Version: 2.2.0

UNH

Deployment configurations of the WFE components are up to the project to configure and deploy to suitable environment. This guide describe the sample deployment configuration for WFE modules.

IAC Sample Deployments

UNH Application

apiVersion: apps/v1
kind: Deployment
metadata:
  name: unh-app
  labels:
    app: unh-app
spec:
  replicas: 1
  selector:
    matchLabels:
      app: unh-app
  template:
    metadata:
      labels:
        app: unh-app
    spec:
      containers:
      - name: unh-app
        image: ghcr.io/mssfoobar/unh/unh-app:latest
        command: [ "/app/unh" ]

UNH Web

apiVersion: apps/v1
kind: Deployment
metadata:
  name: unh-web
  labels:
    app: unh-web
spec:
  replicas: 1
  selector:
    matchLabels:
      app: unh-web
  template:
    metadata:
      labels:
        app: unh-web
    spec:
      containers:
      - name: unh-web
        image: ghcr.io/mssfoobar/unh/unh-web:latest
        command: [ "node", "build" ]

Configuring for Production

Securing Endpoints

Both UNH-APP & UNH-WEB need to be exposed via ingress controller for client browser and external service calls.

UNH-APP needs to be configured in egress controller to call external notification service provider APIs (such as FCM, SMTP, custom channels).

Secret Management

UNH-APP secure the channel credentials (FCM API key, SMTP server credentials) using AES-256 encryption in database. To store the key securely, use Kubernetes secrets or external secret store provider such as Hashicorp's Vault.

Scaling

UNH-APP and UNH-WEB are horizontally scaled using Ingress Controller/Load Balancer.

IAC Sample Deployments​

UNH Application​

UNH Web​

Configuring for Production​

Securing Endpoints​

Secret Management​

Scaling​