diff --git a/README.md b/README.md index 457a1ef..fde1efa 100644 --- a/README.md +++ b/README.md @@ -90,12 +90,19 @@ The recommended way for deploy is on Kubernetes. You can find the related files in `k8s` directory. +Before deploy create a `secret.yaml` file in `k8s/app`, with base 64 encoded +secrets. A sample file named `sample-secret.yaml` has been committed listing all +the required variables. Change the secrets preset in the file before using it. + - One time deploy ```sh # Deploy ingress kubectl apply -f k8s/ingress/ingress-https.yaml +# Deploy secrets +kubectl apply -f k8s/app/secret.yaml + # Deploy Postgres and Redis DB kubectl apply -f k8s/app/redis.yaml kubectl apply -f k8s/app/postgres.yaml @@ -109,7 +116,7 @@ kubectl apply -f k8s/app/rqscheduler.yaml kubectl apply -f k8s/app/frontend.yaml ``` -- Subsequent deploys can be done by rolloing out a restart since all pods have a `imagePullPolicy` set to Always +- Subsequent deploys can be done by rolloing out a restart since all pods have a `imagePullPolicy` set to `Always` ```sh # Push containers to Docker Hub and Deploy to K8s diff --git a/k8s/app/.gitignore b/k8s/app/.gitignore new file mode 100644 index 0000000..4a424df --- /dev/null +++ b/k8s/app/.gitignore @@ -0,0 +1 @@ +secret.yaml diff --git a/k8s/app/backend.yaml b/k8s/app/backend.yaml index 2818a47..5960316 100644 --- a/k8s/app/backend.yaml +++ b/k8s/app/backend.yaml @@ -22,39 +22,9 @@ spec: containers: - name: bullish-backend image: codingcoffee/bullish-backend - env: - - name: POSTGRES_USER - value: bullish - - name: POSTGRES_PASSWORD - value: password - - name: POSTGRES_DB - value: bullish - - name: PGDATA - value: /var/lib/postgresql/data/pgdata - - name: SECRET_KEY - value: sample - - name: ALLOWED_HOSTS - value: api.bullish.codingcoffee.me - - name: CORS_ALLOWED_ORIGINS - value: https://bullish.codingcoffee.me - - name: REDIS_HOST - value: bullish-redis - - name: REDIS_PORT - value: "6379" - - name: REDIS_CACHE_DB - value: "1" - - name: REDIS_QUEUE_DB - value: "0" - - name: POSTGRES_SERVER - value: bullish-database - - name: POSTGRES_USER - value: bullish - - name: POSTGRES_PASSWORD - value: password - - name: POSTGRES_DB - value: bullish - - name: POSTGRES_PORT - value: "5432" + envFrom: + - secretRef: + name: bullish-secret --- diff --git a/k8s/app/postgres.yaml b/k8s/app/postgres.yaml index d593152..fbab0c2 100644 --- a/k8s/app/postgres.yaml +++ b/k8s/app/postgres.yaml @@ -28,15 +28,9 @@ spec: containers: - name: postgres image: postgres:13.1-alpine - env: - - name: POSTGRES_USER - value: bullish - - name: POSTGRES_PASSWORD - value: password - - name: POSTGRES_DB - value: bullish - - name: PGDATA - value: /var/lib/postgresql/data/pgdata + envFrom: + - secretRef: + name: bullish-secret volumeMounts: - name: postgres-data mountPath: /var/lib/postgresql/data/pgdata diff --git a/k8s/app/rqscheduler.yaml b/k8s/app/rqscheduler.yaml index 8b5bdcd..c03a34a 100644 --- a/k8s/app/rqscheduler.yaml +++ b/k8s/app/rqscheduler.yaml @@ -26,38 +26,8 @@ spec: - "/bin/sh" - "-c" - "python manage.py rqscheduler" - env: - - name: POSTGRES_USER - value: bullish - - name: POSTGRES_PASSWORD - value: password - - name: POSTGRES_DB - value: bullish - - name: PGDATA - value: /var/lib/postgresql/data/pgdata - - name: SECRET_KEY - value: sample - - name: ALLOWED_HOSTS - value: api.bullish.codingcoffee.me - - name: CORS_ALLOWED_ORIGINS - value: https://bullish.codingcoffee.me - - name: REDIS_HOST - value: bullish-redis - - name: REDIS_PORT - value: "6379" - - name: REDIS_CACHE_DB - value: "1" - - name: REDIS_QUEUE_DB - value: "0" - - name: POSTGRES_SERVER - value: bullish-database - - name: POSTGRES_USER - value: bullish - - name: POSTGRES_PASSWORD - value: password - - name: POSTGRES_DB - value: bullish - - name: POSTGRES_PORT - value: "5432" + envFrom: + - secretRef: + name: bullish-secret ... diff --git a/k8s/app/rqworker.yaml b/k8s/app/rqworker.yaml index d4f329f..ada730b 100644 --- a/k8s/app/rqworker.yaml +++ b/k8s/app/rqworker.yaml @@ -26,38 +26,8 @@ spec: - "/bin/sh" - "-c" - "python manage.py rqworker default" - env: - - name: POSTGRES_USER - value: bullish - - name: POSTGRES_PASSWORD - value: password - - name: POSTGRES_DB - value: bullish - - name: PGDATA - value: /var/lib/postgresql/data/pgdata - - name: SECRET_KEY - value: sample - - name: ALLOWED_HOSTS - value: api.bullish.codingcoffee.me - - name: CORS_ALLOWED_ORIGINS - value: https://bullish.codingcoffee.me - - name: REDIS_HOST - value: bullish-redis - - name: REDIS_PORT - value: "6379" - - name: REDIS_CACHE_DB - value: "1" - - name: REDIS_QUEUE_DB - value: "0" - - name: POSTGRES_SERVER - value: bullish-database - - name: POSTGRES_USER - value: bullish - - name: POSTGRES_PASSWORD - value: password - - name: POSTGRES_DB - value: bullish - - name: POSTGRES_PORT - value: "5432" + envFrom: + - secretRef: + name: bullish-secret ... diff --git a/k8s/app/sample-secret.yaml b/k8s/app/sample-secret.yaml new file mode 100644 index 0000000..0e1f48a --- /dev/null +++ b/k8s/app/sample-secret.yaml @@ -0,0 +1,24 @@ +--- + +apiVersion: v1 +kind: Secret +metadata: + name: bullish-secret +type: Opaque +data: + # You can include additional key value pairs as you do with Opaque Secrets + POSTGRES_USER: YnVsbGlzaA== + POSTGRES_PASSWORD: cGFzc3dvcmQ= + POSTGRES_DB: YnVsbGlzaA== + PGDATA: L3Zhci9saWIvcG9zdGdyZXNxbC9kYXRhL3BnZGF0YQ== + SECRET_KEY: c2FtcGxl + ALLOWED_HOSTS: YXBpLmJ1bGxpc2guY29kaW5nY29mZmVlLm1l + CORS_ALLOWED_ORIGINS: aHR0cHM6Ly9idWxsaXNoLmNvZGluZ2NvZmZlZS5tZQ== + REDIS_HOST: YnVsbGlzaC1yZWRpcw== + REDIS_PORT: NjM3OQ== + REDIS_CACHE_DB: MQ== + REDIS_QUEUE_DB: MA== + POSTGRES_SERVER: YnVsbGlzaC1kYXRhYmFzZQ== + POSTGRES_PORT: NTQzMg== + +...