$proxy_add_x_forwarded_for"
	X-Forwarded-Proto: "$scheme"
	X-Real-IP: "$remote_addr"
	Host: "$host"

	# Notes:
	# If you are not using Cloudflare provider, adjust accordingly.
	# service worker works in funny ways for admin. always do check after ctlr+shift+R