Merge pull request #31 from meta-d/develop

Version 2.4.0

Author: meta-d

.deploy/api/package.json

@@ -1,7 +1,7 @@
 {
   "name": "ocap-server",
   "author": "Metad",
-  "version": "2.3.1",
+  "version": "2.4.0",
   "scripts": {
     "start": "nx serve",
     "build": "nx build",

.deploy/k8s/README.md

@@ -0,0 +1,8 @@
+## Deploy to Aliyun
+
+- `kubectl create namespace prod`
+- `kubectl apply -f ali-cnfs.yaml`
+- `kubectl apply -f ali-secret.yaml`
+- `kubectl apply -f ali-pv.yaml -n prod`
+- `kubectl apply -f ali-manifest.yaml -n prod`
+- 

.deploy/k8s/ali-cnfs.yaml

@@ -0,0 +1,12 @@
+# 创建CNFS、StorageClass和Deployment、StatefulSet对象。
+apiVersion: storage.alibabacloud.com/v1beta1
+kind: ContainerNetworkFileSystem
+metadata:
+  name: cnfs-nas-filesystem
+spec:
+  description: "cnfs"
+  type: nas
+  reclaimPolicy: Retain # 只支持Retain策略，删除CNFS时并不会删除NAS文件系统。
+  # parameters:
+  #   encryptType: SSE-KMS # 可选参数，不指定表示对文件不使用NAS托管加密，指定SSE-KMS表示开启此功能。
+  #   enableTrashCan: "true" # 可选参数，不指定表示不打开回收站功能，指定true表示开启此功能。

.deploy/k8s/manifest.prod.yaml renamed to .deploy/k8s/ali-manifest.yaml

@@ -1,3 +1,29 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: adminer
+  namespace: prod
+  annotations:
+    # URL重定向。
+    nginx.ingress.kubernetes.io/rewrite-target: /$2
+spec:
+  rules:
+  - host: adminer.mtda.cloud
+    http:
+      paths:
+    # 在Ingress Controller的版本≥0.22.0之后，path中需要使用正则表达式定义路径，并在rewrite-target中结合捕获组一起使用。
+      - path: /
+        backend:
+          service: 
+            name: db-adminer
+            port: 
+              number: 8084
+        pathType: ImplementationSpecific
+  tls:
+  - hosts:
+      - adminer.mtda.cloud
+    secretName: adminer-tls
+---
 apiVersion: v1
 kind: Service
 metadata:
@@ -40,6 +66,20 @@ spec:
       port: 4200
       targetPort: 80
 ---
+apiVersion: v1
+kind: Service
+metadata:
+  name: metad-website-lb
+spec:
+  type: ClusterIP
+  selector:
+    app: metad-prod-website
+  ports:
+    - name: http
+      protocol: TCP
+      port: 80
+      targetPort: 80
+---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -56,64 +96,64 @@ spec:
     spec:
       containers:
         - name: metad-prod-api
-          image: registry.cn-hangzhou.aliyuncs.com/metad/ocap-api:2.3.0
+          image: registry.cn-hangzhou.aliyuncs.com/metad/ocap-api:2.3.1
           imagePullPolicy: Always
           envFrom:
             - secretRef:
-                name: db-secrets
+                name: ocap-secrets
           env:
             - name: REDIS_PASSWORD
               valueFrom:
                 secretKeyRef:
-                  name: db-secrets
+                  name: ocap-secrets
                   key: REDIS_PASSWORD
                   optional: false
             - name: JWT_SECRET
               valueFrom:
                 secretKeyRef:
-                  name: db-secrets
+                  name: ocap-secrets
                   key: JWT_SECRET
                   optional: false
             - name: JWT_REFRESH_SECRET
               valueFrom:
                 secretKeyRef:
-                  name: db-secrets
+                  name: ocap-secrets
                   key: JWT_REFRESH_SECRET
                   optional: false
             - name: GITHUB_CLIENT_ID
               valueFrom:
                 secretKeyRef:
-                  name: db-secrets
+                  name: ocap-secrets
                   key: GITHUB_CLIENT_ID
                   optional: false
             - name: GITHUB_CLIENT_SECRET
               valueFrom:
                 secretKeyRef:
-                  name: db-secrets
+                  name: ocap-secrets
                   key: GITHUB_CLIENT_SECRET
                   optional: false
             - name: DINGTALK_CLIENT_ID
               valueFrom:
                 secretKeyRef:
-                  name: db-secrets
+                  name: ocap-secrets
                   key: DINGTALK_CLIENT_ID
                   optional: false
             - name: DINGTALK_CLIENT_SECRET
               valueFrom:
                 secretKeyRef:
-                  name: db-secrets
+                  name: ocap-secrets
                   key: DINGTALK_CLIENT_SECRET
                   optional: false
             - name: FEISHU_CLIENT_ID
               valueFrom:
                 secretKeyRef:
-                  name: db-secrets
+                  name: ocap-secrets
                   key: FEISHU_CLIENT_ID
                   optional: false
             - name: FEISHU_CLIENT_SECRET
               valueFrom:
                 secretKeyRef:
-                  name: db-secrets
+                  name: ocap-secrets
                   key: FEISHU_CLIENT_SECRET
                   optional: false  
             - name: API_BASE_URL
@@ -193,7 +233,7 @@ spec:
     spec:
       containers:
         - name: metad-prod-webapp
-          image: registry.cn-hangzhou.aliyuncs.com/metad/ocap-webapp:2.3.0
+          image: registry.cn-hangzhou.aliyuncs.com/metad/ocap-webapp:2.3.1
           imagePullPolicy: Always
           ports:
             - containerPort: 80
@@ -220,7 +260,7 @@ spec:
     spec:
       containers:
         - name: metad-prod-website
-          image: registry.cn-hangzhou.aliyuncs.com/metad/website:2.3.0
+          image: registry.cn-hangzhou.aliyuncs.com/metad/website:2.3.1
           ports:
             - containerPort: 80
               protocol: TCP
@@ -249,7 +289,7 @@ spec:
             - name: REDIS_PASSWORD
               valueFrom:
                 secretKeyRef:
-                  name: db-secrets
+                  name: ocap-secrets
                   key: REDIS_PASSWORD
                   optional: false
             - name: REDIS_HOST
@@ -262,4 +302,164 @@ spec:
             initialDelaySeconds: 3
             periodSeconds: 60
             successThreshold: 1
-            failureThreshold: 5
+            failureThreshold: 5
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: postgres
+spec:
+  type: ClusterIP
+  selector:
+    app: postgres
+  ports:
+    - protocol: TCP
+      port: 5432
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: db-adminer
+spec:
+  type: ClusterIP
+  selector:
+    app: db-adminer
+  ports:
+    - protocol: TCP
+      port: 8084
+      targetPort: 8080
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: redis
+spec:
+  type: ClusterIP
+  selector:
+    app: redis
+  ports:
+    - protocol: TCP
+      name: redis
+      port: 6379
+      targetPort: 6379
+    - protocol: TCP
+      name: insight
+      port: 8001
+      targetPort: 8001
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: postgres
+spec:
+  strategy:
+    rollingUpdate:
+      maxSurge: 1
+      maxUnavailable: 1
+    type: RollingUpdate
+  replicas: 1
+  selector:
+    matchLabels:
+      app: postgres
+  template:
+    metadata:
+      labels:
+        app: postgres
+    spec:
+      containers:
+        - name: postgres
+          image: registry.cn-hangzhou.aliyuncs.com/metad/pgvector:pg12
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 5432
+          env:
+            - name: POSTGRES_USER
+              valueFrom:
+                secretKeyRef:
+                  name: ocap-secrets
+                  key: DB_USER
+                  optional: false
+            - name: POSTGRES_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: ocap-secrets
+                  key: DB_PASS
+                  optional: false
+            - name: POSTGRES_DB
+              valueFrom:
+                secretKeyRef:
+                  name: ocap-secrets
+                  key: DB_NAME
+                  optional: false
+            - name: PGDATA
+              value: /var/lib/postgresql/data/pgdata
+          volumeMounts:
+            - mountPath: /var/lib/postgresql/data
+              name: postgredb
+      volumes:
+        - name: postgredb
+          persistentVolumeClaim:
+            claimName: db-pvc
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: db-adminer
+spec:
+  strategy:
+    rollingUpdate:
+      maxSurge: 1
+      maxUnavailable: 1
+    type: RollingUpdate
+  replicas: 1
+  selector:
+    matchLabels:
+      app: db-adminer
+  template:
+    metadata:
+      labels:
+        app: db-adminer
+    spec:
+      containers:
+        - name: adminer
+          image: adminer:latest
+          ports:
+            - containerPort: 8080
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: redis
+spec:
+  strategy:
+    rollingUpdate:
+      maxSurge: 1
+      maxUnavailable: 1
+    type: RollingUpdate
+  replicas: 1
+  selector:
+    matchLabels:
+      app: redis
+  template:
+    metadata:
+      labels:
+        app: redis
+    spec:
+      containers:
+        - name: redis
+          image: registry.cn-hangzhou.aliyuncs.com/metad/redis-stack:6.2.6-v15-x86_64
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 6379
+            - containerPort: 8001
+          env:
+            - name: REDIS_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: ocap-secrets
+                  key: REDIS_PASSWORD
+          command:
+            - redis-server
+          args:
+            - --requirepass
+            - $(REDIS_PASSWORD)

.deploy/k8s/ali-pv.yaml

@@ -0,0 +1,27 @@
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: db-pvc
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: alibabacloud-cnfs-nas
+  volumeName: prod-db-pv
+  resources:
+    requests:
+      storage: 10Gi # 如果打开目录限额功能，则storage字段会生效，动态创建目录写入数据量最大为 10 GiB。
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: prod-db-pv
+  labels:
+    type: nas
+spec:
+  storageClassName: alibabacloud-cnfs-nas
+  capacity:
+    storage: 10Gi
+  accessModes:
+    - ReadWriteMany
+  hostPath:
+    path: "/prod-db/"