Solution

.infrastructure/helm-chart/todoapp/Chart.yaml

@@ -0,0 +1,8 @@
+apiVersion: v2
+name: todoapp
+description: A Helm chart for Kubernetes
+type: application
+version: 0.1.0
+appVersion: "1.16.0"
+dependencies:
+- name: mysql

.infrastructure/helm-chart/todoapp/charts/mysql/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

.infrastructure/helm-chart/todoapp/charts/mysql/Chart.yaml

@@ -0,0 +1,24 @@
+apiVersion: v2
+name: mysql
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.16.0"

.infrastructure/helm-chart/todoapp/charts/mysql/templates/configMap.yml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Chart.Name }}
+  namespace: {{ .Values.mysql.namespace }}
+  labels:
+    app: {{ .Chart.Name }}
+data:
+  init.sql: |
+    GRANT ALL PRIVILEGES ON app_db.* TO 'app_user'@'%';
+    USE app_db;
+    CREATE TABLE counter (
+        id INT AUTO_INCREMENT PRIMARY KEY,
+        value INT
+    );

.infrastructure/helm-chart/todoapp/charts/mysql/templates/ns.yml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: {{ .Chart.Name }}

.infrastructure/helm-chart/todoapp/charts/mysql/templates/secret.yml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Chart.Name }}-secrets
+  namespace: {{ .Values.mysql.namespace }}
+type: Opaque
+data:
+  {{- range $k, $v := .Values.mysql.secret }}
+    {{ $k }}: {{ $v }}
+  {{ end }}

.infrastructure/helm-chart/todoapp/charts/mysql/templates/service.yml

@@ -0,0 +1,17 @@
+# Headless service for stable DNS entries of StatefulSet members.
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Chart.Name }}
+  namespace: {{ .Values.mysql.namespace }}
+spec:
+  selector:
+    app: {{ .Chart.Name }}
+  ports:
+  - name: {{ .Chart.Name }}
+    port: 3306
+  clusterIP: None
+
+# pod-name.service-name.namespace.svc.cluster.local
+# pod-name.service-name
+# mysql-0.mysql.mysql.svc.cluster.local

.infrastructure/helm-chart/todoapp/charts/mysql/templates/statefulSet.yml

@@ -0,0 +1,89 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ .Chart.Name }}
+  namespace: {{ .Values.mysql.namespace}}
+spec:
+  selector:
+    matchLabels:
+      app: {{ .Chart.Name }}
+  replicas: {{ .Values.mysql.replicas }}
+  serviceName: {{ .Chart.Name }}
+  template:
+    metadata:
+      labels:
+        app: {{ .Chart.Name }}
+    spec:
+      containers:
+      - name: {{ .Chart.Name }}
+        image: {{ .Values.mysql.image.repository }}:{{ .Values.mysql.image.tag }}
+        env:
+        {{- range $k, $v := .Values.mysql.secret }}
+        - name: {{ $k }}
+          valueFrom:
+            secretKeyRef:
+              name: mysql-secrets
+              key: {{ $k }}
+        {{- end }}
+        - name: MYSQL_DATABASE
+          value: app_db
+        ports:
+        - name: {{ .Chart.Name }}
+          containerPort: 3306
+        volumeMounts:
+        - name: data
+          mountPath: /var/lib/mysql
+          subPath: {{ .Chart.Name }}
+        - name: config-map
+          mountPath: /docker-entrypoint-initdb.d
+        resources:
+          requests:
+            cpu: {{ .Values.mysql.resources.requests.cpu }}
+            memory: {{ .Values.mysql.resources.requests.memory }}
+        livenessProbe:
+          exec:
+            command: ["mysqladmin", "ping"]
+          initialDelaySeconds: 30
+          periodSeconds: 10
+          timeoutSeconds: 5
+        readinessProbe:
+          exec:
+            command: ["mysqladmin", "ping"]
+          initialDelaySeconds: 5
+          periodSeconds: 2
+          timeoutSeconds: 1
+      volumes:
+      - name: config-map
+        configMap:
+          name: {{ .Chart.Name }}
+      tolerations:
+      - key: {{ .Values.mysql.tolerations.key }}
+        operator: {{ .Values.mysql.tolerations.operator }}
+        value: {{ .Values.mysql.tolerations.value }}
+        effect: {{ .Values.mysql.tolerations.effect }}
+      affinity:
+        podAntiAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            - labelSelector:
+                matchExpressions:
+                  - key: {{ .Values.mysql.affinities.podAntiAffinity.key}}
+                    operator: {{ .Values.mysql.affinities.podAntiAffinity.operator}}
+                    values:
+                    - {{ .Values.mysql.affinities.podAntiAffinity.values}}
+              topologyKey: "kubernetes.io/hostname"
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+              - matchExpressions:
+                  - key: {{ .Values.mysql.affinities.nodeAffinity.key }}
+                    operator: {{ .Values.mysql.affinities.nodeAffinity.operator }}
+                    values:
+                    - {{ .Values.mysql.affinities.nodeAffinity.values }}
+  volumeClaimTemplates:
+  - metadata:
+      name: data
+    spec:
+      accessModes: ["ReadWriteOnce"]
+      resources:
+        requests:
+          storage: {{ .Values.mysql.pvcStorageRequest }}

.infrastructure/helm-chart/todoapp/charts/mysql/values.yaml

@@ -0,0 +1,36 @@
+mysql:
+  namespace: mysql
+
+  secret:
+    MYSQL_ROOT_PASSWORD: "MTIzNA==" # Base64 encoding for "1234"
+    MYSQL_USER: "YXBwX3VzZXI=" # Base64 encoding for "app_user"
+    MYSQL_PASSWORD: "MTIzNA==" # Base64 encoding for "1234"
+
+  replicas: 2
+
+  image:
+    repository: mysql
+    tag: 8.0
+
+  resources:
+    requests:
+      cpu: 500m
+      memory: 1Gi
+
+  pvcStorageRequest: 2Gi
+
+  tolerations:
+    key: "app"
+    operator: "Equal"
+    value: "mysql"
+    effect: "NoSchedule"
+
+  affinities:
+    podAntiAffinity:
+        key: "app"
+        operator: In
+        values: "mysql"
+    nodeAffinity:
+      key: "app"
+      operator: In
+      values: "mysql"

.infrastructure/helm-chart/todoapp/templates/clusterIp.yml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Chart.Name }}-service
+  namespace: {{ .Values.todoapp.namespace }}
+spec:
+  type: ClusterIP
+  selector:
+    app: todoapp
+  ports:
+  - protocol: TCP
+    port: 80
+    targetPort: 8080

.infrastructure/helm-chart/todoapp/templates/configMap.yml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Chart.Name }}-config
+  namespace: {{ .Values.todoapp.namespace }}
+data:
+  PYTHONUNBUFFERED: "1"

.infrastructure/helm-chart/todoapp/templates/deployment.yml

@@ -0,0 +1,86 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ .Chart.Name }}
+  namespace: {{ .Values.todoapp.namespace }}
+spec:
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: {{ .Values.todoapp.rollingUpdate.maxSurge }}
+      maxUnavailable: {{ .Values.todoapp.rollingUpdate.maxUnavailable }}
+  selector:
+    matchLabels:
+      app: {{ .Chart.Name }}
+  template:
+    metadata:
+      labels:
+        app: {{ .Chart.Name }}
+    spec:
+      serviceAccountName: {{ .Values.todoapp.RBAC.name }}
+      containers:
+      - name: {{ .Chart.Name }}
+        image: {{ .Values.todoapp.image.repository}}:{{ .Values.todoapp.image.tag }}
+        volumeMounts:
+        - name: data
+          mountPath: /app/data
+        - name: app-secrets-volume
+          mountPath: "/app/secrets"
+          readOnly: true
+        - name: app-config-volume
+          mountPath: "/app/configs"
+          readOnly: true
+        resources:
+          requests:
+            memory: {{ .Values.todoapp.resources.requests.memory }}
+            cpu: {{ .Values.todoapp.resources.requests.cpu }}
+          limits:
+            memory: {{ .Values.todoapp.resources.limits.memory }}
+            cpu: {{ .Values.todoapp.resources.limits.cpu }}
+        env:
+        - name: PYTHONUNBUFFERED
+          valueFrom:
+            configMapKeyRef:
+              name: {{ .Chart.Name }}-config
+              key: PYTHONUNBUFFERED
+        {{- range $k, $v := .Values.todoapp.secrets }}
+        - name: {{ $k }}
+          valueFrom:
+            secretKeyRef:
+              name: todoapp-secret
+              key: {{ $k }}
+        {{- end }}
+        ports:
+        - containerPort: 8080
+        livenessProbe:
+          httpGet:
+            path: api/health
+            port: 8080
+          initialDelaySeconds: 60
+          periodSeconds: 5
+        readinessProbe:
+          httpGet:
+            path: api/ready
+            port: 8080
+          initialDelaySeconds: 5
+          periodSeconds: 5
+      volumes:
+      - name: data
+        persistentVolumeClaim:
+          claimName: {{ .Chart.Name }}-pvc
+      - name: app-secrets-volume
+        secret:
+          secretName: {{ .Chart.Name }}-secret
+      - name: app-config-volume
+        configMap:
+          name: {{ .Chart.Name }}-config
+      affinity:
+        nodeAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+          - weight: 1
+            preference:
+              matchExpressions:
+              - key: app
+                operator: In
+                values:
+                - kube2py

.infrastructure/helm-chart/todoapp/templates/hpa.yml

@@ -0,0 +1,25 @@
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: {{ .Chart.Name }}-hpa
+  namespace: {{ .Values.todoapp.namespace }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: todoapp
+  minReplicas: {{ .Values.todoapp.hpa.minReplicas }}
+  maxReplicas: {{ .Values.todoapp.hpa.maxReplicas }}
+  metrics:
+  - type: Resource
+    resource:
+      name: cpu
+      target:
+        type: Utilization
+        averageUtilization: {{ .Values.todoapp.hpa.resourceAvgUtilization.cpu }}
+  - type: Resource
+    resource:
+      name: memory
+      target:
+        type: Utilization
+        averageUtilization: {{ .Values.todoapp.hpa.resourceAvgUtilization.memory }}

.infrastructure/helm-chart/todoapp/templates/ingress.yml

@@ -0,0 +1,18 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ .Chart.Name }}-ingress
+  namespace: {{ .Values.todoapp.namespace }}
+  annotations:
+    nginx.ingress.kubernetes.io/rewrite-target: /$2
+spec:
+  rules:
+  - http:
+      paths:
+      - pathType: Prefix
+        path: /(|$)(.*)
+        backend:
+          service:
+            name: {{ .Chart.Name }}-service
+            port:
+              number: 80