From d4e4c91d48e796930d2c4a296a9d270996e72ecc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9mi=20Pailharey?= <rpailharey@grandlyon.com>
Date: Mon, 6 Feb 2023 15:39:12 +0100
Subject: [PATCH] doc: updated k8s
---
k8s/README.md | 13 ++-
k8s/deployments/busybox-deployment.yml | 11 +--
.../database-restore-deployment.yml | 23 +++--
.../ecolyo-agent-client-deployment.yml | 1 -
.../ecolyo-agent-database-deployment.yml | 42 +++-----
.../ecolyo-agent-meilisearch-deployment.yml | 44 ++++-----
.../ecolyo-agent-server-deployment.yml | 98 +++++++------------
k8s/secrets/ecolyo-agent-server-config.yml | 22 +++++
k8s/secrets/sge-api.yml | 8 --
k8s/services/backend.yml | 7 +-
k8s/services/ecolyo-agent-client-service.yml | 1 -
.../ecolyo-agent-database-service.yml | 3 +-
.../ecolyo-agent-meilisearch-service.yml | 3 +-
13 files changed, 115 insertions(+), 161 deletions(-)
create mode 100644 k8s/secrets/ecolyo-agent-server-config.yml
delete mode 100644 k8s/secrets/sge-api.yml
diff --git a/k8s/README.md b/k8s/README.md
index f203343..c038213 100644
--- a/k8s/README.md
+++ b/k8s/README.md
@@ -43,12 +43,12 @@ Configuration:
- Remplacer les valeurs de "host", "name" et "password"
- Lancer `oc apply -f ecolyo-agent-database.yml`
-### Secrets des APIs SGE
+### Secrets de config pour le serveur
-- Depuis VS Code, créer un fichier sge-api.yml
-- Copier le contenu du fichier k8s/secrets/sge-api.yml dedans
-- Remplacer la valeur de "token"
-- Lancer `oc apply -f sge-api.yml`
+- Depuis VS Code, créer un fichier ecolyo-agent-server-config.yml
+- Copier le contenu du fichier k8s/secrets/ecolyo-agent-server-config.yml dedans
+- Remplacer les valeurs des différentes variables
+- Lancer `oc apply -f ecolyo-agent-server-config.yml`
### Secrets de Meilisearch
@@ -68,6 +68,9 @@ Configuration:
| pvc-3-ns-selfdata-d01-syn-claim | 2 GiB | BDD MySQL |
| pvc-4-ns-selfdata-d01-syn-claim | 1 GiB | Dumps MySQL |
+> **Attention**
+> Ceci est la configuration pour un environnement de RECETTE, pour la PRODUCTION remplacer les noms par pvc-*-ns-selfdata-**p**01-syn-claim
+
## Création des déploiements
### Déployer la base de données MySQL
diff --git a/k8s/deployments/busybox-deployment.yml b/k8s/deployments/busybox-deployment.yml
index 51e32c4..56e08fb 100644
--- a/k8s/deployments/busybox-deployment.yml
+++ b/k8s/deployments/busybox-deployment.yml
@@ -2,16 +2,15 @@ apiVersion: apps/v1
kind: Deployment
metadata:
name: busybox
- namespace: ns-selfdata-d01-syn
spec:
+ replicas: 1
selector:
matchLabels:
- app: httpd
- replicas: 1
+ app: busybox
template:
metadata:
labels:
- app: httpd
+ app: busybox
spec:
volumes:
- name: data
@@ -30,10 +29,10 @@ spec:
resources:
limits:
cpu: 100m
- memory: 8Mi
+ memory: 16Mi
requests:
cpu: 100m
- memory: 8Mi
+ memory: 16Mi
volumeMounts:
- name: data
mountPath: /mnt/data
diff --git a/k8s/deployments/database-restore-deployment.yml b/k8s/deployments/database-restore-deployment.yml
index 48e7241..ee076b2 100644
--- a/k8s/deployments/database-restore-deployment.yml
+++ b/k8s/deployments/database-restore-deployment.yml
@@ -2,16 +2,15 @@ apiVersion: apps/v1
kind: Deployment
metadata:
name: database-restore
- namespace: ns-selfdata-d01-syn
spec:
+ replicas: 0
selector:
matchLabels:
- app: httpd
- replicas: 0
+ app: database-restore
template:
metadata:
labels:
- app: httpd
+ app: database-restore
spec:
volumes:
- name: pvc-4-ns-selfdata-d01-syn-claim
@@ -36,16 +35,16 @@ spec:
secretKeyRef:
name: ecolyo-agent-database
key: host
- - resources:
- limits:
- cpu: 100m
- memory: 256Mi
- requests:
- cpu: 100m
- memory: 256Mi
+ resources:
+ limits:
+ cpu: 100m
+ memory: 256Mi
+ requests:
+ cpu: 100m
+ memory: 256Mi
volumeMounts:
- name: pvc-4-ns-selfdata-d01-syn-claim
mountPath: /dump
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
- imagePullPolicy: IfNotPresent
\ No newline at end of file
+ imagePullPolicy: IfNotPresent
diff --git a/k8s/deployments/ecolyo-agent-client-deployment.yml b/k8s/deployments/ecolyo-agent-client-deployment.yml
index dd38251..6863fa4 100644
--- a/k8s/deployments/ecolyo-agent-client-deployment.yml
+++ b/k8s/deployments/ecolyo-agent-client-deployment.yml
@@ -3,7 +3,6 @@ kind: Deployment
apiVersion: apps/v1
metadata:
name: ecolyo-agent-client
- namespace: ns-selfdata-d01-syn
spec:
replicas: 1
selector:
diff --git a/k8s/deployments/ecolyo-agent-database-deployment.yml b/k8s/deployments/ecolyo-agent-database-deployment.yml
index c3f309d..9ff2fb2 100644
--- a/k8s/deployments/ecolyo-agent-database-deployment.yml
+++ b/k8s/deployments/ecolyo-agent-database-deployment.yml
@@ -1,36 +1,25 @@
apiVersion: apps/v1
kind: Deployment
metadata:
- annotations:
- kompose.cmd: kompose convert
- kompose.version: 1.26.1 (a9d05d509)
- creationTimestamp: null
- labels:
- io.kompose.service: ecolyo-agent-database
name: ecolyo-agent-database
spec:
replicas: 1
selector:
matchLabels:
- io.kompose.service: ecolyo-agent-database
- strategy:
- type: Recreate
+ app: ecolyo-agent-database
template:
metadata:
- annotations:
- kompose.cmd: kompose convert
- kompose.version: 1.26.1 (a9d05d509)
- creationTimestamp: null
labels:
- io.kompose.network/ecolyo-agent-network: "true"
- io.kompose.service: ecolyo-agent-database
+ app: ecolyo-agent-database
spec:
volumes:
- name: pvc-3-ns-selfdata-d01-syn-claim
persistentVolumeClaim:
claimName: pvc-3-ns-selfdata-d01-syn-claim
containers:
- env:
+ - name: ecolyo-agent-database
+ image: mysql:8
+ env:
- name: MYSQL_DATABASE
valueFrom:
secretKeyRef:
@@ -41,22 +30,15 @@ spec:
secretKeyRef:
name: ecolyo-agent-database
key: password
- image: mysql:5
- livenessProbe:
- exec:
- command:
- - mysqladmin ping -h 127.0.0.1 -u root --password=$MYSQL_ROOT_PASSWORD
- failureThreshold: 60
- periodSeconds: 5
- timeoutSeconds: 10
- name: ecolyo-agent-database
ports:
- containerPort: 3306
volumeMounts:
- name: pvc-3-ns-selfdata-d01-syn-claim
mountPath: /var/lib/mysql
- resources: {}
-
- restartPolicy: Always
-
-status: {}
+ resources:
+ limits:
+ cpu: 100m
+ memory: 512Mi
+ requests:
+ cpu: 100m
+ memory: 512Mi
diff --git a/k8s/deployments/ecolyo-agent-meilisearch-deployment.yml b/k8s/deployments/ecolyo-agent-meilisearch-deployment.yml
index 7647963..5631364 100644
--- a/k8s/deployments/ecolyo-agent-meilisearch-deployment.yml
+++ b/k8s/deployments/ecolyo-agent-meilisearch-deployment.yml
@@ -1,38 +1,30 @@
apiVersion: apps/v1
kind: Deployment
metadata:
- annotations:
- kompose.cmd: kompose convert
- kompose.version: 1.26.1 (a9d05d509)
- creationTimestamp: null
- labels:
- io.kompose.service: ecolyo-agent-meilisearch
name: ecolyo-agent-meilisearch
spec:
replicas: 1
selector:
matchLabels:
- io.kompose.service: ecolyo-agent-meilisearch
- strategy:
- type: Recreate
+ app: ecolyo-agent-meilisearch
template:
metadata:
- annotations:
- kompose.cmd: kompose convert
- kompose.version: 1.26.1 (a9d05d509)
- creationTimestamp: null
labels:
- io.kompose.network/ecolyo-agent-network: "true"
- io.kompose.service: ecolyo-agent-meilisearch
+ app: ecolyo-agent-meilisearch
spec:
+ volumes:
+ - name: pvc-1-ns-selfdata-d01-syn-claim
+ persistentVolumeClaim:
+ claimName: pvc-1-ns-selfdata-d01-syn-claim
containers:
- - env:
+ - name: ecolyo-agent-meilisearch
+ image: getmeili/meilisearch:v0.28.1
+ env:
- name: MEILI_MASTER_KEY
valueFrom:
secretKeyRef:
name: meilisearch
key: master-key
- image: getmeili/meilisearch:v0.28.1
livenessProbe:
exec:
command:
@@ -42,17 +34,15 @@ spec:
failureThreshold: 3
periodSeconds: 10
timeoutSeconds: 10
- name: ecolyo-agent-meilisearch
ports:
- containerPort: 7700
- resources: {}
+ resources:
+ limits:
+ cpu: 100m
+ memory: 256Mi
+ requests:
+ cpu: 100m
+ memory: 256Mi
volumeMounts:
- mountPath: /meili_data
- name: pvc-1-ns-selfdata-d01-syn-claim
- restartPolicy: Always
- volumes:
- - name: pvc-1-ns-selfdata-d01-syn-claim
- persistentVolumeClaim:
- claimName: pvc-1-ns-selfdata-d01-syn-claim
-
-status: {}
+ name: pvc-1-ns-selfdata-d01-syn-claim
\ No newline at end of file
diff --git a/k8s/deployments/ecolyo-agent-server-deployment.yml b/k8s/deployments/ecolyo-agent-server-deployment.yml
index 5d976e3..9345795 100644
--- a/k8s/deployments/ecolyo-agent-server-deployment.yml
+++ b/k8s/deployments/ecolyo-agent-server-deployment.yml
@@ -1,89 +1,61 @@
apiVersion: apps/v1
kind: Deployment
metadata:
- annotations:
- kompose.cmd: kompose convert
- kompose.version: 1.26.1 (a9d05d509)
- creationTimestamp: null
- labels:
- io.kompose.service: ecolyo-agent-server
name: ecolyo-agent-server
spec:
replicas: 1
selector:
matchLabels:
- io.kompose.service: ecolyo-agent-server
- strategy:
- type: Recreate
+ app: ecolyo-agent-server
template:
metadata:
- annotations:
- kompose.cmd: kompose convert
- kompose.version: 1.26.1 (a9d05d509)
- creationTimestamp: null
labels:
- io.kompose.network/ecolyo-agent-network: "true"
- io.kompose.service: ecolyo-agent-server
+ app: ecolyo-agent-server
spec:
volumes:
- name: pvc-2-ns-selfdata-d01-syn-claim
persistentVolumeClaim:
claimName: pvc-2-ns-selfdata-d01-syn-claim
containers:
- - env:
- - name: ADMIN_ROLE
- - name: AUTH_URL
- - name: CLIENT_ID
- - name: CLIENT_SECRET
- - name: HOSTNAME
- - name: DEBUG_MODE
- - name: HTTPS_PORT
- - name: IMAGE_FOLDER
- - name: MOCK_OAUTH2
- - name: REDIRECT_URL
- - name: TOKEN_URL
- - name: USERINFO_URL
- - name: MEILI_HOST
- value: 'http://ecolyo-agent-meilisearch-service:7700'
- - name: DATABASE_HOST
- valueFrom:
- secretKeyRef:
- name: ecolyo-agent-database
- key: host
- - name: DATABASE_NAME
- valueFrom:
- secretKeyRef:
- name: ecolyo-agent-database
- key: name
- - name: DATABASE_USER
- value: root
- - name: DATABASE_PASSWORD
- valueFrom:
- secretKeyRef:
- name: ecolyo-agent-database
- key: password
- - name: SGE_API_TOKEN
- valueFrom:
- secretKeyRef:
- name: sge-api
- key: token
- - name: MEILI_MASTER_KEY
- valueFrom:
- secretKeyRef:
- name: meilisearch
- key: master-key
- image: registry.forge.grandlyon.com/web-et-numerique/llle_project/backoffice-server:master
+ - name: ecolyo-agent-server
+ image: registry.forge.grandlyon.com/web-et-numerique/factory/llle_project/backoffice-server:master
+ env:
+ - name: DATABASE_HOST
+ valueFrom:
+ secretKeyRef:
+ name: ecolyo-agent-database
+ key: host
+ - name: DATABASE_NAME
+ valueFrom:
+ secretKeyRef:
+ name: ecolyo-agent-database
+ key: name
+ - name: DATABASE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: ecolyo-agent-database
+ key: password
+ - name: MEILI_MASTER_KEY
+ valueFrom:
+ secretKeyRef:
+ name: meilisearch
+ key: master-key
+ envFrom:
+ - secretRef:
+ name: ecolyo-agent-server-config
imagePullPolicy: Always
volumeMounts:
- name: pvc-2-ns-selfdata-d01-syn-claim
mountPath: /app/mnt
- name: ecolyo-agent-server
ports:
- containerPort: 1443
- containerPort: 8090
- resources: {}
+ resources:
+ limits:
+ cpu: 100m
+ memory: 64Mi
+ requests:
+ cpu: 100m
+ memory: 64Mi
imagePullSecrets:
- name: llle-project
- restartPolicy: Always
-
-status: {}
diff --git a/k8s/secrets/ecolyo-agent-server-config.yml b/k8s/secrets/ecolyo-agent-server-config.yml
new file mode 100644
index 0000000..98869c9
--- /dev/null
+++ b/k8s/secrets/ecolyo-agent-server-config.yml
@@ -0,0 +1,22 @@
+kind: Secret
+apiVersion: v1
+metadata:
+ name: ecolyo-agent-server-config
+stringData:
+ # Replace all values between <...>
+ ADMIN_ROLE: <Admin group created in FIM>
+ AUTH_URL: <OAuth2 authentication URL>
+ CLIENT_ID: <OAuth2 client ID>
+ CLIENT_SECRET: <OAuth2 client secret>
+ DATABASE_USER: root
+ DEBUG_MODE: <true/false>
+ HOSTNAME: <ecolyo-agent(-rec).apps.grandlyon.com>
+ HTTPS_PORT: 1143
+ IMAGE_FOLDER: mnt/image-lib
+ MEILI_HOST: http://ecolyo-agent-meilisearch-service:7700
+ MOCK_OAUTH2: false
+ REDIRECT_URL: <HOSTNAME/OAuth2Callback>
+ SGE_API_TOKEN: <YOUR TOKEN>
+ TOKEN_URL: <OAuth2 token URL>
+ USERINFO_URL: <OAuth2 user info URL>
+type: Opaque
\ No newline at end of file
diff --git a/k8s/secrets/sge-api.yml b/k8s/secrets/sge-api.yml
deleted file mode 100644
index 6383ea0..0000000
--- a/k8s/secrets/sge-api.yml
+++ /dev/null
@@ -1,8 +0,0 @@
-kind: Secret
-apiVersion: v1
-metadata:
- name: sge-api
- namespace: ns-selfdata-d01-syn
-stringData:
- token: YOUR_TOKEN
-type: Opaque
\ No newline at end of file
diff --git a/k8s/services/backend.yml b/k8s/services/backend.yml
index 7994c84..7ef154d 100644
--- a/k8s/services/backend.yml
+++ b/k8s/services/backend.yml
@@ -2,16 +2,15 @@ apiVersion: v1
kind: Service
metadata:
name: backend
- namespace: ns-selfdata-d01-syn
spec:
selector:
- io.kompose.service: ecolyo-agent-server
+ app: ecolyo-agent-server
ports:
- - name: '1443'
+ - name: 'https-port'
protocol: TCP
port: 1443
targetPort: 1443
- - name: '8090'
+ - name: 'mock-oauth2'
protocol: TCP
port: 8090
targetPort: 8090
diff --git a/k8s/services/ecolyo-agent-client-service.yml b/k8s/services/ecolyo-agent-client-service.yml
index 072f5a2..f62801e 100644
--- a/k8s/services/ecolyo-agent-client-service.yml
+++ b/k8s/services/ecolyo-agent-client-service.yml
@@ -2,7 +2,6 @@ apiVersion: v1
kind: Service
metadata:
name: ecolyo-agent-client-service
- namespace: ns-selfdata-d01-syn
spec:
selector:
app: ecolyo-agent-client
diff --git a/k8s/services/ecolyo-agent-database-service.yml b/k8s/services/ecolyo-agent-database-service.yml
index feb977d..233c4a3 100644
--- a/k8s/services/ecolyo-agent-database-service.yml
+++ b/k8s/services/ecolyo-agent-database-service.yml
@@ -2,10 +2,9 @@ apiVersion: v1
kind: Service
metadata:
name: ecolyo-agent-database-service
- namespace: ns-selfdata-d01-syn
spec:
selector:
- io.kompose.service: ecolyo-agent-database
+ app: ecolyo-agent-database
ports:
- protocol: TCP
port: 3306
diff --git a/k8s/services/ecolyo-agent-meilisearch-service.yml b/k8s/services/ecolyo-agent-meilisearch-service.yml
index 2f2afd5..49f0575 100644
--- a/k8s/services/ecolyo-agent-meilisearch-service.yml
+++ b/k8s/services/ecolyo-agent-meilisearch-service.yml
@@ -2,10 +2,9 @@ apiVersion: v1
kind: Service
metadata:
name: ecolyo-agent-meilisearch-service
- namespace: ns-selfdata-d01-syn
spec:
selector:
- io.kompose.service: ecolyo-agent-meilisearch
+ app: ecolyo-agent-meilisearch
ports:
- protocol: TCP
port: 7700
--
GitLab