docs: improve deployment docs in kubernetes. (#2973)

* docs: improve deployment docs in kubernetes.

* move docs path.

* format contents.

* update contents.

* build: update deployment env.

* docs: update deploy docs.

* build: add kafka secret and dependencies.

* docs: update deployment docs.

* Update docs contents.

* update docs contents.

deployments/Readme.md

@@ -1,175 +1,188 @@
-# OpenIM Application Containerization Deployment Guide
+# Kubernetes Deployment
 
-OpenIM supports a variety of cluster deployment methods, including but not limited to `helm`, `sealos`, `kustomize`
+## Resource Requests
 
-Various contributors, as well as previous official releases, have provided some referenceable solutions:
+- CPU: 2 cores
+- Memory: 4 GiB
+- Disk usage: 20 GiB (on Node)
 
-+ [k8s-jenkins Repository](https://github.com/OpenIMSDK/k8s-jenkins)
-+ [open-im-server-k8s-deploy Repository](https://github.com/openimsdk/open-im-server-k8s-deploy)
-+ [openim-charts Repository](https://github.com/OpenIMSDK/openim-charts)
-+ [deploy-openim Repository](https://github.com/showurl/deploy-openim)
+## Preconditions
 
-### Dependency Check
+ensure that you have already deployed the following components:
 
-```bash
-Kubernetes: >= 1.16.0-0
-Helm: >= 3.0
-```
+- Redis
+- MongoDB
+- Kafka
+- MinIO
 
-### Minimum Configuration
+## Origin Deploy
 
-The recommended minimum configuration for a production environment is as follows:
+### Enter the target dir
+
+`cd ./deployments/deploy/`
+
+### Deploy configs and dependencies
+
+Upate your configMap `openim-config.yml`. **You can check the official docs for more details.**
+
+In `openim-config.yml`, you need modify the following configurations:
+
+**discovery.yml**
+
+- `kubernetes.namespace`: default is `default`, you can change it to your namespace.
+
+**mongodb.yml**
+
+- `address`: set to your already mongodb address or mongo Service name and port in your deployed.
+- `database`: set to your mongodb database name.(Need have a created database.)
+- `authSource`: set to your mongodb authSource. (authSource is specify the database name associated with the user's credentials, user need create in this database.)
+
+**kafka.yml**
+
+- `address`: set to your already kafka address or kafka Service name and port in your deployed.
+
+**redis.yml**
+
+- `address`: set to your already redis address or redis Service name and port in your deployed.
+
+**minio.yml**
+
+- `internalAddress`: set to your minio Service name and port in your deployed.
+- `externalAddress`: set to your already expose minio external address.
+
+### Set the secret
+
+A Secret is an object that contains a small amount of sensitive data. Such as password and secret. Secret is similar to ConfigMaps.
+
+#### Redis:
+
+Update the `redis-password` value in `redis-secret.yml` to your Redis password encoded in base64.
 
 ```yaml
-CPU: 4
-Memory: 8G
-Disk: 100G
+apiVersion: v1
+kind: Secret
+metadata:
+  name: openim-redis-secret
+type: Opaque
+data:
+  redis-password: b3BlbklNMTIz # update to your redis password encoded in base64, if need empty, you can set to ""
 ```
 
-## Configuration File Generation
+#### Mongo:
 
-We have automated all the files, making the generation of configuration files optional for OpenIM. However, if you desire custom configurations, you can follow the steps below:
+Update the `mongo_openim_username`, `mongo_openim_password` value in `mongo-secret.yml` to your Mongo username and password encoded in base64.
 
-```bash
-$ make init
-# Alternatively, use script:
-# ./scripts/init-config.sh
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: openim-mongo-secret
+type: Opaque
+data:
+  mongo_openim_username: b3BlbklN # update to your mongo username encoded in base64, if need empty, you can set to "" (this user credentials need in authSource database).
+  mongo_openim_password: b3BlbklNMTIz # update to your mongo password encoded in base64, if need empty, you can set to ""
 ```
 
-At this point, configuration files will be generated under `deployments/openim/config`, which you can modify as per your requirements.
+#### Minio:
 
-## Cluster Setup
+Update the `minio-root-user` and `minio-root-password` value in `minio-secret.yml` to your MinIO accessKeyID and secretAccessKey encoded in base64.
 
-If you already have a `kubernetes` cluster, or if you wish to build a `kubernetes` cluster from scratch, you can skip this step.
-
-For a quick start, I used [sealos](https://github.com/labring/sealos) to rapidly set up the cluster, with sealos also being a wrapper for kubeadm at its core:
-
-```bash
-$ SEALOS_VERSION=`curl -s https://api.github.com/repos/labring/sealos/releases/latest | grep -oE '"tag_name": "[^"]+"' | head -n1 | cut -d'"' -f4` && \
-  curl -sfL https://raw.githubusercontent.com/labring/sealos/${SEALOS_VERSION}/scripts/install.sh |
-  sh -s ${SEALOS_VERSION} labring/sealos
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: openim-minio-secret
+type: Opaque
+data:
+  minio-root-user: cm9vdA== # update to your minio accessKeyID encoded in base64, if need empty, you can set to ""
+  minio-root-password: b3BlbklNMTIz # update to your minio secretAccessKey encoded in base64, if need empty, you can set to ""
 ```
 
-**Supported Versions:**
+#### Kafka:
 
-+ docker: `labring/kubernetes-docker`:(v1.24.0~v1.27.0)
-+ containerd: `labring/kubernetes`:(v1.24.0~v1.27.0)
+Update the `kafka-password` value in `kafka-secret.yml` to your Kafka password encoded in base64.
 
-#### Cluster Installation:
-
-Cluster details are as follows:
-
-| Hostname | IP Address | System Info                                                  |
-| -------- | ---------- | ------------------------------------------------------------ |
-| master01 | 10.0.0.9   | `Linux VM-0-9-ubuntu 5.15.0-76-generic #83-Ubuntu SMP Thu Jun 15 19:16:32 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux` |
-| node01   | 10.0.0.4   | Similar to master01                                          |
-| node02   | 10.0.0.10  | Similar to master01                                          |
-
-```bash
-$ export CLUSTER_USERNAME=ubuntu
-$ export CLUSTER_PASSWORD=123456
-$ sudo sealos run labring/kubernetes:v1.25.0 labring/helm:v3.8.2 labring/calico:v3.24.1 \
-    --masters 10.0.0.9 \
-    --nodes 10.0.0.4,10.0.0.10 \
-    -u "$CLUSTER_USERNAME" \
-    -p "$CLUSTER_PASSWORD"
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: openim-kafka-secret
+type: Opaque
+data:
+  kafka-password: b3BlbklNMTIz # update to your kafka password encoded in base64, if need empty, you can set to ""
 ```
 
-> **Node** Uninstallation method: using `kubeadm` for uninstallation does not remove `etcd` and `cni` related configurations. Manual clearance or using `sealos` for uninstallation is needed.
+### Apply the secret.
+
+```shell
+kubectl apply -f redis-secret.yml -f minio-secret.yml -f mongo-secret.yml -f kafka-secret.yml
+```
+
+### Apply all config
+
+`kubectl apply -f ./openim-config.yml`
+
+> Attation: If you use `default` namespace, you can excute `clusterRile.yml` to create a cluster role binding for default service account.
 >
-> ```bash
-> $ sealos reset
-> ```
+> Namespace is modify to `discovery.yml` in `openim-config.yml`, you can change `kubernetes.namespace` to your namespace.
 
-If you are local, you can also use Kind and Minikube to test, for example, using Kind:
+**Excute `clusterRole.yml`**
+
+`kubectl apply -f ./clusterRole.yml`
+
+### run all deployments and services
+
+> Note: Ensure that infrastructure services like MinIO, Redis, and Kafka are running before deploying the main applications.
 
 ```bash
-$ GO111MODULE="on" go get sigs.k8s.io/kind@v0.11.1
-$ kind create cluster
+kubectl apply \
+  -f openim-api-deployment.yml \
+  -f openim-api-service.yml \
+  -f openim-crontask-deployment.yml \
+  -f openim-rpc-user-deployment.yml \
+  -f openim-rpc-user-service.yml \
+  -f openim-msggateway-deployment.yml \
+  -f openim-msggateway-service.yml \
+  -f openim-push-deployment.yml \
+  -f openim-push-service.yml \
+  -f openim-msgtransfer-service.yml \
+  -f openim-msgtransfer-deployment.yml \
+  -f openim-rpc-conversation-deployment.yml \
+  -f openim-rpc-conversation-service.yml \
+  -f openim-rpc-auth-deployment.yml \
+  -f openim-rpc-auth-service.yml \
+  -f openim-rpc-group-deployment.yml \
+  -f openim-rpc-group-service.yml \
+  -f openim-rpc-friend-deployment.yml \
+  -f openim-rpc-friend-service.yml \
+  -f openim-rpc-msg-deployment.yml \
+  -f openim-rpc-msg-service.yml \
+  -f openim-rpc-third-deployment.yml \
+  -f openim-rpc-third-service.yml
 ```
 
-### Installing helm
+### Verification
 
-Helm simplifies the deployment and management of Kubernetes applications to a large extent by offering version control and release management through packaging.
-
-**Using Script:**
+After deploying the services, verify that everything is running smoothly:
 
 ```bash
-$ curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
+# Check the status of all pods
+kubectl get pods
+
+# Check the status of services
+kubectl get svc
+
+# Check the status of deployments
+kubectl get deployments
+
+# View all resources
+kubectl get all
 ```
 
-**Adding Repository:**
+### clean all
 
-```bash
-$ helm repo add brigade https://openimsdk.github.io/openim-charts
-```
+`kubectl delete -f ./`
 
-### OpenIM Image Strategy
+### Notes:
 
-Automated offerings include aliyun, ghcr, docker hub: [Image Documentation](https://github.com/openimsdk/open-im-server/blob/main/docs/contrib/images.md)
-
-**Local Test Build Method:**
-
-```bash
-$ make image
-```
-
-> This command assists in quickly building the required images locally. For a detailed build strategy, refer to the [Build Documentation](https://github.com/openimsdk/open-im-server/blob/main/build/README.md).
-
-## Installation
-
-Explore our Helm-Charts repository and read through: [Helm-Charts Repository](https://github.com/openimsdk/helm-charts)
-
-
-Using the helm charts repository, you can ignore the following configuration, but if you want to just use the server and scale on top of it, you can go ahead:
-
-**Use the Helm template to generate the deployment yaml file: `openim-charts.yaml`**
-
-**Gen Image:**
-
-```bash
-../scripts/genconfig.sh ../scripts/install/environment.sh ./templates/helm-image.yaml > ./charts/generated-configs/helm-image.yaml
-```
-
-**Gen Charts:**
-
-```bash
-for chart in ./charts/*/; do
-    if [[ "$chart" == *"generated-configs"* || "$chart" == *"helmfile.yaml"* ]]; then
-        continue
-    fi
-
-    if [ -f "${chart}values.yaml" ]; then
-        helm template "$chart" -f "./charts/generated-configs/helm-image.yaml" -f "./charts/generated-configs/config.yaml" -f "./charts/generated-configs/notification.yaml" >> openim-charts.yaml
-    else
-        helm template "$chart" >> openim-charts.yaml
-    fi
-done
-```
-
-**Use Helmfile:**
-
-```bash
-GO111MODULE=on go get github.com/roboll/helmfile@latest
-```
-
-```bash
-export MONGO_ADDRESS=im-mongo
-export MONGO_PORT=27017
-export REDIS_ADDRESS=im-redis-master
-export REDIS_PORT=6379
-export KAFKA_ADDRESS=im-kafka
-export KAFKA_PORT=9092
-export OBJECT_APIURL="https://openim.server.com/api"
-export MINIO_ENDPOINT="http://im-minio:9000"
-export MINIO_SIGN_ENDPOINT="https://openim.server.com/im-minio-api"
-
-mkdir ./charts/generated-configs
-../scripts/genconfig.sh ../scripts/install/environment.sh ./templates/config.yaml > ./charts/generated-configs/config.yaml
-cp ../config/notification.yaml ./charts/generated-configs/notification.yaml
-../scripts/genconfig.sh ../scripts/install/environment.sh ./templates/helm-image.yaml > ./charts/generated-configs/helm-image.yaml
-```
-
-```bash
-helmfile apply
-```
+- If you use a specific namespace for your deployment, be sure to append the -n <namespace> flag to your kubectl commands.

deployments/deploy/kafka-secret.yml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: openim-kafka-secret
+type: Opaque
+data:
+  kafka-password: ""

deployments/deploy/minio-secret.yml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: openim-minio-secret
+type: Opaque
+data:
+  minio-root-user: cm9vdA== # Base64 encoded "root"
+  minio-root-password: b3BlbklNMTIz # Base64 encoded "openIM123"

deployments/deploy/minio-statefulset.yml

@@ -0,0 +1,79 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: minio
+  labels:
+    app: minio
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: minio
+  template:
+    metadata:
+      labels:
+        app: minio
+    spec:
+      containers:
+        - name: minio
+          image: minio/minio:RELEASE.2024-01-11T07-46-16Z
+          ports:
+            - containerPort: 9000 # MinIO service port
+            - containerPort: 9090 # MinIO console port
+          volumeMounts:
+            - name: minio-data
+              mountPath: /data
+            - name: minio-config
+              mountPath: /root/.minio
+          env:
+            - name: TZ
+              value: "Asia/Shanghai"
+            - name: MINIO_ROOT_USER
+              valueFrom:
+                secretKeyRef:
+                  name: openim-minio-secret
+                  key: minio-root-user
+            - name: MINIO_ROOT_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: openim-minio-secret
+                  key: minio-root-password
+          command:
+            - "/bin/sh"
+            - "-c"
+            - |
+              mkdir -p /data && \
+              minio server /data --console-address ":9090"
+      volumes:
+        - name: minio-data
+          persistentVolumeClaim:
+            claimName: minio-pvc
+        - name: minio-config
+          persistentVolumeClaim:
+            claimName: minio-config-pvc
+
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: minio-pvc
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 10Gi
+
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: minio-config-pvc
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 2Gi
+
+

deployments/deploy/mongo-secret.yml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: openim-mongo-secret
+type: Opaque
+data:
+  mongo_openim_username: b3BlbklN # base64 for "openIM", this user credentials need in authSource database.
+  mongo_openim_password: b3BlbklNMTIz # base64 for "openIM123"

deployments/deploy/mongo-statefulset.yml

@@ -0,0 +1,108 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: mongo-statefulset
+spec:
+  serviceName: "mongo"
+  replicas: 2
+  selector:
+    matchLabels:
+      app: mongo
+  template:
+    metadata:
+      labels:
+        app: mongo
+    spec:
+      containers:
+        - name: mongo
+          image: mongo:7.0
+          command: ["/bin/bash", "-c"]
+          args:
+            - >
+              docker-entrypoint.sh mongod --wiredTigerCacheSizeGB ${wiredTigerCacheSizeGB} --auth &
+              until mongosh -u ${MONGO_INITDB_ROOT_USERNAME} -p ${MONGO_INITDB_ROOT_PASSWORD} --authenticationDatabase admin --eval "db.runCommand({ ping: 1 })" &>/dev/null; do
+                echo "Waiting for MongoDB to start...";
+                sleep 1;
+              done &&
+              mongosh -u ${MONGO_INITDB_ROOT_USERNAME} -p ${MONGO_INITDB_ROOT_PASSWORD} --authenticationDatabase admin --eval "
+              db = db.getSiblingDB(\"${MONGO_INITDB_DATABASE}\");
+              if (!db.getUser(\"${MONGO_OPENIM_USERNAME}\")) {
+                db.createUser({
+                  user: \"${MONGO_OPENIM_USERNAME}\",
+                  pwd: \"${MONGO_OPENIM_PASSWORD}\",
+                  roles: [{role: \"readWrite\", db: \"${MONGO_INITDB_DATABASE}\"}]
+                });
+                print(\"User created successfully: \");
+                print(\"Username: ${MONGO_OPENIM_USERNAME}\");
+                print(\"Password: ${MONGO_OPENIM_PASSWORD}\");
+                print(\"Database: ${MONGO_INITDB_DATABASE}\");
+              } else {
+                print(\"User already exists in database: ${MONGO_INITDB_DATABASE}, Username: ${MONGO_OPENIM_USERNAME}\");
+              }
+              " &&
+              tail -f /dev/null
+          ports:
+            - containerPort: 27017
+          env:
+            - name: MONGO_INITDB_ROOT_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: openim-mongo-init-secret
+                  key: mongo_initdb_root_username
+            - name: MONGO_INITDB_ROOT_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: openim-mongo-init-secret
+                  key: mongo_initdb_root_password
+            - name: MONGO_INITDB_DATABASE
+              valueFrom:
+                secretKeyRef:
+                  name: openim-mongo-init-secret
+                  key: mongo_initdb_database
+            - name: MONGO_OPENIM_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: openim-mongo-init-secret
+                  key: mongo_openim_username
+            - name: MONGO_OPENIM_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: openim-mongo-init-secret
+                  key: mongo_openim_password
+            - name: TZ
+              value: "Asia/Shanghai"
+            - name: wiredTigerCacheSizeGB
+              value: "1"
+          volumeMounts:
+            - name: mongo-storage
+              mountPath: /data/db
+
+      volumes:
+        - name: mongo-storage
+          persistentVolumeClaim:
+            claimName: mongo-pvc
+
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: mongo-pvc
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 5Gi
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: openim-mongo-init-secret
+type: Opaque
+data:
+  mongo_initdb_root_username: cm9vdA== # base64 for "root"
+  mongo_initdb_root_password: b3BlbklNMTIz # base64 for "openIM123"
+  mongo_initdb_database: b3BlbmltX3Yz # base64 for "openim_v3"
+  mongo_openim_username: b3BlbklN # base64 for "openIM"
+  mongo_openim_password: b3BlbklNMTIz # base64 for "openIM123"

deployments/deploy/openim-api-deployment.yml

@@ -0,0 +1,47 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: openim-api
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: openim-api
+  template:
+    metadata:
+      labels:
+        app: openim-api
+    spec:
+      containers:
+        - name: openim-api-container
+          image: openim/openim-api:v3.8.3
+          env:
+            - name: CONFIG_PATH
+              value: "/config"
+            - name: IMENV_REDIS_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: openim-redis-secret
+                  key: redis-password
+            - name: IMENV_MONGODB_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: openim-mongo-secret
+                  key: mongo_openim_username
+            - name: IMENV_MONGODB_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: openim-mongo-secret
+                  key: mongo_openim_password
+
+          volumeMounts:
+            - name: openim-config
+              mountPath: "/config"
+              readOnly: true
+          ports:
+            - containerPort: 10002
+            - containerPort: 12002
+      volumes:
+        - name: openim-config
+          configMap:
+            name: openim-config

deployments/deploy/openim-msggateway-deployment.yml

@@ -0,0 +1,36 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: messagegateway-rpc-server
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: messagegateway-rpc-server
+  template:
+    metadata:
+      labels:
+        app: messagegateway-rpc-server
+    spec:
+      containers:
+        - name: openim-msggateway-container
+          image: openim/openim-msggateway:v3.8.3
+          env:
+            - name: CONFIG_PATH
+              value: "/config"
+            - name: IMENV_REDIS_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: openim-redis-secret
+                  key: redis-password
+          volumeMounts:
+            - name: openim-config
+              mountPath: "/config"
+              readOnly: true
+          ports:
+            - containerPort: 10140
+            - containerPort: 12001
+      volumes:
+        - name: openim-config
+          configMap:
+            name: openim-config

deployments/deploy/openim-msgtransfer-deployment.yml

@@ -0,0 +1,50 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: openim-msgtransfer-server
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: openim-msgtransfer-server
+  template:
+    metadata:
+      labels:
+        app: openim-msgtransfer-server
+    spec:
+      containers:
+        - name: openim-msgtransfer-container
+          image: openim/openim-msgtransfer:v3.8.3
+          env:
+            - name: CONFIG_PATH
+              value: "/config"
+            - name: IMENV_REDIS_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: openim-redis-secret
+                  key: redis-password
+            - name: IMENV_MONGODB_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: openim-mongo-secret
+                  key: mongo_openim_username
+            - name: IMENV_MONGODB_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: openim-mongo-secret
+                  key: mongo_openim_password
+            - name: IMENV_KAFKA_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: openim-kafka-secret
+                  key: kafka-password
+          volumeMounts:
+            - name: openim-config
+              mountPath: "/config"
+              readOnly: true
+          ports:
+            - containerPort: 12020
+      volumes:
+        - name: openim-config
+          configMap:
+            name: openim-config

deployments/deploy/openim-push-deployment.yml

@@ -0,0 +1,41 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: push-rpc-server
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: push-rpc-server
+  template:
+    metadata:
+      labels:
+        app: push-rpc-server
+    spec:
+      containers:
+        - name: push-rpc-server-container
+          image: openim/openim-push:v3.8.3
+          env:
+            - name: CONFIG_PATH
+              value: "/config"
+            - name: IMENV_REDIS_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: openim-redis-secret
+                  key: redis-password
+            - name: IMENV_KAFKA_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: openim-kafka-secret
+                  key: kafka-password
+          volumeMounts:
+            - name: openim-config
+              mountPath: "/config"
+              readOnly: true
+          ports:
+            - containerPort: 10170
+            - containerPort: 12170
+      volumes:
+        - name: openim-config
+          configMap:
+            name: openim-config

deployments/deploy/openim-rpc-auth-deployment.yml

@@ -0,0 +1,37 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: auth-rpc-server
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: auth-rpc-server
+  template:
+    metadata:
+      labels:
+        app: auth-rpc-server
+    spec:
+      containers:
+        - name: auth-rpc-server-container
+          image: openim/openim-rpc-auth:v3.8.3
+          imagePullPolicy: Never
+          env:
+            - name: CONFIG_PATH
+              value: "/config"
+            - name: IMENV_REDIS_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: openim-redis-secret
+                  key: redis-password
+          volumeMounts:
+            - name: openim-config
+              mountPath: "/config"
+              readOnly: true
+          ports:
+            - containerPort: 10200
+            - containerPort: 12200
+      volumes:
+        - name: openim-config
+          configMap:
+            name: openim-config

deployments/deploy/openim-rpc-conversation-deployment.yml

@@ -0,0 +1,46 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: conversation-rpc-server
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: conversation-rpc-server
+  template:
+    metadata:
+      labels:
+        app: conversation-rpc-server
+    spec:
+      containers:
+        - name: conversation-rpc-server-container
+          image: openim/openim-rpc-conversation:v3.8.3
+          env:
+            - name: CONFIG_PATH
+              value: "/config"
+            - name: IMENV_REDIS_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: openim-redis-secret
+                  key: redis-password
+            - name: IMENV_MONGODB_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: openim-mongo-secret
+                  key: mongo_openim_username
+            - name: IMENV_MONGODB_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: openim-mongo-secret
+                  key: mongo_openim_password
+          volumeMounts:
+            - name: openim-config
+              mountPath: "/config"
+              readOnly: true
+          ports:
+            - containerPort: 10220
+            - containerPort: 12220
+      volumes:
+        - name: openim-config
+          configMap:
+            name: openim-config

deployments/deploy/openim-rpc-friend-deployment.yml

@@ -0,0 +1,46 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: friend-rpc-server
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: friend-rpc-server
+  template:
+    metadata:
+      labels:
+        app: friend-rpc-server
+    spec:
+      containers:
+        - name: friend-rpc-server-container
+          image: openim/openim-rpc-friend:v3.8.3
+          env:
+            - name: CONFIG_PATH
+              value: "/config"
+            - name: IMENV_REDIS_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: openim-redis-secret
+                  key: redis-password
+            - name: IMENV_MONGODB_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: openim-mongo-secret
+                  key: mongo_openim_username
+            - name: IMENV_MONGODB_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: openim-mongo-secret
+                  key: mongo_openim_password
+          volumeMounts:
+            - name: openim-config
+              mountPath: "/config"
+              readOnly: true
+          ports:
+            - containerPort: 10240
+            - containerPort: 12240
+      volumes:
+        - name: openim-config
+          configMap:
+            name: openim-config

deployments/deploy/openim-rpc-group-deployment.yml

@@ -0,0 +1,46 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: group-rpc-server
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: group-rpc-server
+  template:
+    metadata:
+      labels:
+        app: group-rpc-server
+    spec:
+      containers:
+        - name: group-rpc-server-container
+          image: openim/openim-rpc-group:v3.8.3
+          env:
+            - name: CONFIG_PATH
+              value: "/config"
+            - name: IMENV_REDIS_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: openim-redis-secret
+                  key: redis-password
+            - name: IMENV_MONGODB_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: openim-mongo-secret
+                  key: mongo_openim_username
+            - name: IMENV_MONGODB_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: openim-mongo-secret
+                  key: mongo_openim_password
+          volumeMounts:
+            - name: openim-config
+              mountPath: "/config"
+              readOnly: true
+          ports:
+            - containerPort: 10260
+            - containerPort: 12260
+      volumes:
+        - name: openim-config
+          configMap:
+            name: openim-config

deployments/deploy/openim-rpc-msg-deployment.yml

@@ -0,0 +1,51 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: msg-rpc-server
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: msg-rpc-server
+  template:
+    metadata:
+      labels:
+        app: msg-rpc-server
+    spec:
+      containers:
+        - name: msg-rpc-server-container
+          image: openim/openim-rpc-msg:v3.8.3
+          env:
+            - name: CONFIG_PATH
+              value: "/config"
+            - name: IMENV_REDIS_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: openim-redis-secret
+                  key: redis-password
+            - name: IMENV_MONGODB_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: openim-mongo-secret
+                  key: mongo_openim_username
+            - name: IMENV_MONGODB_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: openim-mongo-secret
+                  key: mongo_openim_password
+            - name: IMENV_KAFKA_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: openim-kafka-secret
+                  key: kafka-password
+          volumeMounts:
+            - name: openim-config
+              mountPath: "/config"
+              readOnly: true
+          ports:
+            - containerPort: 10280
+            - containerPort: 12280
+      volumes:
+        - name: openim-config
+          configMap:
+            name: openim-config

deployments/deploy/openim-rpc-third-deployment.yml

@@ -0,0 +1,56 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: third-rpc-server
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: third-rpc-server
+  template:
+    metadata:
+      labels:
+        app: third-rpc-server
+    spec:
+      containers:
+        - name: third-rpc-server-container
+          image: openim/openim-rpc-third:v3.8.3
+          env:
+            - name: CONFIG_PATH
+              value: "/config"
+            - name: IMENV_MINIO_ACCESSKEYID
+              valueFrom:
+                secretKeyRef:
+                  name: openim-minio-secret
+                  key: minio-root-user
+            - name: IMENV_MINIO_SECRETACCESSKEY
+              valueFrom:
+                secretKeyRef:
+                  name: openim-minio-secret
+                  key: minio-root-password
+            - name: IMENV_REDIS_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: openim-redis-secret
+                  key: redis-password
+            - name: IMENV_MONGODB_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: openim-mongo-secret
+                  key: mongo_openim_username
+            - name: IMENV_MONGODB_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: openim-mongo-secret
+                  key: mongo_openim_password
+          volumeMounts:
+            - name: openim-config
+              mountPath: "/config"
+              readOnly: true
+          ports:
+            - containerPort: 10300
+            - containerPort: 12300
+      volumes:
+        - name: openim-config
+          configMap:
+            name: openim-config

deployments/deploy/openim-rpc-user-deployment.yml

@@ -0,0 +1,51 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: user-rpc-server
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: user-rpc-server
+  template:
+    metadata:
+      labels:
+        app: user-rpc-server
+    spec:
+      containers:
+        - name: user-rpc-server-container
+          image: openim/openim-rpc-user:v3.8.3
+          env:
+            - name: CONFIG_PATH
+              value: "/config"
+            - name: IMENV_REDIS_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: openim-redis-secret
+                  key: redis-password
+            - name: IMENV_MONGODB_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: openim-mongo-secret
+                  key: mongo_openim_username
+            - name: IMENV_MONGODB_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: openim-mongo-secret
+                  key: mongo_openim_password
+            - name: IMENV_KAFKA_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: openim-kafka-secret
+                  key: kafka-password
+          volumeMounts:
+            - name: openim-config
+              mountPath: "/config"
+              readOnly: true
+          ports:
+            - containerPort: 10320
+            - containerPort: 12320
+      volumes:
+        - name: openim-config
+          configMap:
+            name: openim-config

deployments/deploy/redis-secret.yml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: openim-redis-secret
+type: Opaque
+data:
+  redis-password: b3BlbklNMTIz # "openIM123" in base64

deployments/deploy/redis-statefulset.yml

@@ -0,0 +1,55 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: redis-statefulset
+spec:
+  serviceName: "redis"
+  replicas: 2
+  selector:
+    matchLabels:
+      app: redis
+  template:
+    metadata:
+      labels:
+        app: redis
+    spec:
+      containers:
+        - name: redis
+          image: redis:7.0.0
+          ports:
+            - containerPort: 6379
+          env:
+            - name: TZ
+              value: "Asia/Shanghai"
+            - name: REDIS_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: redis-secret
+                  key: redis-password
+          volumeMounts:
+            - name: redis-data
+              mountPath: /data
+          command:
+            [
+              "/bin/sh",
+              "-c",
+              'redis-server  --requirepass "$REDIS_PASSWORD" --appendonly yes',
+            ]
+      volumes:
+        - name: redis-config-volume
+          configMap:
+            name: openim-config
+        - name: redis-data
+          persistentVolumeClaim:
+            claimName: redis-pvc
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: redis-pvc
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 5Gi