Переименовано

README.md

@@ -0,0 +1,33 @@
+# Установка
+
+## Установка первой ноды
+```
+curl -sfL https://get.k3s.io | sh -s - --cluster-init --tls-san 10.90.90.99
+```
+
+## Добавление серверной ноды
+```
+curl -sfL https://get.k3s.io | K3S_TOKEN=<token> K3S_URL=https://10.90.90.99:6443 sh -s - server --server https://10.90.90.99:6443
+```
+
+## Добавление агента
+```
+curl -sfL https://get.k3s.io | K3S_TOKEN=<token> K3S_URL=https://10.90.90.99:6443 sh -s - agent --server https://10.90.90.99:6443
+```
+
+# Секреты
+
+## JWT secrets
+```
+kubectl create secret generic jwt-secrets \
+    --from-literal=JWT_ISSUER="liquid" \
+    --from-literal=JWT_AUDIENCE="audience"\
+    --from-literal=JWT_SINGING_KEY="supersecretkey_supersecretkey_supersecretkey_supersecretkey"
+```
+
+## S3 secrets
+```
+kubectl create secret generic s3-credentials \
+    --from-literal=ACCESS_KEY_ID="accesskey" \
+    --from-literal=ACCESS_SECRET_KEY="secretkey"
+```

cnpg-liquid/Chart.yaml

@@ -15,10 +15,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
+version: 1.0.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "1.16.0"
+appVersion: "1.0.0"

cnpg-liquid/templates/cnpg-cluster.yaml

@@ -20,10 +20,10 @@ spec:
         s3Credentials:
           accessKeyId:
             name: {{ .Values.s3.secretName | quote}}
-            key: {{ .Values.s3.accessKeyKey | quote }}
+            key: {{ .Values.s3.accessKeyRef | quote }}
           secretAccessKey:
             name: {{ .Values.s3.secretName | quote}}
-            key: {{ .Values.s3.secretKeyKey | quote }}
+            key: {{ .Values.s3.secretKeyRef | quote }}
         wal:
           maxParallel: 8
 
@@ -44,10 +44,10 @@ spec:
       s3Credentials:
         accessKeyId:
           name: {{ .Values.s3.secretName | quote}}
-          key: {{ .Values.s3.accessKeyKey | quote }}
+          key: {{ .Values.s3.accessKeyRef | quote }}
         secretAccessKey:
           name: {{ .Values.s3.secretName | quote}}
-          key: {{ .Values.s3.secretKeyKey | quote }}
+          key: {{ .Values.s3.secretKeyRef | quote }}
       wal:
         compression: bzip2
         maxParallel: 8

cnpg-liquid/values.yaml

@@ -1,15 +1,15 @@
 s3:
   endpointUrl: https://storage.yandexcloud.net
   secretName: s3-credentials
-  accessKeyKey: ACCESS_KEY_ID
+  accessKeyRef: ACCESS_KEY_ID
-  secretKeyKey: ACCESS_SECRET_KEY
+  secretKeyRef: ACCESS_SECRET_KEY
 cnpg:
   clusterName: liquid-db
   backup:
     enable: true
     schedule: "0 0 0 * * *"
-    destinationPath: "s3://liquid-code/backup-hexcore"
+    destinationPath: "s3://liquid-code/backup"
   recovery:
-    enable: true
+    enable: false
     oldClusterName: liquid-db
     sourcePath: "s3://liquid-code/backup"

help.txt

@@ -1,12 +0,0 @@
-# For pull private dockerhub
-```
-kubectl create secret docker-registry regcred --docker-server=<registry> --docker-username=<your-name> --docker-password=<your-pword> --docker-email=<your-email>
-```
-
-# For jwt secrets
-```
-kubectl create secret generic jwt-secrets \
-    --from-literal=JWT_ISSUER="liquid" \
-    --from-literal=JWT_AUDIENCE="audience"\
-    --from-literal=JWT_SINGING_KEY="supersecretkey_supersecretkey_supersecretkey_supersecretkey"
-```

liquid-code-chart/templates/certificate-issuer.yaml

@@ -1,21 +0,0 @@
-apiVersion: cert-manager.io/v1
-kind: Issuer
-metadata:
-  name: {{ .Release.Name }}-certificate-issuer
-spec:
-  acme:
-    {{ if .Values.staging }}
-    server: https://acme-staging-v02.api.letsencrypt.org/directory
-    {{ else }}
-    server: https://acme-v02.api.letsencrypt.org/directory
-    {{ end }}
-    # Email address used for ACME registration
-    email: mr.pytkov@gmail.com
-    # Name of a secret used to store the ACME account private key
-    privateKeySecretRef:
-      name: {{ .Release.Name }}-acme-private-key
-    # Enable the HTTP-01 challenge provider
-    solvers:
-      - http01:
-          ingress:
-            ingressClassName: traefik

liquid-code/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v2
-name: liquid-code-chart
+name: liquid-code
 description: A Helm chart for Kubernetes
 
 # A chart can be either an 'application' or a 'library' chart.
@@ -15,10 +15,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.2
+version: 1.0.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "1.16.6"
+appVersion: "1.0.0"

liquid-code/templates/Deployments/backend-deployment.yaml

@@ -16,7 +16,7 @@ spec:
     spec:
       containers:
         - name: {{ .Release.Name }}-backend
-          image: ghcr.io/nullptroma/liquid-backend:latest
+          image: git.nullptr.top/liquidcode/liquidcode:latest
           imagePullPolicy: Always
           ports:
             - containerPort: 8080
@@ -25,18 +25,16 @@ spec:
               value: {{ required "s3 endpoint!" .Values.s3.endpointUrl | quote }}
             - name: S3_PRIVATE_BUCKET
               value: {{ required "privateBucket!" .Values.s3.privateBucket | quote }}
-            - name: S3_PUBLIC_BUCKET
-              value: {{ required "publicBucket!" .Values.s3.publicBucket | quote }}
             - name: S3_ACCESS_KEY
               valueFrom:
                 secretKeyRef:
                   name: {{ required "secretname!" .Values.s3.secretName | quote }}
-                  key: {{ required "acces-key-key!" .Values.s3.accessKeyKey | quote }}
+                  key: {{ required "acces-key-ref!" .Values.s3.accessKeyRef | quote }}
             - name: S3_SECRET_KEY
               valueFrom:
                 secretKeyRef:
                   name: {{ .Values.s3.secretName | quote }}
-                  key: {{ required "secret-key-key!" .Values.s3.secretKeyKey | quote }}
+                  key: {{ required "secret-key-ref!" .Values.s3.secretKeyRef | quote }}
             - name: TESTING_MODULE_URL
               value: http://{{ .Release.Name }}-queue-service:8080/
             - name: PG_URI
@@ -47,6 +45,3 @@ spec:
           envFrom:
             - secretRef:
                 name: {{ required "" .Values.jwt.secretName }}
-
-      imagePullSecrets:
-        - name: github-registry

liquid-code/templates/Deployments/frontend-deployment.yaml

@@ -1,3 +1,4 @@
+{{ if .Values.frontend.enable }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -20,6 +21,4 @@ spec:
         imagePullPolicy: Always
         ports:
           - containerPort: 8000
-
+{{ end }}
-      imagePullSecrets:
-        - name: github-registry

liquid-code/templates/Deployments/queue-deployment.yaml

@@ -1,3 +1,4 @@
+{{ if .Values.queue.enable }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -22,6 +23,4 @@ spec:
             - containerPort: 8080
           securityContext:
             privileged: true
-
+{{ end }}
-      imagePullSecrets:
-        - name: github-registry

liquid-code/templates/Services/frontend-service.yaml

@@ -1,3 +1,4 @@
+{{ if .Values.frontend.enable }}
 apiVersion: v1
 kind: Service
 metadata:
@@ -9,3 +10,5 @@ spec:
   - protocol: TCP
     port: 80
     targetPort: 8000
+
+{{ end }}

liquid-code/templates/Services/queue-service.yaml

@@ -1,3 +1,4 @@
+{{ if .Values.queue.enable }}
 apiVersion: v1
 kind: Service
 metadata:
@@ -9,3 +10,4 @@ spec:
   - protocol: TCP
     port: 8080
     targetPort: 8080
+{{ end }}

liquid-code/templates/default-ingress.yaml

@@ -5,11 +5,6 @@ metadata:
   annotations:
     cert-manager.io/issuer: "{{ .Release.Name }}-certificate-issuer"
 spec:
-  tls:
-    - hosts:
-        - liquidcode.ru
-        - api.liquidcode.ru
-      secretName: {{ .Release.Name }}-tls-secret
   rules:
     - host: api.liquidcode.ru
       http:

liquid-code/templates/pre-install-drob.yaml

@@ -24,7 +24,7 @@ spec:
       restartPolicy: Never
       containers:
         - name: {{ .Release.Name }}-backend
-          image: ghcr.io/nullptroma/liquid-backend:latest
+          image: git.nullptr.top/liquidcode/liquidcode:latest
           imagePullPolicy: Always
           ports:
             - containerPort: 8080
@@ -36,6 +36,4 @@ spec:
                   key: uri
             - name: DROP_DATABASE
               value: "1"
-      imagePullSecrets:
-        - name: github-registry
 {{ end }}

liquid-code/templates/pre-install-migration.yaml

@@ -23,7 +23,7 @@ spec:
       restartPolicy: Never
       containers:
         - name: {{ .Release.Name }}-backend
-          image: ghcr.io/nullptroma/liquid-backend:latest
+          image: git.nullptr.top/liquidcode/liquidcode:latest
           imagePullPolicy: Always
           ports:
             - containerPort: 8080
@@ -35,6 +35,4 @@ spec:
                   key: uri
             - name: MIGRATE_ONLY
               value: "1"
-      imagePullSecrets:
-        - name: github-registry
 {{ end }}

liquid-code/values.yaml

@@ -1,15 +1,16 @@
 s3:
   endpointUrl: https://storage.yandexcloud.net
   secretName: s3-credentials
-  accessKeyKey: ACCESS_KEY_ID
+  accessKeyRef: ACCESS_KEY_ID
-  secretKeyKey: ACCESS_SECRET_KEY
+  secretKeyRef: ACCESS_SECRET_KEY
   privateBucket: liquid-code
-  publicBucket: liquid-code-public
 jwt:
   secretName: jwt-secrets
 database:
   secretName: liquid-db-app
   migrateDb: true
-  dropDb: false
+  dropDb: true
-staging: false
+frontend:
-imagePullSecret: github-registry
+  enable: false
+queue:
+  enable: false

scripts/client/setup-certmanager.sh

@@ -1,3 +0,0 @@
-#!/bin/bash
-
-kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.14.5/cert-manager.yaml

scripts/client/setup_cnpg.sh

@@ -1,4 +0,0 @@
-#!/bin/bash
-
-kubectl apply --server-side -f \
-  https://raw.githubusercontent.com/cloudnative-pg/cloudnative-pg/release-1.22/releases/cnpg-1.22.1.yaml

scripts/server/install.sh

@@ -1,2 +0,0 @@
-#!/bin/bash
-curl -sfL https://get.k3s.io | sh -s -

traefik-config.yaml

@@ -1,10 +0,0 @@
-apiVersion: helm.cattle.io/v1
-kind: HelmChartConfig
-metadata:
-  name: traefik-close-secure-port-config
-  namespace: kube-system
-spec:
-  valuesContent: |-
-    ports:
-      websecure:
-        expose: false