k8s deployment use secret

Signed-off-by: Andrey Platov <andrey@hardcoreeng.com>
This commit is contained in:
Andrey Platov 2021-10-23 02:05:45 +02:00
parent a847d662da
commit 2cc2f5c700
No known key found for this signature in database
GPG Key ID: C8787EFEB4B64AF0
9 changed files with 113 additions and 35 deletions

View File

@ -283,7 +283,7 @@ new aws.route53.Record("frontRecord", {
type: "A", type: "A",
ttl: 300, ttl: 300,
records: [ records: [
"8.9.31.18" "107.191.38.121"
] ]
}) })
@ -293,7 +293,7 @@ new aws.route53.Record("transactorRecord", {
type: "A", type: "A",
ttl: 300, ttl: 300,
records: [ records: [
"8.9.31.18" "107.191.38.121"
] ]
}) })
@ -303,7 +303,7 @@ new aws.route53.Record("uploadRecord", {
type: "A", type: "A",
ttl: 300, ttl: 300,
records: [ records: [
"8.9.31.18" "107.191.38.121"
] ]
}) })
@ -313,6 +313,6 @@ new aws.route53.Record("accountRecord", {
type: "A", type: "A",
ttl: 300, ttl: 300,
records: [ records: [
"8.9.31.18" "107.191.38.121"
] ]
}) })

View File

@ -1,2 +1,49 @@
helm upgrade dev --set master.persistence.size=10Gi,data.persistence.size=10Gi,image.repository=anticrm/elasticsearch,ingest.enabled=true,data.heapSize=8192m,master.heapSize=512m,coordinating.heapSize=512m,ingest.heapSize=512m bitnami/elasticsearch # Deploying Platform on k8s cluster
We need [MongoDb](https://www.mongodb.com), [Elastic Search](https://www.elastic.co), and [MinIO](https://www.min.io) servers installed on the network/cloud.
You should have credentials to access these servers to continue deployment.
ElasticSearch should have `ingest` plugin installed.
## Secrets
`secret.yaml` provide exemplary configuration values to access data storage servers. Provide correct values and
```
kubectl apply -f secret.yaml
```
## Deploying Transactor service
```
cd server/server
kubectl apply -f kube/transactor.yml
kubectl apply -f kube/ingress.yml
```
## Deploying Front-end services
```
cd server/front
kubectl apply -f kube/front.yml
kubectl apply -f kube/ingress.yml
```
## Deploying Account services
```
cd pods/account
kubectl apply -f kube/deployment.yml
kubectl apply -f kube/service.yml
kubectl apply -f kube/ingress.yml
```
## Deploying Upload services
```
cd server/upload
kubectl apply -f kube/deployment.yml
kubectl apply -f kube/service.yml
kubectl apply -f kube/ingress.yml
```

27
deploy/secret.yaml Normal file
View File

@ -0,0 +1,27 @@
apiVersion: v1
kind: Secret
metadata:
name: mongodb
type: Opaque
data:
url: bW9uZ29kYjovLzEwLjEuOTYuNzoyNzAxNy8=
---
apiVersion: v1
kind: Secret
metadata:
name: elastic
type: Opaque
data:
url: aHR0cDovLzEwLjEuOTYuODo5MjAwLw==
---
apiVersion: v1
kind: Secret
metadata:
name: minio
type: Opaque
data:
endpoint: MTAuMS45Ni45
accessKey: RGdkZjQ1RUdnZWdI
secretKey: Z3NkZkRnc2Rnc1NHZ3FrRlFFR2xmV2ZncmprNDNtMg==

View File

@ -14,13 +14,14 @@
# limitations under the License. # limitations under the License.
# #
export MONGODB_ROOT_PASSWORD=$(kubectl get secret --namespace default mng-mongodb -o jsonpath="{.data.mongodb-root-password}" | base64 --decode) export MONGO_URL=$(kubectl get secret mongodb -o jsonpath="{.data.url}" | base64 --decode)
export MINIO_ACCESS_KEY=$(kubectl get secret --namespace default minio -o jsonpath="{.data.access-key}" | base64 --decode) export MINIO_ENDPOINT=$(kubectl get secret minio -o jsonpath="{.data.endpoint}" | base64 --decode)
export MINIO_SECRET_KEY=$(kubectl get secret --namespace default minio -o jsonpath="{.data.secret-key}" | base64 --decode) export MINIO_ACCESS_KEY=$(kubectl get secret minio -o jsonpath="{.data.accessKey}" | base64 --decode)
export MINIO_SECRET_KEY=$(kubectl get secret minio -o jsonpath="{.data.secretKey}" | base64 --decode)
kubectl run anticrm-tool --rm --tty -i --restart='Never' \ kubectl run anticrm-tool --rm --tty -i --restart='Never' \
--env="MONGO_URL=mongodb://root:$MONGODB_ROOT_PASSWORD@mng-mongodb:27017/" \ --env="MONGO_URL=$MONGO_URL" \
--env="TRANSACTOR_URL=ws://transactor/" \ --env="TRANSACTOR_URL=ws://transactor/" \
--env="MINIO_ENDPOINT=minio" \ --env="MINIO_ENDPOINT=$MINIO_ENDPOINT" \
--env="MINIO_ACCESS_KEY=$MINIO_ACCESS_KEY" \ --env="MINIO_ACCESS_KEY=$MINIO_ACCESS_KEY" \
--env="MINIO_SECRET_KEY=$MINIO_SECRET_KEY" --image anticrm/tool --command -- bash --env="MINIO_SECRET_KEY=$MINIO_SECRET_KEY" --image anticrm/tool --command -- bash

View File

@ -20,4 +20,7 @@ spec:
imagePullPolicy: Always imagePullPolicy: Always
env: env:
- name: MONGO_URL - name: MONGO_URL
value: mongodb://root:WZCwnHRazX@mng-mongodb:27017/ valueFrom:
secretKeyRef:
name: mongodb
key: url

View File

@ -1,18 +0,0 @@
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: letsencrypt-staging
spec:
acme:
# The ACME server URL
server: https://acme-staging-v02.api.letsencrypt.org/directory
# Email address used for ACME registration
email: andrey@hardcoreeng.com
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: letsencrypt-staging
# Enable the HTTP-01 challenge provider
solvers:
- http01:
ingress:
class: nginx

View File

@ -21,9 +21,15 @@ spec:
imagePullPolicy: Always imagePullPolicy: Always
env: env:
- name: MONGO_URL - name: MONGO_URL
value: mongodb://root:WZCwnHRazX@mng-mongodb:27017/ valueFrom:
secretKeyRef:
name: mongodb
key: url
- name: ELASTIC_URL - name: ELASTIC_URL
value: http://dev-elasticsearch-coordinating-only:9200/ valueFrom:
secretKeyRef:
name: elastic
key: url
--- ---
apiVersion: v1 apiVersion: v1
kind: Service kind: Service

View File

@ -22,10 +22,22 @@ spec:
- name: TRANSACTOR_URL - name: TRANSACTOR_URL
value: ws://transactor/ value: ws://transactor/
- name: ELASTIC_URL - name: ELASTIC_URL
value: http://dev-elasticsearch-coordinating-only:9200/ valueFrom:
secretKeyRef:
name: elastic
key: url
- name: MINIO_ENDPOINT - name: MINIO_ENDPOINT
value: minio valueFrom:
secretKeyRef:
name: minio
key: endpoint
- name: MINIO_ACCESS_KEY - name: MINIO_ACCESS_KEY
value: 22pYVftgFj valueFrom:
secretKeyRef:
name: minio
key: accessKey
- name: MINIO_SECRET_KEY - name: MINIO_SECRET_KEY
value: l8FkhAXSbQBUpeYJ7APYOSXyWp4qEXR4Gccjb2zo valueFrom:
secretKeyRef:
name: minio
key: secretKey