Skip to content

Bounty Submission: Universal One-Click Deployment (Docker + K8s + Tilt) for FinMind#457

Open
CelebrityPunks wants to merge 1 commit intorohitdash08:mainfrom
CelebrityPunks:bounty/universal-deployment
Open

Bounty Submission: Universal One-Click Deployment (Docker + K8s + Tilt) for FinMind#457
CelebrityPunks wants to merge 1 commit intorohitdash08:mainfrom
CelebrityPunks:bounty/universal-deployment

Conversation

@CelebrityPunks
Copy link

@CelebrityPunks CelebrityPunks commented Mar 15, 2026

Summary

Complete production-grade deployment system for FinMind covering 12+ platforms with Docker as the base packaging standard, full Kubernetes/Helm support, and Tilt for local K8s development.

What's Included

Docker (production-ready)

  • Multi-stage Dockerfiles for backend and frontend with non-root users, tini init, health checks
  • Production docker-compose.prod.yml with resource limits, health checks, restart policies, and nginx reverse proxy
  • Rate limiting, security headers, TLS-ready configuration

Kubernetes (full Helm chart)

  • deploy/helm/finmind/ — parameterized Helm chart with values.yaml
  • Deployments for backend, frontend, PostgreSQL, Redis with startup/liveness/readiness probes
  • Ingress with TLS via cert-manager, HPA autoscaling (2-8 backend pods, 2-6 frontend)
  • PodDisruptionBudgets for zero-downtime rolling deployments
  • PersistentVolumeClaims, ConfigMaps, Secrets, ServiceAccount
  • Security contexts with least-privilege (non-root, read-only where possible, dropped capabilities)

Tilt (local K8s dev)

  • deploy/tilt/Tiltfile with live-reload for Python backend and Vite HMR for frontend
  • Resource grouping, port forwarding, dependency ordering

Platform Configs

  • Railway (railway.toml / railway.json)
  • Render (render.yaml blueprint with auto-provisioned DB/Redis)
  • Fly.io (fly.toml for backend + frontend)
  • Heroku (Procfile)
  • DigitalOcean App Platform (.do/app.yaml)
  • AWS ECS Fargate (task definition) + App Runner
  • GCP Cloud Run (Knative service with Secret Manager refs)
  • Azure Container Apps (containerapp.yaml)
  • Netlify (netlify.toml — frontend)
  • Vercel (vercel.json — frontend)

Scripts

  • deploy/scripts/deploy.sh — unified CLI: ./deploy.sh --platform <name>
  • deploy/scripts/setup-local.sh — local dev setup (Docker/Tilt/bare-metal)

Documentation

  • deploy/DEPLOYMENT.md — architecture diagram, per-platform step-by-step instructions, env var reference, troubleshooting

Quality Highlights

  • No secrets hardcoded — all via env vars, Kubernetes Secrets, or cloud secret managers
  • Real health check endpoints (/health from Flask, /nginx-health from frontend nginx)
  • Resource limits tuned for production workloads
  • Zero-downtime deploys via rolling updates + PDBs
  • Security headers on all HTTP responses
  • Every file thoroughly commented

Test Plan

  • docker compose -f deploy/docker/docker-compose.prod.yml up -d --build starts all services
  • curl localhost/health returns {"status":"ok"}
  • curl localhost/ serves the React SPA
  • helm template finmind deploy/helm/finmind --set secrets.POSTGRES_PASSWORD=test --set secrets.JWT_SECRET=test renders valid K8s YAML
  • cd deploy/tilt && tilt up starts all services in local K8s
  • Auth flows (register/login) work end-to-end
  • Expenses, bills, reminders, dashboard, and insights modules are accessible

Closes #144

@Abraham33
Bounty Submission: Universal One-Click Deployment (Docker + K8s + Til…
049b12c 
…t) for FinMind

Add complete production-grade deployment system supporting 12+ platforms:

Docker:
- Multi-stage Dockerfiles for backend (Python/Flask) and frontend (React/nginx)
- Production docker-compose.yml with health checks, resource limits, restart policies
- Reverse proxy with rate limiting, security headers, and TLS-ready config
- Optimized .dockerignore for minimal build context

Kubernetes:
- Full Helm chart with parameterized values.yaml
- Deployments for backend, frontend, PostgreSQL, and Redis
- Services, Ingress with TLS (cert-manager integration)
- HPA autoscaling for backend and frontend
- PodDisruptionBudgets for zero-downtime deployments
- ConfigMaps for non-sensitive config, Secrets for credentials
- Health probes (startup, liveness, readiness) on all services
- PersistentVolumeClaims for database and cache persistence
- ServiceAccount with least-privilege security context

Tilt:
- Tiltfile for local Kubernetes development
- Live-reload for backend Python (file sync + SIGHUP)
- Hot-reload for frontend via Vite HMR
- Port forwarding and resource grouping

Platform Configs:
- Railway (railway.toml + railway.json)
- Render (render.yaml blueprint with auto-provisioned DB/Redis)
- Fly.io (fly.toml for backend + frontend)
- GCP Cloud Run (Knative service definition with Secret Manager)
- Heroku (Procfile with container deployment)
- DigitalOcean App Platform (.do/app.yaml)
- AWS ECS Fargate (task definition) + App Runner
- Azure Container Apps (containerapp.yaml)
- Netlify (netlify.toml — frontend SPA)
- Vercel (vercel.json — frontend SPA)

Scripts:
- deploy.sh — unified CLI for all platforms with --platform flag
- setup-local.sh — local dev setup (Docker, Tilt, or bare-metal modes)

Documentation:
- Complete DEPLOYMENT.md with architecture diagram, per-platform instructions,
  environment variable reference, and troubleshooting guide

Closes rohitdash08#144
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rohitdash08 rohitdash08 Awaiting requested review from rohitdash08 rohitdash08 is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[$1000 Bounty] Universal One-Click Deployment for FinMind (Docker + Kubernetes + Tilt)

2 participants

@CelebrityPunks @Abraham33