Configuration Reference
Overview
This reference covers all configuration options for the DineTogether K8s infrastructure, from environment variables to Kubernetes annotations.
Environment Variables
Global Variables
| Variable | Description | Default | Required |
|---|---|---|---|
GIT_SHA |
Git commit SHA for image tagging | latest |
No |
DINE_TOGETHER_INGRESS_NETWORK |
Docker network for ingress | infrastructure-ingress |
No |
NAMESPACE |
Kubernetes namespace | test-staging |
No |
DEPLOY_TOKEN |
GitHub PAT for deployments | - | Yes |
GHCR_TOKEN |
GitHub PAT for registry | - | Yes |
Application Variables
# Docker Compose
environment:
- NODE_ENV=production
- API_URL=${API_URL:-https://api.test.dinetogether.co.uk}
- DATABASE_URL=${DATABASE_URL}
- REDIS_URL=redis://redis:6379
- SECRET_KEY=${SECRET_KEY}
Build-time Variables
# Dockerfile
ARG NODE_ENV=production
ARG BUILD_DATE
ARG GIT_SHA
LABEL build.date=$BUILD_DATE \
build.sha=$GIT_SHA
Docker Compose Extensions
Resource Configuration
services:
app:
deploy:
resources:
limits:
cpus: '1.0'
memory: 1G
reservations:
cpus: '0.5'
memory: 512M
replicas: 3
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 3
Health Checks
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:3000/health"]
interval: 30s
timeout: 10s
retries: 3
start_period: 40s
Network Configuration
networks:
default:
driver: bridge
ingress:
external: true
name: ${DINE_TOGETHER_INGRESS_NETWORK:-infrastructure-ingress}
Volume Configuration
Custom Labels
labels:
- "com.dinetogether.app=frontend"
- "com.dinetogether.version=1.0"
- "com.dinetogether.team=platform"
Kubernetes Annotations
Deployment Annotations
metadata:
annotations:
# Deployment info
deployment.kubernetes.io/revision: "1"
kubernetes.io/change-cause: "Initial deployment"
# Monitoring
prometheus.io/scrape: "true"
prometheus.io/port: "9090"
prometheus.io/path: "/metrics"
# Custom
dinetogether.com/owner: "platform-team"
dinetogether.com/repo: "https://github.com/dine-together/myapp"
Service Annotations
metadata:
annotations:
# Load balancer
service.beta.kubernetes.io/external-traffic: "Local"
# Service mesh
service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
Ingress Annotations
metadata:
annotations:
# Traefik specific
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
traefik.ingress.kubernetes.io/router.middlewares: default-redirect@kubernetescrd
# cert-manager
cert-manager.io/cluster-issuer: letsencrypt-prod
# Rate limiting
traefik.ingress.kubernetes.io/router.middlewares: rate-limit@file
# CORS
traefik.ingress.kubernetes.io/router.middlewares: cors@file
Ingress Configuration
Basic Ingress
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: myapp
namespace: test-staging
annotations:
kubernetes.io/ingress.class: traefik
cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
rules:
- host: myapp.test.dinetogether.co.uk
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: myapp
port:
number: 80
tls:
- hosts:
- myapp.test.dinetogether.co.uk
secretName: myapp-tls
Advanced Routing
spec:
rules:
- host: api.test.dinetogether.co.uk
http:
paths:
- path: /v1
pathType: Prefix
backend:
service:
name: api-v1
port:
number: 8000
- path: /v2
pathType: Prefix
backend:
service:
name: api-v2
port:
number: 8000
Resource Limits
Container Resources
resources:
requests:
memory: "256Mi"
cpu: "100m"
ephemeral-storage: "1Gi"
limits:
memory: "1Gi"
cpu: "1000m"
ephemeral-storage: "2Gi"
Resource Guidelines
| App Type | Memory Request | Memory Limit | CPU Request | CPU Limit |
|---|---|---|---|---|
| Next.js | 256Mi | 1Gi | 100m | 1000m |
| Django API | 128Mi | 512Mi | 50m | 500m |
| Node.js API | 128Mi | 512Mi | 50m | 500m |
| PostgreSQL | 512Mi | 2Gi | 250m | 2000m |
| Redis | 128Mi | 512Mi | 50m | 500m |
| Background Worker | 128Mi | 512Mi | 100m | 1000m |
ConfigMaps and Secrets
ConfigMap from File
apiVersion: v1
kind: ConfigMap
metadata:
name: app-config
data:
config.json: |
{
"api": {
"endpoint": "https://api.test.dinetogether.co.uk",
"timeout": 30
}
}
Secret from Environment
apiVersion: v1
kind: Secret
metadata:
name: app-secrets
type: Opaque
stringData:
DATABASE_URL: postgresql://user:pass@postgres:5432/db
API_KEY: your-api-key-here
Using in Deployment
spec:
containers:
- name: app
envFrom:
- configMapRef:
name: app-config
- secretRef:
name: app-secrets
env:
- name: CONFIG_PATH
value: /etc/config/config.json
volumeMounts:
- name: config
mountPath: /etc/config
volumes:
- name: config
configMap:
name: app-config
Persistent Storage
PersistentVolumeClaim
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: app-data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
storageClassName: local-path
Volume Mount Options
volumeMounts:
- name: data
mountPath: /data
readOnly: false
- name: config
mountPath: /etc/app/config.json
subPath: config.json
readOnly: true
- name: cache
mountPath: /tmp/cache
mountPropagation: HostToContainer
Security Configuration
Pod Security Context
spec:
securityContext:
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
seccompProfile:
type: RuntimeDefault
Container Security Context
containers:
- name: app
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
Monitoring Configuration
Prometheus Metrics
metadata:
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "9090"
prometheus.io/path: "/metrics"
prometheus.io/scheme: "http"
Liveness and Readiness
livenessProbe:
httpGet:
path: /health
port: 3000
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
readinessProbe:
httpGet:
path: /ready
port: 3000
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 3
successThreshold: 1
failureThreshold: 3
Scaling Configuration
Horizontal Pod Autoscaler
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: app-hpa
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: app
minReplicas: 2
maxReplicas: 10
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 80
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: 80
Advanced Configurations
Service Mesh Labels
labels:
app: myapp
version: v1
app.kubernetes.io/name: myapp
app.kubernetes.io/instance: myapp-staging
app.kubernetes.io/version: "1.0.0"
app.kubernetes.io/component: frontend
app.kubernetes.io/part-of: dinetogether
app.kubernetes.io/managed-by: compose-to-k8s
Topology Spread
spec:
topologySpreadConstraints:
- maxSkew: 1
topologyKey: kubernetes.io/hostname
whenUnsatisfiable: DoNotSchedule
labelSelector:
matchLabels:
app: myapp
Priority Classes
Debugging Configuration
Debug Environment
Debug Commands
# Enable verbose logging
export DEBUG=1
export LOG_LEVEL=debug
# Dry run
kubectl apply -f k8s-manifests.yaml --dry-run=client -o yaml
# Validate
kubectl apply -f k8s-manifests.yaml --validate=true
Best Practices
-
Use Explicit Defaults
-
Label Everything
-
Set Resource Limits
- Always set both requests and limits
-
Start conservative, monitor, adjust
-
Use Health Checks
- Implement proper health endpoints
-
Set appropriate timeouts
-
Secure by Default
- Run as non-root
- Drop unnecessary capabilities
- Use read-only root filesystem
Next Steps
- Review Scripts Reference
- Check GitHub Actions
- See Deployment Guide