# Tasko Helm Chart

Kubernetes Helm chart for deploying Tasko task management application.

## Architecture

- **Frontend**: React application served by Nginx
  - URL: https://tasko.dvirlabs.com
  - Port: 80
  
- **Backend**: FastAPI Python application
  - URL: https://api-tasko.dvirlabs.com
  - Port: 8000
  
- **Database**: PostgreSQL
  - Managed by Helm subchart

## Prerequisites

- Kubernetes cluster (1.19+)
- Helm 3.0+
- kubectl configured
- Nginx Ingress Controller installed
- cert-manager installed (for automatic TLS certificates)

## Building Docker Images

### Frontend
```bash
cd frontend
docker build -t tasko-frontend:latest .
docker tag tasko-frontend:latest <your-registry>/tasko-frontend:latest
docker push <your-registry>/tasko-frontend:latest
```

### Backend
```bash
cd backend
docker build -t tasko-backend:latest .
docker tag tasko-backend:latest <your-registry>/tasko-backend:latest
docker push <your-registry>/tasko-backend:latest
```

## Installation

### Quick Install with Default Values

```bash
helm install tasko ./helm/tasko
```

### Install with Custom Values

```bash
helm install tasko ./helm/tasko -f custom-values.yaml
```

### Install with Custom Image Registry

```bash
helm install tasko ./helm/tasko \
  --set frontend.image.repository=<your-registry>/tasko-frontend \
  --set backend.image.repository=<your-registry>/tasko-backend
```

## Configuration

### Key Configuration Options

| Parameter | Description | Default |
|-----------|-------------|---------|
| `frontend.image.repository` | Frontend image repository | `tasko-frontend` |
| `frontend.image.tag` | Frontend image tag | `latest` |
| `backend.image.repository` | Backend image repository | `tasko-backend` |
| `backend.image.tag` | Backend image tag | `latest` |
| `frontend.ingress.hosts[0].host` | Frontend hostname | `tasko.dvirlabs.com` |
| `backend.ingress.hosts[0].host` | Backend hostname | `api-tasko.dvirlabs.com` |
| `postgresql.enabled` | Enable PostgreSQL subchart | `true` |
| `postgresql.auth.username` | PostgreSQL username | `tasko_user` |
| `postgresql.auth.password` | PostgreSQL password | `tasko_password` |
| `postgresql.auth.database` | PostgreSQL database name | `tasko_db` |

### Custom Values Example

Create a `custom-values.yaml` file:

```yaml
frontend:
  image:
    repository: myregistry.io/tasko-frontend
    tag: "1.0.0"
  
  ingress:
    hosts:
      - host: tasko.mydomain.com
        paths:
          - path: /
            pathType: Prefix
    tls:
      - secretName: tasko-frontend-tls
        hosts:
          - tasko.mydomain.com

backend:
  image:
    repository: myregistry.io/tasko-backend
    tag: "1.0.0"
  
  ingress:
    hosts:
      - host: api-tasko.mydomain.com
        paths:
          - path: /
            pathType: Prefix
    tls:
      - secretName: tasko-backend-tls
        hosts:
          - api-tasko.mydomain.com

postgresql:
  auth:
    password: "your-secure-password"
```

## Upgrading

```bash
helm upgrade tasko ./helm/tasko -f custom-values.yaml
```

## Uninstalling

```bash
helm uninstall tasko
```

## DNS Configuration

Make sure to configure your DNS to point to your Kubernetes cluster's ingress:

```
tasko.dvirlabs.com       A/CNAME    <your-ingress-ip-or-hostname>
api-tasko.dvirlabs.com   A/CNAME    <your-ingress-ip-or-hostname>
```

## TLS Certificates

The chart is configured to use cert-manager with Let's Encrypt for automatic TLS certificate provisioning. Make sure you have:

1. cert-manager installed in your cluster
2. A ClusterIssuer named `letsencrypt-prod` configured

Example ClusterIssuer:

```yaml
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: your-email@example.com
    privateKeySecretRef:
      name: letsencrypt-prod
    solvers:
    - http01:
        ingress:
          class: nginx
```

## Troubleshooting

### Check Pod Status
```bash
kubectl get pods -l app.kubernetes.io/name=tasko
```

### View Logs
```bash
# Frontend logs
kubectl logs -l app.kubernetes.io/component=frontend

# Backend logs
kubectl logs -l app.kubernetes.io/component=backend

# PostgreSQL logs
kubectl logs -l app.kubernetes.io/name=postgresql
```

### Check Ingress
```bash
kubectl get ingress
kubectl describe ingress tasko-frontend
kubectl describe ingress tasko-backend
```

### Database Connection Issues
```bash
# Check if PostgreSQL is running
kubectl get pods -l app.kubernetes.io/name=postgresql

# Test database connection from backend pod
kubectl exec -it <backend-pod-name> -- psql $DATABASE_URL -c "SELECT 1"
```

## CORS Configuration

The backend ingress is pre-configured with CORS headers to allow requests from the frontend domain. The configuration includes:

- `nginx.ingress.kubernetes.io/cors-allow-origin: "https://tasko.dvirlabs.com"`
- `nginx.ingress.kubernetes.io/enable-cors: "true"`

If you change the frontend domain, update the CORS configuration in `values.yaml`.

## Production Considerations

1. **Secrets Management**: Consider using external secret management (e.g., Sealed Secrets, External Secrets Operator)
2. **Database Backups**: Set up regular PostgreSQL backups
3. **Monitoring**: Add Prometheus/Grafana for monitoring
4. **Scaling**: Adjust `replicaCount` for horizontal scaling
5. **Resource Limits**: Tune resource requests/limits based on your workload
6. **Image Security**: Scan Docker images for vulnerabilities
7. **Network Policies**: Implement network policies for additional security

## Support

For issues and questions, please refer to the project repository.