This container provides the cinc server API component for a scalable cinc server clusters in Kubernetes. We achieve that here by externalizing Postgres and replacing Solr with an external Elasticsearch cluster. Lastly, we escrow the API server's pivotal.pem and private-cinc-secrets within a kubernetes secret.
Scaling out to multiple API servers requires externalizing the postgres database and the Opensearch Cluster. Externalizing the postgres server makes intuitive sense. The need to externalize search is less obvious, but failing to exteralize will result in inconsistent clusters, as each search would only get updates from its associated API server.
graph LR;
A{Cinc LB} -->|Cinc Client API Requests| B{n* Cinc API Servers}
B --> | Persistent Store| C{Externalized Postgres}
B --> | Search Indexing| D{OpenSearch LB}
D --> E{OpenSearch Cluster}
The following environment variables must be set for these containers:
CINC_FQDN : The hostname by which clients will talk to the cinc server. This will probably be the CNAME to the k8s load balancer that you put in front of cinc.
POSTGRES_USER : The name of the postgres admin user. A normal postgres account is not typically sufficient, as cinc-server-reconfigure likes to do a lot of admin things, like create databases, additional postgres accounts, templates, and so on. In simpler words, give Chef a dedicated postgres server and let it do what it wants.
POSTGRES_PASSWORD : The password for the postgres admin account
POSTGRES_FQDN : Where to reach the postgres user
SEARCH_FQDN : The hostname of the opensearch cluster that cinc can use. This is the hostname. Supplying a port is not yet supported
SEARCH_USER : The user on the opensearch cluster
SEARCH_PASS : The user pass on opensearch
This dockerfile has numerous assumptions, including the assumption that something is setting the following things up:
- A postgres database
- An elasticsearch cluster
- A signed SSL cert for cinc