herel/math-tables
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity
Files
f94dd12216cb40763b3852a3899a856eb15e45de
math-tables/deploy/README.md
Rene Luria f94dd12216 feat: Configure production deployment with math-tables namespace and ingress 
Changes made:

- Remove problematic configuration-snippet from base ingress

- Add namespace creation for math-tables

- Configure ingress with nginx class and letsencrypt-prod issuer

- Set production hostname to math-tables.cl1.parano.ch

- Reduce production replicas to 1

- Update copyright year in index.html
2025-09-03 22:06:32 +02:00

2.7 KiB
Raw Blame History

Math Exercises Application - Kubernetes Deployment

This directory contains the Kubernetes deployment configuration for the Math Exercises application, with security best practices applied.

Directory Structure

deploy/
├── base/                 # Base kustomize configuration
│   ├── deployment.yaml      # Application deployment
│   ├── service.yaml         # Internal service
│   ├── ingress.yaml         # External access configuration
│   ├── network-policy.yaml  # Network security policies
│   ├── configmap.yaml       # Application configuration
│   ├── pod-disruption-budget.yaml  # High availability
│   └── kustomization.yaml   # Base kustomize file
├── overlays/             # Environment-specific configurations
│   ├── development/         # Development environment
│   │   ├── deployment-patch.yaml   # Dev-specific deployment settings
│   │   └── kustomization.yaml      # Dev kustomize file
│   └── production/          # Production environment
│       ├── deployment-patch.yaml   # Prod-specific deployment settings
│       ├── security-patch.yaml     # Additional security settings
│       └── kustomization.yaml      # Prod kustomize file
└── SECURITY_CHECKLIST.md    # Security implementation checklist

Security Features Implemented

The deployment implements the following security best practices:

  1. Pod Security:

    • Non-root user execution
    • ReadOnly root filesystem
    • Disabled privilege escalation
    • Minimal container capabilities
    • Seccomp profiles

  2. Network Security:

    • Network policies restricting traffic
    • TLS-enforced ingress with security headers
    • Internal service exposure only

  3. Configuration Security:

    • ConfigMaps for configuration separation
    • Resource limits and requests
    • Health checks with appropriate timeouts

  4. Operational Security:

    • PodDisruptionBudget for high availability
    • Environment-specific configurations
    • Versioned image tags

Deployment Instructions

Development Environment

kubectl apply -k deploy/overlays/development

Production Environment

kubectl apply -k deploy/overlays/production

Security Verification

To verify security settings are properly applied:

# Check security context
kubectl get deployment math-exercises-app -o jsonpath='{.spec.template.spec.containers[0].securityContext}'

# Check network policies
kubectl get networkpolicy

# Check resource limits
kubectl get deployment math-exercises-app -o jsonpath='{.spec.template.spec.containers[0].resources}'

See SECURITY_CHECKLIST.md for a comprehensive list of implemented security measures.

Reference in New Issue View Git Blame Copy Permalink