feat: integrate Gateway API, CORS config, and CNPG database for sandbox

deploy/manifests/balancer/base/deployment.yaml

@@ -21,6 +21,8 @@ spec:
           envFrom:
             - secretRef:
                 name: balancer-config
+            - configMapRef:
+                name: balancer-config
           ports:
             - containerPort: 8000
           readinessProbe:

deploy/manifests/balancer/base/gateway-listeners.yaml

@@ -0,0 +1,27 @@
+apiVersion: gateway.networking.k8s.io/v1
+kind: ListenerSet
+metadata:
+  name: balancer-listeners
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+    hostname: HOSTNAME_PLACEHOLDER
+spec:
+  parentRef:
+    name: main-gateway
+    namespace: envoy-gateway-system
+    group: gateway.networking.k8s.io
+    kind: Gateway
+  listeners:
+    - name: http
+      protocol: HTTP
+      port: 80
+      hostname: HOSTNAME_PLACEHOLDER
+    - name: https
+      protocol: HTTPS
+      port: 443
+      hostname: HOSTNAME_PLACEHOLDER
+      tls:
+        mode: Terminate
+        certificateRefs:
+          - name: balancer-tls
+            kind: Secret

deploy/manifests/balancer/base/httproute.yaml

@@ -0,0 +1,23 @@
+
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: balancer
+  annotations:
+    hostname: HOSTNAME_PLACEHOLDER
+spec:
+  parentRefs:
+    - name: balancer-listeners
+      kind: ListenerSet
+      group: gateway.networking.k8s.io
+      sectionName: https
+  hostnames:
+    - HOSTNAME_PLACEHOLDER
+  rules:
+    - matches:
+        - path:
+            type: PathPrefix
+            value: /
+      backendRefs:
+        - name: balancer
+          port: 80

deploy/manifests/balancer/base/kustomization.yaml

@@ -5,4 +5,20 @@ resources:
   - namespace.yaml
   - deployment.yaml
   - service.yaml
-  - ingress.yaml
+  - gateway-listeners.yaml
+  - httproute.yaml
+
+labels:
+  - pairs:
+      app.kubernetes.io/name: balancer
+      app.kubernetes.io/part-of: balancer
+      app.kubernetes.io/managed-by: kustomize
+      app.kubernetes.io/component: web
+
+images:
+  - name: ghcr.io/codeforphilly/balancer-main/app
+
+configMapGenerator:
+  - name: balancer-config
+    envs:
+      - balancer.env

deploy/manifests/balancer/base/service.yaml

@@ -7,7 +7,7 @@ metadata:
 spec:
   ports:
     - name: http
-      port: 8000
+      port: 80
       targetPort: 8000
   selector:
     app: balancer

deploy/manifests/balancer/overlays/production/balancer.env

@@ -0,0 +1 @@
+CORS_ALLOWED_ORIGINS=https://balancerproject.org

deploy/manifests/balancer/overlays/production/kustomization.yaml

@@ -0,0 +1,44 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: balancer
+
+resources:
+  - ../../base
+
+images:
+  - name: ghcr.io/codeforphilly/balancer-main/app
+    newTag: 1.1.5
+
+configMapGenerator:
+  - name: balancer-config
+    behavior: merge
+    literals:
+      - HOSTNAME=balancerproject.org
+    envs:
+      - balancer.env
+
+labels:
+  - includeSelectors: true
+    pairs:
+      environment: production
+      app.kubernetes.io/instance: balancer-production
+
+patches:
+  - target:
+      kind: ListenerSet
+      name: balancer-listeners
+    patch: |
+      - op: replace
+        path: /spec/listeners/0/hostname
+        value: balancerproject.org
+      - op: replace
+        path: /spec/listeners/1/hostname
+        value: balancerproject.org
+  - target:
+      kind: HTTPRoute
+      name: balancer
+    patch: |
+      - op: replace
+        path: /spec/hostnames/0
+        value: balancerproject.org

deploy/manifests/balancer/overlays/sandbox/balancer.env

@@ -0,0 +1 @@
+CORS_ALLOWED_ORIGINS=https://sandbox.balancerproject.org

deploy/manifests/balancer/overlays/sandbox/configmap.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: balancer-db-config
+data:
+  SQL_HOST: shared-cluster-rw.cloudnative-pg.svc.cluster.local
+  SQL_PORT: "5432"
+  SQL_DATABASE: balancer
+  SQL_USER: balancer
+  SQL_ENGINE: django.db.backends.postgresql

deploy/manifests/balancer/overlays/sandbox/kustomization.yaml

@@ -0,0 +1,62 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: balancer
+
+resources:
+  - ../../base
+  - configmap.yaml
+
+images:
+  - name: ghcr.io/codeforphilly/balancer-main/app
+    newTag: 1.1.5
+
+configMapGenerator:
+  - name: balancer-config
+    behavior: merge
+    literals:
+      - HOSTNAME=sandbox.balancerproject.org
+    envs:
+      - balancer.env
+
+labels:
+  - includeSelectors: true
+    pairs:
+      environment: sandbox
+      app.kubernetes.io/instance: balancer-sandbox
+
+patches:
+  - target:
+      kind: ListenerSet
+      name: balancer-listeners
+    patch: |
+      - op: replace
+        path: /spec/listeners/0/hostname
+        value: sandbox.balancerproject.org
+      - op: replace
+        path: /spec/listeners/1/hostname
+        value: sandbox.balancerproject.org
+  - target:
+      kind: HTTPRoute
+      name: balancer
+    patch: |
+      - op: replace
+        path: /spec/hostnames/0
+        value: sandbox.balancerproject.org
+  - target:
+      kind: Deployment
+      name: balancer
+    patch: |
+      - op: add
+        path: /spec/template/spec/containers/0/envFrom/-
+        value:
+          configMapRef:
+            name: balancer-db-config
+      - op: add
+        path: /spec/template/spec/containers/0/env
+        value:
+          - name: SQL_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: balancer-db-credentials
+                key: password

server/balancer_backend/settings.py

@@ -67,7 +67,10 @@
 
 ROOT_URLCONF = "balancer_backend.urls"
 
-CORS_ALLOW_ALL_ORIGINS = True
+# CORS configuration
+CORS_ALLOWED_ORIGINS = os.environ.get("CORS_ALLOWED_ORIGINS", "http://localhost:3000").split(",")
+# Ensure no empty strings if input was empty or trailing comma
+CORS_ALLOWED_ORIGINS = [origin.strip() for origin in CORS_ALLOWED_ORIGINS if origin.strip()]
 
 TEMPLATES = [
     {