# Kubernetes
你可以使用 Kubernetes 来托管你的 Atuin 服务器。
为数据库凭证创建 [`secrets.yaml`](../../k8s/secrets.yaml) 文件:
```yaml
apiVersion: v1
kind: Secret
metadata:
name: atuin-secrets
type: Opaque
stringData:
ATUIN_DB_USERNAME: atuin
ATUIN_DB_PASSWORD: seriously-insecure
ATUIN_HOST: "127.0.0.1"
ATUIN_PORT: "8888"
ATUIN_OPEN_REGISTRATION: "true"
ATUIN_DB_URI: "postgres://atuin:seriously-insecure@localhost/atuin"
immutable: true
```
为 Atuin 服务器创建 [`atuin.yaml`](../../k8s/atuin.yaml) 文件:
```yaml
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: atuin
spec:
replicas: 1
selector:
matchLabels:
io.kompose.service: atuin
template:
metadata:
labels:
io.kompose.service: atuin
spec:
containers:
- args:
- server
- start
env:
- name: ATUIN_DB_URI
valueFrom:
secretKeyRef:
name: atuin-secrets
key: ATUIN_DB_URI
optional: false
- name: ATUIN_HOST
value: 0.0.0.0
- name: ATUIN_PORT
value: "8888"
- name: ATUIN_OPEN_REGISTRATION
value: "true"
image: ghcr.io/atuinsh/atuin:main
name: atuin
ports:
- containerPort: 8888
resources:
limits:
cpu: 250m
memory: 1Gi
requests:
cpu: 250m
memory: 1Gi
volumeMounts:
- mountPath: /config
name: atuin-claim0
- name: postgresql
image: postgres:14
ports:
- containerPort: 5432
env:
- name: POSTGRES_DB
value: atuin
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: atuin-secrets
key: ATUIN_DB_PASSWORD
optional: false
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: atuin-secrets
key: ATUIN_DB_USERNAME
optional: false
resources:
limits:
cpu: 250m
memory: 1Gi
requests:
cpu: 250m
memory: 1Gi
volumeMounts:
- mountPath: /var/lib/postgresql/data/
name: database
volumes:
- name: database
persistentVolumeClaim:
claimName: database
- name: atuin-claim0
persistentVolumeClaim:
claimName: atuin-claim0
---
apiVersion: v1
kind: Service
metadata:
labels:
io.kompose.service: atuin
name: atuin
spec:
type: NodePort
ports:
- name: "8888"
port: 8888
nodePort: 30530
selector:
io.kompose.service: atuin
---
kind: PersistentVolume
apiVersion: v1
metadata:
name: database-pv
labels:
app: database
type: local
spec:
storageClassName: manual
capacity:
storage: 300Mi
accessModes:
- ReadWriteOnce
hostPath:
path: "/Users/firstname.lastname/.kube/database"
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
io.kompose.service: database
name: database
spec:
storageClassName: manual
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 300Mi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
io.kompose.service: atuin-claim0
name: atuin-claim0
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Mi
```
最后,你可能想让 atuin 使用单独的命名空间(namespace),创建 [`namespace.yaml`](../../k8s/namespaces.yaml) 文件:
```yaml
apiVersion: v1
kind: Namespace
metadata:
name: atuin-namespace
labels:
name: atuin
```
在企业级安装部署时,你可能想要数据库内容永久存储在集群中,而不是在主机系统中。在上述配置中,`storageClassName` 配置为 `manual`,主机系统的挂载目录配置为 `/Users/firstname.lastname/.kube/database`,请注意,这些配置将会使得数据库内容存储在 kubernetes 集群<i>外部</i>中。
你还应该将 `secrets.yaml` 文件中的 `ATUIN_DB_PASSWORD` 和 `ATUIN_DB_URI` 修改为更安全的加密字符串。
Atuin 运行在主机系统的 `30530` 端口上。这是通过 `nodePort` 属性进行陪你的。Kubernetes 有一个严格规则,即不允许暴露小于 30000 的端口号。为了使客户端能够正常工作,你需要在你的 `config.toml` 文件中设置端口号,例如 `sync_address = "http://192.168.1.10:30530"`。
使用 `kubectl` 部署 Atuin 服务器:
```shell
kubectl apply -f ./namespaces.yaml
kubectl apply -n atuin-namespace \
-f ./secrets.yaml \
-f ./atuin.yaml
```
上面示例同时也位于 atuin 仓库(repository)的 [k8s](../../k8s) 目录下。