# Kubernetes 你可以使用 Kubernetes 来托管你的 Atuin 服务器。 为数据库凭证创建 [`secrets.yaml`](../../k8s/secrets.yaml) 文件: ```yaml apiVersion: v1 kind: Secret metadata: name: atuin-secrets type: Opaque stringData: ATUIN_DB_USERNAME: atuin ATUIN_DB_PASSWORD: seriously-insecure ATUIN_HOST: "127.0.0.1" ATUIN_PORT: "8888" ATUIN_OPEN_REGISTRATION: "true" ATUIN_DB_URI: "postgres://atuin:seriously-insecure@localhost/atuin" immutable: true ``` 为 Atuin 服务器创建 [`atuin.yaml`](../../k8s/atuin.yaml) 文件: ```yaml --- apiVersion: apps/v1 kind: Deployment metadata: name: atuin spec: replicas: 1 selector: matchLabels: io.kompose.service: atuin template: metadata: labels: io.kompose.service: atuin spec: containers: - args: - server - start env: - name: ATUIN_DB_URI valueFrom: secretKeyRef: name: atuin-secrets key: ATUIN_DB_URI optional: false - name: ATUIN_HOST value: 0.0.0.0 - name: ATUIN_PORT value: "8888" - name: ATUIN_OPEN_REGISTRATION value: "true" image: ghcr.io/ellie/atuin:main name: atuin ports: - containerPort: 8888 resources: limits: cpu: 250m memory: 1Gi requests: cpu: 250m memory: 1Gi volumeMounts: - mountPath: /config name: atuin-claim0 - name: postgresql image: postgres:14 ports: - containerPort: 5432 env: - name: POSTGRES_DB value: atuin - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: name: atuin-secrets key: ATUIN_DB_PASSWORD optional: false - name: POSTGRES_USER valueFrom: secretKeyRef: name: atuin-secrets key: ATUIN_DB_USERNAME optional: false resources: limits: cpu: 250m memory: 1Gi requests: cpu: 250m memory: 1Gi volumeMounts: - mountPath: /var/lib/postgresql/data/ name: database volumes: - name: database persistentVolumeClaim: claimName: database - name: atuin-claim0 persistentVolumeClaim: claimName: atuin-claim0 --- apiVersion: v1 kind: Service metadata: labels: io.kompose.service: atuin name: atuin spec: type: NodePort ports: - name: "8888" port: 8888 nodePort: 30530 selector: io.kompose.service: atuin --- kind: PersistentVolume apiVersion: v1 metadata: name: database-pv labels: app: database type: local spec: storageClassName: manual capacity: storage: 300Mi accessModes: - ReadWriteOnce hostPath: path: "/Users/firstname.lastname/.kube/database" --- apiVersion: v1 kind: PersistentVolumeClaim metadata: labels: io.kompose.service: database name: database spec: storageClassName: manual accessModes: - ReadWriteOnce resources: requests: storage: 300Mi --- apiVersion: v1 kind: PersistentVolumeClaim metadata: labels: io.kompose.service: atuin-claim0 name: atuin-claim0 spec: accessModes: - ReadWriteOnce resources: requests: storage: 10Mi ``` 最后,你可能想让 atuin 使用单独的命名空间(namespace),创建 [`namespace.yaml`](../../k8s/namespaces.yaml) 文件: ```yaml apiVersion: v1 kind: Namespace metadata: name: atuin-namespace labels: name: atuin ``` 在企业级安装部署时,你可能想要数据库内容永久存储在集群中,而不是在主机系统中。在上述配置中,`storageClassName` 配置为 `manual`,主机系统的挂载目录配置为 `/Users/firstname.lastname/.kube/database`,请注意,这些配置将会使得数据库内容存储在 kubernetes 集群外部中。 你还应该将 `secrets.yaml` 文件中的 `ATUIN_DB_PASSWORD` 和 `ATUIN_DB_URI` 修改为更安全的加密字符串。 Atuin 运行在主机系统的 `30530` 端口上。这是通过 `nodePort` 属性进行陪你的。Kubernetes 有一个严格规则,即不允许暴露小于 30000 的端口号。为了使客户端能够正常工作,你需要在你的 `config.toml` 文件中设置端口号,例如 `sync_address = "http://192.168.1.10:30530"`。 使用 `kubectl` 部署 Atuin 服务器: ```shell kubectl apply -f ./namespaces.yaml kubectl apply -n atuin-namespace \ -f ./secrets.yaml \ -f ./atuin.yaml ``` 上面示例同时也位于 atuin 仓库(repository)的 [k8s](../../k8s) 目录下。