I'm using my account name (jakub.wit.martin@gmail.com), use yours if running on your own.
- credentials
- Datastore User
- marks
- Datastore User
- notifier
- Datastore User
In this document. Whenever a resource is described to be created, it may be followed by a list of service accounts with their respective roles.
- Turn on audit logging for cloud kms. Admin read and data read.
- Create keychain credentials.
- credentials: Cloud KMS CryptoKey Encrypter/Decrypter
- Create key credentials in this keychain.
- If there is only one publisher to the topic: publisher-topic_name
- If there is more than one publisher: topic_name
- For any subscription: subscriber_name-full_topic_name (includes publisher if applicable)
- Create topics:
- credentials-credentials_received
- credentials: Pub/Sub Publisher
- notifications
- marks: Pub/Sub Publisher
- credentials: Pub/Sub Publisher
- notifier-commands
- notifier: Pub/Sub Publisher
- notifier-user_created
- notifier: Pub/Sub Publisher
- credentials-credentials_received
- Create subscriptions:
- marks-credentials-credentials_received
- marks: Pub/Sub Subscriber, Pub/Sub Viewer
- marks-notifier-commands
- marks: Pub/Sub Subscriber, Pub/Sub Viewer
- notifier-notifications
- notifier: Pub/Sub Subscriber, Pub/Sub Viewer
- credentials-notifier-user_created
- credentials: Pub/Sub Subscriber, Pub/Sub Viewer
- marks-credentials-credentials_received
You need to have Datastore activated. The microservices will create necessary kinds as required.
* Cluster Version - choose latest
* Boot disk size - 20GB
* Network policy - Enabled
* HTTP load balancing - Disabled
* Turn on https network access to the node, which you will route your DNS to.
gcloud config set project usos-notifier
gcloud config set compute/zone us-central1-a
gcloud container clusters get-credentials cluster-1 --zone us-central1-a
kubectl create clusterrolebinding add-on-cluster-admin --clusterrole=cluster-admin --serviceaccount=kube-system:default
helm init
kubectl create clusterrolebinding cluster-admin-binding-jakub.wit.martin@gmail.com --clusterrole=cluster-admin --user=jakub.wit.martin@gmail.com
- TLS certs for the nginx controller. Standard PEM. I'm using cloudflare generated ones.
kubectl create secret tls tls-secret --key cert.key --cert cert.crt
- Credentials service account. Download the json file and call it credentials.json.
kubectl create secret generic credentials-service-account --from-file=serviceaccount.json=credentials.json
- Marks service account. Download the json file and call it marks.json.
kubectl create secret generic marks-service-account --from-file=serviceaccount.json=marks.json
- Notifier service account. Download the json file and call it notifier.json.
kubectl create secret generic notifier-service-account --from-file=serviceaccount.json=notifier.json
- Messenger API key. Put the key into your local NOTIFIER_MESSENGER_API_KEY environment variable.
- On Windows:
kubectl create secret generic messenger-api --from-literal=messenger-api=$ENV:NOTIFIER_MESSENGER_API_KEY
- On Linux:
kubectl create secret generic messenger-api --from-literal=messenger-api=NOTIFIER_MESSENGER_API_KEY
- On Windows:
- Messenger Verify key. Put the key into your local NOTIFIER_MESSENGER_VERIFY_TOKEN environment variable.
- On Windows:
kubectl create secret generic messenger-verify --from-literal=messenger-verify=$ENV:NOTIFIER_MESSENGER_VERIFY_TOKEN
- On Linux:
kubectl create secret generic messenger-verify --from-literal=messenger-verify=NOTIFIER_MESSENGER_VERIFY_TOKEN
- On Windows:
- Nginx controller. This will create a daemon set of nginx instances. All of them will have hostPort 80 and 443, so just route your DNS to one of your nodes.
helm install --values values.yaml --name nginx-ingress stable/nginx-ingress
- Ingress. This routes outside traffic to the internal - publicly available - services.
kubectl apply -f ingress.yaml
- Credentials:
kubectl apply -f credentials.yaml
- Marks:
kubectl apply -f marks.yaml
- Notifier:
kubectl apply -f notifier.yaml
- If cross-compiling windows -> linux you need to
go get -u golang.org/x/sys/unix