From fc6373a4b610acebb3639fe5b78a22c1a547b486 Mon Sep 17 00:00:00 2001 From: Bob Ong Date: Sat, 6 Jul 2024 14:30:03 +0800 Subject: [PATCH] [Deployment] DigtalOcean, Add api policy and namespace --- .../allowaccess-network-policy.yaml | 39 +++++++++++++++++++ kube/scan-api/scan-api-deployment.yaml | 26 ++++++------- kube/scan-api/service-scan-api.yaml | 1 + kube/scan-api/service-scan-hazelcast.yaml | 1 + 4 files changed, 52 insertions(+), 15 deletions(-) diff --git a/kube/base-components/allowaccess-network-policy.yaml b/kube/base-components/allowaccess-network-policy.yaml index 68440c0..896610d 100644 --- a/kube/base-components/allowaccess-network-policy.yaml +++ b/kube/base-components/allowaccess-network-policy.yaml @@ -31,3 +31,42 @@ spec: - namespaceSelector: matchLabels: name: starcoin-vega + + +--- +# Postgres service for starcoin-api +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: allow-access-pg-from-api + namespace: default +spec: + podSelector: + matchLabels: + app: postgres-service + policyTypes: + - Ingress + ingress: + - from: + - namespaceSelector: + matchLabels: + name: starcoin-api + +--- +# Elasticsearch service for starcoin-api +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: allow-access-es-from-api + namespace: default +spec: + podSelector: + matchLabels: + app: elasticsearch + policyTypes: + - Ingress + ingress: + - from: + - namespaceSelector: + matchLabels: + name: starcoin-api \ No newline at end of file diff --git a/kube/scan-api/scan-api-deployment.yaml b/kube/scan-api/scan-api-deployment.yaml index 436cc20..c48fc99 100644 --- a/kube/scan-api/scan-api-deployment.yaml +++ b/kube/scan-api/scan-api-deployment.yaml @@ -2,6 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: scan-api-deployment + namespace: starcoin-api labels: app: scan-api spec: @@ -24,11 +25,11 @@ spec: containerPort: 5701 env: - name: STARCOIN_ES_URL - value: "search-starcoin-es2-47avtmhexhbg7qtynzebcnnu64.ap-northeast-1.es.amazonaws.com" + value: "elasticsearch.default.svc.cluster.local" - name: STARCOIN_ES_PROTOCOL - value: "https" + value: "http" - name: STARCOIN_ES_PORT - value: "443" + value: "9200" - name: STARCOIN_ES_USER value: elastic - name: STARCOIN_ES_INDEX_VERSION @@ -36,23 +37,18 @@ spec: - name: STARCOIN_ES_PWD valueFrom: secretKeyRef: - name: elasticsearch-pw-elastic + name: elasticsearch key: password - - name: MAIN_DS_URL - value: "jdbc:postgresql://scan-db.c0bz9kehdvnb.ap-northeast-1.rds.amazonaws.com/starcoin?currentSchema=main" - name: DS_URL - value: "jdbc:postgresql://scan-db.c0bz9kehdvnb.ap-northeast-1.rds.amazonaws.com/starcoin" - - name: BARNARD_DS_URL - value: "jdbc:postgresql://scan-db.c0bz9kehdvnb.ap-northeast-1.rds.amazonaws.com/starcoin?currentSchema=barnard" - - name: HALLEY_DS_URL - value: "jdbc:postgresql://scan-db.c0bz9kehdvnb.ap-northeast-1.rds.amazonaws.com/starcoin?currentSchema=halley" - - name: STARCOIN_USER_DS_URL - value: "jdbc:postgresql://scan-db.c0bz9kehdvnb.ap-northeast-1.rds.amazonaws.com/starcoin?currentSchema=starcoin_user" + value: "jdbc:postgresql://postgres-service.default.svc.cluster.local/starcoin" - name: DB_USER_NAME - value: "starcoin" + valueFrom: + secretKeyRef: + name: postgresql + key: username - name: DB_PWD valueFrom: secretKeyRef: - name: postgresql-starcoin-yu + name: postgresql key: password diff --git a/kube/scan-api/service-scan-api.yaml b/kube/scan-api/service-scan-api.yaml index 9b0dac9..0c31a23 100644 --- a/kube/scan-api/service-scan-api.yaml +++ b/kube/scan-api/service-scan-api.yaml @@ -4,6 +4,7 @@ metadata: labels: app: scan-api name: scan-api + namespace: starcoin-api spec: ports: - port: 80 diff --git a/kube/scan-api/service-scan-hazelcast.yaml b/kube/scan-api/service-scan-hazelcast.yaml index fe76c6b..7ab72bd 100644 --- a/kube/scan-api/service-scan-hazelcast.yaml +++ b/kube/scan-api/service-scan-hazelcast.yaml @@ -4,6 +4,7 @@ metadata: labels: app: scan-api name: hazelcast-service + namespace: starcoin-api spec: selector: app: scan-api