From 719827f0fc7acb02b58275d627912d26cb192471 Mon Sep 17 00:00:00 2001
From: Domagoj Zecevic <domagoj.zecevic@semapp.de>
Date: Tue, 21 Dec 2021 12:26:02 +0100
Subject: [PATCH 1/6] added domain minio-api.semprod.local

---
 02_hetzner/00_infra/minIO/server.yaml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/02_hetzner/00_infra/minIO/server.yaml b/02_hetzner/00_infra/minIO/server.yaml
index 004a27e..710bcd7 100644
--- a/02_hetzner/00_infra/minIO/server.yaml
+++ b/02_hetzner/00_infra/minIO/server.yaml
@@ -92,6 +92,13 @@ metadata:
 spec:
   rules:
   - host: minio-api.k8s.semprod.local
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: minio-api
+          servicePort: 9000
+  - host: minio-api.semprod.local
     http:
       paths:
       - path: /

From 6ae3a71d4ffd1f12111affb5a96162f55cfa4fa7 Mon Sep 17 00:00:00 2001
From: Domagoj Zecevic <domagoj.zecevic@semapp.de>
Date: Tue, 21 Dec 2021 12:46:13 +0100
Subject: [PATCH 2/6] added textservice

---
 .../00_infra/texservice/deployment.yaml       | 75 +++++++++++++++++++
 1 file changed, 75 insertions(+)
 create mode 100644 02_hetzner/00_infra/texservice/deployment.yaml

diff --git a/02_hetzner/00_infra/texservice/deployment.yaml b/02_hetzner/00_infra/texservice/deployment.yaml
new file mode 100644
index 0000000..cb77edf
--- /dev/null
+++ b/02_hetzner/00_infra/texservice/deployment.yaml
@@ -0,0 +1,75 @@
+# Deployment description
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: texservice
+  namespace: infra-environment
+  labels:
+    app: texservice
+spec:
+  strategy:
+    type: Recreate
+  replicas: 1
+  selector:
+    matchLabels:
+      app: texservice
+  template:
+    metadata:
+      labels:
+        app: texservice
+    spec:
+      containers:
+        - name: texservice
+          image: packages.semapp.lan:5000/texservice:alpine-3.9
+          resources:
+            requests:
+              memory: "512Mi"
+              cpu: "100m"
+            limits:
+              memory: "1Gi"
+              cpu: "4"
+          ports:
+            - containerPort: 5010
+              name: texservice-http
+              protocol: TCP
+---
+# Service Description
+apiVersion: v1
+kind: Service
+metadata:
+  name: texservice
+  namespace: infra-environment
+spec:
+  selector:
+    app: texservice
+  ports:
+    - name: texservice-http
+      port: 5010
+      targetPort: texservice-http
+  type: NodePort
+---
+
+# Ingress description
+apiVersion: networking.k8s.io/v1beta1
+kind: Ingress
+metadata:
+  name: texservice-ingress
+  namespace: infra-environment
+  annotations:
+    kubernetes.io/ingress.class: "traefik"
+spec:
+  rules:
+  - host: texservice.k8s.semprod.local
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: texservice
+          servicePort: 5010
+  - host: texservice.semprod.local
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: texservice
+          servicePort: 5010
\ No newline at end of file

From 6a7e0ccc138fa27ee22ac002e4454319aedffefd Mon Sep 17 00:00:00 2001
From: Domagoj Zecevic <domagoj.zecevic@semapp.de>
Date: Tue, 21 Dec 2021 13:32:15 +0100
Subject: [PATCH 3/6] removed k8s dashboard

---
 .../dashboard/dashboard.admin-user-role.yml   |  12 -
 .../dashboard/dashboard.admin-user.yml        |   5 -
 .../00_infra/dashboard/dashboard.ingress.yml  |  16 -
 01_onsite/00_infra/dashboard/recommended.yaml | 303 ------------------
 4 files changed, 336 deletions(-)
 delete mode 100644 01_onsite/00_infra/dashboard/dashboard.admin-user-role.yml
 delete mode 100644 01_onsite/00_infra/dashboard/dashboard.admin-user.yml
 delete mode 100644 01_onsite/00_infra/dashboard/dashboard.ingress.yml
 delete mode 100644 01_onsite/00_infra/dashboard/recommended.yaml

diff --git a/01_onsite/00_infra/dashboard/dashboard.admin-user-role.yml b/01_onsite/00_infra/dashboard/dashboard.admin-user-role.yml
deleted file mode 100644
index 23c1190..0000000
--- a/01_onsite/00_infra/dashboard/dashboard.admin-user-role.yml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: admin-user
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: cluster-admin
-subjects:
-- kind: ServiceAccount
-  name: admin-user
-  namespace: kubernetes-dashboard
\ No newline at end of file
diff --git a/01_onsite/00_infra/dashboard/dashboard.admin-user.yml b/01_onsite/00_infra/dashboard/dashboard.admin-user.yml
deleted file mode 100644
index 219059b..0000000
--- a/01_onsite/00_infra/dashboard/dashboard.admin-user.yml
+++ /dev/null
@@ -1,5 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: admin-user
-  namespace: kubernetes-dashboard
\ No newline at end of file
diff --git a/01_onsite/00_infra/dashboard/dashboard.ingress.yml b/01_onsite/00_infra/dashboard/dashboard.ingress.yml
deleted file mode 100644
index 6c9cd37..0000000
--- a/01_onsite/00_infra/dashboard/dashboard.ingress.yml
+++ /dev/null
@@ -1,16 +0,0 @@
-apiVersion: networking.k8s.io/v1beta1
-kind: Ingress
-metadata:
-  name: dashboard-ingress
-  namespace: kubernetes-dashboard
-  annotations:
-    kubernetes.io/ingress.class: "traefik"
-spec:
-  rules:
-  - host: dashboard.k3s.semapp.lan
-    http:
-      paths:
-      - path: /
-        backend:
-          serviceName: kubernetes-dashboard
-          servicePort: 443
\ No newline at end of file
diff --git a/01_onsite/00_infra/dashboard/recommended.yaml b/01_onsite/00_infra/dashboard/recommended.yaml
deleted file mode 100644
index 5bc4004..0000000
--- a/01_onsite/00_infra/dashboard/recommended.yaml
+++ /dev/null
@@ -1,303 +0,0 @@
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: kubernetes-dashboard
-
----
-
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  labels:
-    k8s-app: kubernetes-dashboard
-  name: kubernetes-dashboard
-  namespace: kubernetes-dashboard
-
----
-
-kind: Service
-apiVersion: v1
-metadata:
-  labels:
-    k8s-app: kubernetes-dashboard
-  name: kubernetes-dashboard
-  namespace: kubernetes-dashboard
-spec:
-  ports:
-    - port: 443
-      targetPort: 8443
-  selector:
-    k8s-app: kubernetes-dashboard
-
----
-
-apiVersion: v1
-kind: Secret
-metadata:
-  labels:
-    k8s-app: kubernetes-dashboard
-  name: kubernetes-dashboard-certs
-  namespace: kubernetes-dashboard
-type: Opaque
-
----
-
-apiVersion: v1
-kind: Secret
-metadata:
-  labels:
-    k8s-app: kubernetes-dashboard
-  name: kubernetes-dashboard-csrf
-  namespace: kubernetes-dashboard
-type: Opaque
-data:
-  csrf: ""
-
----
-
-apiVersion: v1
-kind: Secret
-metadata:
-  labels:
-    k8s-app: kubernetes-dashboard
-  name: kubernetes-dashboard-key-holder
-  namespace: kubernetes-dashboard
-type: Opaque
-
----
-
-kind: ConfigMap
-apiVersion: v1
-metadata:
-  labels:
-    k8s-app: kubernetes-dashboard
-  name: kubernetes-dashboard-settings
-  namespace: kubernetes-dashboard
-
----
-
-kind: Role
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  labels:
-    k8s-app: kubernetes-dashboard
-  name: kubernetes-dashboard
-  namespace: kubernetes-dashboard
-rules:
-  # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
-  - apiGroups: [""]
-    resources: ["secrets"]
-    resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
-    verbs: ["get", "update", "delete"]
-    # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
-  - apiGroups: [""]
-    resources: ["configmaps"]
-    resourceNames: ["kubernetes-dashboard-settings"]
-    verbs: ["get", "update"]
-    # Allow Dashboard to get metrics.
-  - apiGroups: [""]
-    resources: ["services"]
-    resourceNames: ["heapster", "dashboard-metrics-scraper"]
-    verbs: ["proxy"]
-  - apiGroups: [""]
-    resources: ["services/proxy"]
-    resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
-    verbs: ["get"]
-
----
-
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  labels:
-    k8s-app: kubernetes-dashboard
-  name: kubernetes-dashboard
-rules:
-  # Allow Metrics Scraper to get metrics from the Metrics server
-  - apiGroups: ["metrics.k8s.io"]
-    resources: ["pods", "nodes"]
-    verbs: ["get", "list", "watch"]
-
----
-
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  labels:
-    k8s-app: kubernetes-dashboard
-  name: kubernetes-dashboard
-  namespace: kubernetes-dashboard
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: kubernetes-dashboard
-subjects:
-  - kind: ServiceAccount
-    name: kubernetes-dashboard
-    namespace: kubernetes-dashboard
-
----
-
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: kubernetes-dashboard
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: kubernetes-dashboard
-subjects:
-  - kind: ServiceAccount
-    name: kubernetes-dashboard
-    namespace: kubernetes-dashboard
-
----
-
-kind: Deployment
-apiVersion: apps/v1
-metadata:
-  labels:
-    k8s-app: kubernetes-dashboard
-  name: kubernetes-dashboard
-  namespace: kubernetes-dashboard
-spec:
-  replicas: 1
-  revisionHistoryLimit: 10
-  selector:
-    matchLabels:
-      k8s-app: kubernetes-dashboard
-  template:
-    metadata:
-      labels:
-        k8s-app: kubernetes-dashboard
-    spec:
-      containers:
-        - name: kubernetes-dashboard
-          image: kubernetesui/dashboard:v2.4.0
-          imagePullPolicy: Always
-          ports:
-            - containerPort: 8443
-              protocol: TCP
-          args:
-            - --auto-generate-certificates
-            - --namespace=kubernetes-dashboard
-            # Uncomment the following line to manually specify Kubernetes API server Host
-            # If not specified, Dashboard will attempt to auto discover the API server and connect
-            # to it. Uncomment only if the default does not work.
-            # - --apiserver-host=http://my-address:port
-          volumeMounts:
-            - name: kubernetes-dashboard-certs
-              mountPath: /certs
-              # Create on-disk volume to store exec logs
-            - mountPath: /tmp
-              name: tmp-volume
-          livenessProbe:
-            httpGet:
-              scheme: HTTPS
-              path: /
-              port: 8443
-            initialDelaySeconds: 30
-            timeoutSeconds: 30
-          securityContext:
-            allowPrivilegeEscalation: false
-            readOnlyRootFilesystem: true
-            runAsUser: 1001
-            runAsGroup: 2001
-      volumes:
-        - name: kubernetes-dashboard-certs
-          secret:
-            secretName: kubernetes-dashboard-certs
-        - name: tmp-volume
-          emptyDir: {}
-      serviceAccountName: kubernetes-dashboard
-      nodeSelector:
-        "kubernetes.io/os": linux
-      # Comment the following tolerations if Dashboard must not be deployed on master
-      tolerations:
-        - key: node-role.kubernetes.io/master
-          effect: NoSchedule
-
----
-
-kind: Service
-apiVersion: v1
-metadata:
-  labels:
-    k8s-app: dashboard-metrics-scraper
-  name: dashboard-metrics-scraper
-  namespace: kubernetes-dashboard
-spec:
-  ports:
-    - port: 8000
-      targetPort: 8000
-  selector:
-    k8s-app: dashboard-metrics-scraper
-
----
-
-kind: Deployment
-apiVersion: apps/v1
-metadata:
-  labels:
-    k8s-app: dashboard-metrics-scraper
-  name: dashboard-metrics-scraper
-  namespace: kubernetes-dashboard
-spec:
-  replicas: 1
-  revisionHistoryLimit: 10
-  selector:
-    matchLabels:
-      k8s-app: dashboard-metrics-scraper
-  template:
-    metadata:
-      labels:
-        k8s-app: dashboard-metrics-scraper
-    spec:
-      securityContext:
-        seccompProfile:
-          type: RuntimeDefault
-      containers:
-        - name: dashboard-metrics-scraper
-          image: kubernetesui/metrics-scraper:v1.0.7
-          ports:
-            - containerPort: 8000
-              protocol: TCP
-          livenessProbe:
-            httpGet:
-              scheme: HTTP
-              path: /
-              port: 8000
-            initialDelaySeconds: 30
-            timeoutSeconds: 30
-          volumeMounts:
-          - mountPath: /tmp
-            name: tmp-volume
-          securityContext:
-            allowPrivilegeEscalation: false
-            readOnlyRootFilesystem: true
-            runAsUser: 1001
-            runAsGroup: 2001
-      serviceAccountName: kubernetes-dashboard
-      nodeSelector:
-        "kubernetes.io/os": linux
-      # Comment the following tolerations if Dashboard must not be deployed on master
-      tolerations:
-        - key: node-role.kubernetes.io/master
-          effect: NoSchedule
-      volumes:
-        - name: tmp-volume
-          emptyDir: {}

From 47366cf6fdb4a83f3fa08a551d4af7b89cd03774 Mon Sep 17 00:00:00 2001
From: Domagoj Zecevic <domagoj.zecevic@semapp.de>
Date: Tue, 21 Dec 2021 13:34:03 +0100
Subject: [PATCH 4/6] removed baseline

---
 01_onsite/01_dev/baseline/deployment.yaml | 215 ----------------------
 1 file changed, 215 deletions(-)
 delete mode 100644 01_onsite/01_dev/baseline/deployment.yaml

diff --git a/01_onsite/01_dev/baseline/deployment.yaml b/01_onsite/01_dev/baseline/deployment.yaml
deleted file mode 100644
index f25ee79..0000000
--- a/01_onsite/01_dev/baseline/deployment.yaml
+++ /dev/null
@@ -1,215 +0,0 @@
-# Deployment description
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: baseline-deployment
-  namespace: dev-environment
-  labels:
-    app: baseline-dev
-spec:
-  strategy:
-    type: Recreate
-  replicas: 1
-  selector:
-    matchLabels:
-      app: baseline-dev
-  template:
-    metadata:
-      labels:
-        app: baseline-dev
-    spec:
-      containers:
-        - name: baseline-frontend
-          image: packages.semapp.lan:5000/baseline_frontend:qa1
-          workingDir: /srv/web
-          resources:
-            requests:
-              memory: "256Mi"
-              cpu: "100m"
-            limits:
-              memory: "512Mi"
-              cpu: "4"
-          ports:
-            - containerPort: 8000
-              name: baseline-http
-              protocol: TCP
-          volumeMounts:
-          - mountPath: /etc/nginx/conf.d
-            readOnly: true
-            name: baseline-dev-frontend-conf
-          imagePullPolicy: Always
-          env:
-            - name: KEYCLOAK_REALM
-              value: "baseline_develop"
-            - name: KEYCLOAK_CLIENT
-              value: "baseline"
-            - name: KEYCLOAK_TOKEN_VALIDITY
-              value: "600"
-            - name: KEYCLOAK_URL
-              value: "http://keycloak.semapp.lan/auth/"
-
-        - name: baseline-backend
-          image: packages.semapp.lan:5000/baseline_backend:qa1
-          workingDir: /opt/www
-          resources:
-            requests:
-              memory: "256Mi"
-              cpu: "100m"
-            limits:
-              memory: "512Mi"
-              cpu: "4"
-          ports:
-            - containerPort: 5000
-              name: bl-bck-http
-              protocol: TCP
-          imagePullPolicy: Always
-          envFrom:
-            - configMapRef:
-                name: baseline-dev-backend-conf
-      volumes:
-        - name: baseline-dev-frontend-conf
-          configMap:
-            name: baseline-dev-frontend-conf
- 
-
-          
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  namespace: dev-environment
-  name: baseline-dev-backend-conf
-  labels:
-    app: baseline-dev
-data:
-  DB_CONNECTION: "pgsql"
-  DB_HOST: "postgres-lb"
-  DB_PORT: "5432"
-  DB_DATABASE: "baseline-dev"
-  DB_USERNAME: "baseline-dev"
-  DB_PASSWORD: "password"
-
-  APP_NAME: "Baseline"
-  APP_ENV: "development"
-  APP_KEY: "base64:14Vg4rilGKEk34XeqNR7ffg6GhFTzA7/z5T1aqy6JHw="
-  APP_DEBUG: "true"
-  APP_URL: "http://baseline-dev.k3s.semapp.lan/"
-
-  LOG_CHANNEL: "stack"
-  BROADCAST_DRIVER: "log"
-  CACHE_DRIVER: "file"
-  QUEUE_CONNECTION: "sync"
-  SESSION_DRIVER: "cookie"
-  SESSION_LIFETIME: "120"
-
-
-  SANCTUM_STATEFUL_DOMAINS: "baseline-dev.k3s.semapp.lan"
-  SESSION_DOMAIN: "baseline-dev.k3s.semapp.lan"
-
-  THROTTLE_MAX_ATTEMPTS: "80" 
-
-  KEYCLOAK_URL: "http://keycloak.semapp.lan"
-  KEYCLOAK_PORT: "80"
-  KEYCLOAK_REALM: "baseline_develop"
-
-  REDIRECT_URL: "http://baseline-dev.k3s.semapp.lan/"
-
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  namespace: dev-environment
-  name: baseline-dev-frontend-conf
-data:
-  default.conf: | 
-    upstream backend {
-      server  baseline-backend-dev:5000;
-    }
-
-    server {
-      listen 8000;
-
-      access_log /var/log/nginx/access.log;
-      charset utf-8;
-      client_max_body_size 1G;
-
-      location / {
-        root /srv/web;
-        add_header X-Frame-Options "SAMEORIGIN";
-        index index.html index.htm;
-        try_files $uri $uri /index.html =404;
-      }
-
-      location ~ ^/api {
-        proxy_pass        http://backend;
-        proxy_redirect    off;
-
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-
-        proxy_read_timeout 300s;
-        proxy_send_timeout 300s;
-        send_timeout 300s;
-      }
-
-      error_page 404 =200 /index.html;
-
-      add_header 'Cache-Control' 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
-
-      expires off;
-      open_file_cache off;
-      sendfile off;
-    }
-
-
----
-# EFC Service
-apiVersion: v1
-kind: Service
-metadata:
-  name: baseline-frontend-dev
-  namespace: dev-environment
-spec:
-  selector:
-    app: baseline-dev
-  ports:
-    - name: baseline-http
-      port: 8000
-      targetPort: baseline-http
-  type: NodePort
-
----
-# EFC backend
-apiVersion: v1
-kind: Service
-metadata:
-  name: baseline-backend-dev
-  namespace: dev-environment
-spec:
-  selector:
-    app: baseline-dev
-  ports:
-    - name: bl-bck-http
-      port: 5000
-      targetPort: bl-bck-http
-  type: NodePort
----
-
-# Ingress description
-apiVersion: networking.k8s.io/v1beta1
-kind: Ingress
-metadata:
-  name: baseline-dev-ingress
-  namespace: dev-environment
-  annotations:
-    kubernetes.io/ingress.class: "traefik"
-spec:
-  rules:
-  - host: baseline-dev.k3s.semapp.lan
-    http:
-      paths:
-      - path: /
-        backend:
-          serviceName: baseline-frontend-dev
-          servicePort: 8000
\ No newline at end of file

From 460125585a69a747ff3c3cac57c92cf4c982a422 Mon Sep 17 00:00:00 2001
From: Domagoj Zecevic <domagoj.zecevic@semapp.de>
Date: Tue, 21 Dec 2021 13:34:22 +0100
Subject: [PATCH 5/6] removed again baseline

---
 01_onsite/02_qa/baseline/deployment.yaml | 212 -----------------------
 1 file changed, 212 deletions(-)
 delete mode 100644 01_onsite/02_qa/baseline/deployment.yaml

diff --git a/01_onsite/02_qa/baseline/deployment.yaml b/01_onsite/02_qa/baseline/deployment.yaml
deleted file mode 100644
index cc57d5e..0000000
--- a/01_onsite/02_qa/baseline/deployment.yaml
+++ /dev/null
@@ -1,212 +0,0 @@
-# Deployment description
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: baseline-deployment
-  namespace: qa-environment
-  labels:
-    app: baseline-qa
-spec:
-  strategy:
-    type: Recreate
-  replicas: 1
-  selector:
-    matchLabels:
-      app: baseline-qa
-  template:
-    metadata:
-      labels:
-        app: baseline-qa
-    spec:
-      containers:
-        - name: baseline-frontend
-          image: packages.semapp.lan:5000/baseline_frontend:qa1
-          workingDir: /srv/web
-          resources:
-            requests:
-              memory: "256Mi"
-              cpu: "100m"
-            limits:
-              memory: "512Mi"
-              cpu: "4"
-          ports:
-            - containerPort: 8000
-              name: baseline-http
-              protocol: TCP
-          volumeMounts:
-            - mountPath: /etc/nginx/conf.d
-              readOnly: true
-              name: baseline-qa-frontend-conf         
-          env:
-            - name: KEYCLOAK_REALM
-              value: "baseline_test"
-            - name: KEYCLOAK_CLIENT
-              value: "baseline_qa"
-            - name: KEYCLOAK_TOKEN_VALIDITY
-              value: "600"
-            - name: KEYCLOAK_URL
-              value: "http://keycloak.semapp.lan/auth/"
-          imagePullPolicy: Always
-
-        - name: baseline-backend
-          image: packages.semapp.lan:5000/baseline_backend:qa1
-          workingDir: /opt/www
-          resources:
-            requests:
-              memory: "256Mi"
-              cpu: "100m"
-            limits:
-              memory: "512Mi"
-              cpu: "4"
-          ports:
-            - containerPort: 5000
-              name: bl-bck-http
-              protocol: TCP
-          imagePullPolicy: Always
-          envFrom:
-            - configMapRef:
-                name: baseline-qa-backend-conf
-      volumes:
-        - name: baseline-qa-frontend-conf
-          configMap:
-            name: baseline-qa-frontend-conf
-
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  namespace: qa-environment
-  name: baseline-qa-backend-conf
-  labels:
-    app: baseline-qa
-data:
-  DB_CONNECTION: "pgsql"
-  DB_HOST: "dbpg11.semapp.lan"
-  DB_PORT: "5432"
-  DB_DATABASE: "baseline_k8s_qa"
-  DB_USERNAME: "baseline_qa"
-  DB_PASSWORD: "baseline_qa"
-
-  APP_NAME: "Baseline"
-  APP_ENV: "development"
-  APP_KEY: "base64:14Vg4rilGKEk34XeqNR7ffg6GhFTzA7/z5T1aqy6JHw="
-  APP_DEBUG: "true"
-  APP_URL: "http://baseline-qa.k3s.semapp.lan/"
-
-  LOG_CHANNEL: "stack"
-  BROADCAST_DRIVER: "log"
-  CACHE_DRIVER: "file"
-  QUEUE_CONNECTION: "sync"
-  SESSION_DRIVER: "cookie"
-  SESSION_LIFETIME: "120"
-
-
-  SANCTUM_STATEFUL_DOMAINS: "baseline-qa.k3s.semapp.lan"
-  SESSION_DOMAIN: "baseline-qa.k3s.semapp.lan"
-
-  THROTTLE_MAX_ATTEMPTS: "80" 
-
-  KEYCLOAK_URL: "http://keycloak.semapp.lan"
-  KEYCLOAK_PORT: "80"
-  KEYCLOAK_REALM: "baseline_test"
-
-  REDIRECT_URL: "http://baseline-qa.k3s.semapp.lan/"
-
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  namespace: qa-environment
-  name: baseline-qa-frontend-conf
-data:
-  default.conf: | 
-    upstream backend {
-      server  baseline-backend-qa:5000;
-    }
-
-    server {
-      listen 8000;
-
-      access_log /var/log/nginx/access.log;
-      charset utf-8;
-      client_max_body_size 1G;
-
-      location / {
-        root /srv/web;
-        add_header X-Frame-Options "SAMEORIGIN";
-        index index.html index.htm;
-        try_files $uri $uri /index.html =404;
-      }
-
-      location ~ ^/api {
-        proxy_pass        http://backend;
-        proxy_redirect    off;
-
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-
-        proxy_read_timeout 300s;
-        proxy_send_timeout 300s;
-        send_timeout 300s;
-      }
-
-      error_page 404 =200 /index.html;
-
-      add_header 'Cache-Control' 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
-
-      expires off;
-      open_file_cache off;
-      sendfile off;
-    }
-
----
-# EFC Service
-apiVersion: v1
-kind: Service
-metadata:
-  name: baseline-frontend-qa
-  namespace: qa-environment
-spec:
-  selector:
-    app: baseline-qa
-  ports:
-    - name: baseline-http
-      port: 8000
-      targetPort: baseline-http
-  type: NodePort
-
----
-# EFC backend
-apiVersion: v1
-kind: Service
-metadata:
-  name: baseline-backend-qa
-  namespace: qa-environment
-spec:
-  selector:
-    app: baseline-qa
-  ports:
-    - name: bl-bck-http
-      port: 5000
-      targetPort: bl-bck-http
-  type: NodePort
----
-
-# Ingress description
-apiVersion: networking.k8s.io/v1beta1
-kind: Ingress
-metadata:
-  name: baseline-qa-ingress
-  namespace: qa-environment
-  annotations:
-    kubernetes.io/ingress.class: "traefik"
-spec:
-  rules:
-  - host: baseline-qa.k3s.semapp.lan
-    http:
-      paths:
-      - path: /
-        backend:
-          serviceName: baseline-frontend-qa
-          servicePort: 8000
\ No newline at end of file

From 9a2025ee7bce69ae48320eb5ec43892e0fd2b806 Mon Sep 17 00:00:00 2001
From: Domagoj Zecevic <domagoj.zecevic@semapp.de>
Date: Tue, 21 Dec 2021 13:44:44 +0100
Subject: [PATCH 6/6] fix

---
 .../dashboard/dashboard.admin-user-role.yml   |  12 +
 .../dashboard/dashboard.admin-user.yml        |   5 +
 .../00_infra/dashboard/dashboard.ingress.yml  |  16 +
 01_onsite/00_infra/dashboard/recommended.yaml | 303 ++++++++++++++++++
 01_onsite/01_dev/baseline/deployment.yaml     | 215 +++++++++++++
 01_onsite/02_qa/baseline/deployment.yaml      | 212 ++++++++++++
 6 files changed, 763 insertions(+)
 create mode 100644 01_onsite/00_infra/dashboard/dashboard.admin-user-role.yml
 create mode 100644 01_onsite/00_infra/dashboard/dashboard.admin-user.yml
 create mode 100644 01_onsite/00_infra/dashboard/dashboard.ingress.yml
 create mode 100644 01_onsite/00_infra/dashboard/recommended.yaml
 create mode 100644 01_onsite/01_dev/baseline/deployment.yaml
 create mode 100644 01_onsite/02_qa/baseline/deployment.yaml

diff --git a/01_onsite/00_infra/dashboard/dashboard.admin-user-role.yml b/01_onsite/00_infra/dashboard/dashboard.admin-user-role.yml
new file mode 100644
index 0000000..23c1190
--- /dev/null
+++ b/01_onsite/00_infra/dashboard/dashboard.admin-user-role.yml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: admin-user
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+- kind: ServiceAccount
+  name: admin-user
+  namespace: kubernetes-dashboard
\ No newline at end of file
diff --git a/01_onsite/00_infra/dashboard/dashboard.admin-user.yml b/01_onsite/00_infra/dashboard/dashboard.admin-user.yml
new file mode 100644
index 0000000..219059b
--- /dev/null
+++ b/01_onsite/00_infra/dashboard/dashboard.admin-user.yml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: admin-user
+  namespace: kubernetes-dashboard
\ No newline at end of file
diff --git a/01_onsite/00_infra/dashboard/dashboard.ingress.yml b/01_onsite/00_infra/dashboard/dashboard.ingress.yml
new file mode 100644
index 0000000..6c9cd37
--- /dev/null
+++ b/01_onsite/00_infra/dashboard/dashboard.ingress.yml
@@ -0,0 +1,16 @@
+apiVersion: networking.k8s.io/v1beta1
+kind: Ingress
+metadata:
+  name: dashboard-ingress
+  namespace: kubernetes-dashboard
+  annotations:
+    kubernetes.io/ingress.class: "traefik"
+spec:
+  rules:
+  - host: dashboard.k3s.semapp.lan
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: kubernetes-dashboard
+          servicePort: 443
\ No newline at end of file
diff --git a/01_onsite/00_infra/dashboard/recommended.yaml b/01_onsite/00_infra/dashboard/recommended.yaml
new file mode 100644
index 0000000..5bc4004
--- /dev/null
+++ b/01_onsite/00_infra/dashboard/recommended.yaml
@@ -0,0 +1,303 @@
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: kubernetes-dashboard
+
+---
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    k8s-app: kubernetes-dashboard
+  name: kubernetes-dashboard
+  namespace: kubernetes-dashboard
+
+---
+
+kind: Service
+apiVersion: v1
+metadata:
+  labels:
+    k8s-app: kubernetes-dashboard
+  name: kubernetes-dashboard
+  namespace: kubernetes-dashboard
+spec:
+  ports:
+    - port: 443
+      targetPort: 8443
+  selector:
+    k8s-app: kubernetes-dashboard
+
+---
+
+apiVersion: v1
+kind: Secret
+metadata:
+  labels:
+    k8s-app: kubernetes-dashboard
+  name: kubernetes-dashboard-certs
+  namespace: kubernetes-dashboard
+type: Opaque
+
+---
+
+apiVersion: v1
+kind: Secret
+metadata:
+  labels:
+    k8s-app: kubernetes-dashboard
+  name: kubernetes-dashboard-csrf
+  namespace: kubernetes-dashboard
+type: Opaque
+data:
+  csrf: ""
+
+---
+
+apiVersion: v1
+kind: Secret
+metadata:
+  labels:
+    k8s-app: kubernetes-dashboard
+  name: kubernetes-dashboard-key-holder
+  namespace: kubernetes-dashboard
+type: Opaque
+
+---
+
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  labels:
+    k8s-app: kubernetes-dashboard
+  name: kubernetes-dashboard-settings
+  namespace: kubernetes-dashboard
+
+---
+
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  labels:
+    k8s-app: kubernetes-dashboard
+  name: kubernetes-dashboard
+  namespace: kubernetes-dashboard
+rules:
+  # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
+  - apiGroups: [""]
+    resources: ["secrets"]
+    resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
+    verbs: ["get", "update", "delete"]
+    # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
+  - apiGroups: [""]
+    resources: ["configmaps"]
+    resourceNames: ["kubernetes-dashboard-settings"]
+    verbs: ["get", "update"]
+    # Allow Dashboard to get metrics.
+  - apiGroups: [""]
+    resources: ["services"]
+    resourceNames: ["heapster", "dashboard-metrics-scraper"]
+    verbs: ["proxy"]
+  - apiGroups: [""]
+    resources: ["services/proxy"]
+    resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
+    verbs: ["get"]
+
+---
+
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  labels:
+    k8s-app: kubernetes-dashboard
+  name: kubernetes-dashboard
+rules:
+  # Allow Metrics Scraper to get metrics from the Metrics server
+  - apiGroups: ["metrics.k8s.io"]
+    resources: ["pods", "nodes"]
+    verbs: ["get", "list", "watch"]
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    k8s-app: kubernetes-dashboard
+  name: kubernetes-dashboard
+  namespace: kubernetes-dashboard
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: kubernetes-dashboard
+subjects:
+  - kind: ServiceAccount
+    name: kubernetes-dashboard
+    namespace: kubernetes-dashboard
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: kubernetes-dashboard
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: kubernetes-dashboard
+subjects:
+  - kind: ServiceAccount
+    name: kubernetes-dashboard
+    namespace: kubernetes-dashboard
+
+---
+
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+  labels:
+    k8s-app: kubernetes-dashboard
+  name: kubernetes-dashboard
+  namespace: kubernetes-dashboard
+spec:
+  replicas: 1
+  revisionHistoryLimit: 10
+  selector:
+    matchLabels:
+      k8s-app: kubernetes-dashboard
+  template:
+    metadata:
+      labels:
+        k8s-app: kubernetes-dashboard
+    spec:
+      containers:
+        - name: kubernetes-dashboard
+          image: kubernetesui/dashboard:v2.4.0
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 8443
+              protocol: TCP
+          args:
+            - --auto-generate-certificates
+            - --namespace=kubernetes-dashboard
+            # Uncomment the following line to manually specify Kubernetes API server Host
+            # If not specified, Dashboard will attempt to auto discover the API server and connect
+            # to it. Uncomment only if the default does not work.
+            # - --apiserver-host=http://my-address:port
+          volumeMounts:
+            - name: kubernetes-dashboard-certs
+              mountPath: /certs
+              # Create on-disk volume to store exec logs
+            - mountPath: /tmp
+              name: tmp-volume
+          livenessProbe:
+            httpGet:
+              scheme: HTTPS
+              path: /
+              port: 8443
+            initialDelaySeconds: 30
+            timeoutSeconds: 30
+          securityContext:
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+            runAsUser: 1001
+            runAsGroup: 2001
+      volumes:
+        - name: kubernetes-dashboard-certs
+          secret:
+            secretName: kubernetes-dashboard-certs
+        - name: tmp-volume
+          emptyDir: {}
+      serviceAccountName: kubernetes-dashboard
+      nodeSelector:
+        "kubernetes.io/os": linux
+      # Comment the following tolerations if Dashboard must not be deployed on master
+      tolerations:
+        - key: node-role.kubernetes.io/master
+          effect: NoSchedule
+
+---
+
+kind: Service
+apiVersion: v1
+metadata:
+  labels:
+    k8s-app: dashboard-metrics-scraper
+  name: dashboard-metrics-scraper
+  namespace: kubernetes-dashboard
+spec:
+  ports:
+    - port: 8000
+      targetPort: 8000
+  selector:
+    k8s-app: dashboard-metrics-scraper
+
+---
+
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+  labels:
+    k8s-app: dashboard-metrics-scraper
+  name: dashboard-metrics-scraper
+  namespace: kubernetes-dashboard
+spec:
+  replicas: 1
+  revisionHistoryLimit: 10
+  selector:
+    matchLabels:
+      k8s-app: dashboard-metrics-scraper
+  template:
+    metadata:
+      labels:
+        k8s-app: dashboard-metrics-scraper
+    spec:
+      securityContext:
+        seccompProfile:
+          type: RuntimeDefault
+      containers:
+        - name: dashboard-metrics-scraper
+          image: kubernetesui/metrics-scraper:v1.0.7
+          ports:
+            - containerPort: 8000
+              protocol: TCP
+          livenessProbe:
+            httpGet:
+              scheme: HTTP
+              path: /
+              port: 8000
+            initialDelaySeconds: 30
+            timeoutSeconds: 30
+          volumeMounts:
+          - mountPath: /tmp
+            name: tmp-volume
+          securityContext:
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+            runAsUser: 1001
+            runAsGroup: 2001
+      serviceAccountName: kubernetes-dashboard
+      nodeSelector:
+        "kubernetes.io/os": linux
+      # Comment the following tolerations if Dashboard must not be deployed on master
+      tolerations:
+        - key: node-role.kubernetes.io/master
+          effect: NoSchedule
+      volumes:
+        - name: tmp-volume
+          emptyDir: {}
diff --git a/01_onsite/01_dev/baseline/deployment.yaml b/01_onsite/01_dev/baseline/deployment.yaml
new file mode 100644
index 0000000..f25ee79
--- /dev/null
+++ b/01_onsite/01_dev/baseline/deployment.yaml
@@ -0,0 +1,215 @@
+# Deployment description
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: baseline-deployment
+  namespace: dev-environment
+  labels:
+    app: baseline-dev
+spec:
+  strategy:
+    type: Recreate
+  replicas: 1
+  selector:
+    matchLabels:
+      app: baseline-dev
+  template:
+    metadata:
+      labels:
+        app: baseline-dev
+    spec:
+      containers:
+        - name: baseline-frontend
+          image: packages.semapp.lan:5000/baseline_frontend:qa1
+          workingDir: /srv/web
+          resources:
+            requests:
+              memory: "256Mi"
+              cpu: "100m"
+            limits:
+              memory: "512Mi"
+              cpu: "4"
+          ports:
+            - containerPort: 8000
+              name: baseline-http
+              protocol: TCP
+          volumeMounts:
+          - mountPath: /etc/nginx/conf.d
+            readOnly: true
+            name: baseline-dev-frontend-conf
+          imagePullPolicy: Always
+          env:
+            - name: KEYCLOAK_REALM
+              value: "baseline_develop"
+            - name: KEYCLOAK_CLIENT
+              value: "baseline"
+            - name: KEYCLOAK_TOKEN_VALIDITY
+              value: "600"
+            - name: KEYCLOAK_URL
+              value: "http://keycloak.semapp.lan/auth/"
+
+        - name: baseline-backend
+          image: packages.semapp.lan:5000/baseline_backend:qa1
+          workingDir: /opt/www
+          resources:
+            requests:
+              memory: "256Mi"
+              cpu: "100m"
+            limits:
+              memory: "512Mi"
+              cpu: "4"
+          ports:
+            - containerPort: 5000
+              name: bl-bck-http
+              protocol: TCP
+          imagePullPolicy: Always
+          envFrom:
+            - configMapRef:
+                name: baseline-dev-backend-conf
+      volumes:
+        - name: baseline-dev-frontend-conf
+          configMap:
+            name: baseline-dev-frontend-conf
+ 
+
+          
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: dev-environment
+  name: baseline-dev-backend-conf
+  labels:
+    app: baseline-dev
+data:
+  DB_CONNECTION: "pgsql"
+  DB_HOST: "postgres-lb"
+  DB_PORT: "5432"
+  DB_DATABASE: "baseline-dev"
+  DB_USERNAME: "baseline-dev"
+  DB_PASSWORD: "password"
+
+  APP_NAME: "Baseline"
+  APP_ENV: "development"
+  APP_KEY: "base64:14Vg4rilGKEk34XeqNR7ffg6GhFTzA7/z5T1aqy6JHw="
+  APP_DEBUG: "true"
+  APP_URL: "http://baseline-dev.k3s.semapp.lan/"
+
+  LOG_CHANNEL: "stack"
+  BROADCAST_DRIVER: "log"
+  CACHE_DRIVER: "file"
+  QUEUE_CONNECTION: "sync"
+  SESSION_DRIVER: "cookie"
+  SESSION_LIFETIME: "120"
+
+
+  SANCTUM_STATEFUL_DOMAINS: "baseline-dev.k3s.semapp.lan"
+  SESSION_DOMAIN: "baseline-dev.k3s.semapp.lan"
+
+  THROTTLE_MAX_ATTEMPTS: "80" 
+
+  KEYCLOAK_URL: "http://keycloak.semapp.lan"
+  KEYCLOAK_PORT: "80"
+  KEYCLOAK_REALM: "baseline_develop"
+
+  REDIRECT_URL: "http://baseline-dev.k3s.semapp.lan/"
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: dev-environment
+  name: baseline-dev-frontend-conf
+data:
+  default.conf: | 
+    upstream backend {
+      server  baseline-backend-dev:5000;
+    }
+
+    server {
+      listen 8000;
+
+      access_log /var/log/nginx/access.log;
+      charset utf-8;
+      client_max_body_size 1G;
+
+      location / {
+        root /srv/web;
+        add_header X-Frame-Options "SAMEORIGIN";
+        index index.html index.htm;
+        try_files $uri $uri /index.html =404;
+      }
+
+      location ~ ^/api {
+        proxy_pass        http://backend;
+        proxy_redirect    off;
+
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+        proxy_read_timeout 300s;
+        proxy_send_timeout 300s;
+        send_timeout 300s;
+      }
+
+      error_page 404 =200 /index.html;
+
+      add_header 'Cache-Control' 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
+
+      expires off;
+      open_file_cache off;
+      sendfile off;
+    }
+
+
+---
+# EFC Service
+apiVersion: v1
+kind: Service
+metadata:
+  name: baseline-frontend-dev
+  namespace: dev-environment
+spec:
+  selector:
+    app: baseline-dev
+  ports:
+    - name: baseline-http
+      port: 8000
+      targetPort: baseline-http
+  type: NodePort
+
+---
+# EFC backend
+apiVersion: v1
+kind: Service
+metadata:
+  name: baseline-backend-dev
+  namespace: dev-environment
+spec:
+  selector:
+    app: baseline-dev
+  ports:
+    - name: bl-bck-http
+      port: 5000
+      targetPort: bl-bck-http
+  type: NodePort
+---
+
+# Ingress description
+apiVersion: networking.k8s.io/v1beta1
+kind: Ingress
+metadata:
+  name: baseline-dev-ingress
+  namespace: dev-environment
+  annotations:
+    kubernetes.io/ingress.class: "traefik"
+spec:
+  rules:
+  - host: baseline-dev.k3s.semapp.lan
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: baseline-frontend-dev
+          servicePort: 8000
\ No newline at end of file
diff --git a/01_onsite/02_qa/baseline/deployment.yaml b/01_onsite/02_qa/baseline/deployment.yaml
new file mode 100644
index 0000000..cc57d5e
--- /dev/null
+++ b/01_onsite/02_qa/baseline/deployment.yaml
@@ -0,0 +1,212 @@
+# Deployment description
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: baseline-deployment
+  namespace: qa-environment
+  labels:
+    app: baseline-qa
+spec:
+  strategy:
+    type: Recreate
+  replicas: 1
+  selector:
+    matchLabels:
+      app: baseline-qa
+  template:
+    metadata:
+      labels:
+        app: baseline-qa
+    spec:
+      containers:
+        - name: baseline-frontend
+          image: packages.semapp.lan:5000/baseline_frontend:qa1
+          workingDir: /srv/web
+          resources:
+            requests:
+              memory: "256Mi"
+              cpu: "100m"
+            limits:
+              memory: "512Mi"
+              cpu: "4"
+          ports:
+            - containerPort: 8000
+              name: baseline-http
+              protocol: TCP
+          volumeMounts:
+            - mountPath: /etc/nginx/conf.d
+              readOnly: true
+              name: baseline-qa-frontend-conf         
+          env:
+            - name: KEYCLOAK_REALM
+              value: "baseline_test"
+            - name: KEYCLOAK_CLIENT
+              value: "baseline_qa"
+            - name: KEYCLOAK_TOKEN_VALIDITY
+              value: "600"
+            - name: KEYCLOAK_URL
+              value: "http://keycloak.semapp.lan/auth/"
+          imagePullPolicy: Always
+
+        - name: baseline-backend
+          image: packages.semapp.lan:5000/baseline_backend:qa1
+          workingDir: /opt/www
+          resources:
+            requests:
+              memory: "256Mi"
+              cpu: "100m"
+            limits:
+              memory: "512Mi"
+              cpu: "4"
+          ports:
+            - containerPort: 5000
+              name: bl-bck-http
+              protocol: TCP
+          imagePullPolicy: Always
+          envFrom:
+            - configMapRef:
+                name: baseline-qa-backend-conf
+      volumes:
+        - name: baseline-qa-frontend-conf
+          configMap:
+            name: baseline-qa-frontend-conf
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: qa-environment
+  name: baseline-qa-backend-conf
+  labels:
+    app: baseline-qa
+data:
+  DB_CONNECTION: "pgsql"
+  DB_HOST: "dbpg11.semapp.lan"
+  DB_PORT: "5432"
+  DB_DATABASE: "baseline_k8s_qa"
+  DB_USERNAME: "baseline_qa"
+  DB_PASSWORD: "baseline_qa"
+
+  APP_NAME: "Baseline"
+  APP_ENV: "development"
+  APP_KEY: "base64:14Vg4rilGKEk34XeqNR7ffg6GhFTzA7/z5T1aqy6JHw="
+  APP_DEBUG: "true"
+  APP_URL: "http://baseline-qa.k3s.semapp.lan/"
+
+  LOG_CHANNEL: "stack"
+  BROADCAST_DRIVER: "log"
+  CACHE_DRIVER: "file"
+  QUEUE_CONNECTION: "sync"
+  SESSION_DRIVER: "cookie"
+  SESSION_LIFETIME: "120"
+
+
+  SANCTUM_STATEFUL_DOMAINS: "baseline-qa.k3s.semapp.lan"
+  SESSION_DOMAIN: "baseline-qa.k3s.semapp.lan"
+
+  THROTTLE_MAX_ATTEMPTS: "80" 
+
+  KEYCLOAK_URL: "http://keycloak.semapp.lan"
+  KEYCLOAK_PORT: "80"
+  KEYCLOAK_REALM: "baseline_test"
+
+  REDIRECT_URL: "http://baseline-qa.k3s.semapp.lan/"
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: qa-environment
+  name: baseline-qa-frontend-conf
+data:
+  default.conf: | 
+    upstream backend {
+      server  baseline-backend-qa:5000;
+    }
+
+    server {
+      listen 8000;
+
+      access_log /var/log/nginx/access.log;
+      charset utf-8;
+      client_max_body_size 1G;
+
+      location / {
+        root /srv/web;
+        add_header X-Frame-Options "SAMEORIGIN";
+        index index.html index.htm;
+        try_files $uri $uri /index.html =404;
+      }
+
+      location ~ ^/api {
+        proxy_pass        http://backend;
+        proxy_redirect    off;
+
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+        proxy_read_timeout 300s;
+        proxy_send_timeout 300s;
+        send_timeout 300s;
+      }
+
+      error_page 404 =200 /index.html;
+
+      add_header 'Cache-Control' 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
+
+      expires off;
+      open_file_cache off;
+      sendfile off;
+    }
+
+---
+# EFC Service
+apiVersion: v1
+kind: Service
+metadata:
+  name: baseline-frontend-qa
+  namespace: qa-environment
+spec:
+  selector:
+    app: baseline-qa
+  ports:
+    - name: baseline-http
+      port: 8000
+      targetPort: baseline-http
+  type: NodePort
+
+---
+# EFC backend
+apiVersion: v1
+kind: Service
+metadata:
+  name: baseline-backend-qa
+  namespace: qa-environment
+spec:
+  selector:
+    app: baseline-qa
+  ports:
+    - name: bl-bck-http
+      port: 5000
+      targetPort: bl-bck-http
+  type: NodePort
+---
+
+# Ingress description
+apiVersion: networking.k8s.io/v1beta1
+kind: Ingress
+metadata:
+  name: baseline-qa-ingress
+  namespace: qa-environment
+  annotations:
+    kubernetes.io/ingress.class: "traefik"
+spec:
+  rules:
+  - host: baseline-qa.k3s.semapp.lan
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: baseline-frontend-qa
+          servicePort: 8000
\ No newline at end of file