helm
This commit is contained in:
itumi
60
CLAUDE.md
Normal file
60
CLAUDE.md
Normal file
@@ -0,0 +1,60 @@
|
||||
# CLAUDE.md
|
||||
|
||||
This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
|
||||
|
||||
## Project Overview
|
||||
|
||||
Kubernetes deployment manifests for "Memelord Jake" — a Django meme-sharing application deployed on a cloud-native Kubernetes cluster. This repo contains **no application source code**, only infrastructure-as-code YAML manifests.
|
||||
|
||||
The Django app image is `ghcr.io/l4rm4nd/memelord:latest`. The cluster domain is `ee-lte-1.codemowers.io`.
|
||||
|
||||
## Deploying
|
||||
|
||||
```bash
|
||||
kubectl apply -f deployment.yaml # Backing services: PostgreSQL, Redis, S3, networking
|
||||
kubectl apply -f config.yaml # Django settings.py ConfigMap
|
||||
kubectl apply -f app.yaml # Memelord Deployment
|
||||
kubectl apply -f oidc.yaml # OIDC client configuration
|
||||
kubectl apply -f grafana.yaml # Grafana monitoring (includes namespace)
|
||||
kubectl apply -f monitoring.yaml # Prometheus Probe
|
||||
```
|
||||
|
||||
The cluster requires these operators pre-installed: CloudNativePG, DragonflyDB, Onyxia S3, cert-manager, Traefik, Codemowers Cloud OIDC, Prometheus operator.
|
||||
|
||||
## File Map
|
||||
|
||||
- **`deployment.yaml`** — Backing services: StringSecret + Dragonfly (Redis), StringSecret + Cluster + Database (PostgreSQL), Policy + S3User + Bucket (S3), Service + Certificate + Ingress
|
||||
- **`config.yaml`** — ConfigMap containing the full Django `settings.py`; the largest and most complex file. Configures DB, cache, security headers (CSP/HSTS), storage backends, OIDC, logging
|
||||
- **`app.yaml`** — Deployment for the Django app (1 replica, port 8000). Mounts `settings.py` from ConfigMap via `subPath`. All config injected via environment variables from Secrets
|
||||
- **`grafana.yaml`** — Complete Grafana stack: Namespace, ConfigMaps (Prometheus + Loki datasources, dashboard JSON), StatefulSet (5Gi SQLite), OIDC auth, Ingress with TLS
|
||||
- **`oidc.yaml`** — OIDCClient CR for Memelord app authentication via Passmower
|
||||
- **`monitoring.yaml`** — Prometheus Probe CR
|
||||
|
||||
## Architecture
|
||||
|
||||
```
|
||||
Namespace: memelord-jake
|
||||
|
||||
Memelord (Deployment) ──► PostgreSQL (CloudNativePG Cluster)
|
||||
──► DragonflyDB (Redis-compatible cache/sessions)
|
||||
──► MinIO S3 (media storage via Onyxia operator)
|
||||
──► Passmower OIDC (authentication)
|
||||
|
||||
Grafana (StatefulSet) ──► Prometheus (monitoring ns)
|
||||
──► Loki (monitoring ns)
|
||||
──► Passmower OIDC (authentication)
|
||||
|
||||
External access: Traefik Ingress + cert-manager TLS
|
||||
- memelord-jake.ee-lte-1.codemowers.io
|
||||
- grafana-jake.ee-lte-1.codemowers.io
|
||||
```
|
||||
|
||||
## Key Conventions
|
||||
|
||||
- Resource naming: prefix `memelord-jake-` for all backing services
|
||||
- Secrets auto-generated via `StringSecret` CRs (mittwald secret generator)
|
||||
- Django settings are fully environment-driven (12-factor); `config.yaml` reads everything from env vars
|
||||
- Storage class `postgres` for DB, `sqlite` for Grafana
|
||||
- Node selector: `codemowers.io/lvm-ubuntu-vg: enterprise-ssd`
|
||||
- ArgoCD destination cluster: `https://10.254.10.31:6443`
|
||||
- S3 uses path-style addressing (`AWS_S3_ADDRESSING_STYLE = 'path'`)
|
||||
Reference in New Issue
Block a user