diff options
| author | Eric B <111573122+techtrd@users.noreply.github.com> | 2025-01-19 20:13:32 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-01-19 19:13:32 +0000 |
| commit | 8a07b62de32da9680a100cb70e8004c3e67d2ebe (patch) | |
| tree | 4001e5e5a9924a251709c5c206d75a3c7cfc5a86 /kubernetes | |
| parent | cddaefd9420507318d71f56355ff5a6648dcd951 (diff) | |
| download | karakeep-8a07b62de32da9680a100cb70e8004c3e67d2ebe.tar.zst | |
docs: Various Kubernetes deployment improvements (#862)
* changed the secrets from configmap to secret object, create ingress instead of loadbalancer.
Implemented the generation of a secret from the .env file and then put as environment variables into the deployments.
Nextauth_URL is now set in the kustomization file and is then generated into a configmap and put as an env into the deployments.
Opionated change: the web service is now a clusterIP Service and an ingress object is included.
* changed the tls secret name in kustomize to a more example name
* fixed image name in kustomization so the version tag gets replaced properly
* tags are without v, otherwise we get an imagepullerror
* removed unneccessary parts of the .env.sample
* split env and secrets, added documentation, created sample ingress.
changed the default from ingress back to Loadbalancer.
Added Documentation on how to change to ingress and add TLS Support.
split env to secret and env file which have to be configured before deploying.
Diffstat (limited to 'kubernetes')
| -rw-r--r-- | kubernetes/.env_sample | 7 | ||||
| -rw-r--r-- | kubernetes/.secrets_sample | 4 | ||||
| -rw-r--r-- | kubernetes/ingress_sample.yaml | 17 | ||||
| -rw-r--r-- | kubernetes/kustomization.yaml | 15 | ||||
| -rw-r--r-- | kubernetes/meilisearch-deployment.yaml | 4 | ||||
| -rw-r--r-- | kubernetes/web-deployment.yaml | 7 |
6 files changed, 41 insertions, 13 deletions
diff --git a/kubernetes/.env_sample b/kubernetes/.env_sample index c34a7ba9..cab8fc95 100644 --- a/kubernetes/.env_sample +++ b/kubernetes/.env_sample @@ -1,6 +1,3 @@ -HOARDER_VERSION=release -# Use `openssl rand -base64 36` to generate the random strings -NEXTAUTH_SECRET=generated_secret -MEILI_MASTER_KEY=generated_secret +# Put your configuration options here NEXTAUTH_URL=http://localhost:3000 -NEXT_PUBLIC_SECRET="my-super-duper-secret-string" +HOARDER_VERSION=release
\ No newline at end of file diff --git a/kubernetes/.secrets_sample b/kubernetes/.secrets_sample new file mode 100644 index 00000000..f2421cd6 --- /dev/null +++ b/kubernetes/.secrets_sample @@ -0,0 +1,4 @@ +# Use `openssl rand -base64 36` to generate the random strings +NEXTAUTH_SECRET=generated_secret +MEILI_MASTER_KEY=generated_secret +NEXT_PUBLIC_SECRET="my-super-duper-secret-string" diff --git a/kubernetes/ingress_sample.yaml b/kubernetes/ingress_sample.yaml new file mode 100644 index 00000000..534dcb8c --- /dev/null +++ b/kubernetes/ingress_sample.yaml @@ -0,0 +1,17 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: hoarder-web-ingress + namespace: hoarder +spec: + rules: + - host: "hoarder.example.com" + http: + paths: + - path: "/" + pathType: Prefix + backend: + service: + name: "web" + port: + number: 3000 diff --git a/kubernetes/kustomization.yaml b/kubernetes/kustomization.yaml index ca8c85ab..d066d22c 100644 --- a/kubernetes/kustomization.yaml +++ b/kubernetes/kustomization.yaml @@ -3,10 +3,15 @@ kind: Kustomization namespace: hoarder -configMapGenerator: +secretGenerator: - envs: - - .env - name: hoarder-env + - .secrets + name: hoarder-secrets + +configMapGenerator: + - envs: + - .env + name: hoarder-configuration resources: - namespace.yaml @@ -23,7 +28,7 @@ replacements: - source: fieldPath: data.HOARDER_VERSION kind: ConfigMap - name: hoarder-env + name: hoarder-configuration version: v1 targets: - fieldPaths: @@ -35,4 +40,4 @@ replacements: group: apps kind: Deployment name: web - version: v1 + version: v1
\ No newline at end of file diff --git a/kubernetes/meilisearch-deployment.yaml b/kubernetes/meilisearch-deployment.yaml index d91c7d96..31979bbf 100644 --- a/kubernetes/meilisearch-deployment.yaml +++ b/kubernetes/meilisearch-deployment.yaml @@ -22,8 +22,10 @@ spec: - mountPath: /meili_data name: meilisearch envFrom: + - secretRef: + name: hoarder-secrets - configMapRef: - name: hoarder-env + name: hoarder-configuration volumes: - name: meilisearch persistentVolumeClaim: diff --git a/kubernetes/web-deployment.yaml b/kubernetes/web-deployment.yaml index c2a5031d..25bd8be4 100644 --- a/kubernetes/web-deployment.yaml +++ b/kubernetes/web-deployment.yaml @@ -14,7 +14,8 @@ spec: spec: containers: - name: web - image: ghcr.io/hoarder-app/hoarder:HOARDER_VERSION_PLACEHOLDER + image: ghcr.io/hoarder-app/hoarder + imagePullPolicy: Always ports: - containerPort: 3000 env: @@ -29,8 +30,10 @@ spec: - mountPath: /data name: data envFrom: + - secretRef: + name: hoarder-secrets - configMapRef: - name: hoarder-env + name: hoarder-configuration volumes: - name: data persistentVolumeClaim: |