phoenix-oss/tenant-tpl
Template
3
1
Fork 1
Code Issues 1 Pull requests 1 Projects Releases 1 Packages Wiki Activity Actions

Correct index

Baptiste Bonnot 2025-10-13 10:17:31 +02:00
parent b6885c3b4a
commit 17f19fcd5c
Signed by: baptiste.bonnot
GPG key ID: 2681291F9206E471
2 changed files with 3 additions and 95 deletions
Download patch file Download diff file Expand all files Collapse all files

95
01-Home.md

@ -113,98 +113,3 @@ Here we are defining our applications secret or variables. Please refers to [var
* [flux kustomization](https://fluxcd.io/flux/components/kustomize/kustomizations/) * [flux kustomization](https://fluxcd.io/flux/components/kustomize/kustomizations/)
* [bjw-s template helmchart](https://bjw-s.github.io/helm-charts/docs/app-template/) * [bjw-s template helmchart](https://bjw-s.github.io/helm-charts/docs/app-template/)
# How to
- [Environments](Environments)
- [Variables](Environments#Variables)
- [Secret](Environments#Secret)
- [Encryption]()
- [Storage]()
- [Persistent Storage]()
- [Object Storage]()
- [Database]()
- [PostgreSQL]()
- [MongoDB]()
- [Exposing your application]()
- [SSL]()
- [Certificate]()
- [Domain]()
# SSL and DNS
#### Bring your own certificate and domain
You can add the `cert-manager.io/cluster-issuer: nginx-production` annotation to your ingress/route to generate a letsencrypt certificate for your domain. You also need to specify the `secretName` in the `tls` section of the ingress.
Please notice that you need to ensure your domain DNS is resolving to the cluster ingress/route public ip. This can be done with a CNAME record pointing to:
- `dummy.pub.<cluster_name>.kvant.cloud` for Kubernetes Ingress
- `dummy.app.<cluster_name>.kvant.cloud` for Openshift Route
Example for Ingress:
```yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
# add an annotation indicating the issuer to use.
cert-manager.io/cluster-issuer: nginx-production # < set up on all kvant clusters
name: myIngress
namespace: myIngress
spec:
className: external
rules:
- host: example.com
http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: myservice
port:
number: 80
tls: # < placing a host in the TLS config will determine what ends up in the cert's subjectAltNames
- hosts:
- example.com
secretName: myingress-cert # < cert-manager will store the created certificate in this secret.
```
#### Use Predefined Domain
You can spawn any application using your namespace associated Domain.
`${TENANT_DOMAIN}`
### Storage
We are providing two type of storage. Object Storage and Volumes.
#### Request a Object Storage
```yaml
apiVersion: objectbucket.io/v1alpha1
kind: ObjectBucketClaim
metadata:
name: <CLAIM-NAME>
spec:
generateBucketName: <YOUR-BUCKET-NAME>
storageClassName: openshift-storage.noobaa.io
```
#### Request a PV
In the data section of your helmrelease.
```yaml
data:
enabled: true
type: persistentVolumeClaim
accessMode: ReadWriteOnce
size: 1Gi
```

3
Guide-ObjectStorage.md

@ -1,6 +1,9 @@
# Overview # Overview
* Basel external Endpoint
https://s3-openshift-storage.apps.basel.kvant.cloud
## Diagram ## Diagram
```mermaid ```mermaid