Deploy architektūra
Infrastruktūra
GPAIS veikia K3s klasteryje ant ARM64 (Orange Pi 5+) nodų.
| Komponentas | Aprašymas |
|---|---|
| Klasteris | K3s v1.34, 3x OPi5+ (control-plane) + 1x orion (worker) |
| Ingress | Traefik su Let's Encrypt TLS per cert-manager |
| DB | CloudNativePG operatorius, PostgreSQL 16.8, Longhorn storage |
| Registry | registry.smala.lt (GitLab Container Registry) |
| DNS | Cloudflare (smala.lt zona) |
CI/CD pipeline
K8s resursai (gpais namespace)
| Resursas | Failas | Paskirtis |
|---|---|---|
| Namespace | k8s/namespace.yaml | gpais namespace |
| CNPG Cluster | k8s/postgres.yaml | PostgreSQL 16.8, 2Gi Longhorn |
| Backend Deployment | k8s/backend.yaml | FastAPI, 256-512Mi RAM |
| Frontend Deployment | k8s/frontend.yaml | Nginx + React SPA, 64-128Mi RAM |
| Docs Deployment | k8s/docs.yaml | VitePress static, 32-64Mi RAM |
| IngressRoute | k8s/ingress.yaml | gpais.smala.lt |
| Redirects | k8s/redirects.yaml | gii/giiorg → gpais redirect |
| NetworkPolicy | k8s/network-policy.yaml | Default-deny + selective allow |
Secrets
| Secret | Raktai | Kaip sukurti |
|---|---|---|
gpais-pg-auth | username, password | kubectl create secret generic |
gpais-secrets | SECRET_KEY | kubectl create secret generic |
gitlab-registry | .dockerconfigjson | kubectl create secret docker-registry |
Rankinis deploy
bash
# Build ant orion (ARM64)
rsync -az app/backend/ arunas@192.168.50.50:/tmp/gpais-build/backend/
rsync -az app/frontend/ arunas@192.168.50.50:/tmp/gpais-build/frontend/ --exclude node_modules
ssh arunas@192.168.50.50 "cd /tmp/gpais-build && \
docker build -t registry.smala.lt/arunas/gpais/backend:latest -f backend/Dockerfile.prod backend/ && \
docker push registry.smala.lt/arunas/gpais/backend:latest && \
docker build -t registry.smala.lt/arunas/gpais/frontend:latest -f frontend/Dockerfile.prod frontend/ && \
docker push registry.smala.lt/arunas/gpais/frontend:latest"
# Deploy
ssh arunas@192.168.50.51 "kubectl -n gpais rollout restart deployment/backend deployment/frontend"