Kubernetes 部署 Zealot 指南
Zealot 原生支持使用 Kubernetes 部署,不过一直还没有梳理 .yaml
配置文件用于安装。
部署清单
- 生成
Secret
/Configmap
存储环境变量。 - 生成
PersistentVolumeClaim
用于public/uploads
,public/bakcup
的持久化存储。 - 生成
Deployment
来管理zealot
Pod。 - 生成
Ingress
配置 Zealot 路由访问。
详细步骤
10-zealot-namespace.yml
创建 Zealot 命名空间。
10-zealot-namespace.yml
api Version: v1
kind: Namespace
metadata:
name: zealot
20-zealot-secrets.yml
配置 Zealot 涉及隐私数据的环境变量,值是需要经过 base64 加密。
20-zealot-secrets.yml
apiVersion: v1
kind: Secret
metadata:
namespace: zealot
name: zealot-secrets
data:
ZEALOT_ADMIN_EMAIL: V1ZkU2RHRlhOVUZsYlZab1lrYzVNRXh0VG5aaVVUMDk=
ZEALOT_ADMIN_PASSWORD: emVAbDB0
ZEALOT_POSTGRES_HOST: cG9zdGdyZXM=
ZEALOT_POSTGRES_PORT: NTQzMg==
ZEALOT_POSTGRES_USERNAME: emVhbG90
ZEALOT_POSTGRES_PASSWORD: emVAbDB0
ZEALOT_POSTGRES_DB_NAME: emVhbG90
REDIS_URL: cmVkaXM6Ly9yZWRpczo2Mzc5LzE=
# echo -n 'secret-key' | sha256sum | awk '{ printf $1 }' | base64
SECRET_TOKEN: ODVkYmUxNWQ3NWVmOTMwOGM3YWUwZjMzYzdhMzI0Y2M2ZjRiZjUxOWEyZWQyZjMwMjdiZDMzYzE0MGE0ZjlhYQ==
21-zealot-configmap.yml
配置 Zealot 正常数据的环境变量。
21-zealot-configmap.yml
apiVersion: v1
kind: ConfigMap
metadata:
namespace: zealot
name: zealot-config
data:
ZEALOT_DOMAIN: zealot.example.com
DEFAULT_LOCALE: en
ZEALOT_REGISTER_ENABLED: "true"
30-zealot-storage.yml
为上传文件(应用包和调试文件)以及备份文件创建持久化存储卷。你可能需要根据实际情况修改存储大小。
30-zealot-storage.yml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: zealot-uploads
namespace: zealot
labels:
app: zealot
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 20Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: zealot-backup
namespace: zealot
labels:
app: zealot
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 20Gi
40-zealot-deployment.yml
创建 Zealot 部署,根据实际情况修改 replicas
扩容值和 image
镜像 tag。
40-zealot-deployment.yml
apiVersion: apps/v1
kind: Deployment
metadata:
name: zealot
namespace: zealot
spec:
restartPolicy: Always
replicas: 1
selector:
matchLabels:
app: zealot
template:
metadata:
labels:
app: zealot
spec:
containers:
- name: zealot
image: ghcr.io/tryzealot/zealot:nightly
# imagePullPolicy: Always
ports:
- containerPort: 80
protocol: TCP
name: http
envFrom:
- configMapRef:
name: zealot-env
- secretRef:
name: zealot-secrets
volumeMounts:
- mountPath: /app/public/uploads
name: uploads
- mountPath: /app/public/backup
name: backup
volumes:
- name: uploads
persistentVolumeClaim:
claimName: zealot-uploads
- name: backup
persistentVolumeClaim:
claimName: zealot-backup
50-zealot-service.yml
创建 zealot 服务。
50-zealot-service.yml
apiVersion: v1
kind: Service
metadata:
name: zealot
namespace: zealot
labels:
app: zealot
spec:
selector:
app: zealot
ports:
- port: 80
targetPort: http
name: http
protocol: TCP
60-zealot-ingress.yml
为 Zealot 服务设置 ingress。
50-zealot-ingress.yml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: zealot
namespace: zealot
annotations:
#cert-manager.io/cluster-issuer: letsencrypt-prod
#kubernetes.io/ingress.class: nginx
spec:
rules:
- host: zealot.example.com
http:
paths:
- web:
service:
name: zealot
port:
number: 80
path: /
pathType: Prefix