diff --git a/README.md b/README.md index c15b0bb..872a6ef 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,21 @@ Please use this README if you want to deploy Huly on your server with `docker co If you prefer Kubernetes deployment, there is a sample Kubernetes configuration under [kube](kube) directory. +## Service Overview + +| Component | Description | +|----------------|-------------| +| `account` | Handles user identity, authentication, and account lifecycle. | +| `collaborator` | Document collaboration backend. Serves as synchronization point for users editing the same document. | +| `front` | Public-facing frontend serving the main Huly UI. | +| `fulltext` | Provides full-text indexing and search integration with Elasticsearch/OpenSearch. | +| `mail` | Email sending and processing service for notifications. | +| `love` | Audio & Video calls using LiveKit infrastructure. | +| `rekoni` | Document recognition service, currently is mainly used by fulltext service. | +| `stats` | Metrics and statistics aggregation service. | +| `transactor` | Core backend handling business logic and transactions. | +| `workspace` | Orchestrates workspace creation, migration, and upgrade. | + ## Installing `nginx` and `docker` First, update repositories cache: diff --git a/kube/QUICKSTART.md b/kube/QUICKSTART.md deleted file mode 100644 index 839995f..0000000 --- a/kube/QUICKSTART.md +++ /dev/null @@ -1,101 +0,0 @@ -# Quick Start with Kind -> [!NOTE] -> kind does not require kubectl, but you will not be able to perform some of the examples in our docs without it. To install kubectl see the upstream kubectl installation docs. - -## Install - -**macOS:** -```bash -# For Intel Macs -[ $(uname -m) = x86_64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.26.0/kind-darwin-amd64 -# For M1 / ARM Macs -[ $(uname -m) = arm64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.26.0/kind-darwin-arm64 -chmod +x ./kind -mv ./kind /some-dir-in-your-PATH/kind -``` - -**Linux:** -```bash -# For AMD64 / x86_64 -[ $(uname -m) = x86_64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.26.0/kind-linux-amd64 -# For ARM64 -[ $(uname -m) = aarch64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.26.0/kind-linux-arm64 -chmod +x ./kind -sudo mv ./kind /usr/local/bin/kind -``` - -## Setup cluster with port forwarding - -> [!NOTE] -> On the host computer, `localhost:80` should be accessible. - -```bash -cat < ⚠️ **Note:** Newer versions of CockroachDB (v25.x and above) are **not compatible** due to a known issue tracked here: +> [hcengineering/platform#9963](https://github.com/hcengineering/platform/issues/9963) -## Deploy Huly to Kubernetes +Only **CockroachDB** is currently supported. +Alternatives such as **PostgreSQL** and **YugabyteDB** are **not** supported — see the open issue for details: +[hcengineering/platform#9831](https://github.com/hcengineering/platform/issues/9831) -Deploy Huly with `kubectl`. +Deploy CockroachDB using your preferred operator or Helm chart, and ensure connectivity from the namespace. -```bash -kubectl create namespace huly-v7 +### 2. Redpanda -kubectl apply -R -f . --namespace huly-v7 +Huly uses **Redpanda** as the Kafka-compatible streaming backbone. + +We recommend installing the **Redpanda Operator** and deploying a cluster within the same namespace: + +```yaml +apiVersion: cluster.redpanda.com/v1alpha2 +kind: Redpanda +metadata: + name: redpanda +spec: + clusterSpec: + image: + tag: v25.2.5 + statefulset: + replicas: 3 + tls: + enabled: false ``` -Now, launch your web browser and enjoy Huly! +This setup provides a minimal, non-TLS development cluster suitable for local and test environments. + +### 3. Elasticsearch / OpenSearch + +Huly requires an **Elasticsearch**-compatible search backend. + +If you choose **OpenSearch**, note that: +- You must **disable security completely**, or +- Provide a **CA trusted by pod root**, or +- Place the service **behind a proxy** that translates plain HTTP to TLS. + +> An issue is open to support `verify=false` for insecure configurations [hcengineering/platform#9974](https://github.com/hcengineering/platform/issues/9974) + +### 4. MinIO (S3-Compatible Storage) + +Configure **MinIO** or any other S3-compatible service for storage (attachments, media, etc.). + +You must define the endpoint and credentials in your deployment environment — these values are provided via the `Secret` and `ConfigMap` manifests (see below). + + +## 🏗️ Deployment Overview + +Each microservice is deployed within the namespace as its own Deployment and Service pair (except for the workspace, which does not require a service). + +These services are organized and managed through the top-level Kustomization file (kustomization.yaml) for convenience and familiarity. Alternatively, you can clone these files, update the corresponding ConfigMap and Secret files, and apply them as standard manifests to set up a functional cluster. + +If email functionality is not required, ensure the MAIL_URL environment variable is set to an empty string ("") in both the account and transactor deployments otherwise login will require email verification. + +## 🌐 Example HTTP Route (Gateway API) + +Below is an example **HTTPRoute** definition for exposing Huly via `huly.example.com`. +This configuration enforces HTTPS and routes internal service paths appropriately. + +```yaml +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: huly.example.com +spec: + parentRefs: + - name: wan + hostnames: + - "huly.example.com" + rules: + # Force HTTPS + - matches: + - headers: + - name: "x-forwarded-proto" + value: "http" + filters: + - type: RequestRedirect + requestRedirect: + scheme: https + statusCode: 301 + + # Route account service + - matches: + - path: + type: PathPrefix + value: /_account + filters: + - type: URLRewrite + urlRewrite: + path: + type: ReplacePrefixMatch + replacePrefixMatch: / + backendRefs: + - name: account + namespace: huly + port: 80 + + # Route collaborator service + - matches: + - path: + type: PathPrefix + value: /_collaborator + filters: + - type: URLRewrite + urlRewrite: + path: + type: ReplacePrefixMatch + replacePrefixMatch: / + backendRefs: + - name: collaborator + namespace: huly + port: 80 + + # Route rekoni service + - matches: + - path: + type: PathPrefix + value: /_rekoni + filters: + - type: URLRewrite + urlRewrite: + path: + type: ReplacePrefixMatch + replacePrefixMatch: / + backendRefs: + - name: rekoni + namespace: huly + port: 80 + + # Route stats service + - matches: + - path: + type: PathPrefix + value: /_stats + filters: + - type: URLRewrite + urlRewrite: + path: + type: ReplacePrefixMatch + replacePrefixMatch: / + backendRefs: + - name: stats + namespace: huly + port: 80 + + # Route transactor service + - matches: + - path: + type: PathPrefix + value: /_transactor + filters: + - type: URLRewrite + urlRewrite: + path: + type: ReplacePrefixMatch + replacePrefixMatch: / + backendRefs: + - name: transactor + namespace: huly + port: 80 + + # Token-based routing (eyJ prefix) + - matches: + - path: + type: PathPrefix + value: /eyJ + backendRefs: + - name: transactor + namespace: huly + port: 80 + + # Default route + - matches: + - path: + type: PathPrefix + value: / + backendRefs: + - name: front + namespace: huly + port: 80 +``` diff --git a/kube/account/account-ingress.yaml b/kube/account/account-ingress.yaml deleted file mode 100644 index 93a82ce..0000000 --- a/kube/account/account-ingress.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - annotations: - kubernetes.io/ingress.class: nginx - labels: - app: account - name: account -spec: - ingressClassName: nginx - rules: - - host: account.huly.example - http: - paths: - - backend: - service: - name: account - port: - number: 80 - path: / - pathType: Prefix diff --git a/kube/account/account-deployment.yaml b/kube/account/deployment.yaml similarity index 80% rename from kube/account/account-deployment.yaml rename to kube/account/deployment.yaml index db23c24..960c95a 100644 --- a/kube/account/account-deployment.yaml +++ b/kube/account/deployment.yaml @@ -16,13 +16,15 @@ spec: spec: containers: - env: - - name: ACCOUNTS_URL + - name: SERVER_SECRET valueFrom: - configMapKeyRef: - name: huly-config - key: ACCOUNTS_URL + secretKeyRef: + name: huly-secret + key: SERVER_SECRET - name: ACCOUNT_PORT value: '3000' + - name: ACCOUNTS_URL + value: http://account - name: FRONT_URL valueFrom: configMapKeyRef: @@ -30,6 +32,8 @@ spec: key: FRONT_URL - name: STATS_URL value: http://stats + - name: MAIL_URL + value: http://mail - name: STORAGE_CONFIG valueFrom: secretKeyRef: @@ -41,29 +45,27 @@ spec: valueFrom: secretKeyRef: name: huly-secret - key: CR_DB_URL - - name: MONGO_URL + key: DB_URL + - name: TRANSACTOR_URL valueFrom: configMapKeyRef: name: huly-config - key: MONGO_URL - - name: SERVER_SECRET + key: TRANSACTOR_URL + - name: QUEUE_CONFIG valueFrom: secretKeyRef: name: huly-secret - key: SERVER_SECRET - - name: TRANSACTOR_URL + key: QUEUE_CONFIG + - name: DISABLE_SIGNUP valueFrom: configMapKeyRef: name: huly-config - key: TRANSACTOR_URL - - name: QUEUE_CONFIG - value: redpanda:9092 - image: hardcoreeng/account:v0.7.242 + key: DISABLE_SIGNUP + image: hardcoreeng/account:v0.7.252 name: account ports: - containerPort: 3000 resources: limits: memory: "512M" - restartPolicy: Always + restartPolicy: Always \ No newline at end of file diff --git a/kube/account/account-service.yaml b/kube/account/service.yaml similarity index 89% rename from kube/account/account-service.yaml rename to kube/account/service.yaml index 031cca7..64f48bf 100644 --- a/kube/account/account-service.yaml +++ b/kube/account/service.yaml @@ -9,4 +9,4 @@ spec: - port: 80 targetPort: 3000 selector: - app: account + app: account \ No newline at end of file diff --git a/kube/cockroach/cockroach-deployment.yaml b/kube/cockroach/cockroach-deployment.yaml deleted file mode 100644 index b761991..0000000 --- a/kube/cockroach/cockroach-deployment.yaml +++ /dev/null @@ -1,52 +0,0 @@ - apiVersion: apps/v1 - kind: Deployment - metadata: - name: cockroachdb-single-node - spec: - replicas: 1 - selector: - matchLabels: - app: cockroach - template: - metadata: - labels: - app: cockroach - spec: - # initContainers: - # - name: init-certs-dir - # image: busybox - # command: ['sh', '-c', 'mkdir -p /cockroach/cockroach-certs && chmod -R 700 /cockroach'] - # volumeMounts: - # - name: certs - # mountPath: /cockroach/certs - containers: - - name: cockroachdb - image: cockroachdb/cockroach:latest-v24.2 - args: - - start-single-node - - --accept-sql-without-tls - env: - - name: COCKROACH_DATABASE - value: "defaultdb" - - name: COCKROACH_USER - value: "selfhost" - - name: COCKROACH_PASSWORD - valueFrom: - secretKeyRef: - name: huly-secret - key: COCKROACH_PASSWORD - ports: - - containerPort: 26257 - - containerPort: 8080 - volumeMounts: - - name: cockroachdb-data - mountPath: /cockroach/cockroach-data - - name: cockroachdb-certs - mountPath: /cockroach/certs - volumes: - - name: cockroachdb-data - persistentVolumeClaim: - claimName: cockroachdb-data - - name: cockroachdb-certs - persistentVolumeClaim: - claimName: cockroachdb-certs \ No newline at end of file diff --git a/kube/cockroach/cockroach-persistentvolumeclaim.yaml b/kube/cockroach/cockroach-persistentvolumeclaim.yaml deleted file mode 100644 index 1f02264..0000000 --- a/kube/cockroach/cockroach-persistentvolumeclaim.yaml +++ /dev/null @@ -1,21 +0,0 @@ - apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - name: cockroachdb-data - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 2Gi ---- - apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - name: cockroachdb-certs - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 100Mi \ No newline at end of file diff --git a/kube/cockroach/cockroach-service.yaml b/kube/cockroach/cockroach-service.yaml deleted file mode 100644 index 51edf28..0000000 --- a/kube/cockroach/cockroach-service.yaml +++ /dev/null @@ -1,17 +0,0 @@ - apiVersion: v1 - kind: Service - metadata: - labels: - app: cockroach - name: cockroach - spec: - selector: - app: cockroach - ports: - - name: grpc - port: 26257 - targetPort: 26257 - - name: http - port: 8080 - targetPort: 8080 - clusterIP: None \ No newline at end of file diff --git a/kube/collaborator/collaborator-ingress.yaml b/kube/collaborator/collaborator-ingress.yaml deleted file mode 100644 index 2091140..0000000 --- a/kube/collaborator/collaborator-ingress.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - annotations: - kubernetes.io/ingress.class: nginx - labels: - app: collaborator - name: collaborator -spec: - ingressClassName: nginx - rules: - - host: collaborator.huly.example - http: - paths: - - backend: - service: - name: collaborator - port: - number: 80 - path: / - pathType: Prefix diff --git a/kube/collaborator/collaborator-deployment.yaml b/kube/collaborator/deployment.yaml similarity index 89% rename from kube/collaborator/collaborator-deployment.yaml rename to kube/collaborator/deployment.yaml index a240e7b..1243483 100644 --- a/kube/collaborator/collaborator-deployment.yaml +++ b/kube/collaborator/deployment.yaml @@ -16,27 +16,27 @@ spec: spec: containers: - env: + - name: COLLABORATOR_PORT + value: "3078" + - name: SECRET + valueFrom: + secretKeyRef: + name: huly-secret + key: SERVER_SECRET - name: ACCOUNTS_URL value: http://account - name: STATS_URL value: http://stats - - name: COLLABORATOR_PORT - value: "3078" - name: STORAGE_CONFIG valueFrom: secretKeyRef: name: huly-secret key: STORAGE_CONFIG - - name: SECRET - valueFrom: - secretKeyRef: - name: huly-secret - key: SERVER_SECRET - image: hardcoreeng/collaborator:v0.7.242 + image: hardcoreeng/collaborator:v0.7.252 name: collaborator ports: - containerPort: 3078 resources: limits: - memory: '512M' - restartPolicy: Always + memory: "512M" + restartPolicy: Always \ No newline at end of file diff --git a/kube/collaborator/collaborator-service.yaml b/kube/collaborator/service.yaml similarity index 87% rename from kube/collaborator/collaborator-service.yaml rename to kube/collaborator/service.yaml index cb5db83..d31db57 100644 --- a/kube/collaborator/collaborator-service.yaml +++ b/kube/collaborator/service.yaml @@ -9,4 +9,4 @@ spec: - port: 80 targetPort: 3078 selector: - app: collaborator + app: collaborator \ No newline at end of file diff --git a/kube/config/config.yaml b/kube/config/config.yaml deleted file mode 100644 index 257e28d..0000000 --- a/kube/config/config.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: huly-config -data: - ACCOUNTS_URL: 'http://account.huly.example/' - COLLABORATOR_URL: 'ws://collaborator.huly.example/' - FRONT_URL: 'http://huly.example' - REKONI_URL: 'http://rekoni.huly.example/' - STATS_URL: 'http://stats.huly.example/' - TRANSACTOR_URL: 'ws://transactor;ws://transactor.huly.example/' - MINIO_ENDPOINT: 'minio' - MONGO_URL: 'mongodb://mongodb:27017' - ELASTIC_URL: 'http://elastic:9200' - ELASTIC_INDEX_NAME: 'huly_storage_index' diff --git a/kube/config/secret.yaml b/kube/config/secret.yaml deleted file mode 100644 index e95e3cf..0000000 --- a/kube/config/secret.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: huly-secret -type: Opaque -stringData: - SERVER_SECRET: secret - STORAGE_CONFIG: minio|minio?accessKey=minioadmin&secretKey=minioadmin - COCKROACH_PASSWORD: cockroach_user_secret - REDPANDA_SUPERUSER_PASSWORD: superpassword - CR_DB_URL: postgres://selfhost:cockroach_user_secret@cockroach:26257/defaultdb \ No newline at end of file diff --git a/kube/configmap.yaml b/kube/configmap.yaml new file mode 100644 index 0000000..10354fd --- /dev/null +++ b/kube/configmap.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: huly-config +data: + NAME: huly + FRONT_URL: 'https://huly.example.com' + ACCOUNTS_URL: 'https://huly.example.com/_account' + COLLABORATOR_URL: 'wss://huly.example.com/_collaborator' + REKONI_URL: 'https://huly.example.com/_rekoni' + STATS_URL: 'https://huly.example.com/_stats' + TRANSACTOR_URL: 'ws://transactor;wss://huly.example.com/_transactor' + GMAIL_URL: 'https://huly.example.com/_gmail' + CALENDAR_URL: 'https://huly.example.com/_calendar' + TELEGRAM_URL: 'https://huly.example.com/_telegram' + DEFAULT_LANGUAGE: "en" + DISABLE_SIGNUP: "false" \ No newline at end of file diff --git a/kube/elastic/elastic-deployment.yaml b/kube/elastic/elastic-deployment.yaml deleted file mode 100644 index 45651ff..0000000 --- a/kube/elastic/elastic-deployment.yaml +++ /dev/null @@ -1,66 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: elastic - name: elastic -spec: - replicas: 1 - selector: - matchLabels: - app: elastic - strategy: - type: Recreate - template: - metadata: - labels: - app: elastic - spec: - securityContext: - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 - containers: - - args: - - /bin/sh - - -c - - |- - chown -R 1000:1000 /usr/share/elasticsearch/data; - apt-get update && apt-get install -y curl; - ./bin/elasticsearch-plugin list | grep -q ingest-attachment || yes | ./bin/elasticsearch-plugin install --silent ingest-attachment; - /usr/local/bin/docker-entrypoint.sh eswrapper - env: - - name: BITNAMI_DEBUG - value: "true" - - name: ELASTICSEARCH_PORT_NUMBER - value: "9200" - - name: ES_JAVA_OPTS - value: -Xms1024m -Xmx1024m - - name: discovery.type - value: single-node - - name: http.cors.allow-origin - value: http://localhost:8082 - - name: http.cors.enabled - value: "true" - image: elasticsearch:7.14.2 - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl -s http://localhost:9200/_cluster/health | grep -vq '"status":"red"' - initialDelaySeconds: 60 - periodSeconds: 20 - failureThreshold: 10 - name: elastic - ports: - - containerPort: 9200 - protocol: TCP - volumeMounts: - - mountPath: /usr/share/elasticsearch/data - name: elastic - restartPolicy: Always - volumes: - - name: elastic - persistentVolumeClaim: - claimName: elastic diff --git a/kube/elastic/elastic-persistentvolumeclaim.yaml b/kube/elastic/elastic-persistentvolumeclaim.yaml deleted file mode 100644 index 54049c0..0000000 --- a/kube/elastic/elastic-persistentvolumeclaim.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - labels: - app: elastic - name: elastic -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 100Mi diff --git a/kube/elastic/elastic-service.yaml b/kube/elastic/elastic-service.yaml deleted file mode 100644 index 656d7be..0000000 --- a/kube/elastic/elastic-service.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - annotations: - labels: - app: elastic - name: elastic -spec: - ports: - - name: "9200" - port: 9200 - targetPort: 9200 - selector: - app: elastic diff --git a/kube/front/front-deployment.yaml b/kube/front/deployment.yaml similarity index 67% rename from kube/front/front-deployment.yaml rename to kube/front/deployment.yaml index 7b187e9..57ab68e 100644 --- a/kube/front/front-deployment.yaml +++ b/kube/front/deployment.yaml @@ -16,6 +16,13 @@ spec: spec: containers: - env: + - name: SERVER_PORT + value: "8080" + - name: SERVER_SECRET + valueFrom: + secretKeyRef: + name: huly-secret + key: SERVER_SECRET - name: ACCOUNTS_URL valueFrom: configMapKeyRef: @@ -23,56 +30,67 @@ spec: key: ACCOUNTS_URL - name: ACCOUNTS_URL_INTERNAL value: http://account - - name: CALENDAR_URL - value: http://calendar - name: COLLABORATOR_URL valueFrom: configMapKeyRef: name: huly-config key: COLLABORATOR_URL - - name: DEFAULT_LANGUAGE - value: en - - name: ELASTIC_URL + - name: REKONI_URL valueFrom: configMapKeyRef: name: huly-config - key: ELASTIC_URL + key: REKONI_URL + - name: STATS_URL + valueFrom: + configMapKeyRef: + name: huly-config + key: STATS_URL - name: GMAIL_URL - value: http://gmail:8088 - - name: STORAGE_CONFIG valueFrom: - secretKeyRef: - name: huly-secret - key: STORAGE_CONFIG - - name: MONGO_URL + configMapKeyRef: + name: huly-config + key: GMAIL_URL + - name: CALENDAR_URL valueFrom: configMapKeyRef: name: huly-config - key: MONGO_URL - - name: REKONI_URL + key: CALENDAR_URL + - name: TELEGRAM_URL valueFrom: configMapKeyRef: name: huly-config - key: REKONI_URL - - name: SERVER_PORT - value: "8080" - - name: SERVER_SECRET + key: TELEGRAM_URL + - name: STORAGE_CONFIG valueFrom: secretKeyRef: name: huly-secret - key: SERVER_SECRET - - name: TELEGRAM_URL - value: http://telegram:8086 - - name: TITLE - value: Huly Self Hosted + key: STORAGE_CONFIG + - name: ELASTIC_URL + valueFrom: + secretKeyRef: + name: huly-secret + key: ELASTIC_URL - name: UPLOAD_URL value: /files - - name: STATS_URL - value: http://stats + - name: TITLE + valueFrom: + configMapKeyRef: + name: huly-config + key: NAME - name: DESKTOP_UPDATES_CHANNEL value: selfhost - image: hardcoreeng/front:v0.7.242 + - name: DEFAULT_LANGUAGE + valueFrom: + configMapKeyRef: + name: huly-config + key: DEFAULT_LANGUAGE + - name: DISABLE_SIGNUP + valueFrom: + configMapKeyRef: + name: huly-config + key: DISABLE_SIGNUP + image: hardcoreeng/front:v0.7.252 name: front ports: - containerPort: 8080 - restartPolicy: Always + restartPolicy: Always \ No newline at end of file diff --git a/kube/front/front-ingress.yaml b/kube/front/front-ingress.yaml deleted file mode 100644 index 675de0b..0000000 --- a/kube/front/front-ingress.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - annotations: - kubernetes.io/ingress.class: nginx - labels: - app: front - name: front -spec: - ingressClassName: nginx - rules: - - host: huly.example - http: - paths: - - backend: - service: - name: front - port: - number: 80 - path: / - pathType: Prefix diff --git a/kube/front/front-service.yaml b/kube/front/service.yaml similarity index 90% rename from kube/front/front-service.yaml rename to kube/front/service.yaml index e9a6a0c..4d1db64 100644 --- a/kube/front/front-service.yaml +++ b/kube/front/service.yaml @@ -9,4 +9,4 @@ spec: - port: 80 targetPort: 8080 selector: - app: front + app: front \ No newline at end of file diff --git a/kube/fulltext/fulltext-deployment.yaml b/kube/fulltext/deployment.yaml similarity index 78% rename from kube/fulltext/fulltext-deployment.yaml rename to kube/fulltext/deployment.yaml index 7ac43fb..f063111 100644 --- a/kube/fulltext/fulltext-deployment.yaml +++ b/kube/fulltext/deployment.yaml @@ -25,16 +25,16 @@ spec: valueFrom: secretKeyRef: name: huly-secret - key: CR_DB_URL + key: DB_URL - name: FULLTEXT_DB_URL valueFrom: - configMapKeyRef: - name: huly-config + secretKeyRef: + name: huly-secret key: ELASTIC_URL - name: ELASTIC_INDEX_NAME valueFrom: - configMapKeyRef: - name: huly-config + secretKeyRef: + name: huly-secret key: ELASTIC_INDEX_NAME - name: STORAGE_CONFIG valueFrom: @@ -48,14 +48,16 @@ spec: - name: STATS_URL value: http://stats - name: QUEUE_CONFIG - value: redpanda:9092 - image: hardcoreeng/fulltext:v0.7.242 + valueFrom: + secretKeyRef: + name: huly-secret + key: QUEUE_CONFIG + image: hardcoreeng/fulltext:v0.7.252 name: fulltext ports: - containerPort: 4700 - hostPort: 4700 protocol: TCP resources: limits: memory: "512M" - restartPolicy: Always + restartPolicy: Always \ No newline at end of file diff --git a/kube/fulltext/fulltext-service.yaml b/kube/fulltext/service.yaml similarity index 89% rename from kube/fulltext/fulltext-service.yaml rename to kube/fulltext/service.yaml index c05a877..ff029ec 100644 --- a/kube/fulltext/fulltext-service.yaml +++ b/kube/fulltext/service.yaml @@ -9,4 +9,4 @@ spec: - port: 80 targetPort: 4700 selector: - app: fulltext + app: fulltext \ No newline at end of file diff --git a/kube/kustomization.yaml b/kube/kustomization.yaml new file mode 100644 index 0000000..8fa8800 --- /dev/null +++ b/kube/kustomization.yaml @@ -0,0 +1,29 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +labels: +- includeSelectors: true + includeTemplates: true + pairs: + app.kubernetes.io/package: huly + +resources: +- configmap.yaml +- secret.yaml +- account/deployment.yaml +- account/service.yaml +- collaborator/deployment.yaml +- collaborator/service.yaml +- front/deployment.yaml +- front/service.yaml +- fulltext/deployment.yaml +- fulltext/service.yaml +- mail/deployment.yaml +- mail/service.yaml +- rekoni/deployment.yaml +- rekoni/service.yaml +- stats/deployment.yaml +- stats/service.yaml +- transactor/deployment.yaml +- transactor/service.yaml +- workspace/deployment.yaml \ No newline at end of file diff --git a/kube/mail/deployment.yaml b/kube/mail/deployment.yaml new file mode 100644 index 0000000..256ae33 --- /dev/null +++ b/kube/mail/deployment.yaml @@ -0,0 +1,54 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: mail + name: mail +spec: + replicas: 1 + selector: + matchLabels: + app: mail + template: + metadata: + labels: + app: mail + spec: + containers: + - image: hardcoreeng/mail:v0.7.252 + name: mail + env: + - name: PORT + value: "8097" + - name: SOURCE + valueFrom: + secretKeyRef: + name: huly-secret + key: SMTP_FROM + - name: SMTP_HOST + valueFrom: + secretKeyRef: + name: huly-secret + key: SMTP_HOST + - name: SMTP_PORT + valueFrom: + secretKeyRef: + name: huly-secret + key: SMTP_PORT + - name: SMTP_USERNAME + valueFrom: + secretKeyRef: + name: huly-secret + key: SMTP_USER + - name: SMTP_PASSWORD + valueFrom: + secretKeyRef: + name: huly-secret + key: SMTP_PASS + ports: + - containerPort: 8097 + protocol: TCP + resources: + limits: + memory: "512M" + restartPolicy: Always \ No newline at end of file diff --git a/kube/mail/service.yaml b/kube/mail/service.yaml new file mode 100644 index 0000000..413338c --- /dev/null +++ b/kube/mail/service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: mail + name: mail +spec: + ports: + - port: 80 + targetPort: 8097 + selector: + app: mail \ No newline at end of file diff --git a/kube/minio/files-persistentvolumeclaim.yaml b/kube/minio/files-persistentvolumeclaim.yaml deleted file mode 100644 index af0754d..0000000 --- a/kube/minio/files-persistentvolumeclaim.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - labels: - app: files - name: files -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 100Mi diff --git a/kube/minio/minio-deployment.yaml b/kube/minio/minio-deployment.yaml deleted file mode 100644 index 604dcbd..0000000 --- a/kube/minio/minio-deployment.yaml +++ /dev/null @@ -1,43 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: minio - name: minio -spec: - replicas: 1 - selector: - matchLabels: - app: minio - strategy: - type: Recreate - template: - metadata: - labels: - app: minio - spec: - containers: - - args: - - server - - /data - - --address - - :9000 - - --console-address - - :9001 - image: minio/minio - name: minio - ports: - - containerPort: 9000 - hostPort: 9000 - protocol: TCP - - containerPort: 9001 - hostPort: 9001 - protocol: TCP - volumeMounts: - - mountPath: /data - name: files - restartPolicy: Always - volumes: - - name: files - persistentVolumeClaim: - claimName: files diff --git a/kube/minio/minio-service.yaml b/kube/minio/minio-service.yaml deleted file mode 100644 index bbbc269..0000000 --- a/kube/minio/minio-service.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - app: minio - name: minio -spec: - ports: - - name: "9000" - port: 9000 - targetPort: 9000 - - name: "9001" - port: 9001 - targetPort: 9001 - selector: - app: minio diff --git a/kube/redpanda/redpanda-deployment.yaml b/kube/redpanda/redpanda-deployment.yaml deleted file mode 100644 index 3d58ef8..0000000 --- a/kube/redpanda/redpanda-deployment.yaml +++ /dev/null @@ -1,58 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: redpanda - name: redpanda -spec: - replicas: 1 - selector: - matchLabels: - app: redpanda - template: - metadata: - labels: - app: redpanda - spec: - containers: - - env: - - name: REDPANDA_SUPERUSER_USERNAME - value: superuser - - name: REDPANDA_SUPERUSER_PASSWORD - valueFrom: - secretKeyRef: - name: huly-secret - key: REDPANDA_SUPERUSER_PASSWORD - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: docker.redpanda.com/redpandadata/redpanda:v24.3.6 - args: - - redpanda - - start - - --kafka-addr internal://0.0.0.0:9092,external://0.0.0.0:19092 - - --advertise-kafka-addr internal://redpanda:9092,external://localhost:19092 - - --pandaproxy-addr internal://0.0.0.0:8082,external://0.0.0.0:18082 - - --advertise-pandaproxy-addr internal://redpanda:8082,external://localhost:18082 - - --schema-registry-addr internal://0.0.0.0:8081,external://0.0.0.0:18081 - - --rpc-addr 0.0.0.0:33145 - - --advertise-rpc-addr redpanda:33145 - - --mode dev-container - - --smp 1 - - --default-log-level=info - name: redpanda - ports: - - containerPort: 9092 - - containerPort: 33145 - volumeMounts: - - mountPath: /var/lib/redpanda/data - name: redpanda - resources: - limits: - memory: "512M" - restartPolicy: Always - volumes: - - name: redpanda - persistentVolumeClaim: - claimName: redpanda diff --git a/kube/redpanda/redpanda-persistentvolumeclaim.yaml b/kube/redpanda/redpanda-persistentvolumeclaim.yaml deleted file mode 100644 index fa24440..0000000 --- a/kube/redpanda/redpanda-persistentvolumeclaim.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - labels: - app: redpanda - name: redpanda -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 100Mi diff --git a/kube/redpanda/redpanda-service.yaml b/kube/redpanda/redpanda-service.yaml deleted file mode 100644 index c548fef..0000000 --- a/kube/redpanda/redpanda-service.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - app: redpanda - name: redpanda -spec: - ports: - - port: 9092 - targetPort: 9092 - name: kafka - - port: 33145 - targetPort: 33145 - name: rpc - selector: - app: redpanda diff --git a/kube/rekoni/rekoni-deployment.yaml b/kube/rekoni/deployment.yaml similarity index 80% rename from kube/rekoni/rekoni-deployment.yaml rename to kube/rekoni/deployment.yaml index 298b933..cafaad0 100644 --- a/kube/rekoni/rekoni-deployment.yaml +++ b/kube/rekoni/deployment.yaml @@ -15,7 +15,7 @@ spec: app: rekoni spec: containers: - - image: hardcoreeng/rekoni-service:v0.7.242 + - image: hardcoreeng/rekoni-service:v0.7.252 name: rekoni env: - name: SECRET @@ -25,9 +25,8 @@ spec: key: SERVER_SECRET ports: - containerPort: 4004 - hostPort: 4004 protocol: TCP resources: limits: - memory: "500M" - restartPolicy: Always + memory: "512M" + restartPolicy: Always \ No newline at end of file diff --git a/kube/rekoni/rekoni-ingress.yaml b/kube/rekoni/rekoni-ingress.yaml deleted file mode 100644 index bb598be..0000000 --- a/kube/rekoni/rekoni-ingress.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - annotations: - kubernetes.io/ingress.class: nginx - labels: - app: rekoni - name: rekoni -spec: - ingressClassName: nginx - rules: - - host: rekoni.huly.example - http: - paths: - - backend: - service: - name: rekoni - port: - number: 80 - path: / - pathType: Prefix diff --git a/kube/rekoni/rekoni-service.yaml b/kube/rekoni/service.yaml similarity index 90% rename from kube/rekoni/rekoni-service.yaml rename to kube/rekoni/service.yaml index 0995308..11442b7 100644 --- a/kube/rekoni/rekoni-service.yaml +++ b/kube/rekoni/service.yaml @@ -9,4 +9,4 @@ spec: - port: 80 targetPort: 4004 selector: - app: rekoni + app: rekoni \ No newline at end of file diff --git a/kube/secret.yaml b/kube/secret.yaml new file mode 100644 index 0000000..7b619b5 --- /dev/null +++ b/kube/secret.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Secret +metadata: + name: huly-secret +type: Opaque +stringData: + SERVER_SECRET: secret + STORAGE_CONFIG: minio|minio:9000?accessKey=minioadmin&secretKey=minioadmin&rootBucket=huly&useSSL=false®ion=us-east-1 + DB_URL: postgres://selfhost:cockroach_user_secret@cockroach:26257/defaultdb + ELASTIC_URL: 'http://user:pass@host:9200' + ELASTIC_INDEX_NAME: 'huly_storage_index' + QUEUE_CONFIG: username:password@host:9094 + SMTP_FROM: no-reply@example.com + SMTP_HOST: smtp.example.com + SMTP_PORT: "587" + SMTP_USER: user + SMTP_PASS: password \ No newline at end of file diff --git a/kube/stats/stats-deployment.yaml b/kube/stats/deployment.yaml similarity index 82% rename from kube/stats/stats-deployment.yaml rename to kube/stats/deployment.yaml index 8875d7b..d1e1435 100644 --- a/kube/stats/stats-deployment.yaml +++ b/kube/stats/deployment.yaml @@ -15,7 +15,7 @@ spec: app: stats spec: containers: - - image: hardcoreeng/stats:v0.7.242 + - image: hardcoreeng/stats:v0.7.252 name: stats env: - name: PORT @@ -27,9 +27,8 @@ spec: key: SERVER_SECRET ports: - containerPort: 4900 - hostPort: 4900 protocol: TCP resources: limits: - memory: "500M" - restartPolicy: Always + memory: "512M" + restartPolicy: Always \ No newline at end of file diff --git a/kube/stats/stats-service.yaml b/kube/stats/service.yaml similarity index 90% rename from kube/stats/stats-service.yaml rename to kube/stats/service.yaml index 28b321b..004c946 100644 --- a/kube/stats/stats-service.yaml +++ b/kube/stats/service.yaml @@ -9,4 +9,4 @@ spec: - port: 80 targetPort: 4900 selector: - app: stats + app: stats \ No newline at end of file diff --git a/kube/stats/stats-ingress.yaml b/kube/stats/stats-ingress.yaml deleted file mode 100644 index e7088fe..0000000 --- a/kube/stats/stats-ingress.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - annotations: - kubernetes.io/ingress.class: nginx - labels: - app: stats - name: stats -spec: - ingressClassName: nginx - rules: - - host: stats.huly.example - http: - paths: - - backend: - service: - name: stats - port: - number: 80 - path: / - pathType: Prefix diff --git a/kube/transactor/transactor-deployment.yaml b/kube/transactor/deployment.yaml similarity index 80% rename from kube/transactor/transactor-deployment.yaml rename to kube/transactor/deployment.yaml index b20105e..d448d73 100644 --- a/kube/transactor/transactor-deployment.yaml +++ b/kube/transactor/deployment.yaml @@ -27,21 +27,18 @@ spec: key: FRONT_URL - name: STATS_URL value: http://stats + - name: MAIL_URL + value: http://mail - name: STORAGE_CONFIG valueFrom: secretKeyRef: name: huly-secret key: STORAGE_CONFIG - - name: MONGO_URL - valueFrom: - configMapKeyRef: - name: huly-config - key: MONGO_URL - name: DB_URL valueFrom: secretKeyRef: name: huly-secret - key: CR_DB_URL + key: DB_URL - name: SERVER_CURSOR_MAXTIMEMS value: "30000" - name: SERVER_PORT @@ -52,11 +49,16 @@ spec: name: huly-secret key: SERVER_SECRET - name: QUEUE_CONFIG - value: redpanda:9092 - image: hardcoreeng/transactor:v0.7.242 + valueFrom: + secretKeyRef: + name: huly-secret + key: QUEUE_CONFIG + image: hardcoreeng/transactor:v0.7.252 name: transactor ports: - containerPort: 3333 - hostPort: 3333 protocol: TCP - restartPolicy: Always + resources: + limits: + memory: "512M" + restartPolicy: Always \ No newline at end of file diff --git a/kube/transactor/transactor-service.yaml b/kube/transactor/service.yaml similarity index 89% rename from kube/transactor/transactor-service.yaml rename to kube/transactor/service.yaml index bb14e3b..f68a82c 100644 --- a/kube/transactor/transactor-service.yaml +++ b/kube/transactor/service.yaml @@ -10,4 +10,4 @@ spec: protocol: TCP targetPort: 3333 selector: - app: transactor + app: transactor \ No newline at end of file diff --git a/kube/transactor/transactor-ingress.yaml b/kube/transactor/transactor-ingress.yaml deleted file mode 100644 index 84bfc33..0000000 --- a/kube/transactor/transactor-ingress.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - annotations: - kubernetes.io/ingress.class: nginx - labels: - app: transactor - name: transactor -spec: - ingressClassName: nginx - rules: - - host: transactor.huly.example - http: - paths: - - backend: - service: - name: transactor - port: - number: 80 - path: / - pathType: Prefix diff --git a/kube/workspace/workspace-deployment.yaml b/kube/workspace/deployment.yaml similarity index 71% rename from kube/workspace/workspace-deployment.yaml rename to kube/workspace/deployment.yaml index d004512..602f126 100644 --- a/kube/workspace/workspace-deployment.yaml +++ b/kube/workspace/deployment.yaml @@ -20,11 +20,10 @@ spec: value: http://account - name: STATS_URL value: http://stats + - name: FULLTEXT_URL + value: http://fulltext - name: TRANSACTOR_URL - valueFrom: - configMapKeyRef: - name: huly-config - key: TRANSACTOR_URL + value: http://transactor - name: STORAGE_CONFIG valueFrom: secretKeyRef: @@ -36,22 +35,25 @@ spec: valueFrom: secretKeyRef: name: huly-secret - key: CR_DB_URL - - name: MONGO_URL + key: DB_URL + - name: ACCOUNTS_DB_URL valueFrom: - configMapKeyRef: - name: huly-config - key: MONGO_URL + secretKeyRef: + name: huly-secret + key: DB_URL - name: SERVER_SECRET valueFrom: secretKeyRef: name: huly-secret key: SERVER_SECRET - name: QUEUE_CONFIG - value: redpanda:9092 - image: hardcoreeng/workspace:v0.7.242 + valueFrom: + secretKeyRef: + name: huly-secret + key: QUEUE_CONFIG + image: hardcoreeng/workspace:v0.7.252 name: workspace resources: limits: memory: "512M" - restartPolicy: Always + restartPolicy: Always \ No newline at end of file