From bfff798800293db2fb506bf196cac9f058d00aae Mon Sep 17 00:00:00 2001 From: liuyang Date: Sat, 8 Jul 2023 17:00:30 +0800 Subject: [PATCH] upgrade opengauss etherpad to v1.8.18 --- deploy/etherpad/configmap.yaml | 13 --- deploy/etherpad/deployment.yaml | 129 +++++++++++++++++++---------- deploy/etherpad/ingress.yaml | 28 +++++++ deploy/etherpad/kustomization.yaml | 16 ++++ deploy/etherpad/namespace.yaml | 4 +- deploy/etherpad/pvc.yaml | 22 +++++ deploy/etherpad/secret.yaml | 64 ++++++++++++++ deploy/etherpad/service.yaml | 25 ++---- 8 files changed, 227 insertions(+), 74 deletions(-) delete mode 100644 deploy/etherpad/configmap.yaml create mode 100644 deploy/etherpad/ingress.yaml create mode 100644 deploy/etherpad/kustomization.yaml create mode 100644 deploy/etherpad/pvc.yaml create mode 100644 deploy/etherpad/secret.yaml diff --git a/deploy/etherpad/configmap.yaml b/deploy/etherpad/configmap.yaml deleted file mode 100644 index 80b91838..00000000 --- a/deploy/etherpad/configmap.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: etherpad-config - namespace: etherpad -data: - settings.json: | - { - "skinName":"no-skin", - "title":"Etherpad", - "defaultPadText" : "Welcome to Etherpad!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\n\nGet involved with Etherpad at https:\/\/etherpad.org\n", - "suppressErrorsInPadText": true - } diff --git a/deploy/etherpad/deployment.yaml b/deploy/etherpad/deployment.yaml index f99a545f..685baa80 100644 --- a/deploy/etherpad/deployment.yaml +++ b/deploy/etherpad/deployment.yaml @@ -1,59 +1,104 @@ ---- apiVersion: apps/v1 kind: Deployment metadata: - name: etherpad - namespace: etherpad - labels: - app: etherpad - annotations: - flux.weave.works/automated: "true" - flux.weave.works/tag.etherpad: semver:~1.0 - flux.weave.works/tag.etherpad-explorer: semver:~1.0 + name: etherpad-lite + namespace: opengauss-etherpad spec: + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 selector: matchLabels: - app: etherpad + app: control-etherpad + strategy: + type: Recreate template: metadata: labels: - app: etherpad + app: control-etherpad spec: containers: - - name: etherpad - image: swr.ap-southeast-1.myhuaweicloud.com/opengauss/etherpad:1.7.5 - ports: - - containerPort: 9001 - name: web - volumeMounts: - - name: "config" - mountPath: "/opt/etherpad/settings.json" - subPath: "settings.json" - - name: etherpad-explorer - image: swr.ap-southeast-1.myhuaweicloud.com/opensourceway/nginx:latest + - env: + - name: SKIN_NAME + valueFrom: + secretKeyRef: + key: skin + name: ether-secret + - name: NODE_ENV + valueFrom: + secretKeyRef: + key: env + name: ether-secret + - name: DB_TYPE + valueFrom: + secretKeyRef: + key: db_type + name: ether-secret + - name: DB_HOST + valueFrom: + secretKeyRef: + key: db_host + name: ether-secret + - name: DB_PORT + valueFrom: + secretKeyRef: + key: db_port + name: ether-secret + - name: DB_NAME + valueFrom: + secretKeyRef: + key: db_name + name: ether-secret + - name: DB_USER + valueFrom: + secretKeyRef: + key: db_user + name: ether-secret + - name: DB_CHARSET + valueFrom: + secretKeyRef: + key: db_charset + name: ether-secret + - name: PORT + valueFrom: + secretKeyRef: + key: port + name: ether-secret + - name: DB_PASS + valueFrom: + secretKeyRef: + key: db_password + name: ether-secret + - name: ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: admin_password + name: ether-secret + image: swr.cn-north-4.myhuaweicloud.com/opensourceway/common/etherpad:1.8.18 imagePullPolicy: IfNotPresent - env: - - name: NGINX_PORT - value: "80" + name: etherpad-lite ports: - - containerPort: 80 - name: http - protocol: TCP - - containerPort: 443 + - containerPort: 9001 name: https protocol: TCP + resources: + limits: + cpu: "2" + memory: 4000Mi + requests: + cpu: "1" + memory: 1000Mi + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File volumeMounts: - - mountPath: /etc/nginx/ssl - name: secret-volume - - mountPath: /etc/nginx/conf.d - name: nginx-config-vol + - mountPath: /opt/etherpad-lite/var + name: data-volume + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + terminationGracePeriodSeconds: 30 volumes: - - name: config - configMap: - name: etherpad-config - - name: nginx-config-vol - configMap: - name: webconfigmap - - name: secret-volume - secret: - secretName: websecret + - name: data-volume + persistentVolumeClaim: + claimName: ether-data-vol diff --git a/deploy/etherpad/ingress.yaml b/deploy/etherpad/ingress.yaml new file mode 100644 index 00000000..fca52335 --- /dev/null +++ b/deploy/etherpad/ingress.yaml @@ -0,0 +1,28 @@ +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/cors-allow-credentials: "false" + nginx.ingress.kubernetes.io/server-snippet: | + location ^~ /admin { + deny all; + } + location ^~ /stats { + deny all; + } + name: opengauss-ingress + namespace: opengauss-etherpad +spec: + rules: + - host: etherpad.opengauss.org + http: + paths: + - backend: + serviceName: etherpad-lite + servicePort: 80 + path: / + tls: + - hosts: + - etherpad.opengauss.org + secretName: etherpad-tls diff --git a/deploy/etherpad/kustomization.yaml b/deploy/etherpad/kustomization.yaml new file mode 100644 index 00000000..c0f5aeb0 --- /dev/null +++ b/deploy/etherpad/kustomization.yaml @@ -0,0 +1,16 @@ +resources: +- deployment.yaml +- namespace.yaml +- service.yaml +- ingress.yaml +- secret.yaml +- pvc.yaml +namespace: opengauss-etherpad +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +commonAnnotations: + kubernetes.ops.cluster: infra-hk + kubernetes.ops.email: "" + kubernetes.ops.os.base: Debian + kubernetes.ops.owner: liuyang + kubernetes.ops.region: hk \ No newline at end of file diff --git a/deploy/etherpad/namespace.yaml b/deploy/etherpad/namespace.yaml index 196fcb44..611ad5a5 100644 --- a/deploy/etherpad/namespace.yaml +++ b/deploy/etherpad/namespace.yaml @@ -2,5 +2,5 @@ apiVersion: v1 kind: Namespace metadata: labels: - name: etherpad - name: etherpad + name: opengauss-etherpad + name: opengauss-etherpad \ No newline at end of file diff --git a/deploy/etherpad/pvc.yaml b/deploy/etherpad/pvc.yaml new file mode 100644 index 00000000..85d6e6f4 --- /dev/null +++ b/deploy/etherpad/pvc.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + annotations: + everest.io/disk-volume-type: GPSSD + everest.io/enterprise-project-id: "0" + pv.kubernetes.io/bind-completed: "yes" + volume.beta.kubernetes.io/storage-provisioner: everest-csi-provisioner + labels: + failure-domain.beta.kubernetes.io/region: ap-southeast-1 + failure-domain.beta.kubernetes.io/zone: ap-southeast-1a + name: ether-data-vol + namespace: opengauss-etherpad +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 100Gi + storageClassName: csi-disk + volumeMode: Filesystem + volumeName: pv-evs-opengauss-etherpad \ No newline at end of file diff --git a/deploy/etherpad/secret.yaml b/deploy/etherpad/secret.yaml new file mode 100644 index 00000000..e5d783d5 --- /dev/null +++ b/deploy/etherpad/secret.yaml @@ -0,0 +1,64 @@ +apiVersion: secrets-manager.tuenti.io/v1alpha1 +kind: SecretDefinition +metadata: + name: ether-secret + namespace: opengauss-etherpad +spec: + keysMap: + admin_password: + key: admin_password + path: secrets/data/infra-common/opengauss-etherpad + db_password: + key: db_password + path: secrets/data/infra-common/opengauss-etherpad + user_password: + key: user_password + path: secrets/data/infra-common/opengauss-etherpad + skin: + key: skin + path: secrets/data/infra-common/opengauss-etherpad + env: + key: env + path: secrets/data/infra-common/opengauss-etherpad + db_type: + key: db_type + path: secrets/data/infra-common/opengauss-etherpad + db_host: + key: db_host + path: secrets/data/infra-common/opengauss-etherpad + db_port: + key: db_port + path: secrets/data/infra-common/opengauss-etherpad + db_name: + key: db_name + path: secrets/data/infra-common/opengauss-etherpad + db_user: + key: db_user + path: secrets/data/infra-common/opengauss-etherpad + db_charset: + key: db_charset + path: secrets/data/infra-common/opengauss-etherpad + port: + key: port + path: secrets/data/infra-common/opengauss-etherpad + name: ether-secret + +--- +apiVersion: secrets-manager.tuenti.io/v1alpha1 +kind: SecretDefinition +metadata: + name: etherpad-tls + namespace: opengauss-etherpad +spec: + keysMap: + ca.crt: + key: server.crt + path: secrets/data/opengauss/etherpad + tls.crt: + key: server.crt + path: secrets/data/opengauss/etherpad + tls.key: + key: server.key + path: secrets/data/opengauss/etherpad + name: etherpad-tls + diff --git a/deploy/etherpad/service.yaml b/deploy/etherpad/service.yaml index db0f116c..f7ee9511 100644 --- a/deploy/etherpad/service.yaml +++ b/deploy/etherpad/service.yaml @@ -1,24 +1,15 @@ apiVersion: v1 kind: Service metadata: - name: etherpad - namespace: etherpad - annotations: - kubernetes.io/elb.class: union - kubernetes.io/elb.id: dc566799-1185-43dd-a436-98bbac186495 - kubernetes.io/elb.lb-algorithm: ROUND_ROBIN + name: etherpad-lite + namespace: opengauss-etherpad spec: - externalTrafficPolicy: Cluster - loadBalancerIP: 159.138.47.196 ports: - - port: 80 - name: etherpad-http - targetPort: 80 - protocol: TCP - - port: 443 - name: etherpad-https - targetPort: 443 + - name: ether-http + port: 80 protocol: TCP + targetPort: 9001 selector: - app: etherpad - type: LoadBalancer + app: control-etherpad + sessionAffinity: None + type: ClusterIP -- Gitee