Add Kubernetes YAML, Dockerfile, and Jenkinsfile for full CI/CD pipeline

Dockerfile

@@ -1,17 +1,26 @@
-# Base image dari docker registry lokal
+# Gunakan base image PHP 7.4 FPM dari registry lokal
 FROM docker.rri.co.id/php74-fpm:latest
 
-# Install PHP extension tambahan yang dibutuhkan CI3
+# Informasi maintainer (optional)
+LABEL maintainer="direktorat_tmb@rri.co.id"
+LABEL app="CI3 CSIRT Application"
+
+# Install PHP Extension yang dibutuhkan
 RUN docker-php-ext-install mysqli pdo pdo_mysql
 
-# Copy source code aplikasi ke container
+# Copy seluruh isi aplikasi CodeIgniter ke dalam container
+WORKDIR /var/www/website_csirt
 COPY . /var/www/website_csirt
 
-# Set permission yang benar
+# Ganti ownership supaya webserver bisa akses
 RUN chown -R www-data:www-data /var/www/website_csirt
 
+# Set permission directory (opsional kalau mau lebih keras security-nya)
+RUN find /var/www/website_csirt -type d -exec chmod 755 {} \; && \
+    find /var/www/website_csirt -type f -exec chmod 644 {} \;
+
 # Expose port PHP-FPM
 EXPOSE 9000
 
-# Jalankan PHP-FPM
+# Start PHP-FPM process
 CMD ["php-fpm"]

Jenkinsfile

@@ -1,39 +1,76 @@
 pipeline {
     agent any
+
     environment {
         REGISTRY = "docker.rri.co.id"
         IMAGE_NAME = "ci3-app"
         IMAGE_TAG = "latest"
         KUBE_NAMESPACE = "default"
-        DEPLOYMENT_NAME = "ci3-deployment"
+        GIT_CREDENTIALS_ID = "1138e92b-d38f-4578-9058-82fc7b6f734b"
+        DOCKER_CREDENTIALS_ID = "docker-credentials"
     }
+
     stages {
-        stage('Checkout') {
+
+        stage('Checkout Source Code') {
             steps {
+                echo 'Cloning source code from Gitea...'
                 git branch: 'main',
-                    credentialsId: '1138e92b-d38f-4578-9058-82fc7b6f734b',
+                    credentialsId: "${GIT_CREDENTIALS_ID}",
                     url: 'https://git.rri.co.id/admin/ci3-app.git'
             }
         }
+
         stage('Build Docker Image') {
             steps {
+                echo 'Building Docker Image...'
                 sh "docker build -t ${REGISTRY}/${IMAGE_NAME}:${IMAGE_TAG} ."
             }
         }
-        stage('Push Docker Image') {
+
+        stage('Push Docker Image to Registry') {
             steps {
-                withCredentials([usernamePassword(credentialsId: 'docker-credentials', usernameVariable: 'DOCKER_USER', passwordVariable: 'DOCKER_PASS')]) {
+                echo 'Pushing Docker Image to Local Registry...'
+                withCredentials([string(credentialsId: "${DOCKER_CREDENTIALS_ID}", variable: 'DOCKER_PASS')]) {
                     sh """
-                    echo \$DOCKER_PASS | docker login ${REGISTRY} -u \$DOCKER_USER --password-stdin
+                    echo \$DOCKER_PASS | docker login ${REGISTRY} -u admin --password-stdin
                     docker push ${REGISTRY}/${IMAGE_NAME}:${IMAGE_TAG}
                     """
                 }
             }
         }
+
         stage('Deploy to Kubernetes') {
             steps {
-                sh "kubectl set image deployment/${DEPLOYMENT_NAME} php=${REGISTRY}/${IMAGE_NAME}:${IMAGE_TAG} -n ${KUBE_NAMESPACE}"
+                echo 'Applying Kubernetes YAML Manifests...'
+                sh """
+                kubectl apply -f k8s/ci3-nginx-configmap.yaml
+                kubectl apply -f k8s/ci3-deployment.yaml
+                kubectl apply -f k8s/mysql-deployment.yaml
+                kubectl apply -f k8s/phpmyadmin-deployment.yaml
+                kubectl apply -f k8s/ci3-service.yaml
+                kubectl apply -f k8s/mysql-service.yaml
+                kubectl apply -f k8s/phpmyadmin-service.yaml
+                """
+            }
+        }
+
+        stage('Verify Deployment') {
+            steps {
+                echo 'Checking Pods Status...'
+                sh "kubectl get pods -n ${KUBE_NAMESPACE} --selector=app=ci3-app"
+                sh "kubectl get pods -n ${KUBE_NAMESPACE} --selector=app=mysql"
+                sh "kubectl get pods -n ${KUBE_NAMESPACE} --selector=app=phpmyadmin"
             }
         }
     }
+
+    post {
+        success {
+            echo 'Deployment Successful!'
+        }
+        failure {
+            echo 'Deployment Failed. Please Check Jenkins Logs.'
+        }
+    }
 }

k8s/ci3-deployment.yaml

@@ -0,0 +1,31 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: ci3-deployment
+  namespace: default
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: ci3-app
+  template:
+    metadata:
+      labels:
+        app: ci3-app
+    spec:
+      containers:
+      - name: php
+        image: docker.rri.co.id/ci3-app:latest
+        ports:
+        - containerPort: 9000
+      - name: nginx
+        image: nginx:1.23
+        ports:
+        - containerPort: 80
+        volumeMounts:
+        - name: nginx-config
+          mountPath: /etc/nginx/conf.d
+      volumes:
+      - name: nginx-config
+        configMap:
+          name: ci3-nginx-config

k8s/ci3-nginx-configmap.yaml

@@ -0,0 +1,29 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: ci3-nginx-config
+  namespace: default
+data:
+  default.conf: |
+    server {
+        listen 80;
+        server_name _;
+
+        root /var/www/website_csirt;
+        index index.php index.html index.htm;
+
+        location / {
+            try_files $uri $uri/ /index.php?$query_string;
+        }
+
+        location ~ \.php$ {
+            include fastcgi_params;
+            fastcgi_pass 127.0.0.1:9000;
+            fastcgi_index index.php;
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        }
+
+        location ~ /\.ht {
+            deny all;
+        }
+    }

k8s/ci3-service.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: ci3-service
+  namespace: default
+spec:
+  selector:
+    app: ci3-app
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 80
+  type: LoadBalancer

k8s/mysql-deployment.yaml

@@ -0,0 +1,22 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: mysql
+  namespace: default
+spec:
+  selector:
+    matchLabels:
+      app: mysql
+  template:
+    metadata:
+      labels:
+        app: mysql
+    spec:
+      containers:
+      - name: mysql
+        image: mysql:5.7
+        env:
+        - name: MYSQL_ROOT_PASSWORD
+          value: "Lpprri_@1945"   # Ganti dengan password kuatmu
+        ports:
+        - containerPort: 3306

k8s/mysql-service.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: mysql
+  namespace: default
+spec:
+  selector:
+    app: mysql
+  ports:
+    - protocol: TCP
+      port: 3306
+      targetPort: 3306

k8s/phpmyadmin-deployment.yaml

@@ -0,0 +1,24 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: phpmyadmin
+  namespace: default
+spec:
+  selector:
+    matchLabels:
+      app: phpmyadmin
+  template:
+    metadata:
+      labels:
+        app: phpmyadmin
+    spec:
+      containers:
+      - name: phpmyadmin
+        image: phpmyadmin/phpmyadmin
+        env:
+        - name: PMA_HOST
+          value: mysql
+        - name: PMA_PORT
+          value: "3306"
+        ports:
+        - containerPort: 80

k8s/phpmyadmin-service.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: phpmyadmin
+  namespace: default
+spec:
+  selector:
+    app: phpmyadmin
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 80
+  type: LoadBalancer