Merge pull request #42 from SteveLin100132/chore/doks-github-action-deploy

chore(k8s): restructure Kubernetes configurations for DigitalOcean and GKE, add TLS support and update resources

Author: SteveLin100132

.github/workflows/deploy-doks.yaml

@@ -0,0 +1,43 @@
+name: Deploy to DOKS
+
+on:
+  push:
+    branches:
+      - master
+
+env:
+  GITHUB_ACTOR: ${{ github.actor }}
+  APP_VERSION: ${{ vars.APP_VERSION }}
+  IMAGE_NAME: ${{ vars.IMAGE_NAME }}
+  IMAGE_REPO: ${GITHUB_ACTOR,,}
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up doctl
+        uses: digitalocean/action-doctl@v2
+        with:
+          token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
+
+      - name: Save kubeconfig
+        run: doctl kubernetes cluster kubeconfig save ${{ secrets.DOKS_CLUSTER_ID }}
+
+      - name: Set up kubectl
+        uses: azure/setup-kubectl@v3
+        with:
+          version: "latest"
+
+      - name: Replace APP_VERSION in kustomization.yaml
+        run: |
+          export APP_VERSION=${{ env.APP_VERSION }}
+          envsubst < ./k8s/kustomization.yaml > ./k8s/kustomization.yaml.tmp
+          mv ./k8s/kustomization.yaml.tmp ./k8s/kustomization.yaml
+
+      - name: Deploy with kustomize
+        run: |
+          kustomize build ./k8s | kubectl apply -f -

.github/workflows/deploy.yaml renamed to .github/workflows/deploy-gke.yaml

@@ -3,7 +3,7 @@ name: Deploy to GKE
 on:
   push:
     branches:
-      - deploy
+      - deploy-gke
 
 env:
   GITHUB_ACTOR: ${{ github.actor }}
@@ -29,7 +29,7 @@ jobs:
         uses: google-github-actions/setup-gcloud@v2
         with:
           project_id: ${{ secrets.GCP_PROJECT_ID }}
-      
+
       - name: Get GKE credentials
         run: |
           gcloud container clusters get-credentials  ${{ secrets.GKE_CLUSTER }} --zone $GKE_ZONE --project ${{ secrets.GCP_PROJECT_ID }}
@@ -46,4 +46,4 @@ jobs:
 
       - name: Deploy with kustomize
         run: |
-          kustomize build ./k8s | kubectl apply -f -
+          kustomize build ./k8s | kubectl apply -f -

CHANGELOG.md

@@ -1,5 +1,20 @@
 # Changelog
 
+## [1.1.8] - 2025-08-24
+
+### Added
+
+- **DOKS 自動部署 GitHub Action**
+  - 新增 `.github/workflows/deploy-doks.yaml`，當 master 分支有 push 時自動部署到 DigitalOcean Kubernetes (DOKS)
+  - 支援 APP_VERSION 參數自動替換，並整合 doctl/kubectl/kustomize 流程
+- **K8s/DOKS 部署教學與 cert-manager HTTPS 範例**
+  - 新增 `k8s/DOKS/README.md`，詳細記錄 DOKS 連線、nginx ingress controller 安裝、cert-manager 憑證申請與 Ingress TLS 設定教學
+  - 包含 Let's Encrypt ClusterIssuer、Certificate、Ingress TLS YAML 範例
+
+### Changed
+
+- 部署流程優化，支援 DOKS 自動化，README 文件同步更新
+
 ## [1.1.7] - 2025-08-10
 
 ### Fixed

k8s/DOKS/README.md

@@ -0,0 +1,158 @@
+# DigitalOcean Kubernetes (DOKS) 操作指南
+
+## 1. 連線到 DOKS Cluster
+
+1. 安裝 doctl CLI 工具  
+   [官方下載頁](https://docs.digitalocean.com/reference/doctl/how-to/install/)
+2. 登入 doctl（用 DigitalOcean API Token）
+   ```sh
+   doctl auth init
+   ```
+3. 取得 cluster 列表，找到你的 cluster 名稱或 ID
+   ```sh
+   doctl kubernetes cluster list
+   ```
+4. 儲存 kubeconfig（用 cluster 名稱或 ID）
+   ```sh
+   doctl kubernetes cluster kubeconfig save <your-cluster-name-or-id>
+   ```
+5. 驗證連線
+   ```sh
+   kubectl get nodes
+   ```
+
+## 2. 安裝 nginx ingress controller
+
+1. 執行以下指令安裝 nginx ingress controller：
+   ```sh
+   kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.1/deploy/static/provider/cloud/deploy.yaml
+   ```
+2. 等待安裝完成，確認 controller 已啟動：
+   ```sh
+   kubectl get pods -n ingress-nginx
+   ```
+3. 取得 EXTERNAL-IP：
+   ```sh
+   kubectl get svc -n ingress-nginx
+   ```
+
+## 3. 設定 Ingress 資源
+
+1. 在 Ingress YAML 設定 ingress class：
+   ```yaml
+   apiVersion: networking.k8s.io/v1
+    kind: Ingress
+    metadata:
+      name: your-app-ingress
+      labels:
+        app: your-app
+    spec:
+      ingressClassName: nginx
+      rules:
+        - host: your-domain.com
+          http:
+            paths:
+              - path: /
+                pathType: Prefix
+                backend:
+                  service:
+                    name: your-app-service
+                    port:
+                      number: 80
+   ```
+2. 套用 Ingress 資源：
+   ```sh
+   kubectl apply -f <your-ingress.yaml>
+   ```
+3. 驗證 Ingress 是否分配外部 IP：
+   ```sh
+   kubectl get ingress
+   ```
+
+---
+
+## 4. 安裝 cert-manager 並自動申請 HTTPS 憑證
+
+### 安裝 cert-manager
+
+```sh
+kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.14.2/cert-manager.yaml
+```
+
+### 建立 ClusterIssuer（Let's Encrypt）
+
+建立一個 `cluster-issuer.yaml`：
+
+```yaml
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-prod
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: your-email@example.com
+    privateKeySecretRef:
+      name: letsencrypt-prod
+    solvers:
+      - http01:
+          ingress:
+            class: nginx
+```
+
+套用：
+
+```sh
+kubectl apply -f cluster-issuer.yaml
+```
+
+### 建立 Certificate 資源
+
+建立一個 `certificate.yaml`：
+
+```yaml
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: notion-chart-generator-cert
+  namespace: default
+spec:
+  secretName: notion-chart-generator-tls
+  issuerRef:
+    name: letsencrypt-prod
+    kind: ClusterIssuer
+  commonName: your-domain.com
+  dnsNames:
+    - your-domain.com
+```
+
+套用：
+
+```sh
+kubectl apply -f certificate.yaml
+```
+
+### 修改 Ingress 讓其使用 TLS
+
+在 Ingress YAML 加入 TLS 設定：
+
+```yaml
+spec:
+  tls:
+    - hosts:
+        - 188-166-204-94.nip.io
+      secretName: notion-chart-generator-tls
+  rules:
+    - host: 188-166-204-94.nip.io
+      http:
+        paths:
+          # ...existing paths...
+```
+
+---
+
+**注意事項：**
+
+- 請將 `your-email@example.com` 改為你自己的 email。
+- DNS 必須能指向你的 Ingress EXTERNAL-IP（nip.io 會自動處理）。
+- cert-manager 會自動申請、續期憑證，無需手動操作。

k8s/DOKS/certificate.yaml

@@ -0,0 +1,13 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: notion-chart-generator-cert
+  namespace: default
+spec:
+  secretName: notion-chart-generator-tls
+  issuerRef:
+    name: letsencrypt-prod
+    kind: ClusterIssuer
+  commonName: 188-166-204-94.nip.io
+  dnsNames:
+    - 188-166-204-94.nip.io

k8s/DOKS/cluster-issuer.yaml

@@ -0,0 +1,14 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-prod
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: jojo404032@gmail.com
+    privateKeySecretRef:
+      name: letsencrypt-prod
+    solvers:
+      - http01:
+          ingress:
+            class: nginx

k8s/DOKS/configmap.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: notion-chart-generator-config
+data:
+  APP_VER: "1.0.0"
+  NODE_ENV: "production"
+  PORT: "3000"
+  BACKEND_PORT: "3001"

k8s/DOKS/deployment.yaml

@@ -0,0 +1,74 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: notion-chart-generator
+  labels:
+    app: notion-chart-generator
+    version: "1.0.0"
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: notion-chart-generator
+  template:
+    metadata:
+      labels:
+        app: notion-chart-generator
+    spec:
+      automountServiceAccountToken: false
+      securityContext:
+        fsGroup: 1001
+        runAsUser: 1001
+        runAsGroup: 65533
+      containers:
+        - name: notion-chart-generator
+          image: ghcr.io/stevelin100132/notion-chart-generator # Use the image from the kustomization.yaml
+          ports:
+            - containerPort: 3000
+              name: frontend
+            - containerPort: 3001
+              name: backend
+          envFrom:
+            - configMapRef:
+                name: notion-chart-generator-config
+          env:
+            - name: NODE_ENV
+              value: "production"
+            - name: PORT
+              value: "3000"
+            - name: BACKEND_PORT
+              value: "3001"
+          resources:
+            requests:
+              cpu: 100m
+              memory: 256Mi
+              ephemeral-storage: 128Mi
+            limits:
+              cpu: 500m
+              memory: 512Mi
+              ephemeral-storage: 256Mi
+          livenessProbe:
+            httpGet:
+              path: /
+              port: 3000
+            initialDelaySeconds: 30
+            periodSeconds: 10
+            timeoutSeconds: 5
+            failureThreshold: 3
+          readinessProbe:
+            httpGet:
+              path: /api/health
+              port: 3001
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            timeoutSeconds: 5
+            failureThreshold: 3
+          volumeMounts:
+            - name: snapshots-storage
+              mountPath: /app/backend/snapshots
+      volumes:
+        - name: snapshots-storage
+          persistentVolumeClaim:
+            claimName: notion-chart-snapshots-pvc
+      # imagePullSecrets:
+      #   - name: ghcr-secret

k8s/DOKS/ingress.yaml

@@ -0,0 +1,30 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: notion-chart-generator-ingress
+  labels:
+    app: notion-chart-generator
+spec:
+  ingressClassName: nginx
+  tls:
+    - hosts:
+        - 188-166-204-94.nip.io
+      secretName: notion-chart-generator-tls
+  rules:
+    - host: 188-166-204-94.nip.io
+      http:
+        paths:
+          - path: /api
+            pathType: Prefix
+            backend:
+              service:
+                name: notion-chart-generator-service
+                port:
+                  number: 3001
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: notion-chart-generator-service
+                port:
+                  number: 80