I'm using my account name ([email protected]), use yours if running on your own.

• credentials
  • Datastore User
• marks
  • Datastore User
• notifier
  • Datastore User

In this document. Whenever a resource is described to be created, it may be followed by a list of service accounts with their respective roles.

1. Turn on audit logging for cloud kms. Admin read and data read.

1. Create keychain credentials.
   • credentials: Cloud KMS CryptoKey Encrypter/Decrypter
2. Create key credentials in this keychain.

• If there is only one publisher to the topic: publisher-topic_name
• If there is more than one publisher: topic_name
• For any subscription: subscriber_name-full_topic_name (includes publisher if applicable)

1. Create topics:
   • credentials-credentials_received
     • credentials: Pub/Sub Publisher
   • notifications
     • marks: Pub/Sub Publisher
     • credentials: Pub/Sub Publisher
   • notifier-commands
     • notifier: Pub/Sub Publisher
   • notifier-user_created
     • notifier: Pub/Sub Publisher
2. Create subscriptions:
   • marks-credentials-credentials_received
     • marks: Pub/Sub Subscriber, Pub/Sub Viewer
   • marks-notifier-commands
     • marks: Pub/Sub Subscriber, Pub/Sub Viewer
   • notifier-notifications
     • notifier: Pub/Sub Subscriber, Pub/Sub Viewer
   • credentials-notifier-user_created
     • credentials: Pub/Sub Subscriber, Pub/Sub Viewer

You need to have Datastore activated. The microservices will create necessary kinds as required.

* Cluster Version - choose latest
* Boot disk size - 20GB
* Network policy - Enabled
* HTTP load balancing - Disabled

* Turn on https network access to the node, which you will route your DNS to.

    gcloud config set project usos-notifier
    gcloud config set compute/zone us-central1-a
    gcloud container clusters get-credentials cluster-1 --zone us-central1-a
    kubectl create clusterrolebinding add-on-cluster-admin --clusterrole=cluster-admin --serviceaccount=kube-system:default
    helm init
    kubectl create clusterrolebinding [email protected] --clusterrole=cluster-admin [email protected]

• TLS certs for the nginx controller. Standard PEM. I'm using cloudflare generated ones.
  • kubectl create secret tls tls-secret --key cert.key --cert cert.crt
• Credentials service account. Download the json file and call it credentials.json.
  • kubectl create secret generic credentials-service-account --from-file=serviceaccount.json=credentials.json
• Marks service account. Download the json file and call it marks.json.
  • kubectl create secret generic marks-service-account --from-file=serviceaccount.json=marks.json
• Notifier service account. Download the json file and call it notifier.json.
  • kubectl create secret generic notifier-service-account --from-file=serviceaccount.json=notifier.json
• Messenger API key. Put the key into your local NOTIFIER_MESSENGER_API_KEY environment variable.
  • On Windows: kubectl create secret generic messenger-api --from-literal=messenger-api=$ENV:NOTIFIER_MESSENGER_API_KEY
  • On Linux: kubectl create secret generic messenger-api --from-literal=messenger-api=NOTIFIER_MESSENGER_API_KEY
• Messenger Verify key. Put the key into your local NOTIFIER_MESSENGER_VERIFY_TOKEN environment variable.
  • On Windows: kubectl create secret generic messenger-verify --from-literal=messenger-verify=$ENV:NOTIFIER_MESSENGER_VERIFY_TOKEN
  • On Linux: kubectl create secret generic messenger-verify --from-literal=messenger-verify=NOTIFIER_MESSENGER_VERIFY_TOKEN

• Nginx controller. This will create a daemon set of nginx instances. All of them will have hostPort 80 and 443, so just route your DNS to one of your nodes.
  • helm install --values values.yaml --name nginx-ingress stable/nginx-ingress
• Ingress. This routes outside traffic to the internal - publicly available - services.
  • kubectl apply -f ingress.yaml

• Credentials:
  • kubectl apply -f credentials.yaml
• Marks:
  • kubectl apply -f marks.yaml
• Notifier:
  • kubectl apply -f notifier.yaml

• If cross-compiling windows -> linux you need to go get -u golang.org/x/sys/unix