# Example: deploying the full code system into `code-system` namespace. # # Prerequisites: # 1. Install CRDs: kubectl apply -f ../crd/ # 2. Install Operator: kubectl apply -f ../operator/deployment.yaml # # Then apply this file: # kubectl apply -f example/code-system.yaml apiVersion: v1 kind: Secret metadata: name: app-secrets namespace: code-system type: Opaque stringData: APP_DATABASE_URL: "postgres://user:password@postgres:5432/codedb?sslmode=disable" APP_REDIS_URLS: "redis://redis:6379" APP_SMTP_HOST: "smtp.example.com" APP_SMTP_PORT: "587" APP_SMTP_USERNAME: "noreply@example.com" APP_SMTP_PASSWORD: "change-me" APP_SMTP_FROM: "noreply@example.com" APP_AI_BASIC_URL: "https://api.openai.com/v1" APP_AI_API_KEY: "sk-change-me" APP_SSH_SERVER_PRIVATE_KEY: | -----BEGIN OPENSSH PRIVATE KEY----- ... paste your SSH private key here ... -----END OPENSSH PRIVATE KEY----- APP_SSH_SERVER_PUBLIC_KEY: "ssh-ed25519 AAAAC3... your-pub-key" --- # ---- App (main web service, 3 replicas) ---- apiVersion: code.dev/v1 kind: App metadata: name: app namespace: code-system spec: image: myapp/app:latest replicas: 3 imagePullPolicy: IfNotPresent env: - name: APP_DATABASE_URL valueFrom: secretRef: name: app-secrets secretName: app-secrets secretKey: APP_DATABASE_URL - name: APP_REDIS_URLS valueFrom: secretRef: name: app-secrets secretName: app-secrets secretKey: APP_REDIS_URLS - name: APP_SMTP_HOST valueFrom: secretRef: name: app-secrets secretName: app-secrets secretKey: APP_SMTP_HOST - name: APP_SMTP_USERNAME valueFrom: secretRef: name: app-secrets secretName: app-secrets secretKey: APP_SMTP_USERNAME - name: APP_SMTP_PASSWORD valueFrom: secretRef: name: app-secrets secretName: app-secrets secretKey: APP_SMTP_PASSWORD - name: APP_SMTP_FROM valueFrom: secretRef: name: app-secrets secretName: app-secrets secretKey: APP_SMTP_FROM - name: APP_AI_BASIC_URL valueFrom: secretRef: name: app-secrets secretName: app-secrets secretKey: APP_AI_BASIC_URL - name: APP_AI_API_KEY valueFrom: secretRef: name: app-secrets secretName: app-secrets secretKey: APP_AI_API_KEY - name: APP_DOMAIN_URL value: "https://example.com" - name: APP_LOG_LEVEL value: "info" resources: requests: cpu: 100m memory: 128Mi limits: cpu: 500m memory: 512Mi livenessProbe: port: 8080 path: /health initialDelaySeconds: 10 readinessProbe: port: 8080 path: /health initialDelaySeconds: 5 --- # ---- GitServer (git HTTP + SSH, single instance) ---- apiVersion: code.dev/v1 kind: GitServer metadata: name: gitserver namespace: code-system spec: image: myapp/gitserver:latest imagePullPolicy: IfNotPresent env: - name: APP_DATABASE_URL valueFrom: secretRef: name: app-secrets secretName: app-secrets secretKey: APP_DATABASE_URL - name: APP_REDIS_URLS valueFrom: secretRef: name: app-secrets secretName: app-secrets secretKey: APP_REDIS_URLS - name: APP_SSH_SERVER_PRIVATE_KEY valueFrom: secretRef: name: app-secrets secretName: app-secrets secretKey: APP_SSH_SERVER_PRIVATE_KEY - name: APP_SSH_SERVER_PUBLIC_KEY valueFrom: secretRef: name: app-secrets secretName: app-secrets secretKey: APP_SSH_SERVER_PUBLIC_KEY - name: APP_SSH_DOMAIN value: "git.example.com" - name: APP_REPOS_ROOT value: "/data/repos" resources: requests: cpu: 100m memory: 128Mi limits: cpu: 1000m memory: 1Gi sshServiceType: NodePort # Use LoadBalancer in production sshPort: 22 httpPort: 8022 storageSize: 50Gi --- # ---- EmailWorker (single instance) ---- apiVersion: code.dev/v1 kind: EmailWorker metadata: name: email-worker namespace: code-system spec: image: myapp/email-worker:latest imagePullPolicy: IfNotPresent env: - name: APP_DATABASE_URL valueFrom: secretRef: name: app-secrets secretName: app-secrets secretKey: APP_DATABASE_URL - name: APP_REDIS_URLS valueFrom: secretRef: name: app-secrets secretName: app-secrets secretKey: APP_REDIS_URLS - name: APP_SMTP_HOST valueFrom: secretRef: name: app-secrets secretName: app-secrets secretKey: APP_SMTP_HOST - name: APP_SMTP_USERNAME valueFrom: secretRef: name: app-secrets secretName: app-secrets secretKey: APP_SMTP_USERNAME - name: APP_SMTP_PASSWORD valueFrom: secretRef: name: app-secrets secretName: app-secrets secretKey: APP_SMTP_PASSWORD - name: APP_SMTP_FROM valueFrom: secretRef: name: app-secrets secretName: app-secrets secretKey: APP_SMTP_FROM resources: requests: cpu: 50m memory: 64Mi limits: memory: 256Mi --- # ---- GitHook (single instance) ---- apiVersion: code.dev/v1 kind: GitHook metadata: name: git-hook namespace: code-system spec: image: myapp/git-hook:latest imagePullPolicy: IfNotPresent env: - name: APP_DATABASE_URL valueFrom: secretRef: name: app-secrets secretName: app-secrets secretKey: APP_DATABASE_URL - name: APP_REDIS_URLS valueFrom: secretRef: name: app-secrets secretName: app-secrets secretKey: APP_REDIS_URLS resources: requests: cpu: 50m memory: 64Mi limits: memory: 256Mi --- # ---- Migrate (auto-triggered on apply) ---- apiVersion: code.dev/v1 kind: Migrate metadata: name: migrate namespace: code-system spec: image: myapp/migrate:latest command: up backoffLimit: 3 env: - name: APP_DATABASE_URL valueFrom: secretRef: name: app-secrets secretName: app-secrets secretKey: APP_DATABASE_URL --- # ---- Ingress (example for App) ---- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: app-ingress namespace: code-system annotations: nginx.ingress.kubernetes.io/proxy-body-size: "100m" spec: rules: - host: example.com http: paths: - path: / pathType: Prefix backend: service: name: app port: number: 80