infra: add staging web application

k8s/applications/templates/web.yaml

@@ -0,0 +1,22 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: web
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  source:
+    repoURL: 'git@bitbucket.org:jamkazam/video-iac.git'
+    targetRevision: HEAD
+    path: k8s/jam-cloud
+    directory:
+      include: '{namespace.yaml,web.yaml}'
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: jam-cloud
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true

k8s/jam-cloud/web.yaml

@@ -0,0 +1,113 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: web
+  namespace: jam-cloud
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: web
+  template:
+    metadata:
+      labels:
+        app: web
+    spec:
+      imagePullSecrets:
+      - name: gitea-registry
+      containers:
+      - name: web
+        image: git.staging.jamkazam.com/jamkazam/web:latest
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 3000
+        readinessProbe:
+          httpGet:
+            path: /
+            port: 3000
+          initialDelaySeconds: 30
+          periodSeconds: 10
+        env:
+        - name: RAILS_ENV
+          value: production
+        - name: RAILS_LOG_TO_STDOUT
+          value: "true"
+        - name: RAILS_SERVE_STATIC_FILES
+          value: "true"
+        - name: DATABASE_URL
+          value: postgresql://jam:jam@egress-proxy.jam-cloud-infra.svc.cluster.local:5432/jam?sslmode=disable
+        - name: REDIS_URL
+          value: redis://redis.jam-cloud-infra.svc.cluster.local:6379/0
+        - name: REDIS_HOST
+          value: redis.jam-cloud-infra.svc.cluster.local:6379
+        - name: RABBITMQ_HOST
+          value: rabbitmq.jam-cloud-infra.svc.cluster.local
+        - name: RABBITMQ_PORT
+          value: "5672"
+        - name: EXTERNAL_HOSTNAME
+          value: web.staging.jamkazam.com
+        - name: EXTERNAL_PROTOCOL
+          value: https://
+        - name: EXTERNAL_PORT
+          value: "443"
+        - name: ADMIN_ROOT_URL
+          value: https://admin.staging.jamkazam.com
+        - name: WEBSOCKET_GATEWAY_URI
+          value: ws://websocket-gateway.staging.jamkazam.com/websocket
+        - name: WEBSOCKET_GATEWAY_TRUSTED_URI
+          value: ws://websocket-gateway.staging.jamkazam.com/websocket
+        - name: WEBSOCKET_GATEWAY_URI_SSL
+          value: wss://websocket-gateway.staging.jamkazam.com/websocket
+        - name: WEBSOCKET_GATEWAY_TRUSTED_URI_SSL
+          value: wss://websocket-gateway.staging.jamkazam.com/websocket
+        - name: AWS_KEY
+          value: AKIAJAXEHQBDOZ5WAWKA
+        - name: AWS_SECRET
+          value: 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
+        - name: AWS_ACCESS_KEY_ID
+          value: AKIAJAXEHQBDOZ5WAWKA
+        - name: AWS_SECRET_ACCESS_KEY
+          value: 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
+        - name: AWS_REGION
+          value: us-east-1
+        - name: AWS_BUCKET
+          value: jamkazam-staging
+        - name: AWS_BUCKET_PUBLIC
+          value: jamkazam-staging-public
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: web
+  namespace: jam-cloud
+spec:
+  ports:
+  - port: 80
+    targetPort: 3000
+  selector:
+    app: web
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: web
+  namespace: jam-cloud
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    cert-manager.io/cluster-issuer: letsencrypt-nginx-production
+spec:
+  tls:
+  - hosts:
+    - web.staging.jamkazam.com
+    secretName: web-tls
+  rules:
+  - host: web.staging.jamkazam.com
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: web
+            port:
+              number: 80