From 5a6de0b2dd285453a44f6b08f0e2576961128773 Mon Sep 17 00:00:00 2001
From: teraflops <cprieto.ortiz@gmail.com>
Date: Tue, 3 Jun 2025 18:19:25 +0200
Subject: [PATCH] clearance

---
 k8s/configmap.yaml                    |  2 +-
 k8s/elasticsearch-deployment.yaml     | 91 +++++++++++++++++++++++++
 k8s/midleware-https.yaml              | 10 +++
 k8s/pastebin-deployment.yaml          | 29 ++++++--
 k8s/pastebin-postgres-deployment.yaml |  2 +-
 k8s/pastebin-uploads-pvc.yaml         |  5 +-
 k8s/pgbouncer.yaml                    | 24 +++++++
 k8s/sqlite/pastebin-configmap.yaml    | 11 ---
 k8s/sqlite/pastebin-deployment.yaml   | 98 ---------------------------
 k8s/sqlite/pastebin-ingress.yaml      | 25 -------
 k8s/sqlite/pastebin-secret.yaml       | 10 ---
 k8s/sqlite/pastebin-service.yaml      | 13 ----
 k8s/sqlite/pv.yaml                    | 12 ----
 k8s/sqlite/pvc.yaml                   | 22 ------
 14 files changed, 155 insertions(+), 199 deletions(-)
 create mode 100644 k8s/elasticsearch-deployment.yaml
 create mode 100644 k8s/midleware-https.yaml
 create mode 100644 k8s/pgbouncer.yaml
 delete mode 100644 k8s/sqlite/pastebin-configmap.yaml
 delete mode 100644 k8s/sqlite/pastebin-deployment.yaml
 delete mode 100644 k8s/sqlite/pastebin-ingress.yaml
 delete mode 100644 k8s/sqlite/pastebin-secret.yaml
 delete mode 100644 k8s/sqlite/pastebin-service.yaml
 delete mode 100644 k8s/sqlite/pv.yaml
 delete mode 100644 k8s/sqlite/pvc.yaml

diff --git a/k8s/configmap.yaml b/k8s/configmap.yaml
index f88f208..5ec4695 100644
--- a/k8s/configmap.yaml
+++ b/k8s/configmap.yaml
@@ -9,7 +9,7 @@ data:
   SMTP_SERVER: "priet.us"
   SMTP_USERNAME: "me@priet.us"
   SMTP_PORT: "465"
-  SMTP_PASSWORD: "wasamasa123"
+  SMTP_PASSWORD: "xxxxxxxxxx"
   JWT_EXP_DELTA_SECONDS: "86400"
   VALID_USER: "admin"
   VALID_PASS: "wasamasa123"
diff --git a/k8s/elasticsearch-deployment.yaml b/k8s/elasticsearch-deployment.yaml
new file mode 100644
index 0000000..0472864
--- /dev/null
+++ b/k8s/elasticsearch-deployment.yaml
@@ -0,0 +1,91 @@
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: elasticsearch-single
+spec:
+  serviceName: "elasticsearch"
+  replicas: 1
+  selector:
+    matchLabels:
+      app: elasticsearch
+  template:
+    metadata:
+      labels:
+        app: elasticsearch
+    spec:
+      # Asegura permisos adecuados para lectura/escritura en volumen
+      securityContext:
+        fsGroup: 1000
+      containers:
+        - name: elasticsearch
+          image: docker.elastic.co/elasticsearch/elasticsearch:8.9.0
+          securityContext:
+            runAsUser: 1000
+          resources:
+            requests:
+              memory: "2Gi"
+              cpu: "1"
+            limits:
+              memory: "4Gi"
+              cpu: "2"
+          env:
+            # Configuración para un solo nodo
+            - name: discovery.type
+              value: "single-node"
+            # Desactiva la seguridad interna (si no la necesitas)
+            - name: xpack.security.enabled
+              value: "false"
+            # Ajusta la memoria de la JVM
+            - name: ES_JAVA_OPTS
+              value: "-Xms2g -Xmx2g"
+          volumeMounts:
+            - name: esdata
+              mountPath: /usr/share/elasticsearch/data
+          
+          # 🔹 Liveness Probe: Evita reinicios prematuros
+          livenessProbe:
+            httpGet:
+              path: /_cluster/health
+              port: 9200
+            initialDelaySeconds: 120  # Tiempo extra para arranque
+            periodSeconds: 10
+            timeoutSeconds: 5
+            failureThreshold: 6
+
+          # 🔹 Readiness Probe: Asegura que el pod esté listo antes de recibir tráfico
+          readinessProbe:
+            httpGet:
+              path: /_cluster/health
+              port: 9200
+            initialDelaySeconds: 90
+            periodSeconds: 5
+            timeoutSeconds: 3
+            failureThreshold: 6
+
+  volumeClaimTemplates:
+    - metadata:
+        name: esdata
+      spec:
+        accessModes: [ "ReadWriteOnce" ]
+        storageClassName: "longhorn"  # Ajusta si necesitas otro StorageClass
+        resources:
+          requests:
+            storage: 10Gi
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: elasticsearch
+spec:
+  selector:
+    app: elasticsearch
+  ports:
+    - name: http
+      port: 9200
+      targetPort: 9200
+    - name: transport
+      port: 9300
+      targetPort: 9300
+
diff --git a/k8s/midleware-https.yaml b/k8s/midleware-https.yaml
new file mode 100644
index 0000000..17c10e5
--- /dev/null
+++ b/k8s/midleware-https.yaml
@@ -0,0 +1,10 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: redirect-to-https
+  namespace: default
+spec:
+  redirectScheme:
+    scheme: https
+    permanent: true
+
diff --git a/k8s/pastebin-deployment.yaml b/k8s/pastebin-deployment.yaml
index 89e5d10..78aebb7 100644
--- a/k8s/pastebin-deployment.yaml
+++ b/k8s/pastebin-deployment.yaml
@@ -4,7 +4,7 @@ metadata:
   name: pastebin-app
   namespace: default
 spec:
-  replicas: 1
+  replicas: 2  # Ahora hay 2 instancias en HA
   selector:
     matchLabels:
       app: pastebin
@@ -13,6 +13,13 @@ spec:
       labels:
         app: pastebin
     spec:
+      affinity:
+        podAntiAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            - labelSelector:
+                matchLabels:
+                  app: pastebin
+              topologyKey: "kubernetes.io/hostname"  # Evita que se programen en el mismo nodo
       initContainers:
         - name: fix-permissions
           image: busybox
@@ -22,10 +29,16 @@ spec:
               mountPath: /app/uploads
       containers:
         - name: pastebin-container
-          image: prietus/pastebin-app:1.65
+          image: prietus/pastebin-app:2.22
           ports:
             - containerPort: 5000
           env:
+            - name: GUNICORN_WORKERS
+              value: "3"  # Limita el número de workers
+            - name: POSTGRES_MAX_CONNECTIONS
+              value: "10"  # Limita conexiones abiertas por pod
+            - name: ELASTICSEARCH_MAX_CONNECTIONS
+              value: "25"
             - name: DB_ENGINE
               value: "postgres"
             - name: POSTGRES_HOST
@@ -46,7 +59,9 @@ spec:
                   name: pastebin-secret
                   key: POSTGRES_PASSWORD
             - name: DATABASE_URL
-              value: "postgresql://mypasteuser:$(POSTGRES_PASSWORD)@pastebin-postgres:5432/mypastedb?connect_timeout=10"
+              value: "postgresql://mypasteuser:$(POSTGRES_PASSWORD)@pgbouncer:6432/mypastedb"
+            - name: ELASTICSEARCH_HOST
+              value: "http://elasticsearch:9200"
             - name: SMTP_USE_TLS
               valueFrom:
                 configMapKeyRef:
@@ -74,6 +89,11 @@ spec:
                 secretKeyRef:
                   name: pastebin-secret
                   key: SMTP_PASSWORD
+            - name: DEEPSEEK_API_KEY  # Se agregó la API Key de DeepSeek desde un Secret
+              valueFrom:
+                secretKeyRef:
+                  name: deepseek-api-key
+                  key: DEEPSEEK_API_KEY
           volumeMounts:
             - name: uploads
               mountPath: /app/uploads
@@ -81,6 +101,7 @@ spec:
         - name: uploads
           persistentVolumeClaim:
             claimName: uploads-pvc
+
 ---
 apiVersion: v1
 kind: Service
@@ -93,5 +114,5 @@ spec:
       targetPort: 5000
   selector:
     app: pastebin
-  type: ClusterIP
+  type: ClusterIP  # Balancea tráfico entre los pods
 
diff --git a/k8s/pastebin-postgres-deployment.yaml b/k8s/pastebin-postgres-deployment.yaml
index 7876d03..36725a1 100644
--- a/k8s/pastebin-postgres-deployment.yaml
+++ b/k8s/pastebin-postgres-deployment.yaml
@@ -22,7 +22,7 @@ spec:
             - name: POSTGRES_USER
               value: "mypasteuser"
             - name: POSTGRES_PASSWORD
-              value: "wasamasa123" 
+              value: "xxxxxxxxxxxx" 
           volumeMounts:
             - name: postgres-data
               mountPath: /var/lib/postgresql/data
diff --git a/k8s/pastebin-uploads-pvc.yaml b/k8s/pastebin-uploads-pvc.yaml
index 460b4a5..9c1fa5a 100644
--- a/k8s/pastebin-uploads-pvc.yaml
+++ b/k8s/pastebin-uploads-pvc.yaml
@@ -5,8 +5,9 @@ metadata:
   namespace: default
 spec:
   accessModes:
-    - ReadWriteOnce
+    - ReadWriteMany  # Permite que múltiples pods accedan al mismo volumen
   resources:
     requests:
-      storage: 10Gi
+      storage: 30Gi
+  storageClassName: "longhorn"  # O cualquier storage class RWX (Longhorn, Ceph, etc.)
 
diff --git a/k8s/pgbouncer.yaml b/k8s/pgbouncer.yaml
new file mode 100644
index 0000000..2ac6b30
--- /dev/null
+++ b/k8s/pgbouncer.yaml
@@ -0,0 +1,24 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: pgbouncer
+  namespace: default
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: pgbouncer
+  template:
+    metadata:
+      labels:
+        app: pgbouncer
+    spec:
+      containers:
+      - name: pgbouncer
+        image: edoburu/pgbouncer
+        env:
+        - name: DATABASE_URL
+          value: "postgresql://mypasteuser:$(POSTGRES_PASSWORD)@pastebin-postgres:5432/mypastedb"
+        ports:
+        - containerPort: 6432
+
diff --git a/k8s/sqlite/pastebin-configmap.yaml b/k8s/sqlite/pastebin-configmap.yaml
deleted file mode 100644
index eb6b610..0000000
--- a/k8s/sqlite/pastebin-configmap.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: pastebin-config
-  namespace: default
-data:
-  JWT_EXP_DELTA_SECONDS: "360000"
-  SMTP_SERVER: "212.24.103.64"
-  SMTP_PORT: "465"
-  SMTP_USE_TLS: "false"
-  SMTP_USE_SSL: "true"
diff --git a/k8s/sqlite/pastebin-deployment.yaml b/k8s/sqlite/pastebin-deployment.yaml
deleted file mode 100644
index 2805d13..0000000
--- a/k8s/sqlite/pastebin-deployment.yaml
+++ /dev/null
@@ -1,98 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: pastebin-app
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: pastebin
-  template:
-    metadata:
-      labels:
-        app: pastebin
-    spec:
-      # InitContainers para ajustar permisos de ambos volúmenes
-      initContainers:
-        - name: fix-permissions-database
-          image: busybox
-          command: ["sh", "-c", "chown -R 1000:1000 /app/database"]
-          volumeMounts:
-            - name: database
-              mountPath: /app/database
-        - name: fix-permissions-uploads
-          image: busybox
-          command: ["sh", "-c", "chown -R 1000:1000 /app/uploads"]
-          volumeMounts:
-            - name: uploads
-              mountPath: /app/uploads
-      # Contenedor principal
-      containers:
-        - name: pastebin-container
-          image: prietus/pastebin-app:1.4.1.1
-          ports:
-            - containerPort: 5000
-          securityContext:
-            runAsUser: 0
-            runAsGroup: 0
-          env:
-            # Variables de entorno para configuración SMTP
-            - name: SMTP_USE_TLS
-              valueFrom:
-                configMapKeyRef:
-                  name: pastebin-config
-                  key: SMTP_USE_TLS
-            - name: SMTP_USE_SSL
-              valueFrom:
-                configMapKeyRef:
-                  name: pastebin-config
-                  key: SMTP_USE_SSL
-            - name: SMTP_SERVER
-              valueFrom:
-                configMapKeyRef:
-                  name: pastebin-config
-                  key: SMTP_SERVER
-            - name: SMTP_PORT
-              valueFrom:
-                configMapKeyRef:
-                  name: pastebin-config
-                  key: SMTP_PORT
-            - name: SMTP_USERNAME
-              valueFrom:
-                secretKeyRef:
-                  name: pastebin-secret
-                  key: SMTP_USERNAME
-            - name: SMTP_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: pastebin-secret
-                  key: SMTP_PASSWORD
-            # Variables adicionales
-            - name: VALID_USER
-              value: "admin"
-            - name: VALID_PASS
-              value: "password"
-            - name: SECRET_KEY
-              valueFrom:
-                secretKeyRef:
-                  name: pastebin-secret
-                  key: SECRET_KEY
-            - name: JWT_EXP_DELTA_SECONDS
-              valueFrom:
-                configMapKeyRef:
-                  name: pastebin-config
-                  key: JWT_EXP_DELTA_SECONDS
-          volumeMounts:
-            - name: database
-              mountPath: /app/database
-            - name: uploads
-              mountPath: /app/uploads
-      # Declaración de volúmenes
-      volumes:
-        - name: database
-          persistentVolumeClaim:
-            claimName: database-pvc
-        - name: uploads
-          persistentVolumeClaim:
-            claimName: uploads-pvc
-
diff --git a/k8s/sqlite/pastebin-ingress.yaml b/k8s/sqlite/pastebin-ingress.yaml
deleted file mode 100644
index 46b405a..0000000
--- a/k8s/sqlite/pastebin-ingress.yaml
+++ /dev/null
@@ -1,25 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: pastebin-ingress
-  namespace: default
-  annotations:
-    kubernetes.io/ingress.class: traefik
-    cert-manager.io/cluster-issuer: letsencrypt-prod-dns
-spec:
-  rules:
-  - host: paste.priet.us
-    http:
-      paths:
-      - path: /
-        pathType: Prefix
-        backend:
-          service:
-            name: pastebin-service  # Nombre del Service asociado a tu aplicación
-            port:
-              number: 80
-  tls:
-  - hosts:
-    - paste.priet.us
-    secretName: pastebin-tls
-
diff --git a/k8s/sqlite/pastebin-secret.yaml b/k8s/sqlite/pastebin-secret.yaml
deleted file mode 100644
index 01b0e2a..0000000
--- a/k8s/sqlite/pastebin-secret.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: pastebin-secret
-  namespace: default
-type: Opaque
-data:
-  SECRET_KEY: d2FzYW1sdfsdfhc2ExMjM= # Este valor debe ser codificado en base64
-  SMTP_USERNAME: bWVAcHJsdfsdfpZXQudXM=  # Base64 de tu username
-  SMTP_PASSWORD: d2FzYW1hc2sdfsdfExMjM=
diff --git a/k8s/sqlite/pastebin-service.yaml b/k8s/sqlite/pastebin-service.yaml
deleted file mode 100644
index ce5198b..0000000
--- a/k8s/sqlite/pastebin-service.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: pastebin-service
-spec:
-  selector:
-    app: pastebin
-  ports:
-    - protocol: TCP
-      port: 80
-      targetPort: 5000
-  type: ClusterIP  # Usa ClusterIP o NodePort según tus necesidades
-
diff --git a/k8s/sqlite/pv.yaml b/k8s/sqlite/pv.yaml
deleted file mode 100644
index 185fc92..0000000
--- a/k8s/sqlite/pv.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: uploads-pv
-spec:
-  capacity:
-    storage: 50Gi
-  accessModes:
-    - ReadWriteOnce
-  hostPath:  # Cambia a un proveedor como AWS, GCP, etc.
-    path: "/mnt/data/uploads"
-
diff --git a/k8s/sqlite/pvc.yaml b/k8s/sqlite/pvc.yaml
deleted file mode 100644
index e9e0024..0000000
--- a/k8s/sqlite/pvc.yaml
+++ /dev/null
@@ -1,22 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: uploads-pvc
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 50Gi
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: database-pvc
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 5Gi
-