docker-erpnext/documentation/deployment-guides/aws-managed/kubernetes-manifests/configmap.yaml

apiVersion: v1
kind: ConfigMap
metadata:
  name: erpnext-config
  namespace: erpnext
  labels:
    app: erpnext
    component: config
data:
  # ERPNext Application Configuration
  APP_VERSION: "v14"
  APP_URL: "erpnext.yourdomain.com"
  APP_USER: "Administrator"
  APP_DB_PARAM: "db"
  DEVELOPER_MODE: "0"
  ENABLE_SCHEDULER: "1"
  SOCKETIO_PORT: "9000"
  
  # Database Configuration (AWS RDS)
  DB_HOST: "${DB_HOST}"  # Replace with actual RDS endpoint
  DB_PORT: "3306"
  DB_NAME: "erpnext"
  DB_USER: "admin"
  DB_TIMEOUT: "60"
  DB_CHARSET: "utf8mb4"
  
  # Redis Configuration (AWS MemoryDB)
  REDIS_CACHE_URL: "redis://${REDIS_HOST}:6379/0"
  REDIS_QUEUE_URL: "redis://${REDIS_HOST}:6379/1"
  REDIS_SOCKETIO_URL: "redis://${REDIS_HOST}:6379/2"
  
  # Performance Configuration
  WORKERS: "4"
  THREADS: "2"
  MAX_REQUESTS: "1000"
  MAX_REQUESTS_JITTER: "100"
  WORKER_TIMEOUT: "120"
  KEEPALIVE: "5"
  
  # AWS Configuration
  AWS_DEFAULT_REGION: "us-east-1"
  AWS_S3_BUCKET: "erpnext-files-${ACCOUNT_ID}"
  
  # Logging Configuration
  LOG_LEVEL: "INFO"
  STRUCTURED_LOGS: "true"
  
  # Security Configuration
  FORCE_HTTPS: "true"
  COOKIE_SECURE: "true"
  SESSION_COOKIE_SAMESITE: "Lax"
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: erpnext-nginx-config
  namespace: erpnext
  labels:
    app: erpnext
    component: frontend
data:
  nginx.conf: |
    user nginx;
    worker_processes auto;
    error_log /var/log/nginx/error.log warn;
    pid /var/run/nginx.pid;

    events {
        worker_connections 1024;
        use epoll;
        multi_accept on;
    }

    http {
        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        # Logging format
        log_format main '$remote_addr - $remote_user [$time_local] "$request" '
                       '$status $body_bytes_sent "$http_referer" '
                       '"$http_user_agent" "$http_x_forwarded_for"';

        access_log /var/log/nginx/access.log main;

        # Performance settings
        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 65;
        types_hash_max_size 2048;
        client_max_body_size 50M;

        # Gzip compression
        gzip on;
        gzip_vary on;
        gzip_min_length 1024;
        gzip_proxied any;
        gzip_comp_level 6;
        gzip_types
            text/plain
            text/css
            text/xml
            text/javascript
            application/json
            application/javascript
            application/xml+rss
            application/atom+xml
            image/svg+xml;

        # Security headers
        add_header X-Frame-Options DENY;
        add_header X-Content-Type-Options nosniff;
        add_header X-XSS-Protection "1; mode=block";
        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

        upstream backend {
            server erpnext-backend:8000;
            keepalive 32;
        }

        upstream socketio {
            server erpnext-backend:9000;
            keepalive 32;
        }

        server {
            listen 8080;
            server_name _;

            # Health check endpoint
            location /health {
                access_log off;
                return 200 "healthy\n";
                add_header Content-Type text/plain;
            }

            # Socket.IO
            location /socket.io/ {
                proxy_pass http://socketio;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_cache_bypass $http_upgrade;
                proxy_buffering off;
            }

            # API endpoints
            location /api/ {
                proxy_pass http://backend;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_read_timeout 300;
                proxy_connect_timeout 300;
            }

            # Static assets
            location /assets/ {
                root /home/frappe/frappe-bench/sites;
                expires 1y;
                add_header Cache-Control "public, immutable";
                add_header X-Content-Type-Options nosniff;
            }

            # Files
            location /files/ {
                root /home/frappe/frappe-bench/sites;
                expires 1y;
                add_header Cache-Control "public";
                add_header X-Content-Type-Options nosniff;
            }

            # Everything else to backend
            location / {
                proxy_pass http://backend;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_read_timeout 300;
                proxy_connect_timeout 300;
            }
        }
    }    
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: fluent-bit-config
  namespace: erpnext
  labels:
    app: erpnext
    component: logging
data:
  fluent-bit.conf: |
    [SERVICE]
        Flush         1
        Log_Level     info
        Daemon        off
        Parsers_File  parsers.conf

    [INPUT]
        Name              tail
        Path              /home/frappe/frappe-bench/logs/*.log
        Parser            erpnext
        Tag               erpnext.*
        Refresh_Interval  5

    [OUTPUT]
        Name cloudwatch_logs
        Match *
        region us-east-1
        log_group_name /aws/eks/erpnext
        log_stream_prefix erpnext-
        auto_create_group true    

  parsers.conf: |
    [PARSER]
        Name        erpnext
        Format      regex
        Regex       ^(?<timestamp>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}),(?<milliseconds>\d{3}) (?<level>\w+) (?<message>.*)$
        Time_Key    timestamp
        Time_Format %Y-%m-%d %H:%M:%S