Kubernetes

Hyperterse is a standalone binary, so you can run it in a Kubernetes cluster. It requires no external dependencies, it can also be easily scaled up and down.

Quick start

Build and push image

# Export bundle
hyperterse export -f my-query-gateway.terse -o dist

# Build image
docker build -t your-registry/my-query-gateway:latest .

# Push to registry
docker push your-registry/my-query-gateway:latest

Create secrets

kubectl create secret generic my-query-gateway-secrets \
  --from-literal=DATABASE_URL="postgresql://user:pass@db:5432/app"

Kubernetes manifests

1
apiVersion: apps/v1
2
kind: Deployment
3
metadata:
4
  name: my-query-gateway
5
  labels:
6
    app: my-query-gateway
7
spec:
8
  replicas: 3
9
  selector:
10
    matchLabels:
11
      app: my-query-gateway
12
  template:
13
    metadata:
14
      labels:
15
        app: my-query-gateway
16
    spec:
17
      containers:
18
        - name: my-query-gateway
19
          image: your-registry/hyperterse:latest
20
          ports:
21
            - containerPort: 8080
22
          envFrom:
23
            - secretRef:
24
                name: my-query-gateway-secrets
25
          resources:
26
            requests:
27
              memory: '128Mi'
28
              cpu: '100m'
29
            limits:
30
              memory: '512Mi'
31
              cpu: '500m'
32
          livenessProbe:
33
            httpGet:
34
              path: /heartbeat
35
              port: 8080
36
            initialDelaySeconds: 5
37
            periodSeconds: 10
38
          readinessProbe:
39
            httpGet:
40
              path: /heartbeat
41
              port: 8080
42
            initialDelaySeconds: 5
43
            periodSeconds: 5

1
apiVersion: v1
2
kind: Service
3
metadata:
4
  name: my-query-gateway
5
spec:
6
  selector:
7
    app: my-query-gateway
8
  ports:
9
    - port: 80
10
      targetPort: 8080
11
  type: ClusterIP

1
apiVersion: networking.k8s.io/v1
2
kind: Ingress
3
metadata:
4
  name: my-query-gateway
5
  annotations:
6
    kubernetes.io/ingress.class: nginx
7
    cert-manager.io/cluster-issuer: letsencrypt-prod
8
spec:
9
  tls:
10
    - hosts:
11
        - api.example.com
12
      secretName: my-query-gateway-tls
13
  rules:
14
    - host: api.example.com
15
      http:
16
        paths:
17
          - path: /
18
            pathType: Prefix
19
            backend:
20
              service:
21
                name: my-query-gateway
22
                port:
23
                  number: 80

Apply manifests

Apply all manifests

kubectl apply -f deployment.yaml
kubectl apply -f service.yaml
kubectl apply -f ingress.yaml

Verify deployment

kubectl get pods -l app=my-query-gateway
kubectl get svc my-query-gateway
kubectl get ingress my-query-gateway

Secrets management

Create secrets

1
apiVersion: v1
2
kind: Secret
3
metadata:
4
  name: my-query-gateway-secrets
5
type: Opaque
6
stringData:
7
  DATABASE_URL: 'postgresql://user:pass@db:5432/app'

Apply secrets
Terminal window
```
kubectl apply -f secrets.yaml
```

External secrets operator

For production, use External Secrets with AWS Secrets Manager, HashiCorp Vault, etc.:

1
apiVersion: external-secrets.io/v1beta1
2
kind: ExternalSecret
3
metadata:
4
  name: my-query-gateway-secrets
5
spec:
6
  refreshInterval: 1h
7
  secretStoreRef:
8
    kind: ClusterSecretStore
9
    name: aws-secrets
10
  target:
11
    name: my-query-gateway-secrets
12
  data:
13
    - secretKey: DATABASE_URL
14
      remoteRef:
15
        key: prod/my-query-gateway/database-url

Scaling

Horizontal pod autoscaler

1
apiVersion: autoscaling/v2
2
kind: HorizontalPodAutoscaler
3
metadata:
4
  name: my-query-gateway
5
spec:
6
  scaleTargetRef:
7
    apiVersion: apps/v1
8
    kind: Deployment
9
    name: my-query-gateway
10
  minReplicas: 2
11
  maxReplicas: 10
12
  metrics:
13
    - type: Resource
14
      resource:
15
        name: cpu
16
        target:
17
          type: Utilization
18
          averageUtilization: 70

Health checks

The deployment includes probes:

Liveness: Restarts unhealthy pods
Readiness: Removes from load balancing during startup

Both use the /heartbeat endpoint which returns a simple success response.

Rolling updates

Configure rolling update strategy

Add to your deployment:

1
spec:
2
  strategy:
3
    type: RollingUpdate
4
    rollingUpdate:
5
      maxUnavailable: 1
6
      maxSurge: 1

Update image

kubectl set image deployment/my-query-gateway \
  my-query-gateway=your-registry/my-query-gateway:v1.2.0

Monitor rollout

kubectl rollout status deployment/my-query-gateway

Monitoring

Prometheus metrics

Add annotations for Prometheus scraping:

1
template:
2
  metadata:
3
    annotations:
4
      prometheus.io/scrape: 'true'
5
      prometheus.io/port: '8080'

Network policies

Restrict traffic:

1
apiVersion: networking.k8s.io/v1
2
kind: NetworkPolicy
3
metadata:
4
  name: my-query-gateway-policy
5
spec:
6
  podSelector:
7
    matchLabels:
8
      app: my-query-gateway
9
  policyTypes:
10
    - Ingress
11
    - Egress
12
  ingress:
13
    - from:
14
        - namespaceSelector:
15
            matchLabels:
16
              name: ingress-nginx
17
      ports:
18
        - port: 8080
19
  egress:
20
    - to:
21
        - namespaceSelector:
22
            matchLabels:
23
              name: database
24
      ports:
25
        - port: 5432