From 38d4c3fcea27f1ae825dfbd6c08652dfb646925c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Du=C5=A1an=20Borov=C4=8Danin?= Date: Mon, 30 Apr 2018 13:32:38 +0200 Subject: [PATCH] MF-136 - Setup staging and test environments (#226) --- k8s/README.md | 107 +++++++++++++ k8s/mainflux/1-mainflux-manager.yml | 44 ++++++ k8s/mainflux/2-mainflux-http.yml | 42 +++++ k8s/mainflux/5-mainflux-normalizer.yml | 37 +++++ k8s/mainflux/6-mainflux-dashflux.yml | 33 ++++ k8s/nats/nats.conf | 27 ++++ k8s/nats/nats.yml | 71 +++++++++ k8s/nginx/certs/mainflux-server.crt | 30 ++++ k8s/nginx/certs/mainflux-server.key | 27 ++++ k8s/nginx/default.conf | 148 ++++++++++++++++++ k8s/nginx/mainflux-nginx.yml | 48 ++++++ .../1-mainflux-postgres-persistence.yml | 14 ++ k8s/postgres/2-mainflux-postgres-claim.yml | 10 ++ k8s/postgres/3-mainflux-postgres-pod.yml | 28 ++++ k8s/postgres/4-mainflux-postgres-service.yml | 11 ++ 15 files changed, 677 insertions(+) create mode 100644 k8s/README.md create mode 100644 k8s/mainflux/1-mainflux-manager.yml create mode 100644 k8s/mainflux/2-mainflux-http.yml create mode 100644 k8s/mainflux/5-mainflux-normalizer.yml create mode 100644 k8s/mainflux/6-mainflux-dashflux.yml create mode 100644 k8s/nats/nats.conf create mode 100644 k8s/nats/nats.yml create mode 100644 k8s/nginx/certs/mainflux-server.crt create mode 100644 k8s/nginx/certs/mainflux-server.key create mode 100644 k8s/nginx/default.conf create mode 100644 k8s/nginx/mainflux-nginx.yml create mode 100644 k8s/postgres/1-mainflux-postgres-persistence.yml create mode 100644 k8s/postgres/2-mainflux-postgres-claim.yml create mode 100644 k8s/postgres/3-mainflux-postgres-pod.yml create mode 100644 k8s/postgres/4-mainflux-postgres-service.yml diff --git a/k8s/README.md b/k8s/README.md new file mode 100644 index 00000000..ced928cf --- /dev/null +++ b/k8s/README.md @@ -0,0 +1,107 @@ +# Deploy Mainflux on Kubernetes - WIP +Scripts to deploy Mainflux on Kubernetes (https://kubernetes.io). Work in progress. Not ready for deployment. + +## Steps + +### 1. Setup PosgreSQL + +- Create Persistent Volume for PosgreSQL to store data to. + +```bash +kubectl create -f 1-mainflux-postgres-persistence.yml +``` + +- Claim Persistent Volume + +```bash +kubectl create -f 2-mainflux-postgres-claim.yml +``` + +- Create PosgreSQL Pod + +```bash +kubectl create -f 3-mainflux-postgres-pod.yml +``` + +- Create PosgreSQL Service + +```bash +kubectl create -f 4-mainflux-postgres-service.yml +``` + +### 2. Setup NATS + +- Change `nats.conf` according to your needs. + +Create a Kubernetes configmap to store it: + +```bash +kubectl create configmap nats-config --from-file nats.conf +``` + +- Deploy NATS: + +```bash +kubectl create -f nats.yml +``` + +### 3. Setup Mainflux Services + +- Create Manager Service + +```bash +kubectl create -f 1-mainflux-manager.yml +``` + +- Create HTTP Service + +```bash +kubectl create -f 2-mainflux-http.yml + +``` + +- Create CoAP Service + +```bash +kubectl create -f 4-mainflux-coap.yml +``` + +- Create Normalizer Service + +```bash +kubectl create -f 5-mainflux-normalizer.yml +``` + +### 4. Setup Dashflux Services + +- Create Dashflux Deployment and Service + +```bash +kubectl create -f mainflux-dashflux.yaml +``` + +### 5. Setup NginX Reverse Proxy for Mainflux Services + +- Create TLS server side certificate and keys + +```bash +cd certs +kubectl create secret tls mainflux-secret --key mainflux-server.key --cert mainflux-server.crt +``` + +- Create Config Map based on the default.conf file. + +```bash +cd .. +kubectl create configmap mainflux-nginx-config --from-file=default.conf +``` + +- Create Deployment and Service from mainflux-dashflux.yaml file. + +```bash +kubectl create -f mainflux-nginx.yaml +``` + +### 6. Configure Internet Access + +Configure NAT on your Firewall to forward ports 80 (HTTP) and 443 (HTTPS) to mainflux-nginx service diff --git a/k8s/mainflux/1-mainflux-manager.yml b/k8s/mainflux/1-mainflux-manager.yml new file mode 100644 index 00000000..87fc6a5b --- /dev/null +++ b/k8s/mainflux/1-mainflux-manager.yml @@ -0,0 +1,44 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: manager +spec: + replicas: 3 + selector: + matchLabels: + app: manager + template: + metadata: + labels: + app: manager + spec: + containers: + - name: manager + image: mainflux/manager:latest + ports: + - containerPort: 8180 + env: + - name: MF_DB_HOST + value: "mainflux-postgres" + - name: MF_MANAGER_DB + value: "mainflux" + - name: MF_MANAGER_PORT + value: "8180" + - name: MF_MANAGER_SECRET + value: "test-secret" +--- +apiVersion: v1 +kind: Service +metadata: + name: manager + labels: + app: manager +spec: + ports: + - port: 8180 + targetPort: 8180 + protocol: TCP + name: http + selector: + app: manager + type: LoadBalancer diff --git a/k8s/mainflux/2-mainflux-http.yml b/k8s/mainflux/2-mainflux-http.yml new file mode 100644 index 00000000..7a7328e9 --- /dev/null +++ b/k8s/mainflux/2-mainflux-http.yml @@ -0,0 +1,42 @@ +apiVersion: apps/v1beta1 +kind: Deployment +metadata: + name: http-adapter + labels: + component: http-adapter +spec: + serviceName: http-adapter + replicas: 3 + template: + metadata: + labels: + component: http-adapter + spec: + containers: + - name: mainflux-http + image: mainflux/http:latest + imagePullPolicy: Always + ports: + - containerPort: 8182 + env: + - name: MF_MANAGER_URL + value: "http://manager:8180" + - name: MF_NATS_URL + value: "nats://nats:4222" + - name: MF_HTTP_ADAPTER_PORT + value: "8182" +--- +apiVersion: v1 +kind: Service +metadata: + name: http-adapter + labels: + component: http-adapter +spec: + selector: + component: http-adapter + ports: + - port: 8182 + targetPort: 8182 + type: LoadBalancer + diff --git a/k8s/mainflux/5-mainflux-normalizer.yml b/k8s/mainflux/5-mainflux-normalizer.yml new file mode 100644 index 00000000..26cafdf8 --- /dev/null +++ b/k8s/mainflux/5-mainflux-normalizer.yml @@ -0,0 +1,37 @@ +apiVersion: apps/v1beta1 +kind: Deployment +metadata: + name: normalizer + labels: + component: normalizer +spec: + serviceName: normalizer + replicas: 3 + template: + metadata: + labels: + component: normalizer + spec: + containers: + - name: mainflux-normalizer + image: mainflux/normalizer:latest + imagePullPolicy: Always + env: + - name: MF_NATS_URL + value: "nats://nats:4222" + - name: MF_NORMALIZER_PORT + value: "8181" +--- +apiVersion: v1 +kind: Service +metadata: + name: normalizer + labels: + component: normalizer +spec: + selector: + component: normalizer + ports: + - port: 8181 + targetPort: 8181 + clusterIP: None diff --git a/k8s/mainflux/6-mainflux-dashflux.yml b/k8s/mainflux/6-mainflux-dashflux.yml new file mode 100644 index 00000000..1739f2b2 --- /dev/null +++ b/k8s/mainflux/6-mainflux-dashflux.yml @@ -0,0 +1,33 @@ +apiVersion: apps/v1beta1 +kind: Deployment +metadata: + name: dashflux + labels: + component: dashflux +spec: + replicas: 1 + template: + metadata: + labels: + component: dashflux + spec: + containers: + - name: dashflux + image: mainflux/dashflux:latest + imagePullPolicy: Always + ports: + - containerPort: 80 +--- +apiVersion: v1 +kind: Service +metadata: + name: dashflux + labels: + component: dashflux +spec: + selector: + component: dashflux + ports: + - port: 80 + targetPort: 80 + type: LoadBalancer \ No newline at end of file diff --git a/k8s/nats/nats.conf b/k8s/nats/nats.conf new file mode 100644 index 00000000..77ac4248 --- /dev/null +++ b/k8s/nats/nats.conf @@ -0,0 +1,27 @@ +listen: 0.0.0.0:4222 +http: 0.0.0.0:8222 + +# Cluster definition +cluster { + listen: 0.0.0.0:6222 +} + +# logging options +debug: false +trace: true +logtime: true + +# Some system overides + +# max_connections +#max_connections: 100 + +# maximum protocol control line +#max_control_line: 512 + +# maximum payload +max_payload: 65536 + +# Duration the server can block on a socket write to a client. Exceeding the +# deadline will designate a client as a slow consumer. +write_deadline: "2s" diff --git a/k8s/nats/nats.yml b/k8s/nats/nats.yml new file mode 100644 index 00000000..aa035897 --- /dev/null +++ b/k8s/nats/nats.yml @@ -0,0 +1,71 @@ +apiVersion: v1 +kind: Service +metadata: + name: nats + labels: + component: nats +spec: + selector: + component: nats + clusterIP: None + ports: + - name: client + port: 4222 + - name: cluster + port: 6222 + - name: monitor + port: 8222 +--- +apiVersion: apps/v1beta1 +kind: StatefulSet +metadata: + name: nats + labels: + component: nats +spec: + serviceName: nats + replicas: 5 + template: + metadata: + labels: + component: nats + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: component + operator: In + values: + - nats + topologyKey: kubernetes.io/hostname + containers: + - name: nats + image: nats:1.0.4 + args: [ "--config", "/etc/nats/nats.conf"] + volumeMounts: + - name: tls-volume + mountPath: /etc/nats/tls + - name: config-volume + mountPath: /etc/nats + ports: + - containerPort: 4222 + name: client + - containerPort: 6222 + name: cluster + - containerPort: 8222 + name: monitor + livenessProbe: + httpGet: + path: / + port: 8222 + initialDelaySeconds: 10 + timeoutSeconds: 5 + volumes: + - name: tls-volume + secret: + secretName: tls-nats-server + - name: config-volume + configMap: + name: nats-config diff --git a/k8s/nginx/certs/mainflux-server.crt b/k8s/nginx/certs/mainflux-server.crt new file mode 100644 index 00000000..c9191d34 --- /dev/null +++ b/k8s/nginx/certs/mainflux-server.crt @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFFTCCA/2gAwIBAgIJAPtBp1R03oQDMA0GCSqGSIb3DQEBDQUAMFcxEjAQBgNV +BAMMCWxvY2FsaG9zdDERMA8GA1UECgwITWFpbmZsdXgxDDAKBgNVBAsMA0lvVDEg +MB4GCSqGSIb3DQEJARYRaW5mb0BtYWluZmx1eC5jb20wHhcNMTcwMTA3MDA1NTIw +WhcNMzIwMTA0MDA1NTIwWjBdMRgwFgYDVQQDDA9tYWluZmx1eC1zZXJ2ZXIxETAP +BgNVBAoMCE1haW5mbHV4MQwwCgYDVQQLDANJb1QxIDAeBgkqhkiG9w0BCQEWEWlu +Zm9AbWFpbmZsdXguY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +mGShbFfHhE/Q/CvVgpfas9o2B2H4E1nrDSmQXqwUPJ2U5+ExqpPkM/xX77yC9gut +k0RrM3fhB5AET9GnGMyFFlNYNPnWZOS6iQN2u5dg02TRqKdIhZZhs438u2wSRVwg +oAqYyiVpoV3QFa2BWTYbWwAhQGPXMUmUN8ZaUcWJ+s8PNhisj458hbWl7HuJ3ICB +xEAXiyd529YVHYJZVHyyEF5GwIvw3DOzZ++Ip6IVd0zYbdHw1pV5SAI5fbc4cb0C +cKXkSlqtjmz6ZeUWLJV98rYHc0YhUR7y2a6zNNFS/ROU6KEsWIdDTNDph0nHS1dB +sj4Abj2Kmf9InIPHHvqF+wIDAQABo4IB3DCCAdgwDAYDVR0TAQH/BAIwADARBglg +hkgBhvhCAQEEBAMCBkAwCwYDVR0PBAQDAgXgMCoGCWCGSAGG+EIBDQQdFhtNYWlu +Zmx1eCBTZXJ2ZXIgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFB7OnWLMd24Eo5dcmJss +lLMkq59vMIGIBgNVHSMEgYAwfoAUiBGMTsVJvNuSKvwoi/7aEvGfRX2hW6RZMFcx +EjAQBgNVBAMMCWxvY2FsaG9zdDERMA8GA1UECgwITWFpbmZsdXgxDDAKBgNVBAsM +A0lvVDEgMB4GCSqGSIb3DQEJARYRaW5mb0BtYWluZmx1eC5jb22CCQDzlkP5P+dv +3TBEBgNVHREEPTA7hwTAqAAuhxD+gAAAAAAAAGJsZv/+yw+7hwR/AAABhxAAAAAA +AAAAAAAAAAAAAAABgglsb2NhbGhvc3QwgYsGA1UdIASBgzCBgDB+BgMrBQgwdzAc +BggrBgEFBQcCARYQaHR0cDovL2xvY2FsaG9zdDBXBggrBgEFBQcCAjBLMA8WCE1h +aW5mbHV4MAMCAQEaOFRoaXMgQ0EgaXMgZm9yIGEgbG9jYWwgTWFpbmZsdXggc2Vy +dmVyIGluc3RhbGxhdGlvbiBvbmx5MA0GCSqGSIb3DQEBDQUAA4IBAQBxGCqJRbnw +lKHhpqZVEEWV1t87wQnf2qOV8SOzh1evF5sYeYEOnb2d802r0p08kuiJNETZdJOh +K/f7dVCL+mtSzHiK8SY8WJ8l0xfW+0qo/GW9jd9QDGbuwi6cRUw1lRhr5p/0ge9N +e3VlI7cjpG/Kv3x1AtCjMpMLzAxOLZmbSWgrMvtJIsMHcQTiV1HexIq9/A3XVthf +zuRUr1qyj3nx6ga2eHqaJQ5/Zu1A7zjHbZTiW4U5Ikl1PDWL3V0uEb3bXZ7xABb9 +pjYjDA1Bm4eQMPJ+ZWRs5EFHBnLJc/Kz+4sfUuwiqI4xz2LMeCrdMbh0YSP/rhi4 +wERrPpFmvpN3 +-----END CERTIFICATE----- \ No newline at end of file diff --git a/k8s/nginx/certs/mainflux-server.key b/k8s/nginx/certs/mainflux-server.key new file mode 100644 index 00000000..6a8be0f0 --- /dev/null +++ b/k8s/nginx/certs/mainflux-server.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAmGShbFfHhE/Q/CvVgpfas9o2B2H4E1nrDSmQXqwUPJ2U5+Ex +qpPkM/xX77yC9gutk0RrM3fhB5AET9GnGMyFFlNYNPnWZOS6iQN2u5dg02TRqKdI +hZZhs438u2wSRVwgoAqYyiVpoV3QFa2BWTYbWwAhQGPXMUmUN8ZaUcWJ+s8PNhis +j458hbWl7HuJ3ICBxEAXiyd529YVHYJZVHyyEF5GwIvw3DOzZ++Ip6IVd0zYbdHw +1pV5SAI5fbc4cb0CcKXkSlqtjmz6ZeUWLJV98rYHc0YhUR7y2a6zNNFS/ROU6KEs +WIdDTNDph0nHS1dBsj4Abj2Kmf9InIPHHvqF+wIDAQABAoIBAGyneyyrXXbqDcBu +ZHoLWYTYdaNH57+sYdnto6DMolUhqdS2jFnpvlCOgAhPaTSS2PxiUOjOdWSV+20J +t1EIKW/klsSWyZUAPDuKe7J+2St/+7h7JUsSELEb8HGVOWW4rQ5O3+dpS2ohYEbE +gbAg0tpMOmkVho3+vy4RP76D0MBAnhgl99fjo9jpNxPmBis+L/IJS5SNO1JFXMCf +rvyOIekmtmHBI4PgubVylwOIt03r867gi6WpSOBq5rTusDqwCdmDCeRWDL4EP3Zr +VH8EPbS1Zlcw0FH8yXjp2ts5UcJZL5CdLY7jJ6vkIiw64nNWx7cR4qd55ut280K4 +tx4yqnkCgYEAxkQRZgxNHu+7KMUt7gjYRLaNhiSFrcwuSVb8HlhsYYYMH3GPQhvr +dQOOiibzsCna96GLbfdOpi9iwF82uuwNpdeKptPNb5Mht4oNqu5kKg1sl6S6fjSv +yrJACC0NcLRS2LYuBcylUCKsU7g3C9X6VmaSsh415v1s2qFHFik2AycCgYEAxMTt +kHP+pIwr35IvamRCGtUvI0D9R62gxxovpfQeetQMhc/3tOBJe/GOXDP4jitrz1l1 +YMcLiCqktFxJqi6UKxcTwnGgcyPyC2UZSJJ/0lOIZDSP7JM7dT1xkrGeQyMjC09C +AwRi/ZAUUwLsMRxfTrj8igF8Md+LIjKBcYdm2w0CgYEAxg6hQsvvDoR09pli9HKp +eJrUbbh2QdPCOUlHuhiizBlYauDKN0QkxlOzRJb8wHJPZyhdXJC8ZI7Zm0qCJeBB +EfZrb5QNmPPlrq+eT66tKMUYQbQxCHohUd8W0BQRZRD94ba76tcwHQlGFKvlcVFk +LoNw77X2KrXm09BgbubkKekCgYAygztZMe3U4AcDRcvWTBaMPN309uIOXIxBkH9a +4uhQL89nKpQ0Yr96ifA5yz2rgYoTmKuBRJe5RPkzM93VSk/PIAV6jSDbbgbc1f8/ +mhwmKjuBPd0UpldFKZjWR7KRGZwNczNHAwFGho4xITbxBI+S7fomk2sGgpR9GuoP +8up8oQKBgEMd9Mbo3xC0xW29V5P3FUKH4zRYJYlpk+30bZ4VCrgim9cVBgN/xrIA +l4yEnitEi1591b/r+Uz3b6yWOiLEHRE2U7sQLbfh2fvF0VhFCOE11FeAuoZp89/k +TVnL/FelAMbL1iZFIf9LRY2DdfAUKlO//cXMHcC2iatBUwfylSVS +-----END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/k8s/nginx/default.conf b/k8s/nginx/default.conf new file mode 100644 index 00000000..5f9c18e8 --- /dev/null +++ b/k8s/nginx/default.conf @@ -0,0 +1,148 @@ +## +# Basic Settings +## +#tcp_nopush on; +#tcp_nodelay on; +#keepalive_timeout 65; +#types_hash_max_size 2048; +# server_tokens off; + +# server_names_hash_bucket_size 64; +# server_name_in_redirect off; + +#include /etc/nginx/mime.types; +#default_type application/octet-stream; + +## +# SSL Settings +## +ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE +ssl_prefer_server_ciphers on; + +## +# Logging Settings +## +# access_log /var/log/nginx/access.log; +error_log /var/log/nginx/error.log; + +# upstream k8s-manager { +# server manager:8180; +# } +# upstream k8s-http { +# server http-adapter:8182; +# } + +## +# Virtual Host Configs +## + +# HTTP +server { +listen 80 default_server; +listen [::]:80 default_server; +server_name mainflux-iot.ha.rs; +access_log off; +error_log off; +return 301 https://$server_name$request_uri; +} + +# HTTPS +server { + # SSL configuration + # + listen 443 ssl http2 default_server; + listen [::]:443 ssl http2 default_server; + + # + # Note: You should disable gzip for SSL traffic. + # See: https://bugs.debian.org/773332 + # + # Read up on ssl_ciphers to ensure a secure configuration. + # See: https://bugs.debian.org/765782 + # + # Self signed certs generated by the ssl-cert package + # Don't use them in a production server! + # + # include snippets/snakeoil.conf; + + # Certificates + ssl_certificate /etc/nginx/ssl/tls.crt; + ssl_certificate_key /etc/nginx/ssl/tls.key; + #ssl_dhparam /etc/ssl/certs/dhparam.pem; + + + # from https://cipherli.st/ + # and https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html + + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; + ssl_ecdh_curve secp384r1; + ssl_session_tickets off; + ssl_stapling off; + ssl_stapling_verify on; + resolver 8.8.8.8 8.8.4.4 valid=300s; + resolver_timeout 5s; + + # Disable preloading HSTS for now. You can use the commented out header line that includes + # the "preload" directive if you understand the implications. + #add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"; + add_header Strict-Transport-Security "max-age=63072000; includeSubdomains"; + add_header X-Frame-Options DENY; + add_header X-Content-Type-Options nosniff; + add_header Access-Control-Allow-Origin '*'; + add_header Access-Control-Allow-Methods '*'; + add_header Access-Control-Allow-Headers "*"; + + + server_name mainflux-iot.ha.rs; + + # Proxy pass to manager service + location /api/ { + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass http://manager:8180/; + + # Allow OPTIONS method CORS + if ($request_method = OPTIONS ) { + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + } + + # Proxy pass to mainflux-http-adapter + location /http/ { + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass http://http-adapter:8182/; + + # Allow OPTIONS method CORS + if ($request_method = OPTIONS ) { + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + } + location / { + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass http://dashflux/; + + # Allow OPTIONS method CORS + if ($request_method = OPTIONS ) { + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + } +} \ No newline at end of file diff --git a/k8s/nginx/mainflux-nginx.yml b/k8s/nginx/mainflux-nginx.yml new file mode 100644 index 00000000..7941bcf0 --- /dev/null +++ b/k8s/nginx/mainflux-nginx.yml @@ -0,0 +1,48 @@ +apiVersion: v1 +kind: Service +metadata: + name: mainflux-nginx + labels: + app: nginx +spec: + type: LoadBalancer + ports: + - port: 80 + protocol: TCP + name: http + - port: 443 + protocol: TCP + name: https + selector: + app: nginx +--- +apiVersion: v1 +kind: ReplicationController +metadata: + name: mainflux-nginx +spec: + replicas: 1 + template: + metadata: + labels: + app: nginx + spec: + volumes: + - name: secret-volume + secret: + secretName: mainflux-secret + - name: configmap-volume + configMap: + name: mainflux-nginx-config + containers: + - name: maiflux-nginx + image: ymqytw/nginxhttps:1.5 + command: ["/home/auto-reload-nginx.sh"] + ports: + - containerPort: 443 + - containerPort: 80 + volumeMounts: + - mountPath: /etc/nginx/ssl + name: secret-volume + - mountPath: /etc/nginx/conf.d + name: configmap-volume diff --git a/k8s/postgres/1-mainflux-postgres-persistence.yml b/k8s/postgres/1-mainflux-postgres-persistence.yml new file mode 100644 index 00000000..083590f8 --- /dev/null +++ b/k8s/postgres/1-mainflux-postgres-persistence.yml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: mainflux-postgres-data-disk + labels: + name: mainflux-postgres-data-disk +spec: + capacity: + storage: 10Gi + accessModes: + - ReadWriteOnce + hostPath: + path: /tmp/data/postgres-0 + persistentVolumeReclaimPolicy: Recycle \ No newline at end of file diff --git a/k8s/postgres/2-mainflux-postgres-claim.yml b/k8s/postgres/2-mainflux-postgres-claim.yml new file mode 100644 index 00000000..6786b350 --- /dev/null +++ b/k8s/postgres/2-mainflux-postgres-claim.yml @@ -0,0 +1,10 @@ +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: mainflux-postgres-data-claim +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi \ No newline at end of file diff --git a/k8s/postgres/3-mainflux-postgres-pod.yml b/k8s/postgres/3-mainflux-postgres-pod.yml new file mode 100644 index 00000000..97bf9c60 --- /dev/null +++ b/k8s/postgres/3-mainflux-postgres-pod.yml @@ -0,0 +1,28 @@ +apiVersion: v1 +kind: Pod +metadata: + name: mainflux-postgres + labels: + name: mainflux-postgres +spec: + containers: + - name: mainflux-postgres + image: postgres:10.2-alpine + env: + - name: POSTGRES_USER + value: "mainflux" + - name: POSTGRES_PASSWORD + value: "mainflux" + - name: POSTGRES_DB + value: "mainflux" + - name: PGDATA + value: /var/lib/postgresql/data/mainflux-postgres-data + ports: + - containerPort: 5432 + volumeMounts: + - mountPath: /var/lib/postgresql/data + name: mainflux-postgres-data + volumes: + - name: mainflux-postgres-data + persistentVolumeClaim: + claimName: mainflux-postgres-data-claim \ No newline at end of file diff --git a/k8s/postgres/4-mainflux-postgres-service.yml b/k8s/postgres/4-mainflux-postgres-service.yml new file mode 100644 index 00000000..c9570db6 --- /dev/null +++ b/k8s/postgres/4-mainflux-postgres-service.yml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Service +metadata: + name: mainflux-postgres + labels: + name: mainflux-postgres +spec: + ports: + - port: 5432 + selector: + name: mainflux-postgres \ No newline at end of file