gcp-hockey-results/motm_app/helm-chart/motm-app/README.md

# MOTM App Helm Chart

This Helm chart deploys the MOTM (Man of the Match) Hockey Voting Application to a Kubernetes cluster.

## Prerequisites

- Kubernetes 1.19+
- Helm 3.0+
- PostgreSQL database (or MySQL/SQLite)
- S3-compatible storage (optional)

## Installation

### 1. Build and Push Docker Image

First, build and push your Docker image to a registry:

```bash
# Build the image
docker build -t your-registry/motm-app:latest .

# Push to registry
docker push your-registry/motm-app:latest
```

### 2. Configure Values

Copy the default values file and customize it:

```bash
cp values.yaml my-values.yaml
```

Key values to update in `my-values.yaml`:

```yaml
# Image configuration
image:
  repository: your-registry/motm-app
  tag: "latest"

# Database configuration
database:
  host: "your-postgresql-service"
  name: "motm"
  username: "motm_user"

# S3 configuration (if using S3)
s3:
  enabled: true
  endpoint: "https://s3.amazonaws.com"
  bucket: "your-bucket-name"

# Ingress configuration
ingress:
  enabled: true
  hosts:
    - host: motm.yourdomain.com
      paths:
        - path: /
          pathType: Prefix
  tls:
    - secretName: motm-app-tls
      hosts:
        - motm.yourdomain.com

# Secrets (set these via --set or separate secret management)
secrets:
  dbPassword: "your-db-password"
  s3AccessKey: "your-s3-access-key"
  s3SecretKey: "your-s3-secret-key"
```

### 3. Deploy with Helm

#### Option A: Using values file

```bash
helm install motm-app ./motm-app -f my-values.yaml
```

#### Option B: Using command line parameters

```bash
helm install motm-app ./motm-app \
  --set image.repository=your-registry/motm-app \
  --set database.host=your-postgresql-service \
  --set ingress.hosts[0].host=motm.yourdomain.com \
  --set secrets.dbPassword=your-db-password
```

#### Option C: Using external secret management

If using external secret management (e.g., Sealed Secrets, External Secrets Operator), create the secrets separately and set:

```yaml
secrets:
  dbPassword: ""  # Will be managed externally
  s3AccessKey: ""  # Will be managed externally
  s3SecretKey: ""  # Will be managed externally
```

## Configuration

### Database Setup

The application supports PostgreSQL, MySQL, and SQLite. Configure your database connection in the values file:

```yaml
database:
  type: "postgresql"  # postgresql, mysql, or sqlite
  host: "postgresql-service"
  port: 5432
  name: "motm"
  username: "motm_user"
```

### S3 Configuration

Configure S3-compatible storage for asset management:

```yaml
s3:
  enabled: true
  endpoint: "https://s3.amazonaws.com"
  region: "us-east-1"
  bucket: "motm-assets"
```

### Resource Limits

Adjust resource limits based on your cluster capacity:

```yaml
resources:
  limits:
    cpu: 500m
    memory: 512Mi
  requests:
    cpu: 100m
    memory: 256Mi
```

### Autoscaling

Enable horizontal pod autoscaling:

```yaml
autoscaling:
  enabled: true
  minReplicas: 2
  maxReplicas: 10
  targetCPUUtilizationPercentage: 80
```

## Upgrading

To upgrade the application:

```bash
helm upgrade motm-app ./motm-app -f my-values.yaml
```

## Uninstalling

To uninstall the application:

```bash
helm uninstall motm-app
```

## Troubleshooting

### Check Pod Status

```bash
kubectl get pods -l app.kubernetes.io/name=motm-app
```

### View Logs

```bash
kubectl logs -l app.kubernetes.io/name=motm-app
```

### Check Service

```bash
kubectl get svc -l app.kubernetes.io/name=motm-app
```

### Debug Database Connection

```bash
kubectl exec -it deployment/motm-app -- python -c "
from database import sql_read_static
from sqlalchemy import text
try:
    result = sql_read_static(text('SELECT 1'))
    print('Database connection successful')
except Exception as e:
    print(f'Database connection failed: {e}')
"
```

## Values Reference

| Key | Type | Default | Description |
|-----|------|---------|-------------|
| `image.repository` | string | `"your-registry/motm-app"` | Image repository |
| `image.tag` | string | `"latest"` | Image tag |
| `service.type` | string | `"ClusterIP"` | Service type |
| `ingress.enabled` | bool | `true` | Enable ingress |
| `database.type` | string | `"postgresql"` | Database type |
| `database.host` | string | `"postgresql-service"` | Database host |
| `s3.enabled` | bool | `true` | Enable S3 storage |
| `resources.limits.cpu` | string | `"500m"` | CPU limit |
| `resources.limits.memory` | string | `"512Mi"` | Memory limit |

## Security Considerations

1. **Secrets Management**: Use proper secret management solutions (e.g., Sealed Secrets, External Secrets Operator)
2. **Network Policies**: Implement network policies to restrict pod-to-pod communication
3. **RBAC**: Configure proper RBAC for service accounts
4. **Image Security**: Use non-root containers and scan images for vulnerabilities
5. **TLS**: Enable TLS for ingress and internal communication

## Monitoring

The chart includes basic health checks. For production deployments, consider adding:

- Prometheus metrics endpoint
- ServiceMonitor for Prometheus Operator
- Grafana dashboards
- Alerting rules

## Support

For issues and questions, please refer to the application documentation or create an issue in the repository.