From e0bc0a689e05f7ec5044082d52236051b4516312 Mon Sep 17 00:00:00 2001 From: Rob Smith Date: Thu, 3 Oct 2024 09:30:01 -0400 Subject: [PATCH] minor misspelling/grammar/formatting updates (#162) Co-authored-by: Richard Shade <131337+rshade@users.noreply.github.com> --- byo-infra/README.md | 40 ++++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/byo-infra/README.md b/byo-infra/README.md index 16f672a..318b09b 100644 --- a/byo-infra/README.md +++ b/byo-infra/README.md @@ -1,10 +1,10 @@ -# Using Your Own Infrasturcture to Deploy Pulumi Self Hosted +# Using Your Own Infrastructure to Deploy Pulumi Self-Hosted -This folder and sub folders contain the three Pulumi programs to use and deploy the containers necessary to run Pulumi' self hosted backend onto one's own infrastructure. Specifically, whereas the other "self-hosted installers" deploy the base infrastucture (e.g. S3, SQL, K8s) and then deploys the Pulumi service on that infrastructure, this installer assumes you have built your own S3(compatible) storage, your own MySQL server, and your own K8s cluster. And the bulk of this installer is then to deploy the Pulumi service onto that existing infrastructure. +This folder and sub-folders contain the three Pulumi programs to use and deploy the containers necessary to run Pulumi's self-hosted backend onto one's own infrastructure. Specifically, whereas the other "self-hosted installers" deploy the base infrastructure (e.g. S3, SQL, K8s) and then deploys the Pulumi service on that infrastructure, this installer assumes you have built your own S3(compatible) storage, your own MySQL server, and your own K8s cluster. The primary purpose of this installer is then to deploy the Pulumi service onto that existing infrastructure. -> ⚠️ Before proceeding, please take the provided installation code and commit it **as-is** to your own source control. As you make changes or customize it, please commit these to your repo as well. This will help keep track of customizations and updates. +> ⚠️ Before proceeding, please take the provided installation code and commit it **as-is** to your own source control. As you make changes or customize it, please commit these to your repo as well. This will help you keep track of customizations and updates. -> ℹ️ You will likely want to use one of the [Self-Managed Backends](https://www.pulumi.com/docs/intro/concepts/state/#logging-into-a-self-managed-backend) as the state storage for this installer. Please document this (in the repo your store this code, an internal wiki, etc) so that future updates will be straightforward for you and your colleagues. +> ℹ️ You will likely want to use one of the [Self-Managed Backends](https://www.pulumi.com/docs/intro/concepts/state/#logging-into-a-self-managed-backend) as the state storage for this installer. Please document this (in the repo your store this code, an internal wiki, etc.) so that future updates will be straightforward for you and your colleagues. ## Installer Revision History Version ID | Date | K8s Version Supported | Note @@ -15,7 +15,7 @@ Version ID | Date | K8s Version Supported | Note * K8s Cluster * MySQL 8.0 database server * At least 20GB SSD storage space - * A databaser user that has the following grants: + * A database user that has the following grants: * `GRANT ALL PRIVILEGES ON 'pulumi'.* TO 'pulumi'@'%'` * `GRANT CREATE USER ON *.* TO 'pulumi'@'%' WITH GRANT OPTION` * Create a database named `pulumi` on the server. @@ -25,16 +25,16 @@ Version ID | Date | K8s Version Supported | Note * Domain name and access to create two endpoints: * api.{domain} - e.g. api.pulumi.example.com * app.{domain} - e.g. app.pulumi.example.com -* TLS certificates for each domain endpoint. - * See [Creating and Using Self-Signed Certificates](#creating-and-using-self-signed-certificates) below if you wish to use self-signed certificates. +* TLS certificates for each domain endpoint. + * See [Creating and Using Self-Signed Certificates](#creating-and-using-self-signed-certificates) below if you wish to use self-signed certificates. * SMTP Server - * Not needed for testing, but required to enable invitation and "forgot-password" workflows. + * Not needed for testing but required to enable invitation and "forgot-password" workflows. ## What does each Pulumi program do? ### 01-infrastructure This program DOES NOT DEPLOY any infrastructure. -Instead, this project is simply used to set config values that are then passed as stack outputs for other stacks to consume. This allows the installer to follow the same pattern as the other installers. +Instead, this project is simply used to set config values that are then passed as stack outputs for other stacks to consume. This allows the installer to follow the same pattern as the other installers. See [Deploy 01-infrastructure](#deploy_01_infrastructure) ### 02-kubernetes @@ -45,16 +45,16 @@ This program deploys the following: See [Deploy 02-kubernetes](#deploy_02_kuberenetes) -> ℹ️ If your infrastructure already has an ingress controller configured, modify the `02-kubernetes/index.ts` to export the ingress controller namespace and ingress controller service IP for use by `03-application`. +> ℹ️ If your infrastructure already has an ingress controller configured, modify the `02-kubernetes/index.ts` to export the ingress controller namespace and ingress controller service IP for use by `03-application`. ### 03-application This program creates and deploys the following: * SAML/SSO Certificate used for SAML/SSO if set up in the service. -* Encryption Services - *Currently sets up a "Local keys" encryption service as per: https://www.pulumi.com/docs/guides/self-hosted/components/api/#encryption-services. - * This service is used to encrypt Pulmi config values and outputs. This will be migrated to GCP Secrets Manager when this issue is closed: https://github.com/pulumi/pulumi-service/issues/8785 +* Encryption Services + *Currently sets up a "Local keys" encryption service as per: https://www.pulumi.com/docs/guides/self-hosted/components/api/#encryption-services. + * This service is used to encrypt Pulumi config values and outputs. This will be migrated to GCP Secrets Manager when this issue is closed: https://github.com/pulumi/pulumi-service/issues/8785 * API and Console service containers that run the Pulumi service. See [Deploy 03-application](#deploy_03_application) @@ -71,7 +71,7 @@ To ensure that the Pulumi program can access variables between the three deploym ### Deploy 01-infrastructure 1. `cd 01-infrastructure` 1. `npm install` -1. `pulumi stack init {stackName1}` +1. `pulumi stack init {stackName1}` 1. `pulumi config set storageAccessKey {storage access key}` 1. `pulumi config set storageSecretKey --secret {storage secret key}` 1. `pulumi config set storageCheckpointBucket {storage checkpoint bucket}` @@ -91,7 +91,7 @@ To ensure that the Pulumi program can access variables between the three deploym ### Deploy 02-kubernetes 1. `cd ../02-kubernetes` 1. `npm install` -1. `pulumi stack init {stackName2}` +1. `pulumi stack init {stackName2}` 1. `pulumi config set stackName1 {stackName1}` - the full stack name for the "01-infrastructure" stack. 1. `pulumi config set kubeconfig --secret {kubeconfig}` - the kubeconfig for accessing the K8s cluster Optional settings (will use default values if not set) @@ -102,7 +102,7 @@ Optional settings (will use default values if not set) ### Deploy 03-application 1. `cd ../03-application` 1. `npm install` -1. `pulumi stack init {stackName3}` +1. `pulumi stack init {stackName3}` 1. `pulumi config set stackName1 {stackName1}` - the full stack name for the "01-infrastructure" stack. 1. `pulumi config set stackName2 {stackName2}` - the full stack name for the "02-kubernetes" stack. 1. `pulumi config set apiDomain {domain for api}` - e.g. api.pulumi.example.com (must start with "api") @@ -127,7 +127,7 @@ Optional setting will use default value if not set. ### Configure DNS -To get the IP address output for the cluster, run the following in the `02-kubernetes` folder: +To get the IP address output for the cluster, run the following in the `02-kubernetes` folder: ``` pulumi stack output ingressServiceIp @@ -156,7 +156,7 @@ pulumi login $(pulumi stack output apiUrl) Due to the dependencies between the stacks, you'll need to reverse the order that you deployed them in: 1. `cd 03-application` -1. `pulumi destroy` +1. `pulumi destroy` 1. `cd ../02-kubernetes` 1. `pulumi state unprotect --all` 1. `pulumi destroy` @@ -177,7 +177,7 @@ You can use the following to create self-signed certs: -days { days_until_expiration } -nodes -subj "/CN={ common_name }" \ -addext "subjectAltName = DNS:{ common_name }" ``` - Where `{ days_until_expiration }` is set to a number of days for the cert (e.g. 365). + Where `{ days_until_expiration }` is set to a number of days for the cert (e.g. 365). And, `{ common_name }` is set to `api.{domain}` for the api cert and key and set to `app.{domain}` for the console cert and key (e.g. api.example.com and app.example.com, respectively). For example, if creating certs for names using the `pulumi.example.com` domain: @@ -195,7 +195,7 @@ openssl \ The resultant X.key.pem and X.cert.pem files will be used when configuring the `03-application` stack. ### Configuring Self-Signed Certificates on Workstation - > ⚠️ If using self-signed certificates, you will need to load both the `app.` and `api.` certs into your workstation (e.g. MacOS Keychain Access) so that browser access and the `pulumi` CLI work correctly. + > ⚠️ If using self-signed certificates, you will need to load both the `app.` and `api.` certs into your workstation (e.g. MacOS Keychain Access) so that browser access and the `pulumi` CLI work correctly. #### MacOS 1. Launch the system as described above. 1. `sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain `