mirror of
https://github.com/hcengineering/platform.git
synced 2024-12-22 11:01:54 +03:00
k8s deployment use secret
Signed-off-by: Andrey Platov <andrey@hardcoreeng.com>
This commit is contained in:
parent
a847d662da
commit
2cc2f5c700
@ -283,7 +283,7 @@ new aws.route53.Record("frontRecord", {
|
||||
type: "A",
|
||||
ttl: 300,
|
||||
records: [
|
||||
"8.9.31.18"
|
||||
"107.191.38.121"
|
||||
]
|
||||
})
|
||||
|
||||
@ -293,7 +293,7 @@ new aws.route53.Record("transactorRecord", {
|
||||
type: "A",
|
||||
ttl: 300,
|
||||
records: [
|
||||
"8.9.31.18"
|
||||
"107.191.38.121"
|
||||
]
|
||||
})
|
||||
|
||||
@ -303,7 +303,7 @@ new aws.route53.Record("uploadRecord", {
|
||||
type: "A",
|
||||
ttl: 300,
|
||||
records: [
|
||||
"8.9.31.18"
|
||||
"107.191.38.121"
|
||||
]
|
||||
})
|
||||
|
||||
@ -313,6 +313,6 @@ new aws.route53.Record("accountRecord", {
|
||||
type: "A",
|
||||
ttl: 300,
|
||||
records: [
|
||||
"8.9.31.18"
|
||||
"107.191.38.121"
|
||||
]
|
||||
})
|
||||
|
@ -1,2 +1,49 @@
|
||||
|
||||
helm upgrade dev --set master.persistence.size=10Gi,data.persistence.size=10Gi,image.repository=anticrm/elasticsearch,ingest.enabled=true,data.heapSize=8192m,master.heapSize=512m,coordinating.heapSize=512m,ingest.heapSize=512m bitnami/elasticsearch
|
||||
# Deploying Platform on k8s cluster
|
||||
|
||||
We need [MongoDb](https://www.mongodb.com), [Elastic Search](https://www.elastic.co), and [MinIO](https://www.min.io) servers installed on the network/cloud.
|
||||
You should have credentials to access these servers to continue deployment.
|
||||
|
||||
ElasticSearch should have `ingest` plugin installed.
|
||||
|
||||
## Secrets
|
||||
|
||||
`secret.yaml` provide exemplary configuration values to access data storage servers. Provide correct values and
|
||||
|
||||
```
|
||||
kubectl apply -f secret.yaml
|
||||
```
|
||||
|
||||
## Deploying Transactor service
|
||||
|
||||
```
|
||||
cd server/server
|
||||
kubectl apply -f kube/transactor.yml
|
||||
kubectl apply -f kube/ingress.yml
|
||||
```
|
||||
|
||||
## Deploying Front-end services
|
||||
|
||||
```
|
||||
cd server/front
|
||||
kubectl apply -f kube/front.yml
|
||||
kubectl apply -f kube/ingress.yml
|
||||
```
|
||||
|
||||
## Deploying Account services
|
||||
|
||||
```
|
||||
cd pods/account
|
||||
kubectl apply -f kube/deployment.yml
|
||||
kubectl apply -f kube/service.yml
|
||||
kubectl apply -f kube/ingress.yml
|
||||
```
|
||||
|
||||
## Deploying Upload services
|
||||
|
||||
```
|
||||
cd server/upload
|
||||
kubectl apply -f kube/deployment.yml
|
||||
kubectl apply -f kube/service.yml
|
||||
kubectl apply -f kube/ingress.yml
|
||||
```
|
||||
|
27
deploy/secret.yaml
Normal file
27
deploy/secret.yaml
Normal file
@ -0,0 +1,27 @@
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: mongodb
|
||||
type: Opaque
|
||||
data:
|
||||
url: bW9uZ29kYjovLzEwLjEuOTYuNzoyNzAxNy8=
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: elastic
|
||||
type: Opaque
|
||||
data:
|
||||
url: aHR0cDovLzEwLjEuOTYuODo5MjAwLw==
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: minio
|
||||
type: Opaque
|
||||
data:
|
||||
endpoint: MTAuMS45Ni45
|
||||
accessKey: RGdkZjQ1RUdnZWdI
|
||||
secretKey: Z3NkZkRnc2Rnc1NHZ3FrRlFFR2xmV2ZncmprNDNtMg==
|
||||
|
||||
|
@ -14,13 +14,14 @@
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
export MONGODB_ROOT_PASSWORD=$(kubectl get secret --namespace default mng-mongodb -o jsonpath="{.data.mongodb-root-password}" | base64 --decode)
|
||||
export MINIO_ACCESS_KEY=$(kubectl get secret --namespace default minio -o jsonpath="{.data.access-key}" | base64 --decode)
|
||||
export MINIO_SECRET_KEY=$(kubectl get secret --namespace default minio -o jsonpath="{.data.secret-key}" | base64 --decode)
|
||||
export MONGO_URL=$(kubectl get secret mongodb -o jsonpath="{.data.url}" | base64 --decode)
|
||||
export MINIO_ENDPOINT=$(kubectl get secret minio -o jsonpath="{.data.endpoint}" | base64 --decode)
|
||||
export MINIO_ACCESS_KEY=$(kubectl get secret minio -o jsonpath="{.data.accessKey}" | base64 --decode)
|
||||
export MINIO_SECRET_KEY=$(kubectl get secret minio -o jsonpath="{.data.secretKey}" | base64 --decode)
|
||||
|
||||
kubectl run anticrm-tool --rm --tty -i --restart='Never' \
|
||||
--env="MONGO_URL=mongodb://root:$MONGODB_ROOT_PASSWORD@mng-mongodb:27017/" \
|
||||
--env="MONGO_URL=$MONGO_URL" \
|
||||
--env="TRANSACTOR_URL=ws://transactor/" \
|
||||
--env="MINIO_ENDPOINT=minio" \
|
||||
--env="MINIO_ENDPOINT=$MINIO_ENDPOINT" \
|
||||
--env="MINIO_ACCESS_KEY=$MINIO_ACCESS_KEY" \
|
||||
--env="MINIO_SECRET_KEY=$MINIO_SECRET_KEY" --image anticrm/tool --command -- bash
|
||||
|
@ -20,4 +20,7 @@ spec:
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: MONGO_URL
|
||||
value: mongodb://root:WZCwnHRazX@mng-mongodb:27017/
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: mongodb
|
||||
key: url
|
||||
|
@ -1,18 +0,0 @@
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Issuer
|
||||
metadata:
|
||||
name: letsencrypt-staging
|
||||
spec:
|
||||
acme:
|
||||
# The ACME server URL
|
||||
server: https://acme-staging-v02.api.letsencrypt.org/directory
|
||||
# Email address used for ACME registration
|
||||
email: andrey@hardcoreeng.com
|
||||
# Name of a secret used to store the ACME account private key
|
||||
privateKeySecretRef:
|
||||
name: letsencrypt-staging
|
||||
# Enable the HTTP-01 challenge provider
|
||||
solvers:
|
||||
- http01:
|
||||
ingress:
|
||||
class: nginx
|
@ -21,9 +21,15 @@ spec:
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: MONGO_URL
|
||||
value: mongodb://root:WZCwnHRazX@mng-mongodb:27017/
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: mongodb
|
||||
key: url
|
||||
- name: ELASTIC_URL
|
||||
value: http://dev-elasticsearch-coordinating-only:9200/
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: elastic
|
||||
key: url
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
|
@ -22,10 +22,22 @@ spec:
|
||||
- name: TRANSACTOR_URL
|
||||
value: ws://transactor/
|
||||
- name: ELASTIC_URL
|
||||
value: http://dev-elasticsearch-coordinating-only:9200/
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: elastic
|
||||
key: url
|
||||
- name: MINIO_ENDPOINT
|
||||
value: minio
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: minio
|
||||
key: endpoint
|
||||
- name: MINIO_ACCESS_KEY
|
||||
value: 22pYVftgFj
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: minio
|
||||
key: accessKey
|
||||
- name: MINIO_SECRET_KEY
|
||||
value: l8FkhAXSbQBUpeYJ7APYOSXyWp4qEXR4Gccjb2zo
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: minio
|
||||
key: secretKey
|
||||
|
Loading…
Reference in New Issue
Block a user