From 035baff1b53bb94bb95c84d5784653bd4819d4ba Mon Sep 17 00:00:00 2001 From: Monet Lee Date: Thu, 26 Dec 2024 17:53:14 +0800 Subject: [PATCH] docs: improve deployment docs in kubernetes. (#2973) * docs: improve deployment docs in kubernetes. * move docs path. * format contents. * update contents. * build: update deployment env. * docs: update deploy docs. * build: add kafka secret and dependencies. * docs: update deployment docs. * Update docs contents. * update docs contents. --- deployments/Readme.md | 289 ++--- deployments/deploy/kafka-secret.yml | 7 + deployments/deploy/minio-secret.yml | 8 + deployments/deploy/minio-statefulset.yml | 79 ++ deployments/deploy/mongo-secret.yml | 8 + deployments/deploy/mongo-statefulset.yml | 108 ++ deployments/deploy/openim-api-deployment.yml | 47 + deployments/deploy/openim-config.yml | 1056 +++++++++++++++++ .../deploy/openim-msggateway-deployment.yml | 36 + .../deploy/openim-msgtransfer-deployment.yml | 50 + deployments/deploy/openim-push-deployment.yml | 41 + .../deploy/openim-rpc-auth-deployment.yml | 37 + .../openim-rpc-conversation-deployment.yml | 46 + .../deploy/openim-rpc-friend-deployment.yml | 46 + .../deploy/openim-rpc-group-deployment.yml | 46 + .../deploy/openim-rpc-msg-deployment.yml | 51 + .../deploy/openim-rpc-third-deployment.yml | 56 + .../deploy/openim-rpc-user-deployment.yml | 51 + deployments/deploy/redis-secret.yml | 7 + deployments/deploy/redis-statefulset.yml | 55 + 20 files changed, 1986 insertions(+), 138 deletions(-) create mode 100644 deployments/deploy/kafka-secret.yml create mode 100644 deployments/deploy/minio-secret.yml create mode 100644 deployments/deploy/minio-statefulset.yml create mode 100644 deployments/deploy/mongo-secret.yml create mode 100644 deployments/deploy/mongo-statefulset.yml create mode 100644 deployments/deploy/openim-api-deployment.yml create mode 100644 deployments/deploy/openim-config.yml create mode 100644 deployments/deploy/openim-msggateway-deployment.yml create mode 100644 deployments/deploy/openim-msgtransfer-deployment.yml create mode 100644 deployments/deploy/openim-push-deployment.yml create mode 100644 deployments/deploy/openim-rpc-auth-deployment.yml create mode 100644 deployments/deploy/openim-rpc-conversation-deployment.yml create mode 100644 deployments/deploy/openim-rpc-friend-deployment.yml create mode 100644 deployments/deploy/openim-rpc-group-deployment.yml create mode 100644 deployments/deploy/openim-rpc-msg-deployment.yml create mode 100644 deployments/deploy/openim-rpc-third-deployment.yml create mode 100644 deployments/deploy/openim-rpc-user-deployment.yml create mode 100644 deployments/deploy/redis-secret.yml create mode 100644 deployments/deploy/redis-statefulset.yml diff --git a/deployments/Readme.md b/deployments/Readme.md index a7b288130..8da4f90aa 100644 --- a/deployments/Readme.md +++ b/deployments/Readme.md @@ -1,175 +1,188 @@ -# OpenIM Application Containerization Deployment Guide +# Kubernetes Deployment -OpenIM supports a variety of cluster deployment methods, including but not limited to `helm`, `sealos`, `kustomize` +## Resource Requests -Various contributors, as well as previous official releases, have provided some referenceable solutions: +- CPU: 2 cores +- Memory: 4 GiB +- Disk usage: 20 GiB (on Node) -+ [k8s-jenkins Repository](https://github.com/OpenIMSDK/k8s-jenkins) -+ [open-im-server-k8s-deploy Repository](https://github.com/openimsdk/open-im-server-k8s-deploy) -+ [openim-charts Repository](https://github.com/OpenIMSDK/openim-charts) -+ [deploy-openim Repository](https://github.com/showurl/deploy-openim) +## Preconditions -### Dependency Check +ensure that you have already deployed the following components: -```bash -Kubernetes: >= 1.16.0-0 -Helm: >= 3.0 -``` +- Redis +- MongoDB +- Kafka +- MinIO -### Minimum Configuration +## Origin Deploy -The recommended minimum configuration for a production environment is as follows: +### Enter the target dir + +`cd ./deployments/deploy/` + +### Deploy configs and dependencies + +Upate your configMap `openim-config.yml`. **You can check the official docs for more details.** + +In `openim-config.yml`, you need modify the following configurations: + +**discovery.yml** + +- `kubernetes.namespace`: default is `default`, you can change it to your namespace. + +**mongodb.yml** + +- `address`: set to your already mongodb address or mongo Service name and port in your deployed. +- `database`: set to your mongodb database name.(Need have a created database.) +- `authSource`: set to your mongodb authSource. (authSource is specify the database name associated with the user's credentials, user need create in this database.) + +**kafka.yml** + +- `address`: set to your already kafka address or kafka Service name and port in your deployed. + +**redis.yml** + +- `address`: set to your already redis address or redis Service name and port in your deployed. + +**minio.yml** + +- `internalAddress`: set to your minio Service name and port in your deployed. +- `externalAddress`: set to your already expose minio external address. + +### Set the secret + +A Secret is an object that contains a small amount of sensitive data. Such as password and secret. Secret is similar to ConfigMaps. + +#### Redis: + +Update the `redis-password` value in `redis-secret.yml` to your Redis password encoded in base64. ```yaml -CPU: 4 -Memory: 8G -Disk: 100G +apiVersion: v1 +kind: Secret +metadata: + name: openim-redis-secret +type: Opaque +data: + redis-password: b3BlbklNMTIz # update to your redis password encoded in base64, if need empty, you can set to "" ``` -## Configuration File Generation +#### Mongo: -We have automated all the files, making the generation of configuration files optional for OpenIM. However, if you desire custom configurations, you can follow the steps below: +Update the `mongo_openim_username`, `mongo_openim_password` value in `mongo-secret.yml` to your Mongo username and password encoded in base64. -```bash -$ make init -# Alternatively, use script: -# ./scripts/init-config.sh +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: openim-mongo-secret +type: Opaque +data: + mongo_openim_username: b3BlbklN # update to your mongo username encoded in base64, if need empty, you can set to "" (this user credentials need in authSource database). + mongo_openim_password: b3BlbklNMTIz # update to your mongo password encoded in base64, if need empty, you can set to "" ``` -At this point, configuration files will be generated under `deployments/openim/config`, which you can modify as per your requirements. +#### Minio: -## Cluster Setup +Update the `minio-root-user` and `minio-root-password` value in `minio-secret.yml` to your MinIO accessKeyID and secretAccessKey encoded in base64. -If you already have a `kubernetes` cluster, or if you wish to build a `kubernetes` cluster from scratch, you can skip this step. - -For a quick start, I used [sealos](https://github.com/labring/sealos) to rapidly set up the cluster, with sealos also being a wrapper for kubeadm at its core: - -```bash -$ SEALOS_VERSION=`curl -s https://api.github.com/repos/labring/sealos/releases/latest | grep -oE '"tag_name": "[^"]+"' | head -n1 | cut -d'"' -f4` && \ - curl -sfL https://raw.githubusercontent.com/labring/sealos/${SEALOS_VERSION}/scripts/install.sh | - sh -s ${SEALOS_VERSION} labring/sealos +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: openim-minio-secret +type: Opaque +data: + minio-root-user: cm9vdA== # update to your minio accessKeyID encoded in base64, if need empty, you can set to "" + minio-root-password: b3BlbklNMTIz # update to your minio secretAccessKey encoded in base64, if need empty, you can set to "" ``` -**Supported Versions:** +#### Kafka: -+ docker: `labring/kubernetes-docker`:(v1.24.0~v1.27.0) -+ containerd: `labring/kubernetes`:(v1.24.0~v1.27.0) +Update the `kafka-password` value in `kafka-secret.yml` to your Kafka password encoded in base64. -#### Cluster Installation: - -Cluster details are as follows: - -| Hostname | IP Address | System Info | -| -------- | ---------- | ------------------------------------------------------------ | -| master01 | 10.0.0.9 | `Linux VM-0-9-ubuntu 5.15.0-76-generic #83-Ubuntu SMP Thu Jun 15 19:16:32 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux` | -| node01 | 10.0.0.4 | Similar to master01 | -| node02 | 10.0.0.10 | Similar to master01 | - -```bash -$ export CLUSTER_USERNAME=ubuntu -$ export CLUSTER_PASSWORD=123456 -$ sudo sealos run labring/kubernetes:v1.25.0 labring/helm:v3.8.2 labring/calico:v3.24.1 \ - --masters 10.0.0.9 \ - --nodes 10.0.0.4,10.0.0.10 \ - -u "$CLUSTER_USERNAME" \ - -p "$CLUSTER_PASSWORD" +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: openim-kafka-secret +type: Opaque +data: + kafka-password: b3BlbklNMTIz # update to your kafka password encoded in base64, if need empty, you can set to "" ``` -> **Node** Uninstallation method: using `kubeadm` for uninstallation does not remove `etcd` and `cni` related configurations. Manual clearance or using `sealos` for uninstallation is needed. +### Apply the secret. + +```shell +kubectl apply -f redis-secret.yml -f minio-secret.yml -f mongo-secret.yml -f kafka-secret.yml +``` + +### Apply all config + +`kubectl apply -f ./openim-config.yml` + +> Attation: If you use `default` namespace, you can excute `clusterRile.yml` to create a cluster role binding for default service account. > -> ```bash -> $ sealos reset -> ``` +> Namespace is modify to `discovery.yml` in `openim-config.yml`, you can change `kubernetes.namespace` to your namespace. -If you are local, you can also use Kind and Minikube to test, for example, using Kind: +**Excute `clusterRole.yml`** + +`kubectl apply -f ./clusterRole.yml` + +### run all deployments and services + +> Note: Ensure that infrastructure services like MinIO, Redis, and Kafka are running before deploying the main applications. ```bash -$ GO111MODULE="on" go get sigs.k8s.io/kind@v0.11.1 -$ kind create cluster +kubectl apply \ + -f openim-api-deployment.yml \ + -f openim-api-service.yml \ + -f openim-crontask-deployment.yml \ + -f openim-rpc-user-deployment.yml \ + -f openim-rpc-user-service.yml \ + -f openim-msggateway-deployment.yml \ + -f openim-msggateway-service.yml \ + -f openim-push-deployment.yml \ + -f openim-push-service.yml \ + -f openim-msgtransfer-service.yml \ + -f openim-msgtransfer-deployment.yml \ + -f openim-rpc-conversation-deployment.yml \ + -f openim-rpc-conversation-service.yml \ + -f openim-rpc-auth-deployment.yml \ + -f openim-rpc-auth-service.yml \ + -f openim-rpc-group-deployment.yml \ + -f openim-rpc-group-service.yml \ + -f openim-rpc-friend-deployment.yml \ + -f openim-rpc-friend-service.yml \ + -f openim-rpc-msg-deployment.yml \ + -f openim-rpc-msg-service.yml \ + -f openim-rpc-third-deployment.yml \ + -f openim-rpc-third-service.yml ``` -### Installing helm +### Verification -Helm simplifies the deployment and management of Kubernetes applications to a large extent by offering version control and release management through packaging. - -**Using Script:** +After deploying the services, verify that everything is running smoothly: ```bash -$ curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash +# Check the status of all pods +kubectl get pods + +# Check the status of services +kubectl get svc + +# Check the status of deployments +kubectl get deployments + +# View all resources +kubectl get all ``` -**Adding Repository:** +### clean all -```bash -$ helm repo add brigade https://openimsdk.github.io/openim-charts -``` +`kubectl delete -f ./` -### OpenIM Image Strategy +### Notes: -Automated offerings include aliyun, ghcr, docker hub: [Image Documentation](https://github.com/openimsdk/open-im-server/blob/main/docs/contrib/images.md) - -**Local Test Build Method:** - -```bash -$ make image -``` - -> This command assists in quickly building the required images locally. For a detailed build strategy, refer to the [Build Documentation](https://github.com/openimsdk/open-im-server/blob/main/build/README.md). - -## Installation - -Explore our Helm-Charts repository and read through: [Helm-Charts Repository](https://github.com/openimsdk/helm-charts) - - -Using the helm charts repository, you can ignore the following configuration, but if you want to just use the server and scale on top of it, you can go ahead: - -**Use the Helm template to generate the deployment yaml file: `openim-charts.yaml`** - -**Gen Image:** - -```bash -../scripts/genconfig.sh ../scripts/install/environment.sh ./templates/helm-image.yaml > ./charts/generated-configs/helm-image.yaml -``` - -**Gen Charts:** - -```bash -for chart in ./charts/*/; do - if [[ "$chart" == *"generated-configs"* || "$chart" == *"helmfile.yaml"* ]]; then - continue - fi - - if [ -f "${chart}values.yaml" ]; then - helm template "$chart" -f "./charts/generated-configs/helm-image.yaml" -f "./charts/generated-configs/config.yaml" -f "./charts/generated-configs/notification.yaml" >> openim-charts.yaml - else - helm template "$chart" >> openim-charts.yaml - fi -done -``` - -**Use Helmfile:** - -```bash -GO111MODULE=on go get github.com/roboll/helmfile@latest -``` - -```bash -export MONGO_ADDRESS=im-mongo -export MONGO_PORT=27017 -export REDIS_ADDRESS=im-redis-master -export REDIS_PORT=6379 -export KAFKA_ADDRESS=im-kafka -export KAFKA_PORT=9092 -export OBJECT_APIURL="https://openim.server.com/api" -export MINIO_ENDPOINT="http://im-minio:9000" -export MINIO_SIGN_ENDPOINT="https://openim.server.com/im-minio-api" - -mkdir ./charts/generated-configs -../scripts/genconfig.sh ../scripts/install/environment.sh ./templates/config.yaml > ./charts/generated-configs/config.yaml -cp ../config/notification.yaml ./charts/generated-configs/notification.yaml -../scripts/genconfig.sh ../scripts/install/environment.sh ./templates/helm-image.yaml > ./charts/generated-configs/helm-image.yaml -``` - -```bash -helmfile apply -``` +- If you use a specific namespace for your deployment, be sure to append the -n flag to your kubectl commands. diff --git a/deployments/deploy/kafka-secret.yml b/deployments/deploy/kafka-secret.yml new file mode 100644 index 000000000..dcee689c8 --- /dev/null +++ b/deployments/deploy/kafka-secret.yml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Secret +metadata: + name: openim-kafka-secret +type: Opaque +data: + kafka-password: "" diff --git a/deployments/deploy/minio-secret.yml b/deployments/deploy/minio-secret.yml new file mode 100644 index 000000000..3ea09a19f --- /dev/null +++ b/deployments/deploy/minio-secret.yml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: openim-minio-secret +type: Opaque +data: + minio-root-user: cm9vdA== # Base64 encoded "root" + minio-root-password: b3BlbklNMTIz # Base64 encoded "openIM123" diff --git a/deployments/deploy/minio-statefulset.yml b/deployments/deploy/minio-statefulset.yml new file mode 100644 index 000000000..9cf0a42d0 --- /dev/null +++ b/deployments/deploy/minio-statefulset.yml @@ -0,0 +1,79 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: minio + labels: + app: minio +spec: + replicas: 2 + selector: + matchLabels: + app: minio + template: + metadata: + labels: + app: minio + spec: + containers: + - name: minio + image: minio/minio:RELEASE.2024-01-11T07-46-16Z + ports: + - containerPort: 9000 # MinIO service port + - containerPort: 9090 # MinIO console port + volumeMounts: + - name: minio-data + mountPath: /data + - name: minio-config + mountPath: /root/.minio + env: + - name: TZ + value: "Asia/Shanghai" + - name: MINIO_ROOT_USER + valueFrom: + secretKeyRef: + name: openim-minio-secret + key: minio-root-user + - name: MINIO_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: openim-minio-secret + key: minio-root-password + command: + - "/bin/sh" + - "-c" + - | + mkdir -p /data && \ + minio server /data --console-address ":9090" + volumes: + - name: minio-data + persistentVolumeClaim: + claimName: minio-pvc + - name: minio-config + persistentVolumeClaim: + claimName: minio-config-pvc + +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: minio-pvc +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi + +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: minio-config-pvc +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 2Gi + + diff --git a/deployments/deploy/mongo-secret.yml b/deployments/deploy/mongo-secret.yml new file mode 100644 index 000000000..c3c10af24 --- /dev/null +++ b/deployments/deploy/mongo-secret.yml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: openim-mongo-secret +type: Opaque +data: + mongo_openim_username: b3BlbklN # base64 for "openIM", this user credentials need in authSource database. + mongo_openim_password: b3BlbklNMTIz # base64 for "openIM123" diff --git a/deployments/deploy/mongo-statefulset.yml b/deployments/deploy/mongo-statefulset.yml new file mode 100644 index 000000000..41cd4cb7f --- /dev/null +++ b/deployments/deploy/mongo-statefulset.yml @@ -0,0 +1,108 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: mongo-statefulset +spec: + serviceName: "mongo" + replicas: 2 + selector: + matchLabels: + app: mongo + template: + metadata: + labels: + app: mongo + spec: + containers: + - name: mongo + image: mongo:7.0 + command: ["/bin/bash", "-c"] + args: + - > + docker-entrypoint.sh mongod --wiredTigerCacheSizeGB ${wiredTigerCacheSizeGB} --auth & + until mongosh -u ${MONGO_INITDB_ROOT_USERNAME} -p ${MONGO_INITDB_ROOT_PASSWORD} --authenticationDatabase admin --eval "db.runCommand({ ping: 1 })" &>/dev/null; do + echo "Waiting for MongoDB to start..."; + sleep 1; + done && + mongosh -u ${MONGO_INITDB_ROOT_USERNAME} -p ${MONGO_INITDB_ROOT_PASSWORD} --authenticationDatabase admin --eval " + db = db.getSiblingDB(\"${MONGO_INITDB_DATABASE}\"); + if (!db.getUser(\"${MONGO_OPENIM_USERNAME}\")) { + db.createUser({ + user: \"${MONGO_OPENIM_USERNAME}\", + pwd: \"${MONGO_OPENIM_PASSWORD}\", + roles: [{role: \"readWrite\", db: \"${MONGO_INITDB_DATABASE}\"}] + }); + print(\"User created successfully: \"); + print(\"Username: ${MONGO_OPENIM_USERNAME}\"); + print(\"Password: ${MONGO_OPENIM_PASSWORD}\"); + print(\"Database: ${MONGO_INITDB_DATABASE}\"); + } else { + print(\"User already exists in database: ${MONGO_INITDB_DATABASE}, Username: ${MONGO_OPENIM_USERNAME}\"); + } + " && + tail -f /dev/null + ports: + - containerPort: 27017 + env: + - name: MONGO_INITDB_ROOT_USERNAME + valueFrom: + secretKeyRef: + name: openim-mongo-init-secret + key: mongo_initdb_root_username + - name: MONGO_INITDB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: openim-mongo-init-secret + key: mongo_initdb_root_password + - name: MONGO_INITDB_DATABASE + valueFrom: + secretKeyRef: + name: openim-mongo-init-secret + key: mongo_initdb_database + - name: MONGO_OPENIM_USERNAME + valueFrom: + secretKeyRef: + name: openim-mongo-init-secret + key: mongo_openim_username + - name: MONGO_OPENIM_PASSWORD + valueFrom: + secretKeyRef: + name: openim-mongo-init-secret + key: mongo_openim_password + - name: TZ + value: "Asia/Shanghai" + - name: wiredTigerCacheSizeGB + value: "1" + volumeMounts: + - name: mongo-storage + mountPath: /data/db + + volumes: + - name: mongo-storage + persistentVolumeClaim: + claimName: mongo-pvc + +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: mongo-pvc +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi + +--- +apiVersion: v1 +kind: Secret +metadata: + name: openim-mongo-init-secret +type: Opaque +data: + mongo_initdb_root_username: cm9vdA== # base64 for "root" + mongo_initdb_root_password: b3BlbklNMTIz # base64 for "openIM123" + mongo_initdb_database: b3BlbmltX3Yz # base64 for "openim_v3" + mongo_openim_username: b3BlbklN # base64 for "openIM" + mongo_openim_password: b3BlbklNMTIz # base64 for "openIM123" diff --git a/deployments/deploy/openim-api-deployment.yml b/deployments/deploy/openim-api-deployment.yml new file mode 100644 index 000000000..d2d27dc0c --- /dev/null +++ b/deployments/deploy/openim-api-deployment.yml @@ -0,0 +1,47 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: openim-api +spec: + replicas: 2 + selector: + matchLabels: + app: openim-api + template: + metadata: + labels: + app: openim-api + spec: + containers: + - name: openim-api-container + image: openim/openim-api:v3.8.3 + env: + - name: CONFIG_PATH + value: "/config" + - name: IMENV_REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: openim-redis-secret + key: redis-password + - name: IMENV_MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: openim-mongo-secret + key: mongo_openim_username + - name: IMENV_MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: openim-mongo-secret + key: mongo_openim_password + + volumeMounts: + - name: openim-config + mountPath: "/config" + readOnly: true + ports: + - containerPort: 10002 + - containerPort: 12002 + volumes: + - name: openim-config + configMap: + name: openim-config diff --git a/deployments/deploy/openim-config.yml b/deployments/deploy/openim-config.yml new file mode 100644 index 000000000..105dd98e3 --- /dev/null +++ b/deployments/deploy/openim-config.yml @@ -0,0 +1,1056 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: openim-config +data: + discovery.yml: | + enable: "kubernetes" # "kubernetes" or "etcd" + kubernetes: + namespace: default + etcd: + rootDirectory: openim + address: [ localhost:12379 ] + username: '' + password: '' + + rpcService: + user: user-rpc-service + friend: friend-rpc-service + msg: msg-rpc-service + push: push-rpc-service + messageGateway: messagegateway-rpc-service + group: group-rpc-service + auth: auth-rpc-service + conversation: conversation-rpc-service + third: third-rpc-service + + log.yml: | + # Log storage path, default is acceptable, change to a full path if modification is needed + storageLocation: ./logs/ + # Log rotation period (in hours), default is acceptable + rotationTime: 24 + # Number of log files to retain, default is acceptable + remainRotationCount: 2 + # Log level settings: 3 for production environment; 6 for more verbose logging in debugging environments + remainLogLevel: 6 + # Whether to output to standard output, default is acceptable + isStdout: true + # Whether to log in JSON format, default is acceptable + isJson: false + # output simplify log when KeyAndValues's value len is bigger than 50 in rpc method log + isSimplify: true + + mongodb.yml: | + # URI for database connection, leave empty if using address and credential settings directly + uri: '' + # List of MongoDB server addresses + address: [ mongo-service:37017 ] + # Name of the database + database: openim_v3 + # Username for database authentication + username: '' # openIM + # Password for database authentication + password: '' # openIM123 + # Authentication source for database authentication, if use root user, set it to admin + authSource: openim_v3 + # Maximum number of connections in the connection pool + maxPoolSize: 100 + # Maximum number of retry attempts for a failed database connection + maxRetry: 10 + + local-cache.yml: | + user: + topic: DELETE_CACHE_USER + slotNum: 100 + slotSize: 2000 + successExpire: 300 + failedExpire: 5 + group: + topic: DELETE_CACHE_GROUP + slotNum: 100 + slotSize: 2000 + successExpire: 300 + failedExpire: 5 + friend: + topic: DELETE_CACHE_FRIEND + slotNum: 100 + slotSize: 2000 + successExpire: 300 + failedExpire: 5 + conversation: + topic: DELETE_CACHE_CONVERSATION + slotNum: 100 + slotSize: 2000 + successExpire: 300 + failedExpire: 5 + + openim-api.yml: | + api: + # Listening IP; 0.0.0.0 means both internal and external IPs are listened to, default is recommended + listenIP: 0.0.0.0 + # Listening ports; if multiple are configured, multiple instances will be launched, must be consistent with the number of prometheus.ports + ports: [ 10002 ] + # API compression level; 0: default compression, 1: best compression, 2: best speed, -1: no compression + compressionLevel: 0 + + prometheus: + # Whether to enable prometheus + enable: true + # Prometheus listening ports, must match the number of api.ports + ports: [ 12002 ] + # This address can be accessed via a browser + grafanaURL: http://127.0.0.1:13000/ + + openim-rpc-user.yml: | + rpc: + # API or other RPCs can access this RPC through this IP; if left blank, the internal network IP is obtained by default + registerIP: + # Listening IP; 0.0.0.0 means both internal and external IPs are listened to, if blank, the internal network IP is automatically obtained by default + listenIP: 0.0.0.0 + # autoSetPorts indicates whether to automatically set the ports + # if you use in kubernetes, set it to false + autoSetPorts: false + # List of ports that the RPC service listens on; configuring multiple ports will launch multiple instances. These must match the number of configured prometheus ports + # It will only take effect when autoSetPorts is set to false. + ports: [ 10320 ] + prometheus: + # Whether to enable prometheus + enable: true + # Prometheus listening ports, must be consistent with the number of rpc.ports + ports: [ 12320 ] + + openim-crontask.yml: | + cronExecuteTime: 0 2 * * * + retainChatRecords: 365 + fileExpireTime: 180 + deleteObjectType: ["msg-picture","msg-file", "msg-voice","msg-video","msg-video-snapshot","sdklog"] + + openim-msggateway.yml: | + rpc: + # The IP address where this RPC service registers itself; if left blank, it defaults to the internal network IP + registerIP: + # autoSetPorts indicates whether to automatically set the ports + # if you use in kubernetes, set it to false + autoSetPorts: false + # List of ports that the RPC service listens on; configuring multiple ports will launch multiple instances. These must match the number of configured prometheus ports + # It will only take effect when autoSetPorts is set to false. + ports: [ 10140 ] + + prometheus: + # Enable or disable Prometheus monitoring + enable: true + # List of ports that Prometheus listens on; these must match the number of rpc.ports to ensure correct monitoring setup + ports: [ 12140 ] + + # IP address that the RPC/WebSocket service listens on; setting to 0.0.0.0 listens on both internal and external IPs. If left blank, it automatically uses the internal network IP + listenIP: 0.0.0.0 + + longConnSvr: + # WebSocket listening ports, must match the number of rpc.ports + ports: [ 10001 ] + # Maximum number of WebSocket connections + websocketMaxConnNum: 100000 + # Maximum length of the entire WebSocket message packet + websocketMaxMsgLen: 4096 + # WebSocket connection handshake timeout in seconds + websocketTimeout: 10 + + openim-msgtransfer.yml: | + prometheus: + # Enable or disable Prometheus monitoring + enable: true + # List of ports that Prometheus listens on; each port corresponds to an instance of monitoring. Ensure these are managed accordingly + # Because four instances have been launched, four ports need to be specified + ports: [ 12020 ] + + openim-push.yml: | + rpc: + # The IP address where this RPC service registers itself; if left blank, it defaults to the internal network IP + registerIP: + # IP address that the RPC service listens on; setting to 0.0.0.0 listens on both internal and external IPs. If left blank, it automatically uses the internal network IP + listenIP: 0.0.0.0 + # autoSetPorts indicates whether to automatically set the ports + # if you use in kubernetes, set it to false + autoSetPorts: false + # List of ports that the RPC service listens on; configuring multiple ports will launch multiple instances. These must match the number of configured prometheus ports + # It will only take effect when autoSetPorts is set to false. + ports: [ 10170 ] + + + prometheus: + # Enable or disable Prometheus monitoring + enable: true + # List of ports that Prometheus listens on; these must match the number of rpc.ports to ensure correct monitoring setup + ports: [ 12170 ] + + maxConcurrentWorkers: 3 + #Use geTui for offline push notifications, or choose fcm or jpns; corresponding configuration settings must be specified. + enable: + geTui: + pushUrl: https://restapi.getui.com/v2/$appId + masterSecret: + appKey: + intent: + channelID: + channelName: + fcm: + # Prioritize using file paths. If the file path is empty, use URL + filePath: # File path is concatenated with the parameters passed in through - c(`mage` default pass in `config/`) and filePath. + authURL: # Must start with https or http. + jpush: + appKey: + masterSecret: + pushURL: + pushIntent: + + # iOS system push sound and badge count + iosPush: + pushSound: xxx + badgeCount: true + production: false + + fullUserCache: true + + openim-rpc-auth.yml: | + rpc: + # The IP address where this RPC service registers itself; if left blank, it defaults to the internal network IP + registerIP: + # IP address that the RPC service listens on; setting to 0.0.0.0 listens on both internal and external IPs. If left blank, it automatically uses the internal network IP + listenIP: 0.0.0.0 + # autoSetPorts indicates whether to automatically set the ports + # if you use in kubernetes, set it to false + autoSetPorts: false + # List of ports that the RPC service listens on; configuring multiple ports will launch multiple instances. These must match the number of configured prometheus ports + # It will only take effect when autoSetPorts is set to false. + ports: [ 10200 ] + + prometheus: + # Enable or disable Prometheus monitoring + enable: true + # List of ports that Prometheus listens on; these must match the number of rpc.ports to ensure correct monitoring setup + ports: [12200] + + tokenPolicy: + # Token validity period, in days + expire: 90 + + openim-rpc-conversation.yml: | + rpc: + # The IP address where this RPC service registers itself; if left blank, it defaults to the internal network IP + registerIP: + # IP address that the RPC service listens on; setting to 0.0.0.0 listens on both internal and external IPs. If left blank, it automatically uses the internal network IP + listenIP: 0.0.0.0 + # autoSetPorts indicates whether to automatically set the ports + # if you use in kubernetes, set it to false + autoSetPorts: false + # List of ports that the RPC service listens on; configuring multiple ports will launch multiple instances. These must match the number of configured prometheus ports + # It will only take effect when autoSetPorts is set to false. + ports: [ 10220 ] + + prometheus: + # Enable or disable Prometheus monitoring + enable: true + # List of ports that Prometheus listens on; these must match the number of rpc.ports to ensure correct monitoring setup + ports: [ 12200 ] + + tokenPolicy: + # Token validity period, in days + expire: 90 + + openim-rpc-friend.yml: | + rpc: + # The IP address where this RPC service registers itself; if left blank, it defaults to the internal network IP + registerIP: + # IP address that the RPC service listens on; setting to 0.0.0.0 listens on both internal and external IPs. If left blank, it automatically uses the internal network IP + listenIP: 0.0.0.0 + # autoSetPorts indicates whether to automatically set the ports + # if you use in kubernetes, set it to false + autoSetPorts: false + # List of ports that the RPC service listens on; configuring multiple ports will launch multiple instances. These must match the number of configured prometheus ports + # It will only take effect when autoSetPorts is set to false. + ports: [ 10240 ] + + prometheus: + # Enable or disable Prometheus monitoring + enable: true + # List of ports that Prometheus listens on; these must match the number of rpc.ports to ensure correct monitoring setup + ports: [ 12240 ] + + openim-rpc-group.yml: | + rpc: + # The IP address where this RPC service registers itself; if left blank, it defaults to the internal network IP + registerIP: + # IP address that the RPC service listens on; setting to 0.0.0.0 listens on both internal and external IPs. If left blank, it automatically uses the internal network IP + listenIP: 0.0.0.0 + # autoSetPorts indicates whether to automatically set the ports + # if you use in kubernetes, set it to false + autoSetPorts: false + # List of ports that the RPC service listens on; configuring multiple ports will launch multiple instances. These must match the number of configured prometheus ports + # It will only take effect when autoSetPorts is set to false. + ports: [ 10260 ] + + prometheus: + # Enable or disable Prometheus monitoring + enable: true + # List of ports that Prometheus listens on; these must match the number of rpc.ports to ensure correct monitoring setup + ports: [ 12260 ] + + enableHistoryForNewMembers: true + + openim-rpc-msg.yml: | + rpc: + # The IP address where this RPC service registers itself; if left blank, it defaults to the internal network IP + registerIP: + # IP address that the RPC service listens on; setting to 0.0.0.0 listens on both internal and external IPs. If left blank, it automatically uses the internal network IP + listenIP: 0.0.0.0 + # autoSetPorts indicates whether to automatically set the ports + # if you use in kubernetes, set it to false + autoSetPorts: false + # List of ports that the RPC service listens on; configuring multiple ports will launch multiple instances. These must match the number of configured prometheus ports + ports: [ 10280 ] + + prometheus: + # Enable or disable Prometheus monitoring + enable: true + # List of ports that Prometheus listens on; these must match the number of rpc.ports to ensure correct monitoring setup + ports: [ 12280 ] + + + # Does sending messages require friend verification + friendVerify: false + + openim-rpc-third.yml: | + rpc: + # The IP address where this RPC service registers itself; if left blank, it defaults to the internal network IP + registerIP: + # IP address that the RPC service listens on; setting to 0.0.0.0 listens on both internal and external IPs. If left blank, it automatically uses the internal network IP + listenIP: 0.0.0.0 + # autoSetPorts indicates whether to automatically set the ports + # if you use in kubernetes, set it to false + autoSetPorts: false + # List of ports that the RPC service listens on; configuring multiple ports will launch multiple instances. These must match the number of configured prometheus ports + # It will only take effect when autoSetPorts is set to false. + ports: [ 10300 ] + + prometheus: + # Enable or disable Prometheus monitoring + enable: true + # List of ports that Prometheus listens on; these must match the number of rpc.ports to ensure correct monitoring setup + ports: [ 12300 ] + + + object: + # Use MinIO as object storage, or set to "cos", "oss", "kodo", "aws", while also configuring the corresponding settings + enable: minio + cos: + bucketURL: https://temp-1252357374.cos.ap-chengdu.myqcloud.com + secretID: + secretKey: + sessionToken: + publicRead: false + oss: + endpoint: https://oss-cn-chengdu.aliyuncs.com + bucket: demo-9999999 + bucketURL: https://demo-9999999.oss-cn-chengdu.aliyuncs.com + accessKeyID: + accessKeySecret: + sessionToken: + publicRead: false + kodo: + endpoint: http://s3.cn-south-1.qiniucs.com + bucket: kodo-bucket-test + bucketURL: http://kodo-bucket-test-oetobfb.qiniudns.com + accessKeyID: + accessKeySecret: + sessionToken: + publicRead: false + aws: + region: ap-southeast-2 + bucket: testdemo832234 + accessKeyID: + secretAccessKey: + sessionToken: + publicRead: false + + share.yml: | + secret: openIM123 + + imAdminUserID: ["imAdmin"] + + # 1: For Android, iOS, Windows, Mac, and web platforms, only one instance can be online at a time + multiLogin: + policy: 1 + maxNumOneEnd: 30 + + kafka.yml: | + # Username for authentication + username: '' + # Password for authentication + password: '' + # Producer acknowledgment settings + producerAck: + # Compression type to use (e.g., none, gzip, snappy) + compressType: none + # List of Kafka broker addresses + address: [ "kafka-service:19094" ] + # Kafka topic for Redis integration + toRedisTopic: toRedis + # Kafka topic for MongoDB integration + toMongoTopic: toMongo + # Kafka topic for push notifications + toPushTopic: toPush + # Kafka topic for offline push notifications + toOfflinePushTopic: toOfflinePush + # Consumer group ID for Redis topic + toRedisGroupID: redis + # Consumer group ID for MongoDB topic + toMongoGroupID: mongo + # Consumer group ID for push notifications topic + toPushGroupID: push + # Consumer group ID for offline push notifications topic + toOfflinePushGroupID: offlinePush + # TLS (Transport Layer Security) configuration + tls: + # Enable or disable TLS + enableTLS: false + # CA certificate file path + caCrt: + # Client certificate file path + clientCrt: + # Client key file path + clientKey: + # Client key password + clientKeyPwd: + # Whether to skip TLS verification (not recommended for production) + insecureSkipVerify: false + + redis.yml: | + address: [ "redis-service:16379" ] + username: + password: # openIM123 + clusterMode: false + db: 0 + maxRetry: 10 + poolSize: 100 + + minio.yml: | + # Name of the bucket in MinIO + bucket: openim + # Access key ID for MinIO authentication + accessKeyID: root + # Secret access key for MinIO authentication + secretAccessKey: # openIM123 + # Session token for MinIO authentication (optional) + sessionToken: + # Internal address of the MinIO server + internalAddress: minio-service:10005 + # External address of the MinIO server, accessible from outside. Supports both HTTP and HTTPS using a domain name + externalAddress: http://minio-service:10005 + # Flag to enable or disable public read access to the bucket + publicRead: "false" + + notification.yml: | + groupCreated: + isSendMsg: true + # Reliability level of the message sending. + # Set to 1 to send only when online, 2 for guaranteed delivery. + reliabilityLevel: 1 + # This setting is effective only when 'isSendMsg' is true. + # It controls whether to count unread messages. + unreadCount: false + # Configuration for offline push notifications. + offlinePush: + # Enables or disables offline push notifications. + enable: false + # Title for the notification when a group is created. + title: create group title + # Description for the notification. + desc: create group desc + # Additional information for the notification. + ext: create group ext + + groupInfoSet: + isSendMsg: false + reliabilityLevel: 1 + unreadCount: false + offlinePush: + enable: false + title: groupInfoSet title + desc: groupInfoSet desc + ext: groupInfoSet ext + + joinGroupApplication: + isSendMsg: false + reliabilityLevel: 1 + unreadCount: false + offlinePush: + enable: false + title: joinGroupApplication title + desc: joinGroupApplication desc + ext: joinGroupApplication ext + + memberQuit: + isSendMsg: true + reliabilityLevel: 1 + unreadCount: false + offlinePush: + enable: false + title: memberQuit title + desc: memberQuit desc + ext: memberQuit ext + + groupApplicationAccepted: + isSendMsg: false + reliabilityLevel: 1 + unreadCount: false + offlinePush: + enable: false + title: groupApplicationAccepted title + desc: groupApplicationAccepted desc + ext: groupApplicationAccepted ext + + groupApplicationRejected: + isSendMsg: false + reliabilityLevel: 1 + unreadCount: false + offlinePush: + enable: false + title: groupApplicationRejected title + desc: groupApplicationRejected desc + ext: groupApplicationRejected ext + + groupOwnerTransferred: + isSendMsg: true + reliabilityLevel: 1 + unreadCount: false + offlinePush: + enable: false + title: groupOwnerTransferred title + desc: groupOwnerTransferred desc + ext: groupOwnerTransferred ext + + memberKicked: + isSendMsg: true + reliabilityLevel: 1 + unreadCount: false + offlinePush: + enable: false + title: memberKicked title + desc: memberKicked desc + ext: memberKicked ext + + memberInvited: + isSendMsg: true + reliabilityLevel: 1 + unreadCount: false + offlinePush: + enable: false + title: memberInvited title + desc: memberInvited desc + ext: memberInvited ext + + memberEnter: + isSendMsg: true + reliabilityLevel: 1 + unreadCount: false + offlinePush: + enable: false + title: memberEnter title + desc: memberEnter desc + ext: memberEnter ext + + groupDismissed: + isSendMsg: true + reliabilityLevel: 1 + unreadCount: false + offlinePush: + enable: false + title: groupDismissed title + desc: groupDismissed desc + ext: groupDismissed ext + + groupMuted: + isSendMsg: true + reliabilityLevel: 1 + unreadCount: false + offlinePush: + enable: false + title: groupMuted title + desc: groupMuted desc + ext: groupMuted ext + + groupCancelMuted: + isSendMsg: true + reliabilityLevel: 1 + unreadCount: false + offlinePush: + enable: false + title: groupCancelMuted title + desc: groupCancelMuted desc + ext: groupCancelMuted ext + defaultTips: + tips: group Cancel Muted + + groupMemberMuted: + isSendMsg: true + reliabilityLevel: 1 + unreadCount: false + offlinePush: + enable: false + title: groupMemberMuted title + desc: groupMemberMuted desc + ext: groupMemberMuted ext + + groupMemberCancelMuted: + isSendMsg: true + reliabilityLevel: 1 + unreadCount: false + offlinePush: + enable: false + title: groupMemberCancelMuted title + desc: groupMemberCancelMuted desc + ext: groupMemberCancelMuted ext + + groupMemberInfoSet: + isSendMsg: false + reliabilityLevel: 1 + unreadCount: false + offlinePush: + enable: false + title: groupMemberInfoSet title + desc: groupMemberInfoSet desc + ext: groupMemberInfoSet ext + + groupInfoSetAnnouncement: + isSendMsg: true + reliabilityLevel: 1 + unreadCount: false + offlinePush: + enable: false + title: groupInfoSetAnnouncement title + desc: groupInfoSetAnnouncement desc + ext: groupInfoSetAnnouncement ext + + groupInfoSetName: + isSendMsg: true + reliabilityLevel: 1 + unreadCount: false + offlinePush: + enable: false + title: groupInfoSetName title + desc: groupInfoSetName desc + ext: groupInfoSetName ext + + #############################friend################################# + friendApplicationAdded: + isSendMsg: false + reliabilityLevel: 1 + unreadCount: false + offlinePush: + enable: false + title: Somebody applies to add you as a friend + desc: Somebody applies to add you as a friend + ext: Somebody applies to add you as a friend + + friendApplicationApproved: + isSendMsg: true + reliabilityLevel: 1 + unreadCount: false + offlinePush: + enable: true + title: Someone applies to add your friend application + desc: Someone applies to add your friend application + ext: Someone applies to add your friend application + + friendApplicationRejected: + isSendMsg: false + reliabilityLevel: 1 + unreadCount: false + offlinePush: + enable: true + title: Someone rejected your friend application + desc: Someone rejected your friend application + ext: Someone rejected your friend application + + friendAdded: + isSendMsg: false + reliabilityLevel: 1 + unreadCount: false + offlinePush: + enable: true + title: We have become friends + desc: We have become friends + ext: We have become friends + + friendDeleted: + isSendMsg: false + reliabilityLevel: 1 + unreadCount: false + offlinePush: + enable: true + title: deleted a friend + desc: deleted a friend + ext: deleted a friend + + friendRemarkSet: + isSendMsg: false + reliabilityLevel: 1 + unreadCount: false + offlinePush: + enable: true + title: Your friend's profile has been changed + desc: Your friend's profile has been changed + ext: Your friend's profile has been changed + + blackAdded: + isSendMsg: false + reliabilityLevel: 1 + unreadCount: false + offlinePush: + enable: true + title: blocked a user + desc: blocked a user + ext: blocked a user + + blackDeleted: + isSendMsg: false + reliabilityLevel: 1 + unreadCount: false + offlinePush: + enable: true + title: Remove a blocked user + desc: Remove a blocked user + ext: Remove a blocked user + + friendInfoUpdated: + isSendMsg: false + reliabilityLevel: 1 + unreadCount: false + offlinePush: + enable: true + title: friend info updated + desc: friend info updated + ext: friend info updated + + #####################user######################### + userInfoUpdated: + isSendMsg: false + reliabilityLevel: 1 + unreadCount: false + offlinePush: + enable: true + title: userInfo updated + desc: userInfo updated + ext: userInfo updated + + userStatusChanged: + isSendMsg: false + reliabilityLevel: 1 + unreadCount: false + offlinePush: + enable: false + title: user status changed + desc: user status changed + ext: user status changed + + #####################conversation######################### + conversationChanged: + isSendMsg: false + reliabilityLevel: 1 + unreadCount: false + offlinePush: + enable: true + title: conversation changed + desc: conversation changed + ext: conversation changed + + conversationSetPrivate: + isSendMsg: true + reliabilityLevel: 1 + unreadCount: false + offlinePush: + enable: true + title: burn after reading + desc: burn after reading + ext: burn after reading + + webhooks.yml: | + url: http://127.0.0.1:10006/callbackExample + beforeSendSingleMsg: + enable: false + timeout: 5 + failedContinue: true + # Only the contentType in allowedTypes will send the callback. + # Supports two formats: a single type or a range. The range is defined by the lower and upper bounds connected with a hyphen ("-"). + # e.g. allowedTypes: [1, 100, 200-500, 600-700] means that only contentType within the range + # {1, 100} ∪ [200, 500] ∪ [600, 700] will be allowed through the filter. + # If not set, all contentType messages will through this filter. + allowedTypes: [] + # Only the contentType not in deniedTypes will send the callback. + # Supports two formats, same as allowedTypes. + # If not set, all contentType messages will through this filter. + deniedTypes: [] + beforeUpdateUserInfoEx: + enable: false + timeout: 5 + failedContinue: true + afterUpdateUserInfoEx: + enable: false + timeout: 5 + afterSendSingleMsg: + enable: false + timeout: 5 + # Only the senID/recvID specified in attentionIds will send the callback + # if not set, all user messages will be callback + attentionIds: [] + # See beforeSendSingleMsg comment. + allowedTypes: [] + deniedTypes: [] + beforeSendGroupMsg: + enable: false + timeout: 5 + failedContinue: true + # See beforeSendSingleMsg comment. + allowedTypes: [] + deniedTypes: [] + beforeMsgModify: + enable: false + timeout: 5 + failedContinue: true + # See beforeSendSingleMsg comment. + allowedTypes: [] + deniedTypes: [] + afterSendGroupMsg: + enable: false + timeout: 5 + # See beforeSendSingleMsg comment. + allowedTypes: [] + deniedTypes: [] + afterUserOnline: + enable: false + timeout: 5 + afterUserOffline: + enable: false + timeout: 5 + afterUserKickOff: + enable: false + timeout: 5 + beforeOfflinePush: + enable: false + timeout: 5 + failedContinue: true + beforeOnlinePush: + enable: false + timeout: 5 + failedContinue: true + beforeGroupOnlinePush: + enable: false + timeout: 5 + failedContinue: true + beforeAddFriend: + enable: false + timeout: 5 + failedContinue: true + beforeUpdateUserInfo: + enable: false + timeout: 5 + failedContinue: true + afterUpdateUserInfo: + enable: false + timeout: 5 + beforeCreateGroup: + enable: false + timeout: 5 + failedContinue: true + afterCreateGroup: + enable: false + timeout: 5 + beforeMemberJoinGroup: + enable: false + timeout: 5 + failedContinue: true + beforeSetGroupMemberInfo: + enable: false + timeout: 5 + failedContinue: true + afterSetGroupMemberInfo: + enable: false + timeout: 5 + afterQuitGroup: + enable: false + timeout: 5 + afterKickGroupMember: + enable: false + timeout: 5 + afterDismissGroup: + enable: false + timeout: 5 + beforeApplyJoinGroup: + enable: false + timeout: 5 + failedContinue: true + afterGroupMsgRead: + enable: false + timeout: 5 + afterSingleMsgRead: + enable: false + timeout: 5 + beforeUserRegister: + enable: false + timeout: 5 + failedContinue: true + afterUserRegister: + enable: false + timeout: 5 + afterTransferGroupOwner: + enable: false + timeout: 5 + beforeSetFriendRemark: + enable: false + timeout: 5 + failedContinue: true + afterSetFriendRemark: + enable: false + timeout: 5 + afterGroupMsgRevoke: + enable: false + timeout: 5 + afterJoinGroup: + enable: false + timeout: 5 + beforeInviteUserToGroup: + enable: false + timeout: 5 + failedContinue: true + afterSetGroupInfo: + enable: false + timeout: 5 + beforeSetGroupInfo: + enable: false + timeout: 5 + failedContinue: true + afterSetGroupInfoEx: + enable: false + timeout: 5 + beforeSetGroupInfoEx: + enable: false + timeout: 5 + failedContinue: true + afterRevokeMsg: + enable: false + timeout: 5 + beforeAddBlack: + enable: false + timeout: 5 + failedContinue: + afterAddFriend: + enable: false + timeout: 5 + beforeAddFriendAgree: + enable: false + timeout: 5 + failedContinue: true + afterAddFriendAgree: + enable: false + timeout: 5 + afterDeleteFriend: + enable: false + timeout: 5 + beforeImportFriends: + enable: false + timeout: 5 + failedContinue: true + afterImportFriends: + enable: false + timeout: 5 + afterRemoveBlack: + enable: false + timeout: 5 + + prometheus.yml: | + # my global config + global: + scrape_interval: 15s # Set the scrape interval to every 15 seconds. Default is every 1 minute. + evaluation_interval: 15s # Evaluate rules every 15 seconds. The default is every 1 minute. + # scrape_timeout is set to the global default (10s). + + # Alertmanager configuration + alerting: + alertmanagers: + - static_configs: + - targets: [internal_ip:19093] + + # Load rules once and periodically evaluate them according to the global evaluation_interval. + rule_files: + - instance-down-rules.yml + # - first_rules.yml + # - second_rules.yml + + # A scrape configuration containing exactly one endpoint to scrape: + # Here it's Prometheus itself. + scrape_configs: + # The job name is added as a label "job=job_name" to any timeseries scraped from this config. + # Monitored information captured by prometheus + + # prometheus fetches application services + - job_name: node_exporter + static_configs: + - targets: [ internal_ip:20500 ] + - job_name: openimserver-openim-api + static_configs: + - targets: [ internal_ip:12002 ] + labels: + namespace: default + - job_name: openimserver-openim-msggateway + static_configs: + - targets: [ internal_ip:12140 ] + # - targets: [ internal_ip:12140, internal_ip:12141, internal_ip:12142, internal_ip:12143, internal_ip:12144, internal_ip:12145, internal_ip:12146, internal_ip:12147, internal_ip:12148, internal_ip:12149, internal_ip:12150, internal_ip:12151, internal_ip:12152, internal_ip:12153, internal_ip:12154, internal_ip:12155 ] + labels: + namespace: default + - job_name: openimserver-openim-msgtransfer + static_configs: + - targets: [ internal_ip:12020, internal_ip:12021, internal_ip:12022, internal_ip:12023, internal_ip:12024, internal_ip:12025, internal_ip:12026, internal_ip:12027 ] + # - targets: [ internal_ip:12020, internal_ip:12021, internal_ip:12022, internal_ip:12023, internal_ip:12024, internal_ip:12025, internal_ip:12026, internal_ip:12027, internal_ip:12028, internal_ip:12029, internal_ip:12030, internal_ip:12031, internal_ip:12032, internal_ip:12033, internal_ip:12034, internal_ip:12035 ] + labels: + namespace: default + - job_name: openimserver-openim-push + static_configs: + - targets: [ internal_ip:12170, internal_ip:12171, internal_ip:12172, internal_ip:12173, internal_ip:12174, internal_ip:12175, internal_ip:12176, internal_ip:12177 ] + # - targets: [ internal_ip:12170, internal_ip:12171, internal_ip:12172, internal_ip:12173, internal_ip:12174, internal_ip:12175, internal_ip:12176, internal_ip:12177, internal_ip:12178, internal_ip:12179, internal_ip:12180, internal_ip:12182, internal_ip:12183, internal_ip:12184, internal_ip:12185, internal_ip:12186 ] + labels: + namespace: default + - job_name: openimserver-openim-rpc-auth + static_configs: + - targets: [ internal_ip:12200 ] + labels: + namespace: default + - job_name: openimserver-openim-rpc-conversation + static_configs: + - targets: [ internal_ip:12220 ] + labels: + namespace: default + - job_name: openimserver-openim-rpc-friend + static_configs: + - targets: [ internal_ip:12240 ] + labels: + namespace: default + - job_name: openimserver-openim-rpc-group + static_configs: + - targets: [ internal_ip:12260 ] + labels: + namespace: default + - job_name: openimserver-openim-rpc-msg + static_configs: + - targets: [ internal_ip:12280 ] + labels: + namespace: default + - job_name: openimserver-openim-rpc-third + static_configs: + - targets: [ internal_ip:12300 ] + labels: + namespace: default + - job_name: openimserver-openim-rpc-user + static_configs: + - targets: [ internal_ip:12320 ] + labels: + namespace: default diff --git a/deployments/deploy/openim-msggateway-deployment.yml b/deployments/deploy/openim-msggateway-deployment.yml new file mode 100644 index 000000000..b1a142e23 --- /dev/null +++ b/deployments/deploy/openim-msggateway-deployment.yml @@ -0,0 +1,36 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: messagegateway-rpc-server +spec: + replicas: 2 + selector: + matchLabels: + app: messagegateway-rpc-server + template: + metadata: + labels: + app: messagegateway-rpc-server + spec: + containers: + - name: openim-msggateway-container + image: openim/openim-msggateway:v3.8.3 + env: + - name: CONFIG_PATH + value: "/config" + - name: IMENV_REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: openim-redis-secret + key: redis-password + volumeMounts: + - name: openim-config + mountPath: "/config" + readOnly: true + ports: + - containerPort: 10140 + - containerPort: 12001 + volumes: + - name: openim-config + configMap: + name: openim-config diff --git a/deployments/deploy/openim-msgtransfer-deployment.yml b/deployments/deploy/openim-msgtransfer-deployment.yml new file mode 100644 index 000000000..323ed5660 --- /dev/null +++ b/deployments/deploy/openim-msgtransfer-deployment.yml @@ -0,0 +1,50 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: openim-msgtransfer-server +spec: + replicas: 2 + selector: + matchLabels: + app: openim-msgtransfer-server + template: + metadata: + labels: + app: openim-msgtransfer-server + spec: + containers: + - name: openim-msgtransfer-container + image: openim/openim-msgtransfer:v3.8.3 + env: + - name: CONFIG_PATH + value: "/config" + - name: IMENV_REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: openim-redis-secret + key: redis-password + - name: IMENV_MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: openim-mongo-secret + key: mongo_openim_username + - name: IMENV_MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: openim-mongo-secret + key: mongo_openim_password + - name: IMENV_KAFKA_PASSWORD + valueFrom: + secretKeyRef: + name: openim-kafka-secret + key: kafka-password + volumeMounts: + - name: openim-config + mountPath: "/config" + readOnly: true + ports: + - containerPort: 12020 + volumes: + - name: openim-config + configMap: + name: openim-config diff --git a/deployments/deploy/openim-push-deployment.yml b/deployments/deploy/openim-push-deployment.yml new file mode 100644 index 000000000..bb36170e9 --- /dev/null +++ b/deployments/deploy/openim-push-deployment.yml @@ -0,0 +1,41 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: push-rpc-server +spec: + replicas: 2 + selector: + matchLabels: + app: push-rpc-server + template: + metadata: + labels: + app: push-rpc-server + spec: + containers: + - name: push-rpc-server-container + image: openim/openim-push:v3.8.3 + env: + - name: CONFIG_PATH + value: "/config" + - name: IMENV_REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: openim-redis-secret + key: redis-password + - name: IMENV_KAFKA_PASSWORD + valueFrom: + secretKeyRef: + name: openim-kafka-secret + key: kafka-password + volumeMounts: + - name: openim-config + mountPath: "/config" + readOnly: true + ports: + - containerPort: 10170 + - containerPort: 12170 + volumes: + - name: openim-config + configMap: + name: openim-config diff --git a/deployments/deploy/openim-rpc-auth-deployment.yml b/deployments/deploy/openim-rpc-auth-deployment.yml new file mode 100644 index 000000000..a15c901f5 --- /dev/null +++ b/deployments/deploy/openim-rpc-auth-deployment.yml @@ -0,0 +1,37 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: auth-rpc-server +spec: + replicas: 2 + selector: + matchLabels: + app: auth-rpc-server + template: + metadata: + labels: + app: auth-rpc-server + spec: + containers: + - name: auth-rpc-server-container + image: openim/openim-rpc-auth:v3.8.3 + imagePullPolicy: Never + env: + - name: CONFIG_PATH + value: "/config" + - name: IMENV_REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: openim-redis-secret + key: redis-password + volumeMounts: + - name: openim-config + mountPath: "/config" + readOnly: true + ports: + - containerPort: 10200 + - containerPort: 12200 + volumes: + - name: openim-config + configMap: + name: openim-config diff --git a/deployments/deploy/openim-rpc-conversation-deployment.yml b/deployments/deploy/openim-rpc-conversation-deployment.yml new file mode 100644 index 000000000..2c9bde337 --- /dev/null +++ b/deployments/deploy/openim-rpc-conversation-deployment.yml @@ -0,0 +1,46 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: conversation-rpc-server +spec: + replicas: 2 + selector: + matchLabels: + app: conversation-rpc-server + template: + metadata: + labels: + app: conversation-rpc-server + spec: + containers: + - name: conversation-rpc-server-container + image: openim/openim-rpc-conversation:v3.8.3 + env: + - name: CONFIG_PATH + value: "/config" + - name: IMENV_REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: openim-redis-secret + key: redis-password + - name: IMENV_MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: openim-mongo-secret + key: mongo_openim_username + - name: IMENV_MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: openim-mongo-secret + key: mongo_openim_password + volumeMounts: + - name: openim-config + mountPath: "/config" + readOnly: true + ports: + - containerPort: 10220 + - containerPort: 12220 + volumes: + - name: openim-config + configMap: + name: openim-config diff --git a/deployments/deploy/openim-rpc-friend-deployment.yml b/deployments/deploy/openim-rpc-friend-deployment.yml new file mode 100644 index 000000000..e01238888 --- /dev/null +++ b/deployments/deploy/openim-rpc-friend-deployment.yml @@ -0,0 +1,46 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: friend-rpc-server +spec: + replicas: 2 + selector: + matchLabels: + app: friend-rpc-server + template: + metadata: + labels: + app: friend-rpc-server + spec: + containers: + - name: friend-rpc-server-container + image: openim/openim-rpc-friend:v3.8.3 + env: + - name: CONFIG_PATH + value: "/config" + - name: IMENV_REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: openim-redis-secret + key: redis-password + - name: IMENV_MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: openim-mongo-secret + key: mongo_openim_username + - name: IMENV_MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: openim-mongo-secret + key: mongo_openim_password + volumeMounts: + - name: openim-config + mountPath: "/config" + readOnly: true + ports: + - containerPort: 10240 + - containerPort: 12240 + volumes: + - name: openim-config + configMap: + name: openim-config diff --git a/deployments/deploy/openim-rpc-group-deployment.yml b/deployments/deploy/openim-rpc-group-deployment.yml new file mode 100644 index 000000000..4698d60b5 --- /dev/null +++ b/deployments/deploy/openim-rpc-group-deployment.yml @@ -0,0 +1,46 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: group-rpc-server +spec: + replicas: 2 + selector: + matchLabels: + app: group-rpc-server + template: + metadata: + labels: + app: group-rpc-server + spec: + containers: + - name: group-rpc-server-container + image: openim/openim-rpc-group:v3.8.3 + env: + - name: CONFIG_PATH + value: "/config" + - name: IMENV_REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: openim-redis-secret + key: redis-password + - name: IMENV_MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: openim-mongo-secret + key: mongo_openim_username + - name: IMENV_MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: openim-mongo-secret + key: mongo_openim_password + volumeMounts: + - name: openim-config + mountPath: "/config" + readOnly: true + ports: + - containerPort: 10260 + - containerPort: 12260 + volumes: + - name: openim-config + configMap: + name: openim-config diff --git a/deployments/deploy/openim-rpc-msg-deployment.yml b/deployments/deploy/openim-rpc-msg-deployment.yml new file mode 100644 index 000000000..26a833342 --- /dev/null +++ b/deployments/deploy/openim-rpc-msg-deployment.yml @@ -0,0 +1,51 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: msg-rpc-server +spec: + replicas: 2 + selector: + matchLabels: + app: msg-rpc-server + template: + metadata: + labels: + app: msg-rpc-server + spec: + containers: + - name: msg-rpc-server-container + image: openim/openim-rpc-msg:v3.8.3 + env: + - name: CONFIG_PATH + value: "/config" + - name: IMENV_REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: openim-redis-secret + key: redis-password + - name: IMENV_MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: openim-mongo-secret + key: mongo_openim_username + - name: IMENV_MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: openim-mongo-secret + key: mongo_openim_password + - name: IMENV_KAFKA_PASSWORD + valueFrom: + secretKeyRef: + name: openim-kafka-secret + key: kafka-password + volumeMounts: + - name: openim-config + mountPath: "/config" + readOnly: true + ports: + - containerPort: 10280 + - containerPort: 12280 + volumes: + - name: openim-config + configMap: + name: openim-config diff --git a/deployments/deploy/openim-rpc-third-deployment.yml b/deployments/deploy/openim-rpc-third-deployment.yml new file mode 100644 index 000000000..f6919f510 --- /dev/null +++ b/deployments/deploy/openim-rpc-third-deployment.yml @@ -0,0 +1,56 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: third-rpc-server +spec: + replicas: 2 + selector: + matchLabels: + app: third-rpc-server + template: + metadata: + labels: + app: third-rpc-server + spec: + containers: + - name: third-rpc-server-container + image: openim/openim-rpc-third:v3.8.3 + env: + - name: CONFIG_PATH + value: "/config" + - name: IMENV_MINIO_ACCESSKEYID + valueFrom: + secretKeyRef: + name: openim-minio-secret + key: minio-root-user + - name: IMENV_MINIO_SECRETACCESSKEY + valueFrom: + secretKeyRef: + name: openim-minio-secret + key: minio-root-password + - name: IMENV_REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: openim-redis-secret + key: redis-password + - name: IMENV_MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: openim-mongo-secret + key: mongo_openim_username + - name: IMENV_MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: openim-mongo-secret + key: mongo_openim_password + volumeMounts: + - name: openim-config + mountPath: "/config" + readOnly: true + ports: + - containerPort: 10300 + - containerPort: 12300 + volumes: + - name: openim-config + configMap: + name: openim-config diff --git a/deployments/deploy/openim-rpc-user-deployment.yml b/deployments/deploy/openim-rpc-user-deployment.yml new file mode 100644 index 000000000..c3e36d1be --- /dev/null +++ b/deployments/deploy/openim-rpc-user-deployment.yml @@ -0,0 +1,51 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: user-rpc-server +spec: + replicas: 2 + selector: + matchLabels: + app: user-rpc-server + template: + metadata: + labels: + app: user-rpc-server + spec: + containers: + - name: user-rpc-server-container + image: openim/openim-rpc-user:v3.8.3 + env: + - name: CONFIG_PATH + value: "/config" + - name: IMENV_REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: openim-redis-secret + key: redis-password + - name: IMENV_MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: openim-mongo-secret + key: mongo_openim_username + - name: IMENV_MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: openim-mongo-secret + key: mongo_openim_password + - name: IMENV_KAFKA_PASSWORD + valueFrom: + secretKeyRef: + name: openim-kafka-secret + key: kafka-password + volumeMounts: + - name: openim-config + mountPath: "/config" + readOnly: true + ports: + - containerPort: 10320 + - containerPort: 12320 + volumes: + - name: openim-config + configMap: + name: openim-config diff --git a/deployments/deploy/redis-secret.yml b/deployments/deploy/redis-secret.yml new file mode 100644 index 000000000..463ec9545 --- /dev/null +++ b/deployments/deploy/redis-secret.yml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Secret +metadata: + name: openim-redis-secret +type: Opaque +data: + redis-password: b3BlbklNMTIz # "openIM123" in base64 diff --git a/deployments/deploy/redis-statefulset.yml b/deployments/deploy/redis-statefulset.yml new file mode 100644 index 000000000..5668b20cc --- /dev/null +++ b/deployments/deploy/redis-statefulset.yml @@ -0,0 +1,55 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: redis-statefulset +spec: + serviceName: "redis" + replicas: 2 + selector: + matchLabels: + app: redis + template: + metadata: + labels: + app: redis + spec: + containers: + - name: redis + image: redis:7.0.0 + ports: + - containerPort: 6379 + env: + - name: TZ + value: "Asia/Shanghai" + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: redis-secret + key: redis-password + volumeMounts: + - name: redis-data + mountPath: /data + command: + [ + "/bin/sh", + "-c", + 'redis-server --requirepass "$REDIS_PASSWORD" --appendonly yes', + ] + volumes: + - name: redis-config-volume + configMap: + name: openim-config + - name: redis-data + persistentVolumeClaim: + claimName: redis-pvc +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: redis-pvc +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi