LogoLogo
CloudDiscordGitHub
  • 👉Getting Started
    • Introduction
    • Quick start
    • Learn by example
    • Case studies
    • How to contribute?
  • ⭐Memphis Broker
    • Architecture
    • Key concepts
      • Message broker
      • Station
      • Producer API
      • Consumer API
      • Consumer Group
      • Storage and Redundancy
      • Security/Authentication
      • Scaling
      • Ordering
      • Dead-letter Station (DLS)
      • Delayed messages
      • Data exchange
      • Idempotency (Duplicate processing)
      • Failover Scenarios
      • Troubleshooting process
      • Connectors
    • Best practices
      • Producer optimization
      • Compression
    • Memphis configuration
    • Comparisons
      • NATS Jetstream vs Memphis
      • RabbitMQ vs Memphis
      • AWS SQS vs Memphis
      • Apache Kafka vs Memphis
      • Apache Pulsar vs Memphis
      • ZeroMQ vs Memphis
      • Apache NiFi vs Memphis
    • Privacy Policy
  • ⭐Memphis Schemaverse
    • Overview
    • Getting started
      • Management
      • Produce/Consume
        • Protobuf
        • JSON Schema
        • GraphQL
        • Avro
    • Comparison
    • KB
  • 📦Open-Source Installation
    • Kubernetes
      • 1 - Installation
      • 2 - Access
      • 3 - Upgrade
      • Terraform
        • Deploy on AWS
        • Deploy on GCP
        • Deploy on DigitalOcean
      • Guides
        • Deploy/Upgrade Memphis utilizing predefined secrets
        • Monitoring/Alerts Recommendations
        • Production Best Practices
        • NGINX Ingress Controller and Cloud-Agnostic Memphis Deployments
        • Migrate Memphis storage between storageClass's
        • Expanding Memphis Disk Storage
        • Scale-out Memphis cluster
        • TLS - Deploy Memphis with TLS Connection to Metadata Frontend
        • TLS - Memphis TLS websocket configuration
        • TLS - Securing Memphis Client with TLS
        • Installing Memphis with an External Metadata Database
    • Docker
      • 1 - Installation
      • 2 - Access
      • 3 - Upgrade
    • Open-source Support
  • Client Libraries
    • REST (Webhook)
    • Node.js / TypeScript / NestJS
    • Go
    • Python
    • Kotlin (Community)
    • .NET
    • Java
    • Rust (Community)
    • NATS
    • Scala
  • 🔌Integrations Center
    • Index
    • Processing
      • Zapier
    • Change data Capture (CDC)
      • Debezium
    • Monitoring
      • Datadog
      • Grafana
    • Notifications
      • Slack
    • Storage tiering
      • S3-Compatible Object Storage
    • Source code
      • GitHub
    • Other platforms
      • Argo
  • 🗒️Release notes
    • KB
    • Releases
      • v1.4.3 - latest/stable
      • v1.4.2
      • v1.4.1
      • v1.4.0
      • v1.3.1
      • v1.3.0
      • v1.2.0
      • v1.1.1
      • v1.1.0
      • v1.0.3
      • v1.0.2
      • v1.0.1
      • V1.0.0 - GA
      • v0.4.5 - beta
      • v0.4.4 - beta
      • v0.4.3 - beta
      • v0.4.2 - beta
      • v0.4.1 - beta
      • v0.4.0 - beta
      • v0.3.6 - beta
      • v0.3.5 - beta
      • v0.3.0 - beta
      • v0.2.2 - beta
      • v0.2.1 - beta
      • v0.2.0 - beta
      • v0.1.0 - beta
Powered by GitBook
LogoLogo

Legal

  • Terms of Service
  • Privacy Policy

All rights reserved to Memphis.dev 2023

On this page

Was this helpful?

  1. Open-Source Installation
  2. Kubernetes
  3. Guides

Deploy/Upgrade Memphis utilizing predefined secrets

Memphis allows users to utilize predefined Kubernetes secrets containing credentials that remain unchanged during upgrades or other operations. Several variables must be stored in the Kubernetes secret and created before the initial deployment.

Step 1: Create a new secret file for Memphis related credentials:

kubectl create secret generic external-creds -n memphis \
--from-literal=ROOT_PASSWORD=supersecret \
--from-literal=CONNECTION_TOKEN=supersecret \
--from-literal=JWT_SECRET=cHaNgEiTcHaNgEiTcHaNgEiTcHaNgEiTcHaNgEiTcHaNgEiTcHaNgEiTcHaNgEiTcHaNgEiTcHaNgEiTcHaNgEiTcHaNgEiTcHaNgEiTcHaNgEiTcHaNgEiTcHaNgEiT \
--from-literal=REFRESH_JWT_SECRET=cHaNgEiTcHaNgEiTcHaNgEiTcHaNgEiTcHaNgEiTcHaNgEiTcHaNgEiTcHaNgEiTcHaNgEiTcHaNgEiTcHaNgEiTcHaNgEiTcHaNgEiTcHaNgEiTcHaNgEiTcHaNgEiT \
--from-literal=ENCRYPTION_SECRET_KEY=cHaNgEiTcHaNgEiTcHaNgEiTcHaNgEiT \
--from-literal=REFRESH_JWT_SECRET_REST_GW=cHaNgEiTcHaNgEiTcHaNgEiTcHaNgEiTcHaNgEiTcHaNgEiTcHaNgEiTcHaNgEiTcHaNgEiTcHaNgEiTcHaNgEiTcHaNgEiTcHaNgEiTcHaNgEiTcHaNgEiTcHaNgEiT \
--from-literal=JWT_SECRET_REST_GW=cHaNgEiTcHaNgEiTcHaNgEiTcHaNgEiTcHaNgEiTcHaNgEiTcHaNgEiTcHaNgEiTcHaNgEiTcHaNgEiTcHaNgEiTcHaNgEiTcHaNgEiTcHaNgEiTcHaNgEiTcHaNgEiT

Memphis advises creating randomly generated credentials with the following restrictions:

  • JWT_SECRET - comprising a minimum of 128 characters.

  • ENCRYPTION_SECRET_KEY - comprising of exactly 32 characters.

  • ROOT_PASSWORD - comprising a maximum of 72 characters.

Step 2: Create an additional secret file for Memphis-metadata:

kubectl create secret generic memphis-metadata -n memphis \
--from-literal=password=cHaNgEiT \
--from-literal=repmgr-password=cHaNgEiT \
--from-literal=admin-password=cHaNgEiT

Step 3: Deploy Memphis using previously created secrets

helm install memphis memphis/memphis \
--set memphis.creds.secretConfig.name="external-creds",\
memphis.creds.secretConfig.existingSecret="true",\
metadata.postgresql.existingSecret="memphis-metadata",\
metadata.pgpool.existingSecret="memphis-metadata" \
--create-namespace --namespace memphis --wait

Upgrade with pre-defined secret files

Step 0: Obtain user-supplied values.

helm get values memphis --namespace memphis

Step 1: Delete the statefulset with cascade=orphan option

kubectl delete statefulset memphis --cascade=orphan -n memphis

Step 2: Run helm upgrade with all the values you need + updateStrategy=OnDelete

helm repo add memphis https://k8s.memphis.dev/charts/ --force-update &&\
helm upgrade --install memphis \
--set memphis.creds.secretConfig.name="external-creds",\
memphis.creds.secretConfig.existingSecret="true",\
metadata.postgresql.existingSecret="memphis-metadata",\
metadata.pgpool.existingSecret="memphis-metadata" \
memphis/memphis --create-namespace --namespace memphis --wait

Step 4: Upgrade brokers. Delete one by one and validate each to return to the online state.

Last updated 1 year ago

Was this helpful?

📦