Host web in kubernetes instead of Vercel (#647)
* chore: upgrade to node 16.13 * feat: add kubernetes manifests to run the web in kubernetes instead of Vercel * fix: rearrange build scripts for speed * feat: add readiness prope to never replace a working site with a failed one * fix: add headers for hsts etc * fix: add unsafe-inline * fix: duplicate entities inline-style * fix: add ipv6 support in web * fix: Ingress should be ClusterIP, not LoadBalancer * Add resources * feat: switch to main domain * fix: hsts preload requires www to also be encrypted
This commit is contained in:
parent
6589d85ab0
commit
565c27e6fb
|
@ -0,0 +1,2 @@
|
|||
k8s
|
||||
k8s
|
|
@ -0,0 +1,44 @@
|
|||
# Install dependencies only when needed
|
||||
FROM node:16-alpine AS builder
|
||||
# Check https://github.com/nodejs/docker-node/tree/b4117f9333da4138b03a546ec926ef50a31506c3#nodealpine to understand why libc6-compat might be needed.
|
||||
RUN apk add --no-cache libc6-compat autoconf automake build-base curl git libtool make nodejs npm pkgconf nasm yasm optipng
|
||||
WORKDIR /app
|
||||
COPY package.json yarn.lock ./
|
||||
RUN yarn install --frozen-lockfile
|
||||
|
||||
COPY . .
|
||||
ENV NEXT_TELEMETRY_DISABLED 1
|
||||
|
||||
RUN yarn build
|
||||
|
||||
# Production image, copy all the files and run next
|
||||
FROM node:16-alpine AS runner
|
||||
WORKDIR /app
|
||||
|
||||
ENV NODE_ENV production
|
||||
|
||||
RUN addgroup -g 1001 -S nodejs
|
||||
RUN adduser -S nextjs -u 1001
|
||||
|
||||
# You only need to copy next.config.js if you are NOT using the default configuration
|
||||
# COPY --from=builder /app/next.config.js ./
|
||||
COPY --from=builder /app/node_modules ./node_modules
|
||||
COPY --from=builder /app/package.json ./package.json
|
||||
COPY --from=builder /app/next.* ./
|
||||
COPY --from=builder /app/*.js ./
|
||||
COPY --from=builder /app/*.ts ./
|
||||
COPY --from=builder /app/public ./public
|
||||
COPY --from=builder --chown=nextjs:nodejs /app/.next ./.next
|
||||
|
||||
USER nextjs
|
||||
|
||||
EXPOSE 3000
|
||||
|
||||
ENV PORT 3000
|
||||
|
||||
# Next.js collects completely anonymous telemetry data about general usage.
|
||||
# Learn more here: https://nextjs.org/telemetry
|
||||
# Uncomment the following line in case you want to disable telemetry.
|
||||
ENV NEXT_TELEMETRY_DISABLED 1
|
||||
|
||||
CMD ["yarn", "start"]
|
|
@ -0,0 +1,4 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- web.yaml
|
|
@ -0,0 +1,93 @@
|
|||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: skolplattformen-web
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: skolplattformen-web
|
||||
namespace: skolplattformen-web
|
||||
spec:
|
||||
ports:
|
||||
- port: 3000
|
||||
type: ClusterIP
|
||||
selector:
|
||||
app: skolplattformen-web
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: skolplattformen-web
|
||||
namespace: skolplattformen-web
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: skolplattformen-web
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: skolplattformen-web
|
||||
spec:
|
||||
containers:
|
||||
- name: skolplattformen-web
|
||||
resources:
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 100Mi
|
||||
image: skolplattformen/web
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
port: 3000
|
||||
initialDelaySeconds: 10
|
||||
periodSeconds: 10
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
port: 3000
|
||||
initialDelaySeconds: 10
|
||||
periodSeconds: 10
|
||||
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: skolplattformen-web
|
||||
namespace: skolplattformen-web
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: 'letsencrypt-prod'
|
||||
nginx.ingress.kubernetes.io/from-to-www-redirect: 'true'
|
||||
nginx.ingress.kubernetes.io/http2-push-preload: 'true'
|
||||
nginx.ingress.kubernetes.io/proxy-body-size: '500m'
|
||||
nginx.ingress.kubernetes.io/proxy-pass-headers: 'Location'
|
||||
nginx.ingress.kubernetes.io/configuration-snippet: |
|
||||
more_set_headers "X-Content-Type-Options: nosniff";
|
||||
more_set_headers "X-Frame-Options: DENY";
|
||||
more_set_headers "X-Xss-Protection: 0";
|
||||
more_set_headers "Strict-Transport-Security: max-age=31536000; includeSubDomains; preload";
|
||||
more_set_headers "Cross-Origin-Resource-Policy: same-site";
|
||||
more_set_headers "Referrer-Policy strict-origin";
|
||||
external-dns.alpha.kubernetes.io/hostname: new.skolplattformen.org.
|
||||
|
||||
spec:
|
||||
ingressClassName: nginx
|
||||
tls:
|
||||
- hosts:
|
||||
- skolplattformen.org
|
||||
- www.skolplattformen.org
|
||||
secretName: web-secret-tls
|
||||
rules:
|
||||
- host: skolplattformen.org
|
||||
http:
|
||||
paths:
|
||||
- pathType: Prefix
|
||||
path: '/'
|
||||
backend:
|
||||
service:
|
||||
name: skolplattformen-web
|
||||
port:
|
||||
number: 3000
|
|
@ -0,0 +1,13 @@
|
|||
apiVersion: skaffold/v4beta1
|
||||
kind: Config
|
||||
metadata:
|
||||
name: skolplattformen-web
|
||||
build:
|
||||
artifacts:
|
||||
- image: skolplattformen/web
|
||||
context: .
|
||||
manifests:
|
||||
rawYaml:
|
||||
- k8s/web.yaml
|
||||
deploy:
|
||||
kubectl: {}
|
Loading…
Reference in New Issue