Kubernetes deployment for the Geocoder

components/geocoder/deployment.yaml

@@ -0,0 +1,49 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: geocode-proxy
+  labels:
+    app: geocode-proxy
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: geocode-proxy
+  template:
+    metadata:
+      labels:
+        app: geocode-proxy
+    spec:
+      containers:
+      - name: geocode-proxy
+        image: kommonitor/geocoder-proxy
+        imagePullPolicy: Always
+        resources:
+          requests:
+            memory: "16M"
+            cpu: "1m"
+          limits:
+            memory: "500M"
+            cpu: "500m"
+        ports:
+        - containerPort: 8092
+        env:
+        - name: NOMINATIM_URL
+          value: "http://nominatim:8080"
+        - name: PORT
+          value: "8092"
+
+        envFrom:
+        - configMapRef:
+            name: geocode-proxy
+        volumeMounts:
+        - name: openapi-config-volume
+          mountPath: /code/api/openapi.yaml  
+          subPath: openapi.yaml          
+      volumes:
+      - name: openapi-config-volume
+        configMap:
+          name: geocode-proxy
+          items:
+          - key: openapi.yaml
+            path: openapi.yaml

components/geocoder/ingress.yaml

@@ -0,0 +1,14 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    kubernetes.io/ingress.class: "nginx"
+    cert-manager.io/issuer: letsencrypt
+  name: de-kommonitor-geocoder
+spec:
+  tls:
+  - hosts:
+    - demo.kommonitor-geocoder.de.52north.org
+    secretName: de-kommonitor-geocoder-tls
+  rules:
+  - host: demo.kommonitor-geocoder.de.52north.org

components/geocoder/kustomization.yaml

@@ -0,0 +1,9 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - deployment.yaml
+  - service.yaml
+  - configmap.yaml
+  - namespace.yaml
+  - rolebinding.yaml
+  - ingress.yaml

components/geocoder/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+    name: de-kommonitor-geocoder

components/geocoder/rolebinding.yaml

@@ -0,0 +1,11 @@
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: de-kommonitor-geocoder-admin-access
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: admin
+subjects:
+- kind: Group
+  name: de-kommonitor-geocoder-admin # This is the link between k8s and the IAM role

components/geocoder/service.yaml

@@ -0,0 +1,15 @@
+ apiVersion: v1
+ kind: Service
+ metadata:
+   name: geocode-proxy
+   labels:
+     app: geocode-proxy
+ spec:
+   selector:
+     app: geocode-proxy
+   ports:
+   - name: http
+     port: 8092
+     targetPort: 8092
+     nodePort: 30920
+   type: NodePort

components/kubegres/my-postgres-secret.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: mypostgres-secret
+  namespace: default
+type: Opaque
+stringData:
+  superUserPassword: postgresSuperUserPsw
+  replicationUserPassword: postgresReplicaPsw

components/kubegres/my-postgres.yaml

@@ -0,0 +1,26 @@
+apiVersion: kubegres.reactive-tech.io/v1
+kind: Kubegres
+metadata:
+  name: mypostgres
+  namespace: default
+
+spec:
+
+   replicas: 3
+   image: postgres:16.1
+
+   database:
+      size: 200Mi
+
+   env:
+      - name: POSTGRES_PASSWORD
+        valueFrom:
+           secretKeyRef:
+              name: mypostgres-secret
+              key: superUserPassword
+
+      - name: POSTGRES_REPLICATION_PASSWORD
+        valueFrom:
+           secretKeyRef:
+              name: mypostgres-secret
+              key: replicationUserPassword

components/nominatim/configmap.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: nominatim
+data:
+  PBF_URL: "https://download.geofabrik.de/europe/germany/nordrhein-westfalen/duesseldorf-regbez-latest.osm.pbf"
+  REPLICATION_URL: "https://download.geofabrik.de/europe/germany/nordrhein-westfalen/duesseldorf-regbez-updates/"
+  REPLICATION_UPDATE_INTERVAL: "86400"
+  UPDATE_MODE: "once"
+  REPLICATION_RECHECK_INTERVAL: "300"

components/nominatim/deployment.yaml

@@ -0,0 +1,96 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nominatim
+  labels:
+    app: nominatim
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: nominatim
+  template:
+    metadata:
+      labels:
+        app: nominatim
+    spec:
+      initContainers:
+        - name: init
+          image: mediagis/nominatim:4.4
+          resources:
+            limits:
+              memory: "3Gi"
+              cpu: "1000m"
+          command:
+            - bash
+          args:
+            - '-c'
+            - 'mkdir -p /var/lib/postgresql/14/main && sudo chown postgres:postgres /var/lib/postgresql/14/main && bash /app/init.sh'
+          env:
+            - name: PBF_URL 
+              valueFrom:
+                configMapKeyRef:
+                  name: nominatim  
+                  key: PBF_URL
+            - name: REPLICATION_URL 
+              valueFrom:
+                configMapKeyRef:
+                  name: nominatim 
+                  key: REPLICATION_URL
+          volumeMounts:
+            - name: nominatim-storage
+              mountPath: /var/lib/nominatim
+            - name: nominatim-db-data
+              mountPath: /var/lib/postgresql/14/
+      containers:
+      - name: nominatim
+        image: mediagis/nominatim:4.4
+        imagePullPolicy: Always
+        resources:
+          requests:
+            memory: "1Gi"
+            cpu: "100m"
+          limits:
+            memory: "3Gi"
+            cpu: "1000m"
+        ports:
+        - containerPort: 8080
+        env:
+        - name: PBF_URL 
+          valueFrom:
+            configMapKeyRef:
+              name: nominatim  
+              key: PBF_URL
+        - name: REPLICATION_URL 
+          valueFrom:
+            configMapKeyRef:
+              name: nominatim 
+              key: REPLICATION_URL
+        - name: REPLICATION_UPDATE_INTERVAL 
+          valueFrom:
+            configMapKeyRef:
+              name: nominatim  
+              key: REPLICATION_UPDATE_INTERVAL
+        - name: UPDATE_MODE 
+          valueFrom:
+            configMapKeyRef:
+              name: nominatim  
+              key: UPDATE_MODE
+        - name: REPLICATION_RECHECK_INTERVAL  
+          valueFrom:
+            configMapKeyRef:
+              name: nominatim  
+              key: REPLICATION_RECHECK_INTERVAL
+        volumeMounts:
+        - name: nominatim-storage
+          mountPath: /var/lib/nominatim
+        - name: nominatim-db-data
+          mountPath: /var/lib/postgresql/14/
+      volumes:
+      - name: nominatim-storage
+        persistentVolumeClaim:
+          claimName: nominatim-storage
+      - name: nominatim-db-data
+        persistentVolumeClaim:
+          claimName: nominatim-db-data
+

components/nominatim/ingress.yaml

@@ -0,0 +1,14 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    kubernetes.io/ingress.class: "nginx"
+    cert-manager.io/issuer: letsencrypt
+  name: de-kommonitor-geocoder
+spec:
+  tls:
+  - hosts:
+    - demo.kommonitor-geocoder.de.52north.org
+    secretName: de-kommonitor-geocoder-tls
+  rules:
+  - host: demo.kommonitor-geocoder.de.52north.org

components/nominatim/kustomization.yaml

@@ -0,0 +1,11 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - deployment.yaml
+  - service.yaml
+  - configmap.yaml
+  - namespace.yaml
+  - rolebinding.yaml
+  - ingress.yaml
+  - pvc.yaml
+

components/nominatim/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+    name: de-kommonitor-geocoder

components/nominatim/pvc.yaml

@@ -0,0 +1,28 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: nominatim-storage
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 2Gi 
+  storageClassName: retained-ssd-gp3
+  volumeMode: Filesystem
+
+---
+
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: nominatim-db-data
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 10Gi 
+  storageClassName: retained-ssd-gp3
+  volumeMode: Filesystem
+

components/nominatim/rolebinding.yaml

@@ -0,0 +1,11 @@
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: de-kommonitor-geocoder-admin-access
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: admin
+subjects:
+- kind: Group
+  name: de-kommonitor-geocoder-admin # This is the link between k8s and the IAM role

components/nominatim/service.yaml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: nominatim
+  labels:
+    app: nominatim
+spec:
+  selector:
+    app: nominatim
+  ports:
+  - name: http1
+    port: 8080
+    targetPort: 8080
+    nodePort: 30922
+  type: NodePort
+