MàJ - Application.properties

applications/lionsdev-client/kubernetes/configmap.yaml

@@ -0,0 +1,85 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: lionsdev-client-config
+  namespace: lions-apps
+  labels:
+    app: lionsdev-client
+    app.kubernetes.io/name: lionsdev-client
+    app.kubernetes.io/part-of: lions-infrastructure
+    app.kubernetes.io/managed-by: lionsctl
+data:
+  # Application configuration
+  application.properties: |
+    # Quarkus Configuration
+    quarkus.application.name=lionsdev-client
+    quarkus.application.version=1.0.0
+    
+    # HTTP Configuration
+    quarkus.http.port=8080
+    quarkus.http.host=0.0.0.0
+    quarkus.http.cors=true
+    quarkus.http.cors.origins=https://lions.dev,https://staging.lions.dev,https://dev.lions.dev
+    
+    # Database Configuration (will be overridden by secrets)
+    quarkus.datasource.db-kind=postgresql
+    quarkus.datasource.jdbc.url=jdbc:postgresql://postgresql-service.postgresql.svc.cluster.local:5432/lionsdb
+    quarkus.datasource.jdbc.max-size=20
+    quarkus.datasource.jdbc.min-size=5
+    
+    # Hibernate Configuration
+    quarkus.hibernate-orm.database.generation=update
+    quarkus.hibernate-orm.log.sql=false
+    quarkus.hibernate-orm.sql-load-script=no-file
+    
+    # Logging Configuration
+    quarkus.log.level=INFO
+    quarkus.log.category."dev.lions".level=DEBUG
+    quarkus.log.console.enable=true
+    quarkus.log.console.format=%d{HH:mm:ss} %-5p [%c{2.}] (%t) %s%e%n
+    
+    # Health Check Configuration
+    quarkus.health.extensions.enabled=true
+    quarkus.smallrye-health.root-path=/health
+    
+    # Metrics Configuration
+    quarkus.micrometer.enabled=true
+    quarkus.micrometer.export.prometheus.enabled=true
+    quarkus.micrometer.export.prometheus.path=/metrics
+    
+    # OpenAPI Configuration
+    quarkus.swagger-ui.enable=true
+    quarkus.swagger-ui.path=/swagger-ui
+    mp.openapi.extensions.smallrye.info.title=Lions Dev Client API
+    mp.openapi.extensions.smallrye.info.version=1.0.0
+    mp.openapi.extensions.smallrye.info.description=Lions Dev professional website and client portal
+    mp.openapi.extensions.smallrye.info.contact.email=contact@lions.dev
+    mp.openapi.extensions.smallrye.info.contact.name=Lions Dev Team
+    mp.openapi.extensions.smallrye.info.contact.url=https://lions.dev
+    
+    # Security Configuration
+    quarkus.http.auth.basic=false
+    quarkus.security.jpa.enabled=false
+    
+    # Static Resources Configuration
+    quarkus.http.static-resources."/"=META-INF/resources
+    quarkus.http.static-resources.cache-control=max-age=86400
+    
+  # Environment-specific overrides (will be patched per environment)
+  environment: "production"
+  domain: "lions.dev"
+  log-level: "INFO"
+  
+  # Lions Dev specific configuration
+  lions.dev.company.name=Lions Dev
+  lions.dev.company.email=contact@lions.dev
+  lions.dev.company.phone=+225 01 01 75 95 25
+  lions.dev.company.address=Abidjan, Côte d'Ivoire
+  lions.dev.company.website=https://lions.dev
+  lions.dev.company.description=Enterprise digital transformation partner delivering mission-critical solutions across Africa
+  
+  # Feature flags
+  lions.dev.features.analytics.enabled=true
+  lions.dev.features.monitoring.enabled=true
+  lions.dev.features.contact-form.enabled=true
+  lions.dev.features.newsletter.enabled=true

applications/lionsdev-client/kubernetes/deployment.yaml

@@ -0,0 +1,149 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: lionsdev-client
+  namespace: lions-apps
+  labels:
+    app: lionsdev-client
+    app.kubernetes.io/name: lionsdev-client
+    app.kubernetes.io/part-of: lions-infrastructure
+    app.kubernetes.io/managed-by: lionsctl
+    app.kubernetes.io/version: "1.0.0"
+  annotations:
+    deployment.kubernetes.io/revision: "1"
+    description: "Lions Dev professional website and client portal"
+spec:
+  replicas: 3
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 1
+      maxUnavailable: 0
+  selector:
+    matchLabels:
+      app: lionsdev-client
+  template:
+    metadata:
+      labels:
+        app: lionsdev-client
+        app.kubernetes.io/name: lionsdev-client
+        app.kubernetes.io/part-of: lions-infrastructure
+        app.kubernetes.io/version: "1.0.0"
+      annotations:
+        prometheus.io/scrape: "true"
+        prometheus.io/port: "8080"
+        prometheus.io/path: "/metrics"
+    spec:
+      serviceAccountName: lionsdev-client
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 1001
+        runAsGroup: 1001
+        fsGroup: 1001
+      containers:
+      - name: lionsdev-client
+        image: registry.lions.dev/lionsdev/lionsdev-client:latest
+        imagePullPolicy: Always
+        ports:
+        - name: http
+          containerPort: 8080
+          protocol: TCP
+        - name: metrics
+          containerPort: 8080
+          protocol: TCP
+        env:
+        - name: KUBERNETES_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        - name: HOSTNAME
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.name
+        - name: QUARKUS_PROFILE
+          value: "prod"
+        envFrom:
+        - configMapRef:
+            name: lionsdev-client-config
+        - secretRef:
+            name: lionsdev-client-secrets
+        resources:
+          requests:
+            memory: "256Mi"
+            cpu: "200m"
+          limits:
+            memory: "1Gi"
+            cpu: "1000m"
+        livenessProbe:
+          httpGet:
+            path: /health/live
+            port: http
+            scheme: HTTP
+          initialDelaySeconds: 30
+          periodSeconds: 10
+          timeoutSeconds: 5
+          failureThreshold: 3
+          successThreshold: 1
+        readinessProbe:
+          httpGet:
+            path: /health/ready
+            port: http
+            scheme: HTTP
+          initialDelaySeconds: 10
+          periodSeconds: 5
+          timeoutSeconds: 3
+          failureThreshold: 3
+          successThreshold: 1
+        startupProbe:
+          httpGet:
+            path: /health/started
+            port: http
+            scheme: HTTP
+          initialDelaySeconds: 10
+          periodSeconds: 5
+          timeoutSeconds: 3
+          failureThreshold: 30
+          successThreshold: 1
+        securityContext:
+          allowPrivilegeEscalation: false
+          readOnlyRootFilesystem: true
+          runAsNonRoot: true
+          runAsUser: 1001
+          capabilities:
+            drop:
+            - ALL
+        volumeMounts:
+        - name: tmp
+          mountPath: /tmp
+        - name: logs
+          mountPath: /app/logs
+      volumes:
+      - name: tmp
+        emptyDir: {}
+      - name: logs
+        emptyDir: {}
+      imagePullSecrets:
+      - name: registry-lions-dev
+      nodeSelector:
+        kubernetes.io/os: linux
+      tolerations:
+      - key: "node.kubernetes.io/not-ready"
+        operator: "Exists"
+        effect: "NoExecute"
+        tolerationSeconds: 300
+      - key: "node.kubernetes.io/unreachable"
+        operator: "Exists"
+        effect: "NoExecute"
+        tolerationSeconds: 300
+      affinity:
+        podAntiAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+          - weight: 100
+            podAffinityTerm:
+              labelSelector:
+                matchExpressions:
+                - key: app
+                  operator: In
+                  values:
+                  - lionsdev-client
+              topologyKey: kubernetes.io/hostname

applications/lionsdev-client/kubernetes/hpa.yaml

@@ -0,0 +1,67 @@
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: lionsdev-client-hpa
+  namespace: lions-apps
+  labels:
+    app: lionsdev-client
+    app.kubernetes.io/name: lionsdev-client
+    app.kubernetes.io/part-of: lions-infrastructure
+    app.kubernetes.io/managed-by: lionsctl
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: lionsdev-client
+  minReplicas: 2
+  maxReplicas: 10
+  metrics:
+  - type: Resource
+    resource:
+      name: cpu
+      target:
+        type: Utilization
+        averageUtilization: 70
+  - type: Resource
+    resource:
+      name: memory
+      target:
+        type: Utilization
+        averageUtilization: 80
+  behavior:
+    scaleDown:
+      stabilizationWindowSeconds: 300
+      policies:
+      - type: Percent
+        value: 50
+        periodSeconds: 60
+      - type: Pods
+        value: 2
+        periodSeconds: 60
+      selectPolicy: Min
+    scaleUp:
+      stabilizationWindowSeconds: 60
+      policies:
+      - type: Percent
+        value: 100
+        periodSeconds: 30
+      - type: Pods
+        value: 4
+        periodSeconds: 30
+      selectPolicy: Max
+---
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: lionsdev-client-pdb
+  namespace: lions-apps
+  labels:
+    app: lionsdev-client
+    app.kubernetes.io/name: lionsdev-client
+    app.kubernetes.io/part-of: lions-infrastructure
+    app.kubernetes.io/managed-by: lionsctl
+spec:
+  minAvailable: 1
+  selector:
+    matchLabels:
+      app: lionsdev-client

applications/lionsdev-client/kubernetes/ingress.yaml

@@ -0,0 +1,89 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: lionsdev-client-ingress
+  namespace: lions-apps
+  labels:
+    app: lionsdev-client
+    app.kubernetes.io/name: lionsdev-client
+    app.kubernetes.io/part-of: lions-infrastructure
+    app.kubernetes.io/managed-by: lionsctl
+  annotations:
+    # Nginx Ingress Controller annotations
+    kubernetes.io/ingress.class: "nginx"
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/use-regex: "true"
+    
+    # SSL/TLS Configuration
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+    cert-manager.io/acme-challenge-type: "http01"
+    
+    # Performance and caching
+    nginx.ingress.kubernetes.io/proxy-body-size: "10m"
+    nginx.ingress.kubernetes.io/proxy-connect-timeout: "60"
+    nginx.ingress.kubernetes.io/proxy-send-timeout: "60"
+    nginx.ingress.kubernetes.io/proxy-read-timeout: "60"
+    nginx.ingress.kubernetes.io/proxy-buffering: "on"
+    nginx.ingress.kubernetes.io/proxy-buffer-size: "8k"
+    
+    # Static assets caching
+    nginx.ingress.kubernetes.io/server-snippet: |
+      location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
+        expires 1y;
+        add_header Cache-Control "public, immutable";
+        add_header X-Content-Type-Options "nosniff";
+      }
+      
+      location ~* \.(html|htm)$ {
+        expires 1h;
+        add_header Cache-Control "public, must-revalidate";
+        add_header X-Content-Type-Options "nosniff";
+        add_header X-Frame-Options "DENY";
+        add_header X-XSS-Protection "1; mode=block";
+        add_header Referrer-Policy "strict-origin-when-cross-origin";
+      }
+    
+    # Security headers
+    nginx.ingress.kubernetes.io/configuration-snippet: |
+      add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
+      add_header X-Content-Type-Options "nosniff" always;
+      add_header X-Frame-Options "DENY" always;
+      add_header X-XSS-Protection "1; mode=block" always;
+      add_header Referrer-Policy "strict-origin-when-cross-origin" always;
+      add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com; img-src 'self' data: https:; connect-src 'self'; frame-ancestors 'none';" always;
+    
+    # Rate limiting
+    nginx.ingress.kubernetes.io/rate-limit: "100"
+    nginx.ingress.kubernetes.io/rate-limit-window: "1m"
+    
+    # Monitoring
+    nginx.ingress.kubernetes.io/enable-access-log: "true"
+    nginx.ingress.kubernetes.io/enable-rewrite-log: "false"
+spec:
+  tls:
+  - hosts:
+    - lions.dev
+    - www.lions.dev
+    secretName: lionsdev-client-tls
+  rules:
+  - host: lions.dev
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: lionsdev-client-service
+            port:
+              number: 80
+  - host: www.lions.dev
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: lionsdev-client-service
+            port:
+              number: 80

applications/lionsdev-client/kubernetes/namespace.yaml

@@ -0,0 +1,47 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: lions-apps
+  labels:
+    name: lions-apps
+    app.kubernetes.io/name: lions-apps
+    app.kubernetes.io/part-of: lions-infrastructure
+    app.kubernetes.io/managed-by: lionsctl
+  annotations:
+    description: "Lions Dev applications namespace"
+    contact: "infrastructure@lions.dev"
+    environment: "multi-environment"
+---
+apiVersion: v1
+kind: ResourceQuota
+metadata:
+  name: lions-apps-quota
+  namespace: lions-apps
+spec:
+  hard:
+    requests.cpu: "4"
+    requests.memory: 8Gi
+    limits.cpu: "8"
+    limits.memory: 16Gi
+    persistentvolumeclaims: "10"
+    services: "20"
+    secrets: "50"
+    configmaps: "50"
+---
+apiVersion: v1
+kind: LimitRange
+metadata:
+  name: lions-apps-limits
+  namespace: lions-apps
+spec:
+  limits:
+  - default:
+      cpu: "1"
+      memory: "1Gi"
+    defaultRequest:
+      cpu: "100m"
+      memory: "128Mi"
+    type: Container
+  - default:
+      storage: "10Gi"
+    type: PersistentVolumeClaim

applications/lionsdev-client/kubernetes/rbac.yaml

@@ -0,0 +1,71 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: lionsdev-client
+  namespace: lions-apps
+  labels:
+    app: lionsdev-client
+    app.kubernetes.io/name: lionsdev-client
+    app.kubernetes.io/part-of: lions-infrastructure
+    app.kubernetes.io/managed-by: lionsctl
+automountServiceAccountToken: true
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: lionsdev-client-role
+  namespace: lions-apps
+  labels:
+    app: lionsdev-client
+    app.kubernetes.io/name: lionsdev-client
+    app.kubernetes.io/part-of: lions-infrastructure
+    app.kubernetes.io/managed-by: lionsctl
+rules:
+- apiGroups: [""]
+  resources: ["configmaps", "secrets"]
+  verbs: ["get", "list", "watch"]
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "list", "watch"]
+- apiGroups: ["apps"]
+  resources: ["deployments", "replicasets"]
+  verbs: ["get", "list", "watch"]
+- apiGroups: [""]
+  resources: ["services", "endpoints"]
+  verbs: ["get", "list", "watch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: lionsdev-client-rolebinding
+  namespace: lions-apps
+  labels:
+    app: lionsdev-client
+    app.kubernetes.io/name: lionsdev-client
+    app.kubernetes.io/part-of: lions-infrastructure
+    app.kubernetes.io/managed-by: lionsctl
+subjects:
+- kind: ServiceAccount
+  name: lionsdev-client
+  namespace: lions-apps
+roleRef:
+  kind: Role
+  name: lionsdev-client-role
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: registry-lions-dev
+  namespace: lions-apps
+  labels:
+    app: lionsdev-client
+    app.kubernetes.io/name: lionsdev-client
+    app.kubernetes.io/part-of: lions-infrastructure
+    app.kubernetes.io/managed-by: lionsctl
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: eyJhdXRocyI6eyJyZWdpc3RyeS5saW9ucy5kZXYiOnsidXNlcm5hbWUiOiJsaW9uc3JlZ2lzdHJ5IiwicGFzc3dvcmQiOiJMaW9uc1JlZ2lzdHJ5MjAyNSEiLCJhdXRoIjoiYkdsdmJuTnlaV2RwYzNSeWVUcE1hVzl1YzFKbFoybHpkSEo1TWpBeU5TRT0ifX19
+  # Base64 encoded Docker config for registry.lions.dev
+  # Username: lionsregistry
+  # Password: LionsRegistry2025!

applications/lionsdev-client/kubernetes/secret.yaml

@@ -0,0 +1,61 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: lionsdev-client-secrets
+  namespace: lions-apps
+  labels:
+    app: lionsdev-client
+    app.kubernetes.io/name: lionsdev-client
+    app.kubernetes.io/part-of: lions-infrastructure
+    app.kubernetes.io/managed-by: lionsctl
+  annotations:
+    vault.hashicorp.com/agent-inject: "true"
+    vault.hashicorp.com/role: "lionsdev-client"
+    vault.hashicorp.com/agent-inject-secret-database: "secret/lionsdev-client/database"
+    vault.hashicorp.com/agent-inject-template-database: |
+      {{- with secret "secret/lionsdev-client/database" -}}
+      QUARKUS_DATASOURCE_USERNAME={{ .Data.data.username }}
+      QUARKUS_DATASOURCE_PASSWORD={{ .Data.data.password }}
+      {{- end }}
+type: Opaque
+data:
+  # Database credentials (base64 encoded)
+  # These will be injected by Vault in production
+  # Default values for development/testing
+  QUARKUS_DATASOURCE_USERNAME: bGlvbnNfdXNlcg==  # lions_user
+  QUARKUS_DATASOURCE_PASSWORD: TGlvbnNEZXYyMDI1IQ==  # LionsDev2025!
+  
+  # SMTP Configuration for contact forms
+  QUARKUS_MAILER_HOST: c210cC5nbWFpbC5jb20=  # smtp.gmail.com
+  QUARKUS_MAILER_PORT: NTg3  # 587
+  QUARKUS_MAILER_USERNAME: Y29udGFjdEBsaW9ucy5kZXY=  # contact@lions.dev
+  QUARKUS_MAILER_PASSWORD: ""  # Will be injected by Vault
+  
+  # JWT Secret for session management
+  JWT_SECRET: TGlvbnNEZXZKV1RTZWNyZXQyMDI1IUVudGVycHJpc2U=  # LionsDevJWTSecret2025!Enterprise
+  
+  # API Keys for external services
+  GOOGLE_ANALYTICS_ID: ""  # Will be injected by Vault
+  GOOGLE_MAPS_API_KEY: ""  # Will be injected by Vault
+  
+  # Monitoring and observability
+  PROMETHEUS_AUTH_TOKEN: ""  # Will be injected by Vault
+  GRAFANA_API_KEY: ""  # Will be injected by Vault
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: lionsdev-client-tls
+  namespace: lions-apps
+  labels:
+    app: lionsdev-client
+    app.kubernetes.io/name: lionsdev-client
+    app.kubernetes.io/part-of: lions-infrastructure
+    app.kubernetes.io/managed-by: lionsctl
+  annotations:
+    cert-manager.io/issuer: "letsencrypt-prod"
+type: kubernetes.io/tls
+data:
+  # TLS certificate and key will be automatically generated by cert-manager
+  tls.crt: ""
+  tls.key: ""

applications/lionsdev-client/kubernetes/service.yaml

@@ -0,0 +1,53 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: lionsdev-client-service
+  namespace: lions-apps
+  labels:
+    app: lionsdev-client
+    app.kubernetes.io/name: lionsdev-client
+    app.kubernetes.io/part-of: lions-infrastructure
+    app.kubernetes.io/managed-by: lionsctl
+  annotations:
+    service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
+    prometheus.io/scrape: "true"
+    prometheus.io/port: "8080"
+    prometheus.io/path: "/metrics"
+spec:
+  type: ClusterIP
+  ports:
+  - name: http
+    port: 80
+    targetPort: http
+    protocol: TCP
+  - name: metrics
+    port: 8080
+    targetPort: metrics
+    protocol: TCP
+  selector:
+    app: lionsdev-client
+  sessionAffinity: None
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: lionsdev-client-headless
+  namespace: lions-apps
+  labels:
+    app: lionsdev-client
+    app.kubernetes.io/name: lionsdev-client
+    app.kubernetes.io/part-of: lions-infrastructure
+    app.kubernetes.io/managed-by: lionsctl
+  annotations:
+    service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
+spec:
+  type: ClusterIP
+  clusterIP: None
+  ports:
+  - name: http
+    port: 80
+    targetPort: http
+    protocol: TCP
+  selector:
+    app: lionsdev-client
+  publishNotReadyAddresses: true