Retool
# Secret
创建完要改值
kind: Secret
apiVersion: v1
metadata:
name: birenchong-devops-tool-retool-secrets
namespace: birenchong-devops
annotations:
data:
encryption_key: ''
google_client_id: ''
google_client_secret: ''
jwt_secret: ''
license_key: ''
postgres_password: ''
type: Opaque
1
2
3
4
5
6
7
8
9
10
11
12
13
14
2
3
4
5
6
7
8
9
10
11
12
13
14
# PVC
根据名字创建
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: birenchong-devops-tool-retool-pvc
namespace: birenchong-devops
annotations:
pv.kubernetes.io/bind-completed: 'yes'
pv.kubernetes.io/bound-by-controller: 'yes'
volume.beta.kubernetes.io/storage-provisioner: efs.csi.aws.com
finalizers:
- kubernetes.io/pvc-protection
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 20Gi
volumeName: pvc-d6817b14-548b-4dbc-a4d2-c95d6fee0dff
storageClassName: efs-sc-dynamic
volumeMode: Filesystem
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
# postgres
创建完看一下pvc目录属组属主,修改securityContext
kind: Deployment
apiVersion: apps/v1
metadata:
name: birenchong-devops-tool-retool-postgres-v1
namespace: birenchong-devops
labels:
app: birenchong-devops-tool-retool-postgres
version: v1
annotations:
kubesphere.io/description: retool-postgres
spec:
replicas: 1
selector:
matchLabels:
app: birenchong-devops-tool-retool-postgres
version: v1
template:
metadata:
creationTimestamp: null
labels:
app: birenchong-devops-tool-retool-postgres
version: v1
spec:
volumes:
- name: postgres-pv
persistentVolumeClaim:
claimName: birenchong-devops-tool-retool-pvc
containers:
- name: postgres
image: 'postgres:11.13'
env:
- name: POSTGRES_DB
value: hammerhead_production
- name: POSTGRES_HOST
value: postgres
- name: POSTGRES_PORT
value: '5432'
- name: POSTGRES_USER
value: retool_internal_user
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: birenchong-devops-tool-retool-secrets
key: postgres_password
resources: {}
volumeMounts:
- name: postgres-pv
mountPath: /var/lib/postgresql/data
subPath: postgres
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
imagePullPolicy: IfNotPresent
restartPolicy: Always
terminationGracePeriodSeconds: 30
dnsPolicy: ClusterFirst
nodeSelector:
env: devops
securityContext:
runAsUser: 1020
runAsGroup: 1020
fsGroup: 1020
schedulerName: default-scheduler
strategy:
type: Recreate
revisionHistoryLimit: 10
progressDeadlineSeconds: 600
---
kind: Service
apiVersion: v1
metadata:
name: birenchong-devops-tool-retool-postgres
namespace: birenchong-devops
labels:
app: birenchong-devops-tool-retool-postgres
version: v1
annotations:
kubesphere.io/description: retool-postgres
spec:
ports:
- name: headless
protocol: TCP
port: 55555
targetPort: 55555
selector:
app: birenchong-devops-tool-retool-postgres
clusterIP: None
clusterIPs:
- None
type: ClusterIP
sessionAffinity: None
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
internalTrafficPolicy: Cluster
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
# api
kind: Deployment
apiVersion: apps/v1
metadata:
name: birenchong-devops-tool-retool-postgres-api-v1
namespace: birenchong-devops
labels:
app: birenchong-devops-tool-retool-postgres-api
version: v1
annotations:
kubesphere.io/description: retool-api
spec:
replicas: 1
selector:
matchLabels:
app: birenchong-devops-tool-retool-postgres-api
version: v1
template:
metadata:
creationTimestamp: null
labels:
app: birenchong-devops-tool-retool-postgres-api
version: v1
spec:
containers:
- name: api
image: 'tryretool/backend:2.108.3'
args:
- bash
- '-c'
- >-
./docker_scripts/wait-for-it.sh -t 0
$POSTGRES_HOST:$POSTGRES_PORT; ./docker_scripts/start_api.sh
ports:
- containerPort: 3000
protocol: TCP
env:
- name: JWT_SECRET
valueFrom:
secretKeyRef:
name: birenchong-devops-tool-retool-secrets
key: jwt_secret
- name: SERVICE_TYPE
value: 'MAIN_BACKEND,DB_CONNECTOR,DB_SSH_CONNECTOR'
- name: NODE_ENV
value: production
- name: POSTGRES_DB
value: hammerhead_production
- name: POSTGRES_HOST
value: birenchong-devops-tool-retool-postgres.birenchong-devops
- name: POSTGRES_PORT
value: '5432'
- name: POSTGRES_USER
value: retool_internal_user
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: birenchong-devops-tool-retool-secrets
key: postgres_password
- name: ENCRYPTION_KEY
valueFrom:
secretKeyRef:
name: birenchong-devops-tool-retool-secrets
key: encryption_key
- name: LICENSE_KEY
valueFrom:
secretKeyRef:
name: birenchong-devops-tool-retool-secrets
key: license_key
- name: CLIENT_ID
valueFrom:
secretKeyRef:
name: birenchong-devops-tool-retool-secrets
key: google_client_id
- name: CLIENT_SECRET
valueFrom:
secretKeyRef:
name: birenchong-devops-tool-retool-secrets
key: google_client_secret
resources:
limits:
memory: 2048M
requests:
cpu: 700m
memory: 1024M
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
imagePullPolicy: IfNotPresent
restartPolicy: Always
terminationGracePeriodSeconds: 30
dnsPolicy: ClusterFirst
nodeSelector:
env: devops
securityContext: {}
schedulerName: default-scheduler
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 25%
maxSurge: 25%
revisionHistoryLimit: 10
progressDeadlineSeconds: 600
---
kind: Service
apiVersion: v1
metadata:
name: birenchong-devops-tool-retool-postgres-api
namespace: birenchong-devops
labels:
app: birenchong-devops-tool-retool-postgres-api
version: v1
annotations:
kubesphere.io/creator: admin
kubesphere.io/description: retool-api
spec:
ports:
- name: '3000'
protocol: TCP
port: 3000
targetPort: 3000
selector:
app: birenchong-devops-tool-retool-postgres-api
type: NodePort
sessionAffinity: None
externalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
internalTrafficPolicy: Cluster
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
# jobs-runner
kind: Deployment
apiVersion: apps/v1
metadata:
name: birenchong-devops-tool-retool-postgres-jobs-runner-v1
namespace: birenchong-devops
labels:
app: birenchong-devops-tool-retool-postgres-jobs-runner
version: v1
annotations:
kubesphere.io/description: retool-jobs
spec:
replicas: 1
selector:
matchLabels:
app: birenchong-devops-tool-retool-postgres-jobs-runner
version: v1
template:
metadata:
creationTimestamp: null
labels:
app: birenchong-devops-tool-retool-postgres-jobs-runner
version: v1
spec:
containers:
- name: jobs-runner
image: 'tryretool/backend:2.108.3'
args:
- bash
- '-c'
- >-
./docker_scripts/wait-for-it.sh -t 0
$POSTGRES_HOST:$POSTGRES_PORT; ./docker_scripts/start_api.sh
ports:
- containerPort: 3000
protocol: TCP
env:
- name: JWT_SECRET
valueFrom:
secretKeyRef:
name: birenchong-devops-tool-retool-secrets
key: jwt_secret
- name: SERVICE_TYPE
value: JOBS_RUNNER
- name: NODE_ENV
value: production
- name: POSTGRES_DB
value: hammerhead_production
- name: POSTGRES_HOST
value: birenchong-devops-tool-retool-postgres.birenchong-devops
- name: POSTGRES_PORT
value: '5432'
- name: POSTGRES_USER
value: retool_internal_user
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: birenchong-devops-tool-retool-secrets
key: postgres_password
- name: ENCRYPTION_KEY
valueFrom:
secretKeyRef:
name: birenchong-devops-tool-retool-secrets
key: encryption_key
- name: LICENSE_KEY
valueFrom:
secretKeyRef:
name: birenchong-devops-tool-retool-secrets
key: license_key
- name: CLIENT_ID
valueFrom:
secretKeyRef:
name: birenchong-devops-tool-retool-secrets
key: google_client_id
- name: CLIENT_SECRET
valueFrom:
secretKeyRef:
name: birenchong-devops-tool-retool-secrets
key: google_client_secret
resources:
limits:
cpu: '2'
memory: 8192M
requests:
cpu: '1'
memory: 4096M
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
imagePullPolicy: IfNotPresent
restartPolicy: Always
terminationGracePeriodSeconds: 30
dnsPolicy: ClusterFirst
nodeSelector:
env: devops
securityContext: {}
schedulerName: default-scheduler
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 25%
maxSurge: 25%
revisionHistoryLimit: 10
progressDeadlineSeconds: 600
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
Last Updated: 2023/11/08, 14:45:54