Appearance
Kubernetes Manifests Documentation
Deployment
Backend Deployment (backend.yml)
- API: ASP.NET Core application
- Ports: 8080 (HTTP), 8443 (HTTPS)
- Health Checks:
- Startup:
/health/startup(failureThreshold: 30, periodSeconds: 10) - Liveness:
/api/live(initialDelay: 30s, period: 60s, timeout: 2s) - Readiness:
/health/ready(initialDelay: 5s, period: 5s, timeout: 2s)
- Startup:
- Resources: 100m CPU/64Mi min, 500m CPU/128Mi max
- Autoscaling: 1-10 replicas based on CPU (50%) and memory (70%)
Database (database.yml)
- Image: PostgreSQL 16
- Storage: 1Gi PersistentVolume via local-path StorageClass
- Health Checks:
- Liveness: TCP check on port 5432
- Readiness:
pg_isreadycommand
- Service: ClusterIP on port 5432
Frontend (frontend.yml)
- Image: Nginx
- Configuration: ConfigMap for Keycloak configuration
- Ports: 80 (HTTP), 443 (HTTPS)
- Health Checks:
- Startup Probe: HTTP GET on
/(failureThreshold: 30, periodSeconds: 10) - Liveness Probe: HTTP GET on
/(initialDelay: 30s, period: 60s, timeout: 2s) - Readiness Probe: HTTP GET on
/(initialDelay: 5s, period: 5s, timeout: 2s) - Resources: 50m CPU/64Mi min, 500m CPU/128Mi max
- Startup Probe: HTTP GET on
- Autoscaling: 1-10 replicas based on CPU (50%) and Memory (70%)
Network (ingress-proxy.yml)
- Ingress Controller: Nginx
- Host:
cloudstack.staging.tesnix.be - Routes:
/→ Frontend Service/api/*→ Backend Service/swagger/*→ Backend Service (API documentation)
- TLS: SSL redirect enforced, certificate via app-tls secret
- Host:
cloudstack.production.tesnix.be - Routes:
/→ Frontend Service/api/*→ Backend Service
- TLS: SSL redirect enforced, certificate via app-tls secret
Authentication (keycloak.yml, keycloak-database.yml)
- Keycloak: Version 26.0.0
- Database: Separate PostgreSQL instance
- Hostname:
cloudstack.auth.tesnix.be - Proxy Mode: Edge mode with X-Forwarded headers
- Storage: 1Gi PersistentVolume
Monitoring (uptime-kuma.yml)
- Image:
louislam/uptime-kuma:latest - Storage: 5Gi PersistentVolume
- Host:
cloudstack.kuma.tesnix.be - Host Aliases: Static DNS mapping for internal services
Cluster Tools
- Kubernetes Dashboard: Cluster management interface
- Metrics Server: Collects metrics for HPA and monitoring
Variables
Environment variables are injected via GitLab CI/CD into Kubernetes deployments for secure, environment-specific configuration.
Backend Variables (backend.yml)
CloudStack API Integration
| Variable | Description | Example | Required | GitLab Settings |
|---|---|---|---|---|
CLOUDSTACK_API_URL | Base URL of the CloudStack API management endpoint | https://api.cloud.example.com/client/api | ✅ | Variable |
CLOUDSTACK_API_KEY | API Key - Unique identifier for CloudStack user | AbCdEfGhIjKlMnOpQrStUvWxYz0123456789AbC | ✅ | Masked Variable |
CLOUDSTACK_SECRET_KEY | Secret Key for authentication and request signing | AbCdEfGhIjKlMnOpQrStUvWxYz0123456789AbC | ✅ | Masked Variable |
ZONE_ID | UUID of default CloudStack zone | b5c9f0d2-8a4e-47c3-9c1f-6a8b7e2d3c5a | ✅ | Variable |
SERVICEOFFERING_ID | UUID of default compute service offering | d8e7f6a5-4b3c-2d1e-9f0a-8b7c6d5e4f3a | ✅ | Variable |
Database Configuration
| Variable | Description | Example | Required | GitLab Settings |
|---|---|---|---|---|
ConnectionStrings__DefaultConnection | PostgreSQL connection string for .NET | Host=cloudstack-database;Port=5432;Database=cloudstack;Username=user;Password=pass; | ✅ | N/A (auto-generated) |
PG_HOST | PostgreSQL database hostname | cloudstack-database | ✅ | Variable |
PG_DB | PostgreSQL database name | cloudstack | ✅ | Variable |
PG_USER | PostgreSQL username | cloudstack_user | ✅ | Variable |
PG_PASSWORD | PostgreSQL password | secure_password_123 | ✅ | Masked Variable |
Authentication & Security
| Variable | Description | Example | Required | GitLab Settings |
|---|---|---|---|---|
AUTH_AUTHORITY | OIDC/OAuth2 authority URL (Keycloak) | https://cloudstack.auth.{domein naam}.be/realms/staging | ✅ | Variable |
AUTH_AUDIENCE | Expected audience for JWT tokens | cloudstack-backend | ✅ | Variable |
CORS_ALLOWED_ORIGIN | Allowed origins for CORS | https://cloudstack.staging.{domein naam}.be | ✅ | Variable |
Frontend Variables (frontend.yml)
| Variable | Description | Example | Required | GitLab Settings |
|---|---|---|---|---|
CI_ENVIRONMENT_NAME | GitLab CI/CD environment identifier | staging, production | ✅ | Auto (GitLab CI) |
CI_COMMIT_BRANCH | Git branch name (used as Keycloak realm) | staging, main, feature-branch | ✅ | Auto (GitLab CI) |
Database Variables (database.yml)
| Variable | Description | Example | Required | GitLab Settings |
|---|---|---|---|---|
PG_HOST | PostgreSQL database hostname | cloudstack-database | ✅ | Variable |
PG_DB | PostgreSQL database name | cloudstack | ✅ | Variable |
PG_USER | PostgreSQL username | cloudstack_user | ✅ | Variable |
PG_PASSWORD | PostgreSQL password | secure_password_123 | ✅ | Masked Variable |
Keycloak Database (keycloak-database.yml)
| Variable | Description | Example | Required | GitLab Settings |
|---|---|---|---|---|
KC_POSTGRES_USER | PostgreSQL username for Keycloak | keycloak_user | ✅ | Variable |
KC_POSTGRES_PASSWORD | PostgreSQL password for Keycloak | keycloak_password_123 | ✅ | Masked Variable |
Keycloak (keycloak.yml)
| Variable | Description | Example | Required | GitLab Settings |
|---|---|---|---|---|
KC_ADMIN | Keycloak administrator username | admin | ✅ | Masked Variable |
KC_ADMIN_PASS | Keycloak administrator password | secure_admin_password_123 | ✅ | Masked Variable |
KC_POSTGRES_USER | PostgreSQL username for Keycloak | keycloak_user | ✅ | Variable |
KC_POSTGRES_PASSWORD | PostgreSQL password for Keycloak | keycloak_password_123 | ✅ | Masked Variable |