You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
| env-backend | ConfigMap |`env-backend` defines the runtime configuration for backend services. |
52
-
| env-backend-secret| Secret |`env-backend-secret` defines the sensitive runtime configuration items for the backend services|
53
-
| backend-data | PersistentVolumeClaim |`backend-data` defines the persistent storage requirements for the backend services. The persistent storage is used for the backend files stored in `/home/app/.CombineFiles`|
| env-backend | ConfigMap |`env-backend` defines the runtime configuration for backend services. |
52
+
| env-backend-secrets| Secret |`env-backend-secrets` defines the sensitive runtime configuration items for the backend services |
53
+
| backend-data | PersistentVolumeClaim |`backend-data` defines the persistent storage requirements for the backend services. The persistent storage is used for the backend files stored in `/home/app/.CombineFiles`|
54
54
55
55
### Database Deployment
56
56
@@ -81,8 +81,8 @@ backup/restore _The Combine_ data, remove projects, add a user to a project, and
81
81
#### `combine_maint` Image
82
82
83
83
The `combine_maint` container image is stored in AWS ECR. It provides a number of utility and administrative functions
84
-
and is used in multiple scenarios. `combine_maint` is built off of `sillsdev/aws-kubectl` and has the following
85
-
features:
84
+
and is used in multiple scenarios. `combine_maint` is built off of `public.ecr.aws/thecombine/aws-kubectl` and has the
85
+
following features:
86
86
87
87
-_aws-cli ver. 2_ - version 2 of the AWS Command Line Interface (from `sillsdev/aws-kubectl`)
88
88
-_kubectl_ - a command line tool used by maintenance scripts to manage Kubernetes resources (from
@@ -100,6 +100,8 @@ features:
100
100
-`update_cert.py` - a script to be used by the cert proxy clients on the NUCs. `update_cert.py` will update a TLS
101
101
certificate if the NUC is connected to the internet and if the certificate is ready for renewal. If these conditions
102
102
are met, it will update the certificate from AWS S3 storage.
103
+
-`get_fonts.py` - generates font support data for SIL fonts used in the language picker. Runs weekly via the
104
+
`update-fonts` CronJob.
103
105
104
106
### Daily Backup CronJob
105
107
@@ -157,7 +159,7 @@ server. To solve this problem, there are two additional functions that are added
157
159
will generate the TLS Secrets for each of the configured NUCs and then push the secrets to an AWS S3 bucket where they
158
160
can be retrieved by the NUCs
159
161
-_Cert Proxy Client_ runs on each NUC in the `thecombine` namespace. Like the _AWS Login_, there is a one-time job,
160
-
`update-cert-oneshot`, and a cron job, `update-cert-cron` that keep the TLS secret up to date when the NUC has
162
+
`update-cert-oneshot`, and a cron job, `update-cert-cronjob` that keep the TLS secret up to date when the NUC has
161
163
internet access.
162
164
163
165
### Cert Proxy Server
@@ -194,13 +196,13 @@ The design of the _Cert Proxy Client_ is shown in the following diagram:
194
196
195
197
The _Cert Proxy Client_ uses the following resources to update the NUCs SSL Certificate from AWS S3 storage:
| update-cert-oneshot | Job | A one-time job to create/update the TLS secret when the Cluster is created or updated. The job uses the `combine_maint` image and runs the `update_cert.py` script. (see the [combine_maint Image](#combine_maint-image) section) |
200
-
| update-cert-cron| CronJob | Performs the same task as `update-cert-oneshot` on a regular schedule. |
201
-
| env-cert-proxy | ConfigMap |`env-cert-proxy` defines the configuration environment variables for the `update-cert-oneshot` and `update-cert-cron`. They include the location of the AWS S3 bucket where the certificates are stored as well as details about the certificate to be checked. |
202
-
| aws-s3-credentials | Secret |`aws-s3-credentials` defines the access accounts and credentials to access the configures AWS S3 resources. |
203
-
| nuc1-thecombine-app-tls | Secret |`nuc1-thecombine-app-tls` is a `kubernetes.io/tls` secret that is created by `update-cert-oneshot` and `update-cert-cron` from the data stored in the AWS S3 bucket. |
| update-cert-oneshot | Job | A one-time job to create/update the TLS secret when the Cluster is created or updated. The job uses the `combine_maint` image and runs the `update_cert.py` script. (see the [combine_maint Image](#combine_maint-image) section) |
202
+
| update-cert-cronjob| CronJob | Performs the same task as `update-cert-oneshot` on a regular schedule.|
203
+
| env-cert-proxy | ConfigMap |`env-cert-proxy` defines the configuration environment variables for the `update-cert-oneshot` and `update-cert-cronjob`. They include the location of the AWS S3 bucket where the certificates are stored as well as details about the certificate to be checked. |
204
+
| aws-s3-credentials | Secret |`aws-s3-credentials` defines the access accounts and credentials to access the configures AWS S3 resources. |
205
+
| nuc1-thecombine-app-tls | Secret |`nuc1-thecombine-app-tls` is a `kubernetes.io/tls` secret that is created by `update-cert-oneshot` and `update-cert-cronjob` from the data stored in the AWS S3 bucket. |
204
206
205
207
## Service Accounts
206
208
@@ -212,18 +214,16 @@ listed here use the default service account for the namespace where they run.
212
214
The `account-ecr-login` account is used by the `ecr-cred-helper` and `ecr-cred-helper-cron` resources. The
213
215
`account-ecr-login` has the following access to Kubernetes resources:
0 commit comments