From 3bbe1f1471281bec1d81d827d44921e543928b47 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Thu, 7 Feb 2019 17:33:20 +0100 Subject: [PATCH 01/12] Create ingress server and add documentation --- README.md | 15 +++++++++++++++ staging/ingress.yaml | 13 +++++++++++++ staging/service-web.yaml | 2 -- 3 files changed, 28 insertions(+), 2 deletions(-) create mode 100644 staging/ingress.yaml diff --git a/README.md b/README.md index 6ab975a07..572ecbc43 100644 --- a/README.md +++ b/README.md @@ -109,6 +109,21 @@ Sit back and relax and have a look into your kubernetes dashboard. Wait until all pods turn green and they don't show a warning `Waiting: ContainerCreating` anymore. +### Setup Loadbalancer and Ingress + +Basically follow [this tutorial](https://www.digitalocean.com/community/tutorials/how-to-set-up-an-nginx-ingress-with-cert-manager-on-digitalocean-kubernetes). + +tl;dr: +```sh +$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/mandatory.yaml +$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/cloud-generic.yaml +``` +And create an ingress service in namespace `staging`: +```sh +# you should change the domain name according to your needs +$ kubectl apply -f staging/ingress.yaml +``` + #### Legacy data migration This setup is completely optional and only required if you have data on a server diff --git a/staging/ingress.yaml b/staging/ingress.yaml new file mode 100644 index 000000000..fa23a9957 --- /dev/null +++ b/staging/ingress.yaml @@ -0,0 +1,13 @@ +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: ingress + namespace: staging +spec: + rules: + - host: master.nitro.human-connection.org + http: + paths: + - backend: + serviceName: nitro-web + servicePort: 3000 diff --git a/staging/service-web.yaml b/staging/service-web.yaml index ad2b9678b..333983b72 100644 --- a/staging/service-web.yaml +++ b/staging/service-web.yaml @@ -12,5 +12,3 @@ spec: targetPort: 3000 selector: workload.user.cattle.io/workloadselector: deployment-staging-web - type: LoadBalancer - externalTrafficPolicy: Cluster From 066adb9b6edf2ddedb4466012fdbd5c9e4c83e41 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Thu, 7 Feb 2019 23:14:01 +0100 Subject: [PATCH 02/12] Bulk rename namespace staging->`human-connection` --- README.md | 30 +++++++++---------- db-migration-worker.yaml | 4 +-- {staging => human-connection}/configmaps.yaml | 18 +++++------ .../deployment-backend.yaml | 20 ++++++------- .../deployment-neo4j.yaml | 14 ++++----- .../deployment-web.yaml | 12 ++++---- {staging => human-connection}/ingress.yaml | 2 +- human-connection/service-backend.yaml | 14 +++++++++ .../service-neo4j.yaml | 6 ++-- human-connection/service-web.yaml | 14 +++++++++ legacy-migration/deployment-backend.yaml | 2 +- legacy-migration/deployment-neo4j.yaml | 2 +- .../volume-claim-mongo-export.yaml | 2 +- namespace-human-connection.yaml | 6 ++++ namespace-staging.yaml | 6 ---- secrets.template.yaml | 4 +-- staging/service-backend.yaml | 14 --------- staging/service-web.yaml | 14 --------- 18 files changed, 92 insertions(+), 92 deletions(-) rename {staging => human-connection}/configmaps.yaml (50%) rename {staging => human-connection}/deployment-backend.yaml (79%) rename {staging => human-connection}/deployment-neo4j.yaml (82%) rename {staging => human-connection}/deployment-web.yaml (76%) rename {staging => human-connection}/ingress.yaml (88%) create mode 100644 human-connection/service-backend.yaml rename {staging => human-connection}/service-neo4j.yaml (53%) create mode 100644 human-connection/service-web.yaml create mode 100644 namespace-human-connection.yaml delete mode 100644 namespace-staging.yaml delete mode 100644 staging/service-backend.yaml delete mode 100644 staging/service-web.yaml diff --git a/README.md b/README.md index 572ecbc43..6cb31bfec 100644 --- a/README.md +++ b/README.md @@ -28,7 +28,7 @@ If all the pods and services have settled and everything looks green in your minikube dashboard, expose the `nitro-web` service on your host system with: ```shell -$ minikube service nitro-web --namespace=staging +$ minikube service nitro-web --namespace=human-connection ``` ## Digital Ocean @@ -72,14 +72,14 @@ own setup. #### Setup config maps ```shell -$ cp configmap-db-migration-worker.template.yaml staging/configmap-db-migration-worker.yaml +$ cp configmap-db-migration-worker.template.yaml human-connection/configmap-db-migration-worker.yaml ``` Edit all variables according to the setup of the remote legacy server. #### Setup secrets and deploy themn ```sh -$ cp secrets.template.yaml staging/secrets.yaml +$ cp secrets.template.yaml human-connection/secrets.yaml ``` Change all secrets as needed. @@ -94,14 +94,14 @@ Those secrets get `base64` decoded in a kubernetes pod. #### Create a namespace locally ```shell -$ kubectl create -f namespace-staging.yaml +$ kubectl create -f namespace-human-connection.yaml ``` -Switch to the namespace `staging` in your kubernetes dashboard. +Switch to the namespace `human-connection` in your kubernetes dashboard. ### Run the configuration ```shell -$ kubectl apply -f staging/ +$ kubectl apply -f human-connection/ ``` This can take a while because kubernetes will download the docker images. @@ -118,10 +118,10 @@ tl;dr: $ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/mandatory.yaml $ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/cloud-generic.yaml ``` -And create an ingress service in namespace `staging`: +And create an ingress service in namespace `human-connection`: ```sh # you should change the domain name according to your needs -$ kubectl apply -f staging/ingress.yaml +$ kubectl apply -f human-connection/ingress.yaml ``` #### Legacy data migration @@ -134,7 +134,7 @@ import the uploads folder and migrate a dump of mongodb into neo4j. Create a configmap with the specific connection data of your legacy server: ```sh $ kubectl create configmap db-migration-worker \ - --namespace=staging \ + --namespace=human-connection \ --from-literal=SSH_USERNAME=someuser \ --from-literal=SSH_HOST=yourhost \ --from-literal=MONGODB_USERNAME=hc-api \ @@ -148,7 +148,7 @@ $ kubectl create configmap db-migration-worker \ Create a secret with your public and private ssh keys: ```sh $ kubectl create secret generic ssh-keys \ - --namespace=staging \ + --namespace=human-connection \ --from-file=id_rsa=/path/to/.ssh/id_rsa \ --from-file=id_rsa.pub=/path/to/.ssh/id_rsa.pub \ --from-file=known_hosts=/path/to/.ssh/known_hosts @@ -163,15 +163,15 @@ Patch the existing deployments to use a multi-container setup: ```bash cd legacy-migration kubectl apply -f volume-claim-mongo-export.yaml -kubectl patch --namespace=staging deployment nitro-backend --patch "$(cat deployment-backend.yaml)" -kubectl patch --namespace=staging deployment nitro-neo4j --patch "$(cat deployment-neo4j.yaml)" +kubectl patch --namespace=human-connection deployment nitro-backend --patch "$(cat deployment-backend.yaml)" +kubectl patch --namespace=human-connection deployment nitro-neo4j --patch "$(cat deployment-neo4j.yaml)" cd .. ``` Run the migration: ```shell -$ kubectl --namespace=staging get pods +$ kubectl --namespace=human-connection get pods # change below -$ kubectl --namespace=staging exec -it nitro-neo4j-65bbdb597c-nc2lv migrate -$ kubectl --namespace=staging exec -it nitro-backend-c6cc5ff69-8h96z sync_uploads +$ kubectl --namespace=human-connection exec -it nitro-neo4j-65bbdb597c-nc2lv migrate +$ kubectl --namespace=human-connection exec -it nitro-backend-c6cc5ff69-8h96z sync_uploads ``` diff --git a/db-migration-worker.yaml b/db-migration-worker.yaml index e0b520e58..55743e360 100644 --- a/db-migration-worker.yaml +++ b/db-migration-worker.yaml @@ -3,7 +3,7 @@ apiVersion: v1 metadata: name: nitro-db-migration-worker - namespace: staging + namespace: human-connection spec: volumes: - name: secret-volume @@ -30,7 +30,7 @@ apiVersion: v1 metadata: name: mongo-export-claim - namespace: staging + namespace: human-connection spec: accessModes: - ReadWriteOnce diff --git a/staging/configmaps.yaml b/human-connection/configmaps.yaml similarity index 50% rename from staging/configmaps.yaml rename to human-connection/configmaps.yaml index c07353141..6c836c220 100644 --- a/staging/configmaps.yaml +++ b/human-connection/configmaps.yaml @@ -3,27 +3,27 @@ kind: ConfigMap data: GRAPHQL_PORT: "4000" - GRAPHQL_URI: "http://nitro-backend.staging:4000" + GRAPHQL_URI: "http://nitro-backend.human-connection:4000" MOCK: "false" metadata: - name: staging-backend - namespace: staging + name: human-connection-backend + namespace: human-connection --- apiVersion: v1 kind: ConfigMap data: - NEO4J_URI: "bolt://nitro-neo4j.staging:7687" + NEO4J_URI: "bolt://nitro-neo4j.human-connection:7687" NEO4J_USER: "neo4j" NEO4J_AUTH: none metadata: - name: staging-neo4j - namespace: staging + name: human-connection-neo4j + namespace: human-connection --- apiVersion: v1 kind: ConfigMap data: - CLIENT_URI: "https://nitro-staging.human-connection.org" + CLIENT_URI: "https://nitro-human-connection.human-connection.org" MAPBOX_TOKEN: pk.eyJ1IjoiaHVtYW4tY29ubmVjdGlvbiIsImEiOiJjajl0cnBubGoweTVlM3VwZ2lzNTNud3ZtIn0.KZ8KK9l70omjXbEkkbHGsQ metadata: - name: staging-web - namespace: staging + name: human-connection-web + namespace: human-connection diff --git a/staging/deployment-backend.yaml b/human-connection/deployment-backend.yaml similarity index 79% rename from staging/deployment-backend.yaml rename to human-connection/deployment-backend.yaml index 4c2832a71..ac1f31ed4 100644 --- a/staging/deployment-backend.yaml +++ b/human-connection/deployment-backend.yaml @@ -3,18 +3,18 @@ kind: Deployment metadata: name: nitro-backend - namespace: staging + namespace: human-connection spec: replicas: 2 minReadySeconds: 15 progressDeadlineSeconds: 60 selector: matchLabels: - workload.user.cattle.io/workloadselector: deployment-staging-backend + human-connection.org/selector: deployment-human-connection-backend template: metadata: labels: - workload.user.cattle.io/workloadselector: deployment-staging-backend + human-connection.org/selector: deployment-human-connection-backend name: "nitro-backend" spec: containers: @@ -31,33 +31,33 @@ - name: CLIENT_URI valueFrom: configMapKeyRef: - name: staging-web + name: human-connection-web key: CLIENT_URI - name: GRAPHQL_PORT valueFrom: configMapKeyRef: - name: staging-backend + name: human-connection-backend key: GRAPHQL_PORT - name: GRAPHQL_URI valueFrom: configMapKeyRef: - name: staging-backend + name: human-connection-backend key: GRAPHQL_URI - name: MAPBOX_TOKEN valueFrom: configMapKeyRef: - name: staging-web + name: human-connection-web key: MAPBOX_TOKEN - name: JWT_SECRET valueFrom: secretKeyRef: - name: staging + name: human-connection key: JWT_SECRET optional: false - name: NEO4J_URI valueFrom: configMapKeyRef: - name: staging-neo4j + name: human-connection-neo4j key: NEO4J_URI volumeMounts: - mountPath: /nitro-backend/public/uploads @@ -74,7 +74,7 @@ apiVersion: v1 metadata: name: uploads-claim - namespace: staging + namespace: human-connection spec: accessModes: - ReadWriteOnce diff --git a/staging/deployment-neo4j.yaml b/human-connection/deployment-neo4j.yaml similarity index 82% rename from staging/deployment-neo4j.yaml rename to human-connection/deployment-neo4j.yaml index d9aeab542..c84431bb5 100644 --- a/staging/deployment-neo4j.yaml +++ b/human-connection/deployment-neo4j.yaml @@ -3,17 +3,17 @@ kind: Deployment metadata: name: nitro-neo4j - namespace: staging + namespace: human-connection spec: replicas: 1 strategy: {} selector: matchLabels: - workload.user.cattle.io/workloadselector: deployment-staging-neo4j + human-connection.org/selector: deployment-human-connection-neo4j template: metadata: labels: - workload.user.cattle.io/workloadselector: deployment-staging-neo4j + human-connection.org/selector: deployment-human-connection-neo4j name: nitro-neo4j spec: containers: @@ -34,17 +34,17 @@ - name: NEO4J_URI valueFrom: configMapKeyRef: - name: staging-neo4j + name: human-connection-neo4j key: NEO4J_URI - name: NEO4J_USER valueFrom: configMapKeyRef: - name: staging-neo4j + name: human-connection-neo4j key: NEO4J_USER - name: NEO4J_AUTH valueFrom: configMapKeyRef: - name: staging-neo4j + name: human-connection-neo4j key: NEO4J_AUTH ports: - containerPort: 7687 @@ -63,7 +63,7 @@ apiVersion: v1 metadata: name: neo4j-data-claim - namespace: staging + namespace: human-connection spec: accessModes: - ReadWriteOnce diff --git a/staging/deployment-web.yaml b/human-connection/deployment-web.yaml similarity index 76% rename from staging/deployment-web.yaml rename to human-connection/deployment-web.yaml index de9651528..769b44469 100644 --- a/staging/deployment-web.yaml +++ b/human-connection/deployment-web.yaml @@ -2,18 +2,18 @@ apiVersion: extensions/v1beta1 kind: Deployment metadata: name: nitro-web - namespace: staging + namespace: human-connection spec: replicas: 2 minReadySeconds: 15 progressDeadlineSeconds: 60 selector: matchLabels: - workload.user.cattle.io/workloadselector: deployment-staging-web + human-connection.org/selector: deployment-human-connection-web template: metadata: labels: - workload.user.cattle.io/workloadselector: deployment-staging-web + human-connection.org/selector: deployment-human-connection-web name: nitro-web spec: containers: @@ -26,17 +26,17 @@ spec: - name: BACKEND_URL valueFrom: configMapKeyRef: - name: staging-backend + name: human-connection-backend key: GRAPHQL_URI - name: MAPBOX_TOKEN valueFrom: configMapKeyRef: - name: staging-web + name: human-connection-web key: MAPBOX_TOKEN - name: JWT_SECRET valueFrom: secretKeyRef: - name: staging + name: human-connection key: JWT_SECRET optional: false image: humanconnection/nitro-web:latest diff --git a/staging/ingress.yaml b/human-connection/ingress.yaml similarity index 88% rename from staging/ingress.yaml rename to human-connection/ingress.yaml index fa23a9957..b6028b9aa 100644 --- a/staging/ingress.yaml +++ b/human-connection/ingress.yaml @@ -2,7 +2,7 @@ apiVersion: extensions/v1beta1 kind: Ingress metadata: name: ingress - namespace: staging + namespace: human-connection spec: rules: - host: master.nitro.human-connection.org diff --git a/human-connection/service-backend.yaml b/human-connection/service-backend.yaml new file mode 100644 index 000000000..52e4621b2 --- /dev/null +++ b/human-connection/service-backend.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: nitro-backend + namespace: human-connection + labels: + human-connection.org/selector: deployment-human-connection-backend +spec: + ports: + - name: web + port: 4000 + targetPort: 4000 + selector: + human-connection.org/selector: deployment-human-connection-backend diff --git a/staging/service-neo4j.yaml b/human-connection/service-neo4j.yaml similarity index 53% rename from staging/service-neo4j.yaml rename to human-connection/service-neo4j.yaml index d6c7a95b4..ebe7c5208 100644 --- a/staging/service-neo4j.yaml +++ b/human-connection/service-neo4j.yaml @@ -2,9 +2,9 @@ apiVersion: v1 kind: Service metadata: name: nitro-neo4j - namespace: staging + namespace: human-connection labels: - workload.user.cattle.io/workloadselector: deployment-staging-neo4j + human-connection.org/selector: deployment-human-connection-neo4j spec: ports: - name: bolt @@ -14,4 +14,4 @@ spec: port: 7474 targetPort: 7474 selector: - workload.user.cattle.io/workloadselector: deployment-staging-neo4j + human-connection.org/selector: deployment-human-connection-neo4j diff --git a/human-connection/service-web.yaml b/human-connection/service-web.yaml new file mode 100644 index 000000000..548b874c2 --- /dev/null +++ b/human-connection/service-web.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: nitro-web + namespace: human-connection + labels: + human-connection.org/selector: deployment-human-connection-web +spec: + ports: + - name: web + port: 3000 + targetPort: 3000 + selector: + human-connection.org/selector: deployment-human-connection-web diff --git a/legacy-migration/deployment-backend.yaml b/legacy-migration/deployment-backend.yaml index e29730cae..1adeb0665 100644 --- a/legacy-migration/deployment-backend.yaml +++ b/legacy-migration/deployment-backend.yaml @@ -3,7 +3,7 @@ kind: Deployment metadata: name: nitro-backend - namespace: staging + namespace: human-connection spec: template: spec: diff --git a/legacy-migration/deployment-neo4j.yaml b/legacy-migration/deployment-neo4j.yaml index 887c02f3a..2852b90cb 100644 --- a/legacy-migration/deployment-neo4j.yaml +++ b/legacy-migration/deployment-neo4j.yaml @@ -3,7 +3,7 @@ kind: Deployment metadata: name: nitro-neo4j - namespace: staging + namespace: human-connection spec: template: spec: diff --git a/legacy-migration/volume-claim-mongo-export.yaml b/legacy-migration/volume-claim-mongo-export.yaml index 563a9cfe6..106ef4736 100644 --- a/legacy-migration/volume-claim-mongo-export.yaml +++ b/legacy-migration/volume-claim-mongo-export.yaml @@ -3,7 +3,7 @@ apiVersion: v1 metadata: name: mongo-export-claim - namespace: staging + namespace: human-connection spec: accessModes: - ReadWriteOnce diff --git a/namespace-human-connection.yaml b/namespace-human-connection.yaml new file mode 100644 index 000000000..0710da55b --- /dev/null +++ b/namespace-human-connection.yaml @@ -0,0 +1,6 @@ +kind: Namespace +apiVersion: v1 +metadata: + name: human-connection + labels: + name: human-connection diff --git a/namespace-staging.yaml b/namespace-staging.yaml deleted file mode 100644 index d63b4e0f9..000000000 --- a/namespace-staging.yaml +++ /dev/null @@ -1,6 +0,0 @@ -kind: Namespace -apiVersion: v1 -metadata: - name: staging - labels: - name: staging diff --git a/secrets.template.yaml b/secrets.template.yaml index 755cd2d06..915a31be5 100644 --- a/secrets.template.yaml +++ b/secrets.template.yaml @@ -4,5 +4,5 @@ data: JWT_SECRET: "Yi8mJjdiNzhCRiZmdi9WZA==" MONGODB_PASSWORD: "TU9OR09EQl9QQVNTV09SRA==" metadata: - name: staging - namespace: staging + name: human-connection + namespace: human-connection diff --git a/staging/service-backend.yaml b/staging/service-backend.yaml deleted file mode 100644 index 39cfca63a..000000000 --- a/staging/service-backend.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: nitro-backend - namespace: staging - labels: - workload.user.cattle.io/workloadselector: deployment-staging-backend -spec: - ports: - - name: web - port: 4000 - targetPort: 4000 - selector: - workload.user.cattle.io/workloadselector: deployment-staging-backend diff --git a/staging/service-web.yaml b/staging/service-web.yaml deleted file mode 100644 index 333983b72..000000000 --- a/staging/service-web.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: nitro-web - namespace: staging - labels: - workload.user.cattle.io/workloadselector: deployment-staging-web -spec: - ports: - - name: web - port: 3000 - targetPort: 3000 - selector: - workload.user.cattle.io/workloadselector: deployment-staging-web From a25f806d0e27a8a60bf6542ad42576699e534dfe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Thu, 7 Feb 2019 23:18:50 +0100 Subject: [PATCH 03/12] Add missing kubernetes dashboard deployment --- README.md | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 6cb31bfec..e339d90d5 100644 --- a/README.md +++ b/README.md @@ -36,6 +36,8 @@ $ minikube service nitro-web --namespace=human-connection First, install kubernetes dashboard: ```sh $ kubectl apply -f dashboard/ +$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/master/aio/deploy/recommended/kubernetes-dashboard.yaml + ``` Proxy localhost to the remote kubernetes dashboard: ```sh @@ -70,13 +72,7 @@ Grab the token and paste it into the login screen at [http://localhost:8001/api/ You have to do some prerequisites e.g. change some secrets according to your own setup. -#### Setup config maps -```shell -$ cp configmap-db-migration-worker.template.yaml human-connection/configmap-db-migration-worker.yaml -``` -Edit all variables according to the setup of the remote legacy server. - -#### Setup secrets and deploy themn +### Edit secrets ```sh $ cp secrets.template.yaml human-connection/secrets.yaml @@ -92,7 +88,7 @@ YWRtaW4= ``` Those secrets get `base64` decoded in a kubernetes pod. -#### Create a namespace locally +### Create a namespace ```shell $ kubectl create -f namespace-human-connection.yaml ``` From 5d5db1ea47bc25893a97e898e7b181942bb02403 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Thu, 7 Feb 2019 23:41:27 +0100 Subject: [PATCH 04/12] Use single configmap for simplicity --- .../{configmaps.yaml => configmap.yaml} | 16 +--------------- human-connection/deployment-backend.yaml | 12 ++++++------ human-connection/deployment-neo4j.yaml | 6 +++--- human-connection/deployment-web.yaml | 6 +++--- 4 files changed, 13 insertions(+), 27 deletions(-) rename human-connection/{configmaps.yaml => configmap.yaml} (63%) diff --git a/human-connection/configmaps.yaml b/human-connection/configmap.yaml similarity index 63% rename from human-connection/configmaps.yaml rename to human-connection/configmap.yaml index 6c836c220..50ae17e23 100644 --- a/human-connection/configmaps.yaml +++ b/human-connection/configmap.yaml @@ -5,25 +5,11 @@ GRAPHQL_PORT: "4000" GRAPHQL_URI: "http://nitro-backend.human-connection:4000" MOCK: "false" - metadata: - name: human-connection-backend - namespace: human-connection ---- - apiVersion: v1 - kind: ConfigMap - data: NEO4J_URI: "bolt://nitro-neo4j.human-connection:7687" NEO4J_USER: "neo4j" NEO4J_AUTH: none - metadata: - name: human-connection-neo4j - namespace: human-connection ---- - apiVersion: v1 - kind: ConfigMap - data: CLIENT_URI: "https://nitro-human-connection.human-connection.org" MAPBOX_TOKEN: pk.eyJ1IjoiaHVtYW4tY29ubmVjdGlvbiIsImEiOiJjajl0cnBubGoweTVlM3VwZ2lzNTNud3ZtIn0.KZ8KK9l70omjXbEkkbHGsQ metadata: - name: human-connection-web + name: configmap namespace: human-connection diff --git a/human-connection/deployment-backend.yaml b/human-connection/deployment-backend.yaml index ac1f31ed4..49bb85f5c 100644 --- a/human-connection/deployment-backend.yaml +++ b/human-connection/deployment-backend.yaml @@ -31,33 +31,33 @@ - name: CLIENT_URI valueFrom: configMapKeyRef: - name: human-connection-web + name: configmap key: CLIENT_URI - name: GRAPHQL_PORT valueFrom: configMapKeyRef: - name: human-connection-backend + name: configmap key: GRAPHQL_PORT - name: GRAPHQL_URI valueFrom: configMapKeyRef: - name: human-connection-backend + name: configmap key: GRAPHQL_URI - name: MAPBOX_TOKEN valueFrom: configMapKeyRef: - name: human-connection-web + name: configmap key: MAPBOX_TOKEN - name: JWT_SECRET valueFrom: secretKeyRef: - name: human-connection + name: secret key: JWT_SECRET optional: false - name: NEO4J_URI valueFrom: configMapKeyRef: - name: human-connection-neo4j + name: configmap key: NEO4J_URI volumeMounts: - mountPath: /nitro-backend/public/uploads diff --git a/human-connection/deployment-neo4j.yaml b/human-connection/deployment-neo4j.yaml index c84431bb5..e3110cac2 100644 --- a/human-connection/deployment-neo4j.yaml +++ b/human-connection/deployment-neo4j.yaml @@ -34,17 +34,17 @@ - name: NEO4J_URI valueFrom: configMapKeyRef: - name: human-connection-neo4j + name: configmap key: NEO4J_URI - name: NEO4J_USER valueFrom: configMapKeyRef: - name: human-connection-neo4j + name: configmap key: NEO4J_USER - name: NEO4J_AUTH valueFrom: configMapKeyRef: - name: human-connection-neo4j + name: configmap key: NEO4J_AUTH ports: - containerPort: 7687 diff --git a/human-connection/deployment-web.yaml b/human-connection/deployment-web.yaml index 769b44469..a3dafe766 100644 --- a/human-connection/deployment-web.yaml +++ b/human-connection/deployment-web.yaml @@ -26,17 +26,17 @@ spec: - name: BACKEND_URL valueFrom: configMapKeyRef: - name: human-connection-backend + name: configmap key: GRAPHQL_URI - name: MAPBOX_TOKEN valueFrom: configMapKeyRef: - name: human-connection-web + name: configmap key: MAPBOX_TOKEN - name: JWT_SECRET valueFrom: secretKeyRef: - name: human-connection + name: secret key: JWT_SECRET optional: false image: humanconnection/nitro-web:latest From 9bb2361b18079761427693124fb1c98254a55bfb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Fri, 8 Feb 2019 02:23:24 +0100 Subject: [PATCH 05/12] Unverified documentation of TLS setup --- README.md | 14 ++++++++++++++ certmanager/ingress.yaml | 22 ++++++++++++++++++++++ certmanager/issuer-production.yaml | 16 ++++++++++++++++ certmanager/issuer-staging.yaml | 16 ++++++++++++++++ human-connection/ingress.yaml | 13 ------------- 5 files changed, 68 insertions(+), 13 deletions(-) create mode 100644 certmanager/ingress.yaml create mode 100644 certmanager/issuer-production.yaml create mode 100644 certmanager/issuer-staging.yaml delete mode 100644 human-connection/ingress.yaml diff --git a/README.md b/README.md index e339d90d5..70438c754 100644 --- a/README.md +++ b/README.md @@ -120,6 +120,20 @@ And create an ingress service in namespace `human-connection`: $ kubectl apply -f human-connection/ingress.yaml ``` +#### Setup SSL + +Follow [this quick start guide](https://docs.cert-manager.io/en/latest/tutorials/acme/quick-start/index.html): +``` +$ kubectl create serviceaccount tiller --namespace=kube-system +$ kubectl create clusterrolebinding tiller-admin --serviceaccount=kube-system:tiller --clusterrole=cluster-admin +$ helm init --service-account=tiller +$ helm repo update +$ helm install stable/nginx-ingress --name quickstart +$ kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.6/deploy/manifests/00-crds.yaml +$ helm install --name cert-manager --namespace cert-manager stable/cert-manager +$ kubectl apply -f certmanager/ +``` + #### Legacy data migration This setup is completely optional and only required if you have data on a server diff --git a/certmanager/ingress.yaml b/certmanager/ingress.yaml new file mode 100644 index 000000000..d0ef9a2af --- /dev/null +++ b/certmanager/ingress.yaml @@ -0,0 +1,22 @@ +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: ingress + namespace: human-connection + annotations: + kubernetes.io/ingress.class: "nginx" + certmanager.k8s.io/issuer: "letsencrypt-staging" + certmanager.k8s.io/acme-challenge-type: http01 +spec: + tls: + - hosts: + - master.nitro.human-connection.org + secretName: quickstart-example-tls + rules: + - host: master.nitro.human-connection.org + http: + paths: + - path: / + backend: + serviceName: nitro-web + servicePort: 3000 diff --git a/certmanager/issuer-production.yaml b/certmanager/issuer-production.yaml new file mode 100644 index 000000000..6977a2178 --- /dev/null +++ b/certmanager/issuer-production.yaml @@ -0,0 +1,16 @@ +apiVersion: certmanager.k8s.io/v1alpha1 +kind: Issuer +metadata: + name: letsencrypt-prod + namespace: human-connection +spec: + acme: + # The ACME server URL + server: https://acme-v02.api.letsencrypt.org/directory + # Email address used for ACME registration + email: letsencrypt-prod@roschaefer.de + # Name of a secret used to store the ACME account private key + privateKeySecretRef: + name: letsencrypt-prod + # Enable the HTTP-01 challenge provider + http01: {} diff --git a/certmanager/issuer-staging.yaml b/certmanager/issuer-staging.yaml new file mode 100644 index 000000000..ef0f40faa --- /dev/null +++ b/certmanager/issuer-staging.yaml @@ -0,0 +1,16 @@ +apiVersion: certmanager.k8s.io/v1alpha1 +kind: Issuer +metadata: + name: letsencrypt-staging + namespace: human-connection +spec: + acme: + # The ACME server URL + server: https://acme-staging-v02.api.letsencrypt.org/directory + # Email address used for ACME registration + email: letsencrypt-staging@roschaefer.de + # Name of a secret used to store the ACME account private key + privateKeySecretRef: + name: letsencrypt-staging + # Enable the HTTP-01 challenge provider + http01: {} diff --git a/human-connection/ingress.yaml b/human-connection/ingress.yaml deleted file mode 100644 index b6028b9aa..000000000 --- a/human-connection/ingress.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: ingress - namespace: human-connection -spec: - rules: - - host: master.nitro.human-connection.org - http: - paths: - - backend: - serviceName: nitro-web - servicePort: 3000 From 5d04c4ccc041d345c07e45ab056be18d0a09a316 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Fri, 8 Feb 2019 11:00:34 +0100 Subject: [PATCH 06/12] HTTPS works! --- README.md | 17 +++++++++++++---- .../certmanager}/ingress.yaml | 4 ++-- .../certmanager}/issuer-production.yaml | 2 +- .../certmanager}/issuer-staging.yaml | 2 +- 4 files changed, 17 insertions(+), 8 deletions(-) rename {certmanager => human-connection/certmanager}/ingress.yaml (84%) rename {certmanager => human-connection/certmanager}/issuer-production.yaml (91%) rename {certmanager => human-connection/certmanager}/issuer-staging.yaml (91%) diff --git a/README.md b/README.md index 70438c754..026387628 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ Todos: - [x] check labels and selectors if they all are correct - [x] configure NGINX from yml -- [ ] configure Let's Encrypt cert-manager from yml +- [x] configure Let's Encrypt cert-manager from yml - [x] configure ingress from yml - [x] configure persistent & shared storage between nodes - [x] reproduce setup locally @@ -122,16 +122,25 @@ $ kubectl apply -f human-connection/ingress.yaml #### Setup SSL -Follow [this quick start guide](https://docs.cert-manager.io/en/latest/tutorials/acme/quick-start/index.html): +Follow [this quick start guide](https://docs.cert-manager.io/en/latest/tutorials/acme/quick-start/index.html) +and install certmanager via helm and tiller: ``` $ kubectl create serviceaccount tiller --namespace=kube-system $ kubectl create clusterrolebinding tiller-admin --serviceaccount=kube-system:tiller --clusterrole=cluster-admin $ helm init --service-account=tiller $ helm repo update $ helm install stable/nginx-ingress --name quickstart -$ kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.6/deploy/manifests/00-crds.yaml +$ kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.6/deploy/manifests/00-crds.yaml $ helm install --name cert-manager --namespace cert-manager stable/cert-manager -$ kubectl apply -f certmanager/ +``` + +We provided some configuration in a folder `human-connection/certmanager`. To +avoid letsencrypt very strict rate limits, the default issuer is +`letsencrypt-staging`. If certmanager is working properly, change it to +`letsencrypt-prod`. Please updated the email address in the configuration, too. + +```sh +$ kubectl apply -f human-connection/certmanager/ ``` #### Legacy data migration diff --git a/certmanager/ingress.yaml b/human-connection/certmanager/ingress.yaml similarity index 84% rename from certmanager/ingress.yaml rename to human-connection/certmanager/ingress.yaml index d0ef9a2af..4e55adaf2 100644 --- a/certmanager/ingress.yaml +++ b/human-connection/certmanager/ingress.yaml @@ -10,10 +10,10 @@ metadata: spec: tls: - hosts: - - master.nitro.human-connection.org + - nitro-master.human-connection.org secretName: quickstart-example-tls rules: - - host: master.nitro.human-connection.org + - host: nitro-master.human-connection.org http: paths: - path: / diff --git a/certmanager/issuer-production.yaml b/human-connection/certmanager/issuer-production.yaml similarity index 91% rename from certmanager/issuer-production.yaml rename to human-connection/certmanager/issuer-production.yaml index 6977a2178..93090b160 100644 --- a/certmanager/issuer-production.yaml +++ b/human-connection/certmanager/issuer-production.yaml @@ -8,7 +8,7 @@ spec: # The ACME server URL server: https://acme-v02.api.letsencrypt.org/directory # Email address used for ACME registration - email: letsencrypt-prod@roschaefer.de + email: yourmail@example.org # Name of a secret used to store the ACME account private key privateKeySecretRef: name: letsencrypt-prod diff --git a/certmanager/issuer-staging.yaml b/human-connection/certmanager/issuer-staging.yaml similarity index 91% rename from certmanager/issuer-staging.yaml rename to human-connection/certmanager/issuer-staging.yaml index ef0f40faa..c7b4e0cc3 100644 --- a/certmanager/issuer-staging.yaml +++ b/human-connection/certmanager/issuer-staging.yaml @@ -8,7 +8,7 @@ spec: # The ACME server URL server: https://acme-staging-v02.api.letsencrypt.org/directory # Email address used for ACME registration - email: letsencrypt-staging@roschaefer.de + email: yourmail@example.org # Name of a secret used to store the ACME account private key privateKeySecretRef: name: letsencrypt-staging From 85f9a5ef131292f28f54bdfc0acfd12914e388d4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Fri, 8 Feb 2019 13:58:33 +0100 Subject: [PATCH 07/12] Save some money and decrease volume size We can resize it later --- human-connection/deployment-backend.yaml | 2 +- human-connection/deployment-neo4j.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/human-connection/deployment-backend.yaml b/human-connection/deployment-backend.yaml index 49bb85f5c..00e08f1e7 100644 --- a/human-connection/deployment-backend.yaml +++ b/human-connection/deployment-backend.yaml @@ -80,4 +80,4 @@ - ReadWriteOnce resources: requests: - storage: 10Gi + storage: 2Gi diff --git a/human-connection/deployment-neo4j.yaml b/human-connection/deployment-neo4j.yaml index e3110cac2..5ef5204a2 100644 --- a/human-connection/deployment-neo4j.yaml +++ b/human-connection/deployment-neo4j.yaml @@ -69,4 +69,4 @@ - ReadWriteOnce resources: requests: - storage: 4Gi + storage: 1Gi From 6aea79608e845620a41d017532c4889820677800 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Fri, 8 Feb 2019 14:15:16 +0100 Subject: [PATCH 08/12] Slight improvements of README --- README.md | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 026387628..1b7235326 100644 --- a/README.md +++ b/README.md @@ -120,7 +120,7 @@ And create an ingress service in namespace `human-connection`: $ kubectl apply -f human-connection/ingress.yaml ``` -#### Setup SSL +#### Setup HTTPS Follow [this quick start guide](https://docs.cert-manager.io/en/latest/tutorials/acme/quick-start/index.html) and install certmanager via helm and tiller: @@ -164,7 +164,13 @@ $ kubectl create configmap db-migration-worker \ --from-literal=NEO4J_URI=bolt://neo4j:7687 ``` -Create a secret with your public and private ssh keys: + +Create a secret with your public and private ssh keys. As the +[kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/secret/#use-case-pod-with-ssh-keys) +points out, you should be careful with your ssh keys. Anyone with access to your +cluster will have access to your ssh keys. Better create a new pair with +`ssh-keygen` and copy the public key to your legacy server with `ssh-copy-id`: + ```sh $ kubectl create secret generic ssh-keys \ --namespace=human-connection \ @@ -172,10 +178,6 @@ $ kubectl create secret generic ssh-keys \ --from-file=id_rsa.pub=/path/to/.ssh/id_rsa.pub \ --from-file=known_hosts=/path/to/.ssh/known_hosts ``` -As the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/secret/#use-case-pod-with-ssh-keys) -points out, you should be careful with your ssh keys. Anyone with access to your -cluster will have access to your ssh keys. Better create a new pair with -`ssh-keygen` and copy the public key to your legacy server with `ssh-copy-id`. ##### Migrate legacy database Patch the existing deployments to use a multi-container setup: From 7e4a616a7af6ce5bf445620052c504b0375ba0dc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Fri, 8 Feb 2019 15:48:20 +0100 Subject: [PATCH 09/12] Git grep for quickstart and replace it @appinteractive I'm having serious issues with kubernetes and I'm not able to connect with the cluster anymore. If your ``` kubectl get nodes ``` returns anything, could you try out the current deployment README? --- README.md | 2 +- human-connection/certmanager/ingress.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 1b7235326..7f85e4b82 100644 --- a/README.md +++ b/README.md @@ -129,7 +129,7 @@ $ kubectl create serviceaccount tiller --namespace=kube-system $ kubectl create clusterrolebinding tiller-admin --serviceaccount=kube-system:tiller --clusterrole=cluster-admin $ helm init --service-account=tiller $ helm repo update -$ helm install stable/nginx-ingress --name quickstart +$ helm install stable/nginx-ingress $ kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.6/deploy/manifests/00-crds.yaml $ helm install --name cert-manager --namespace cert-manager stable/cert-manager ``` diff --git a/human-connection/certmanager/ingress.yaml b/human-connection/certmanager/ingress.yaml index 4e55adaf2..52e358196 100644 --- a/human-connection/certmanager/ingress.yaml +++ b/human-connection/certmanager/ingress.yaml @@ -11,7 +11,7 @@ spec: tls: - hosts: - nitro-master.human-connection.org - secretName: quickstart-example-tls + secretName: tls rules: - host: nitro-master.human-connection.org http: From 9dfedfd3171a23f8471900bb3f79a359b639ac8a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Sat, 9 Feb 2019 14:57:12 +0100 Subject: [PATCH 10/12] ReadWriteOnce cannot scale the backend This kind of voume access apparently does not scale on a multi node setup. Last time I tried, it worked, but last time was on just one node. So I assume that's why I see the following error: ``` Multi-attach error for volume XY volume is already used by pod XZ ``` --- human-connection/deployment-backend.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/human-connection/deployment-backend.yaml b/human-connection/deployment-backend.yaml index 00e08f1e7..8f8c6bf51 100644 --- a/human-connection/deployment-backend.yaml +++ b/human-connection/deployment-backend.yaml @@ -5,7 +5,7 @@ name: nitro-backend namespace: human-connection spec: - replicas: 2 + replicas: 1 minReadySeconds: 15 progressDeadlineSeconds: 60 selector: From 84da458ff1cfbe6e1759dc7680524cc6600959f3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Sat, 9 Feb 2019 16:04:22 +0100 Subject: [PATCH 11/12] Repeat HTTPS tutorial and update README --- README.md | 58 ++++++++++++------- .../certmanager/issuer-production.yaml | 16 ----- .../certmanager/issuer-staging.yaml | 16 ----- human-connection/https/issuer.yaml | 34 +++++++++++ .../{certmanager => ingress}/ingress.yaml | 0 5 files changed, 70 insertions(+), 54 deletions(-) delete mode 100644 human-connection/certmanager/issuer-production.yaml delete mode 100644 human-connection/certmanager/issuer-staging.yaml create mode 100644 human-connection/https/issuer.yaml rename human-connection/{certmanager => ingress}/ingress.yaml (100%) diff --git a/README.md b/README.md index 7f85e4b82..4efbdec4d 100644 --- a/README.md +++ b/README.md @@ -90,7 +90,7 @@ Those secrets get `base64` decoded in a kubernetes pod. ### Create a namespace ```shell -$ kubectl create -f namespace-human-connection.yaml +$ kubectl apply -f namespace-human-connection.yaml ``` Switch to the namespace `human-connection` in your kubernetes dashboard. @@ -105,22 +105,7 @@ Sit back and relax and have a look into your kubernetes dashboard. Wait until all pods turn green and they don't show a warning `Waiting: ContainerCreating` anymore. -### Setup Loadbalancer and Ingress - -Basically follow [this tutorial](https://www.digitalocean.com/community/tutorials/how-to-set-up-an-nginx-ingress-with-cert-manager-on-digitalocean-kubernetes). - -tl;dr: -```sh -$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/mandatory.yaml -$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/cloud-generic.yaml -``` -And create an ingress service in namespace `human-connection`: -```sh -# you should change the domain name according to your needs -$ kubectl apply -f human-connection/ingress.yaml -``` - -#### Setup HTTPS +#### Setup Ingress and HTTPS Follow [this quick start guide](https://docs.cert-manager.io/en/latest/tutorials/acme/quick-start/index.html) and install certmanager via helm and tiller: @@ -134,14 +119,43 @@ $ kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/relea $ helm install --name cert-manager --namespace cert-manager stable/cert-manager ``` -We provided some configuration in a folder `human-connection/certmanager`. To -avoid letsencrypt very strict rate limits, the default issuer is -`letsencrypt-staging`. If certmanager is working properly, change it to -`letsencrypt-prod`. Please updated the email address in the configuration, too. +Create letsencrypt issuers. *Change the email address* in these files before +running this command. +```sh +$ kubectl apply -f human-connection/https/ +``` +Create an ingress service in namespace `human-connection`. *Change the domain +name* according to your needs: +```sh +$ kubectl apply -f human-connection/ingress/ +``` +Check the ingress server is working correctly: +```sh +$ curl -kivL -H 'Host: ' 'https://' +``` +If the response looks good, configure your domain registrar for the new IP +address and the domain. + +Now let's get a valid HTTPS certificate. According to the tutorial above, check +your tls certificate for staging: +```sh +$ kubectl describe --namespace=human-connection certificate tls +$ kubectl describe --namespace=human-connection secret tls +``` + +If everything looks good, update the issuer of your ingress. Change the +annotation `certmanager.k8s.io/issuer` from `letsencrypt-staging` to +`letsencrypt-prod` in your ingress configuration in +`human-connection/ingress/ingress.yaml`. ```sh -$ kubectl apply -f human-connection/certmanager/ +$ kubectl apply -f human-connection/ingress/ingress.yaml ``` +Delete the former secret to force a refresh: +``` +$ kubectl --namespace=human-connection delete secret tls +``` +Now, HTTPS should be configured on your domain. Congrats. #### Legacy data migration diff --git a/human-connection/certmanager/issuer-production.yaml b/human-connection/certmanager/issuer-production.yaml deleted file mode 100644 index 93090b160..000000000 --- a/human-connection/certmanager/issuer-production.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: certmanager.k8s.io/v1alpha1 -kind: Issuer -metadata: - name: letsencrypt-prod - namespace: human-connection -spec: - acme: - # The ACME server URL - server: https://acme-v02.api.letsencrypt.org/directory - # Email address used for ACME registration - email: yourmail@example.org - # Name of a secret used to store the ACME account private key - privateKeySecretRef: - name: letsencrypt-prod - # Enable the HTTP-01 challenge provider - http01: {} diff --git a/human-connection/certmanager/issuer-staging.yaml b/human-connection/certmanager/issuer-staging.yaml deleted file mode 100644 index c7b4e0cc3..000000000 --- a/human-connection/certmanager/issuer-staging.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: certmanager.k8s.io/v1alpha1 -kind: Issuer -metadata: - name: letsencrypt-staging - namespace: human-connection -spec: - acme: - # The ACME server URL - server: https://acme-staging-v02.api.letsencrypt.org/directory - # Email address used for ACME registration - email: yourmail@example.org - # Name of a secret used to store the ACME account private key - privateKeySecretRef: - name: letsencrypt-staging - # Enable the HTTP-01 challenge provider - http01: {} diff --git a/human-connection/https/issuer.yaml b/human-connection/https/issuer.yaml new file mode 100644 index 000000000..8cb554fc6 --- /dev/null +++ b/human-connection/https/issuer.yaml @@ -0,0 +1,34 @@ +--- + apiVersion: certmanager.k8s.io/v1alpha1 + kind: Issuer + metadata: + name: letsencrypt-staging + namespace: human-connection + spec: + acme: + # The ACME server URL + server: https://acme-staging-v02.api.letsencrypt.org/directory + # Email address used for ACME registration + email: user@example.com + # Name of a secret used to store the ACME account private key + privateKeySecretRef: + name: letsencrypt-staging + # Enable the HTTP-01 challenge provider + http01: {} +--- + apiVersion: certmanager.k8s.io/v1alpha1 + kind: Issuer + metadata: + name: letsencrypt-prod + namespace: human-connection + spec: + acme: + # The ACME server URL + server: https://acme-v02.api.letsencrypt.org/directory + # Email address used for ACME registration + email: user@example.com + # Name of a secret used to store the ACME account private key + privateKeySecretRef: + name: letsencrypt-prod + # Enable the HTTP-01 challenge provider + http01: {} diff --git a/human-connection/certmanager/ingress.yaml b/human-connection/ingress/ingress.yaml similarity index 100% rename from human-connection/certmanager/ingress.yaml rename to human-connection/ingress/ingress.yaml From ec0b229e61a722658e76815069261c09e3ac2cd0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Sat, 9 Feb 2019 16:39:31 +0100 Subject: [PATCH 12/12] Tiny fix in README --- README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README.md b/README.md index 4efbdec4d..366598bd1 100644 --- a/README.md +++ b/README.md @@ -175,8 +175,7 @@ $ kubectl create configmap db-migration-worker \ --from-literal=MONGODB_AUTH_DB=hc_api \ --from-literal=MONGODB_DATABASE=hc_api \ --from-literal=UPLOADS_DIRECTORY=/var/www/api/uploads \ - --from-literal=NEO4J_URI=bolt://neo4j:7687 - + --from-literal=NEO4J_URI=bolt://localhost:7687 ``` Create a secret with your public and private ssh keys. As the