This directory contains Kubernetes manifests for deploying Wardrobe to a Kubernetes cluster.
- Kubernetes Cluster - k3s, k8s, or similar
- Ingress Controller - Traefik (included in k3s) or nginx-ingress
- cert-manager - For automatic TLS certificates
- Container Registry - Or direct image import to nodes
┌─────────────────┐
│ Ingress │
│ (TLS/HTTPS) │
└────────┬────────┘
│
┌────────────────────┼────────────────────┐
│ │ │
▼ ▼ │
┌─────────┐ ┌─────────┐ │
│Frontend │ │ Backend │ │
│ :3000 │ │ :8000 │ │
└─────────┘ └────┬────┘ │
│ │
┌─────────┼─────────┐ │
│ │ │ │
▼ ▼ ▼ │
┌────────┐ ┌────────┐ ┌────────┐ │
│Postgres│ │ Redis │ │ Worker │◄──┘
│ :5432 │ │ :6379 │ │ (arq) │
└────────┘ └────────┘ └────────┘
kubectl apply -f namespace.yamlCopy the template and fill in your values:
cp secrets.yaml.template secrets.yaml
# Edit secrets.yaml with your valuesGenerate secure secrets:
# PostgreSQL password
openssl rand -hex 16
# NextAuth/Backend secrets
openssl rand -hex 32Apply secrets:
kubectl apply -f secrets.yamlEdit configmap.yaml with your domain and AI settings:
data:
APP_URL: "https://wardrobe.example.com"
NEXTAUTH_URL: "https://wardrobe.example.com"
AI_BASE_URL: "https://api.openai.com/v1" # Or your Ollama/LocalAI URLApply config:
kubectl apply -f configmap.yamlkubectl apply -f postgres.yaml
kubectl apply -f redis.yaml
# Wait for pods to be ready
kubectl -n wardrobe get pods -wkubectl apply -f backend.yaml
kubectl apply -f worker.yaml
kubectl apply -f frontend.yamlEdit ingress.yaml with your domain:
spec:
tls:
- hosts:
- wardrobe.example.com
rules:
- host: wardrobe.example.comApply:
kubectl apply -f ingress.yamlkubectl -n wardrobe exec deployment/backend -- alembic upgrade headkubectl apply -f network-policy.yaml| File | Description |
|---|---|
namespace.yaml |
Namespace definition |
configmap.yaml |
Non-sensitive configuration |
secrets.yaml.template |
Template for secrets |
secrets.yaml |
Your secrets (DO NOT commit!) |
postgres.yaml |
PostgreSQL database + PVC |
redis.yaml |
Redis for job queue + PVC |
backend.yaml |
FastAPI backend + PVC |
worker.yaml |
arq background worker |
frontend.yaml |
Next.js frontend |
ingress.yaml |
Ingress configuration |
network-policy.yaml |
Network isolation rules |
kustomization.yaml |
Kustomize configuration |
Configure your AI endpoint in configmap.yaml:
# OpenAI
AI_BASE_URL: "https://api.openai.com/v1"
# Add AI_API_KEY in secrets.yaml
# Ollama (local)
AI_BASE_URL: "http://ollama:11434/v1"
# LocalAI
AI_BASE_URL: "http://localai:8080/v1"Wardrobe supports multiple auth providers via NextAuth:
- Development Mode (default): Simple email/name login
- OIDC Provider: Authentik, Keycloak, Auth0, etc.
Configure OIDC in configmap.yaml and secrets.yaml:
# configmap.yaml
OIDC_ISSUER_URL: "https://auth.example.com"
# secrets.yaml
oidc-client-id: "your-client-id"
oidc-client-secret: "your-client-secret"The uploads PVC defaults to 10Gi. Adjust in backend.yaml:
spec:
resources:
requests:
storage: 50Gi # Increase as neededkubectl -n wardrobe get pods
kubectl -n wardrobe describe pod <pod-name>kubectl -n wardrobe logs deployment/backend
kubectl -n wardrobe logs deployment/frontend
kubectl -n wardrobe logs deployment/worker# Check if DATABASE_URL is correct
kubectl -n wardrobe exec deployment/backend -- env | grep DATABASE
# Test postgres connection
kubectl -n wardrobe exec deployment/postgres -- psql -U wardrobe -c '\l'kubectl -n wardrobe get certificates
kubectl -n wardrobe describe certificate <cert-name>
kubectl get challenges -A# Restart deployments
kubectl -n wardrobe rollout restart deployment/backend
kubectl -n wardrobe rollout restart deployment/frontend
# Scale deployments
kubectl -n wardrobe scale deployment/backend --replicas=2
# Exec into pod
kubectl -n wardrobe exec -it deployment/backend -- bash
# Port forward for local access
kubectl -n wardrobe port-forward svc/backend 8000:8000
kubectl -n wardrobe port-forward svc/frontend 3000:3000