diff --git a/deploy/website/configmap.yaml b/deploy/website/configmap.yaml deleted file mode 100644 index e302355e505d2ca65e0c732551c2ea2c08179b29..0000000000000000000000000000000000000000 --- a/deploy/website/configmap.yaml +++ /dev/null @@ -1,68 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: websitesvcconfigmap - namespace: website -data: - default.conf: | - server { - listen 80 ; - - root /usr/share/nginx/html; - index index.html; - server_name localhost; - - server_tokens off; - add_header X-Frame-Options SAMEORIGIN; - - location /zh { - # First attempt to serve request as file, then - # as directory, then fall back to displaying a 404. - try_files $uri $uri/ =404; - error_page 404 /zh/404.html; - } - - location /en { - # First attempt to serve request as file, then - # as directory, then fall back to displaying a 404. - try_files $uri $uri/ =404; - error_page 404 /en/404.html; - } - - location /cla/ { - proxy_pass http://bot.opengauss.org:8888/cla; - } - - location /search/docs { - proxy_pass https://indextool.opengauss.org/docs; - } - - location /statistics/ { - proxy_pass https://www.openeuler.org/api/; - } - - location /advisoryCVE/ { - proxy_pass https://api.openeuler.org/cve-manager/; - } - - location /api-certification/ { - proxy_pass https://ccs.opengauss.org/ccs/base/; - } - - location = /gitee_back/ { - break; - return 200 $request_uri; - proxy_pass http://meeting-service.meetingserver.svc.cluster.local$request_uri; - } - - location /calendar/ { - proxy_pass http://meeting-service.meetingserver.svc.cluster.local/; - } - - location / { - # First attempt to serve request as file, then - # as directory, then fall back to displaying a 404. - try_files $uri $uri/ =404; - error_page 404 /zh; - } - } diff --git a/deploy/website/deployment.yaml b/deploy/website/deployment.yaml index 611d642267286fda92ce4b3208b5ac55b065a7bb..4637efa3df6f60c67e94108f1d08a7e49cd155bd 100644 --- a/deploy/website/deployment.yaml +++ b/deploy/website/deployment.yaml @@ -10,7 +10,7 @@ metadata: flux.weave.works/automated: "true" flux.weave.works/tag.websiteinfod: semver:~1.0 spec: - replicas: 4 + replicas: 0 strategy: rollingUpdate: maxUnavailable: 1 @@ -63,3 +63,88 @@ spec: - name: configmap-volume configMap: name: websitesvcconfigmap + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: website-v2 + namespace: website +spec: + replicas: 2 + selector: + matchLabels: + app: website-v2 + template: + metadata: + annotations: + vault.hashicorp.com/agent-inject: "true" + vault.hashicorp.com/agent-inject-perms-server.crt: "0400" + vault.hashicorp.com/agent-inject-perms-server.key: "0400" + vault.hashicorp.com/agent-inject-perms-abc.txt: "0400" + vault.hashicorp.com/agent-inject-perms-dhparam.pem: "0600" + vault.hashicorp.com/agent-run-as-user: "1000" + vault.hashicorp.com/agent-run-as-group: "1000" + vault.hashicorp.com/secret-volume-path: "/etc/nginx/cert/" + vault.hashicorp.com/agent-inject-secret-server.crt: "internal/data/opengauss/opengauss-website" + vault.hashicorp.com/agent-inject-template-server.crt: | + {{- with secret "internal/data/opengauss/opengauss-website" -}} + {{ .Data.data.ServerCrt }} + {{- end }} + vault.hashicorp.com/agent-inject-secret-server.key: "internal/data/opengauss/opengauss-website" + vault.hashicorp.com/agent-inject-template-server.key: | + {{- with secret "internal/data/opengauss/opengauss-website" -}} + {{ .Data.data.ServerKey }} + {{- end }} + vault.hashicorp.com/agent-inject-secret-abc.txt: "internal/data/opengauss/opengauss-website" + vault.hashicorp.com/agent-inject-template-abc.txt: | + {{- with secret "internal/data/opengauss/opengauss-website" -}} + {{ .Data.data.certificatePassword }} + {{- end }} + vault.hashicorp.com/agent-inject-secret-dhparam.pem: "internal/data/opengauss/opengauss-website" + vault.hashicorp.com/agent-inject-template-dhparam.pem: | + {{- with secret "internal/data/opengauss/opengauss-website" -}} + {{ .Data.data.dhparamPem }} + {{- end }} + vault.hashicorp.com/agent-pre-populate-only: "true" + vault.hashicorp.com/role: opengauss-website + labels: + app: website-v2 + spec: + imagePullSecrets: + - name: huawei-swr-image-pull-secret + serviceAccount: opengauss-website + containers: + - name: website + image: swr.cn-north-4.myhuaweicloud.com/opensourceway/opengauss/website:v1.0.20231209180239 + imagePullPolicy: IfNotPresent + env: + - name: DET_URL + value: https://opengauss.org + ports: + - containerPort: 8080 + name: http + protocol: TCP + resources: + requests: + cpu: 1000m + memory: 1000Mi + limits: + cpu: 1000m + memory: 1000Mi + readinessProbe: + tcpSocket: + port: 8080 + initialDelaySeconds: 10 + failureThreshold: 3 + successThreshold: 1 + periodSeconds: 10 + timeoutSeconds: 5 + livenessProbe: + tcpSocket: + port: 8080 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 3 + timeoutSeconds: 5 diff --git a/deploy/website/hpa.yaml b/deploy/website/hpa.yaml deleted file mode 100644 index 4544c544c54b46fd94be2d0f8168f9dda2a421c3..0000000000000000000000000000000000000000 --- a/deploy/website/hpa.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: websiteinfo - namespace: website -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: websiteinfo - minReplicas: 2 - maxReplicas: 10 - metrics: - - type: Resource - resource: - name: cpu - # scale up if usage is above - targetAverageUtilization: 80 - - type: Resource - resource: - name: memory - # scale up if usage is above - targetAverageValue: 12Gi diff --git a/deploy/website/ingress.yaml b/deploy/website/ingress.yaml index 1c6dac7e1ae43c05e90f4f1bb33c939d031c4ba7..19c7274d476ff6149e8693ab18a48d87a41ea50c 100644 --- a/deploy/website/ingress.yaml +++ b/deploy/website/ingress.yaml @@ -1,42 +1,3 @@ -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - annotations: - kubernetes.io/ingress.class: nginx - cert-manager.io/cluster-issuer: letsencrypt-prod - nginx.ingress.kubernetes.io/configuration-snippet: | - add_header Content-Security-Policy "script-src 'self' *.baidu.com ers.baidu.com 'unsafe-inline'; object-src 'none'; frame-src https://vhall.huawei.com"; - add_header X-XSS-Protection "1; mode=block"; - add_header X-Frame-Options "DENY"; - add_header Cache-Control "no-cache"; - add_header Pragma "no-cache"; - add_header X-Content-Type-Options "nosniff"; - nginx.ingress.kubernetes.io/server-snippet: | - rewrite ^/zh/docs/(.*) https://docs.opengauss.org/zh/docs/$1 redirect; - rewrite ^/zh/blogs/blogs.html /zh/blogs/ redirect; - rewrite ^/zh/video.html$ /zh/video/ redirect; - rewrite ^/zh/security-advisories.html$ /zh/security-advisories/ redirect; - rewrite ^/zh/cve.html$ /zh/cve/ redirect; - rewrite ^/zh/summit.html /zh/summit/summit2022/ permanent; - rewrite ^/zh/summit2021.html /zh/summit/summit2021/ permanent; - rewrite ^/zh/summit/$ /zh/summit/summit2022/ permanent; - rewrite ^/zh/privacyPolicy.html$ /zh/privacyPolicy/ permanent; - name: opengauss-website-ingress - namespace: website -spec: - tls: - - hosts: - - opengauss.org - secretName: website-opengauss-org-tls - rules: - - host: opengauss.org - http: - paths: - - backend: - serviceName: websiteservice - servicePort: 80 - path: / - --- apiVersion: extensions/v1beta1 kind: Ingress diff --git a/deploy/website/kustomization.yaml b/deploy/website/kustomization.yaml index 0618d733fe746f1ded7487188d9a062383eaa48e..6ca0af9c9e8fce4ff0265c4b5a9cddbcf3519f36 100644 --- a/deploy/website/kustomization.yaml +++ b/deploy/website/kustomization.yaml @@ -2,11 +2,12 @@ resources: - namespace.yaml - deployment.yaml - service.yaml -- configmap.yaml - ingress.yaml +- secret.yaml +- sa.yaml apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: website images: - name: swr.cn-north-4.myhuaweicloud.com/opensourceway/opengauss/website - newTag: v1.0.20231208201721 + newTag: v1.0.20231209180239 diff --git a/deploy/website/sa.yaml b/deploy/website/sa.yaml new file mode 100644 index 0000000000000000000000000000000000000000..a4f0f741193fca13c58d1b9627739ce38d4c4586 --- /dev/null +++ b/deploy/website/sa.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: opengauss-website + namespace: website \ No newline at end of file diff --git a/deploy/website/service.yaml b/deploy/website/service.yaml index eaf8e4ef9013973faf279adfb236169891658ac1..4b9c8f2c34d7476b83f3852f88b53772923b0e22 100644 --- a/deploy/website/service.yaml +++ b/deploy/website/service.yaml @@ -13,3 +13,24 @@ spec: selector: app: websiteinfo type: ClusterIP + +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + kubernetes.io/elb.class: union + kubernetes.io/elb.id: 64b9c7c0-e2ba-44e9-9e21-09afb282f6c2 + kubernetes.io/elb.lb-algorithm: ROUND_ROBIN + name: opengauss-website-service-loadbalencer + namespace: website +spec: + externalTrafficPolicy: Cluster + ports: + - name: httpport + port: 8080 + protocol: TCP + targetPort: 8080 + selector: + app: website-v2 + type: LoadBalancer \ No newline at end of file