代码拉取完成,页面将自动刷新
# Azure
# -----
# az login --use-device-code
# az aks get-credentials --name tebi-prod-cluster --resource-group tebi-production
# export ECDH_PRIVATE_KEY=$(openssl pkcs8 -topk8 -nocrypt -in cloak.enc.pem)
# cloak pulumi login
# pulumi stack select azure
# pulumi up
# Digital Ocean
# -------------
# cloak import deployments M88....
# cloak pulumi login
# cloak doctl auth init
# doctl kubernetes cluster kubeconfig save onchain-k8s-af1ef23
# pulumi stack select digital-ocean
# pulumi up
name: cloak
description: Cloak Infrastructure as Code
runtime: yaml
variables:
namespace: cloak
appLabels:
app: app
envoyLabels:
app: envoy
authLabels:
app: auth
version: 1.20.0
hash-cloak-db-migrations: sha256:79bda00d42111902e80626b5641092727ce30a5c1daadc3d9d09fef1d13121f3
hash-cloak-envoy: sha256:176f7845d9337e6505eef26c1c5f4870fa1a04acb2da95d1c067a231fc8ec328
hash-cloak-server: sha256:15763d8b34c95cb3fbf8afd2e2726b6678b4700134c452ec105b4fd4d4256fab
db-migrations: ghcr.io/purton-tech/cloak-db-migrations:${version}@${hash-cloak-db-migrations}
envoy: ghcr.io/purton-tech/cloak-envoy:${version}@${hash-cloak-envoy}
server: ghcr.io/purton-tech/cloak-server:${version}@${hash-cloak-server}
resources:
envoy-deployment:
type: kubernetes:apps/v1:Deployment
properties:
metadata:
name: envoy
namespace: ${namespace}
spec:
selector:
matchLabels: ${envoyLabels}
replicas: 1
template:
metadata:
labels: ${envoyLabels}
spec:
containers:
- name: envoy
image: ${envoy}
ports:
- containerPort: 7100
auth-deployment:
type: kubernetes:apps/v1:Deployment
properties:
metadata:
name: auth
namespace: ${namespace}
spec:
selector:
matchLabels: ${authLabels}
replicas: 1
template:
metadata:
labels: ${authLabels}
spec:
containers:
- name: auth
image: purtontech/barricade:1.2.5
ports:
- containerPort: 9090
env:
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: database-urls
key: auth-database-url
- name: AUTH_TYPE
value: encrypted
# Cookie encryption key
- name: SECURE_COOKIE
value: 'true'
- name: SECRET_KEY
valueFrom:
secretKeyRef:
name: cookie-encryption
key: cookie-encryption-key
- name: REDIRECT_URL
value: /app/post_registration
- name: ENABLE_EMAIL_OTP
value: 'true'
- name: LOGOUT_URL
value: https://cloak.software
# Send grid for email
- name: SMTP_HOST
value: smtp.sendgrid.net
- name: SMTP_PORT
value: '587'
- name: SMTP_USERNAME
value: apikey
- name: SMTP_PASSWORD
valueFrom:
secretKeyRef:
name: sendgrid-api
key: sendgrid-api-key
- name: SMTP_TLS_OFF
value: 'true'
# Config for password reset
- name: RESET_DOMAIN
value: https://cloak.software
- name: RESET_FROM_EMAIL_ADDRESS
app-deployment:
type: kubernetes:apps/v1:Deployment
properties:
metadata:
name: app
namespace: ${namespace}
spec:
selector:
matchLabels: ${appLabels}
replicas: 1
template:
metadata:
labels: ${appLabels}
spec:
containers:
- name: app
image: ${server}
ports:
- containerPort: 7103
env:
- name: APP_DATABASE_URL
valueFrom:
secretKeyRef:
name: database-urls
key: app-database-url
initContainers:
- name: server-init
image: ${db-migrations}
env:
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: database-urls
key: migrations-database-url
# Cloudflare tunnel attaches here.
envoy-service:
properties:
metadata:
name: envoy
namespace: ${namespace}
spec:
ports:
- port: 7100
protocol: TCP
targetPort: 7100
selector:
app: envoy
type: kubernetes:core/v1:Service
app-service:
properties:
metadata:
name: app
namespace: ${namespace}
spec:
ports:
- port: 7103
protocol: TCP
targetPort: 7103
selector:
app: app
type: kubernetes:core/v1:Service
auth-service:
properties:
metadata:
name: auth
namespace: ${namespace}
spec:
ports:
- port: 9090
protocol: TCP
targetPort: 9090
selector:
app: auth
type: kubernetes:core/v1:Service
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手