herel/math-tables
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity
Files
b3426f7493ec64a4ded4e58f6f734ec4c144a347
math-tables/deploy
T
History
herel b3426f7493 feat: add health check endpoint and suppress health check logs 
Added a /health endpoint for application health monitoring

Implemented logging filter to suppress health check requests from logs

Updated Dockerfile and Kubernetes deployment to use the new health check endpoint

Incremented production image tag version
2025-09-04 00:42:53 +02:00
..
base
feat: add health check endpoint and suppress health check logs
2025-09-04 00:42:53 +02:00
overlays
feat: add health check endpoint and suppress health check logs
2025-09-04 00:42:53 +02:00
kustomization.yaml
feat: Configure production deployment with math-tables namespace and ingress
2025-09-03 22:06:32 +02:00
README.md
feat: Configure production deployment with math-tables namespace and ingress
2025-09-03 22:06:32 +02:00
SECURITY_CHECKLIST.md
feat: Configure production deployment with math-tables namespace and ingress
2025-09-03 22:06:32 +02:00

README.md

Math Exercises Application - Kubernetes Deployment

This directory contains the Kubernetes deployment configuration for the Math Exercises application, with security best practices applied.

Directory Structure

deploy/
├── base/                 # Base kustomize configuration
│   ├── deployment.yaml      # Application deployment
│   ├── service.yaml         # Internal service
│   ├── ingress.yaml         # External access configuration
│   ├── network-policy.yaml  # Network security policies
│   ├── configmap.yaml       # Application configuration
│   ├── pod-disruption-budget.yaml  # High availability
│   └── kustomization.yaml   # Base kustomize file
├── overlays/             # Environment-specific configurations
│   ├── development/         # Development environment
│   │   ├── deployment-patch.yaml   # Dev-specific deployment settings
│   │   └── kustomization.yaml      # Dev kustomize file
│   └── production/          # Production environment
│       ├── deployment-patch.yaml   # Prod-specific deployment settings
│       ├── security-patch.yaml     # Additional security settings
│       └── kustomization.yaml      # Prod kustomize file
└── SECURITY_CHECKLIST.md    # Security implementation checklist

Security Features Implemented

The deployment implements the following security best practices:

  1. Pod Security:

    • Non-root user execution
    • ReadOnly root filesystem
    • Disabled privilege escalation
    • Minimal container capabilities
    • Seccomp profiles

  2. Network Security:

    • Network policies restricting traffic
    • TLS-enforced ingress with security headers
    • Internal service exposure only

  3. Configuration Security:

    • ConfigMaps for configuration separation
    • Resource limits and requests
    • Health checks with appropriate timeouts

  4. Operational Security:

    • PodDisruptionBudget for high availability
    • Environment-specific configurations
    • Versioned image tags

Deployment Instructions

Development Environment

kubectl apply -k deploy/overlays/development

Production Environment

kubectl apply -k deploy/overlays/production

Security Verification

To verify security settings are properly applied:

# Check security context
kubectl get deployment math-exercises-app -o jsonpath='{.spec.template.spec.containers[0].securityContext}'

# Check network policies
kubectl get networkpolicy

# Check resource limits
kubectl get deployment math-exercises-app -o jsonpath='{.spec.template.spec.containers[0].resources}'

See SECURITY_CHECKLIST.md for a comprehensive list of implemented security measures.

Reference in New Issue View Git Blame Copy Permalink