diff --git a/deploy/etherpad/configmap.yaml b/deploy/etherpad/configmap.yaml deleted file mode 100644 index 80b918383dca986a23e408c062cabeb44dce5feb..0000000000000000000000000000000000000000 --- a/deploy/etherpad/configmap.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: etherpad-config - namespace: etherpad -data: - settings.json: | - { - "skinName":"no-skin", - "title":"Etherpad", - "defaultPadText" : "Welcome to Etherpad!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\n\nGet involved with Etherpad at https:\/\/etherpad.org\n", - "suppressErrorsInPadText": true - } diff --git a/deploy/etherpad/deployment.yaml b/deploy/etherpad/deployment.yaml index f99a545f0154530d27398b2fc7c1346c778ee0f0..685baa80be71ec22eb10f854f4d061cfb99645a1 100644 --- a/deploy/etherpad/deployment.yaml +++ b/deploy/etherpad/deployment.yaml @@ -1,59 +1,104 @@ ---- apiVersion: apps/v1 kind: Deployment metadata: - name: etherpad - namespace: etherpad - labels: - app: etherpad - annotations: - flux.weave.works/automated: "true" - flux.weave.works/tag.etherpad: semver:~1.0 - flux.weave.works/tag.etherpad-explorer: semver:~1.0 + name: etherpad-lite + namespace: opengauss-etherpad spec: + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 selector: matchLabels: - app: etherpad + app: control-etherpad + strategy: + type: Recreate template: metadata: labels: - app: etherpad + app: control-etherpad spec: containers: - - name: etherpad - image: swr.ap-southeast-1.myhuaweicloud.com/opengauss/etherpad:1.7.5 - ports: - - containerPort: 9001 - name: web - volumeMounts: - - name: "config" - mountPath: "/opt/etherpad/settings.json" - subPath: "settings.json" - - name: etherpad-explorer - image: swr.ap-southeast-1.myhuaweicloud.com/opensourceway/nginx:latest + - env: + - name: SKIN_NAME + valueFrom: + secretKeyRef: + key: skin + name: ether-secret + - name: NODE_ENV + valueFrom: + secretKeyRef: + key: env + name: ether-secret + - name: DB_TYPE + valueFrom: + secretKeyRef: + key: db_type + name: ether-secret + - name: DB_HOST + valueFrom: + secretKeyRef: + key: db_host + name: ether-secret + - name: DB_PORT + valueFrom: + secretKeyRef: + key: db_port + name: ether-secret + - name: DB_NAME + valueFrom: + secretKeyRef: + key: db_name + name: ether-secret + - name: DB_USER + valueFrom: + secretKeyRef: + key: db_user + name: ether-secret + - name: DB_CHARSET + valueFrom: + secretKeyRef: + key: db_charset + name: ether-secret + - name: PORT + valueFrom: + secretKeyRef: + key: port + name: ether-secret + - name: DB_PASS + valueFrom: + secretKeyRef: + key: db_password + name: ether-secret + - name: ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: admin_password + name: ether-secret + image: swr.cn-north-4.myhuaweicloud.com/opensourceway/common/etherpad:1.8.18 imagePullPolicy: IfNotPresent - env: - - name: NGINX_PORT - value: "80" + name: etherpad-lite ports: - - containerPort: 80 - name: http - protocol: TCP - - containerPort: 443 + - containerPort: 9001 name: https protocol: TCP + resources: + limits: + cpu: "2" + memory: 4000Mi + requests: + cpu: "1" + memory: 1000Mi + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File volumeMounts: - - mountPath: /etc/nginx/ssl - name: secret-volume - - mountPath: /etc/nginx/conf.d - name: nginx-config-vol + - mountPath: /opt/etherpad-lite/var + name: data-volume + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + terminationGracePeriodSeconds: 30 volumes: - - name: config - configMap: - name: etherpad-config - - name: nginx-config-vol - configMap: - name: webconfigmap - - name: secret-volume - secret: - secretName: websecret + - name: data-volume + persistentVolumeClaim: + claimName: ether-data-vol diff --git a/deploy/etherpad/ingress.yaml b/deploy/etherpad/ingress.yaml new file mode 100644 index 0000000000000000000000000000000000000000..fca523350e4793a11412b0d331acbddfcba6a1cf --- /dev/null +++ b/deploy/etherpad/ingress.yaml @@ -0,0 +1,28 @@ +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/cors-allow-credentials: "false" + nginx.ingress.kubernetes.io/server-snippet: | + location ^~ /admin { + deny all; + } + location ^~ /stats { + deny all; + } + name: opengauss-ingress + namespace: opengauss-etherpad +spec: + rules: + - host: etherpad.opengauss.org + http: + paths: + - backend: + serviceName: etherpad-lite + servicePort: 80 + path: / + tls: + - hosts: + - etherpad.opengauss.org + secretName: etherpad-tls diff --git a/deploy/etherpad/kustomization.yaml b/deploy/etherpad/kustomization.yaml new file mode 100644 index 0000000000000000000000000000000000000000..c0f5aeb0c8b344f56e08f77f97da37afa1dbb54f --- /dev/null +++ b/deploy/etherpad/kustomization.yaml @@ -0,0 +1,16 @@ +resources: +- deployment.yaml +- namespace.yaml +- service.yaml +- ingress.yaml +- secret.yaml +- pvc.yaml +namespace: opengauss-etherpad +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +commonAnnotations: + kubernetes.ops.cluster: infra-hk + kubernetes.ops.email: "" + kubernetes.ops.os.base: Debian + kubernetes.ops.owner: liuyang + kubernetes.ops.region: hk \ No newline at end of file diff --git a/deploy/etherpad/namespace.yaml b/deploy/etherpad/namespace.yaml index 196fcb44697e15156598b6040dd2fe445aac22a6..611ad5a541ac791a1b475ec711ad91166203bf2c 100644 --- a/deploy/etherpad/namespace.yaml +++ b/deploy/etherpad/namespace.yaml @@ -2,5 +2,5 @@ apiVersion: v1 kind: Namespace metadata: labels: - name: etherpad - name: etherpad + name: opengauss-etherpad + name: opengauss-etherpad \ No newline at end of file diff --git a/deploy/etherpad/pvc.yaml b/deploy/etherpad/pvc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..85d6e6f4097e7148e97da817e5e5d10e006a5b0c --- /dev/null +++ b/deploy/etherpad/pvc.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + annotations: + everest.io/disk-volume-type: GPSSD + everest.io/enterprise-project-id: "0" + pv.kubernetes.io/bind-completed: "yes" + volume.beta.kubernetes.io/storage-provisioner: everest-csi-provisioner + labels: + failure-domain.beta.kubernetes.io/region: ap-southeast-1 + failure-domain.beta.kubernetes.io/zone: ap-southeast-1a + name: ether-data-vol + namespace: opengauss-etherpad +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 100Gi + storageClassName: csi-disk + volumeMode: Filesystem + volumeName: pv-evs-opengauss-etherpad \ No newline at end of file diff --git a/deploy/etherpad/secret.yaml b/deploy/etherpad/secret.yaml new file mode 100644 index 0000000000000000000000000000000000000000..e5d783d5658808654dc986345f17f42f90f70a0e --- /dev/null +++ b/deploy/etherpad/secret.yaml @@ -0,0 +1,64 @@ +apiVersion: secrets-manager.tuenti.io/v1alpha1 +kind: SecretDefinition +metadata: + name: ether-secret + namespace: opengauss-etherpad +spec: + keysMap: + admin_password: + key: admin_password + path: secrets/data/infra-common/opengauss-etherpad + db_password: + key: db_password + path: secrets/data/infra-common/opengauss-etherpad + user_password: + key: user_password + path: secrets/data/infra-common/opengauss-etherpad + skin: + key: skin + path: secrets/data/infra-common/opengauss-etherpad + env: + key: env + path: secrets/data/infra-common/opengauss-etherpad + db_type: + key: db_type + path: secrets/data/infra-common/opengauss-etherpad + db_host: + key: db_host + path: secrets/data/infra-common/opengauss-etherpad + db_port: + key: db_port + path: secrets/data/infra-common/opengauss-etherpad + db_name: + key: db_name + path: secrets/data/infra-common/opengauss-etherpad + db_user: + key: db_user + path: secrets/data/infra-common/opengauss-etherpad + db_charset: + key: db_charset + path: secrets/data/infra-common/opengauss-etherpad + port: + key: port + path: secrets/data/infra-common/opengauss-etherpad + name: ether-secret + +--- +apiVersion: secrets-manager.tuenti.io/v1alpha1 +kind: SecretDefinition +metadata: + name: etherpad-tls + namespace: opengauss-etherpad +spec: + keysMap: + ca.crt: + key: server.crt + path: secrets/data/opengauss/etherpad + tls.crt: + key: server.crt + path: secrets/data/opengauss/etherpad + tls.key: + key: server.key + path: secrets/data/opengauss/etherpad + name: etherpad-tls + diff --git a/deploy/etherpad/service.yaml b/deploy/etherpad/service.yaml index db0f116c6351421aeee9fb9b791928fbe0934212..f7ee9511e45c6f1096ba3ddbcaa37bdf94d05d6f 100644 --- a/deploy/etherpad/service.yaml +++ b/deploy/etherpad/service.yaml @@ -1,24 +1,15 @@ apiVersion: v1 kind: Service metadata: - name: etherpad - namespace: etherpad - annotations: - kubernetes.io/elb.class: union - kubernetes.io/elb.id: dc566799-1185-43dd-a436-98bbac186495 - kubernetes.io/elb.lb-algorithm: ROUND_ROBIN + name: etherpad-lite + namespace: opengauss-etherpad spec: - externalTrafficPolicy: Cluster - loadBalancerIP: 159.138.47.196 ports: - - port: 80 - name: etherpad-http - targetPort: 80 - protocol: TCP - - port: 443 - name: etherpad-https - targetPort: 443 + - name: ether-http + port: 80 protocol: TCP + targetPort: 9001 selector: - app: etherpad - type: LoadBalancer + app: control-etherpad + sessionAffinity: None + type: ClusterIP