Contents

1 odoo安装

odoo安装

参考： https://artifacthub.io/packages/helm/bitnami/odoo

配置

新建一个命名空间，作为默认命名空间

kubectl create ns odoo
kubectl config set-context --current --namespace odoo

参考： https://artifacthub.io/packages/helm/bitnami/odoo

使用helm安装，使用bitnami的chart. 这里先下载下来解压看看。

helm pull oci://registry-1.docker.io/bitnamicharts/odoo --untar

复制一份默认的values.yaml配置文件, 打开副本,编辑,保留并编辑需要修改的配置项

[root@jingmin-kube-archlinux odoo]# cp ./values.yaml my-override-values.yaml
[root@jingmin-kube-archlinux odoo]# vim my-override-values.yaml 
[root@jingmin-kube-archlinux odoo]# cat my-override-values.yaml 
global:
  storageClass: ""

## @section Common parameters
##

## @param clusterDomain Default Kubernetes cluster domain
##
clusterDomain: cluster.local
## @param extraDeploy Array of extra objects to deploy with the release
##


## @section Odoo Configuration parameters
## Odoo settings based on environment variables
## ref: https://github.com/bitnami/containers/tree/main/bitnami/odoo#environment-variables
##

## @param odooEmail Odoo user email
## ref: https://github.com/bitnami/containers/tree/main/bitnami/odoo#configuration
##
odooEmail: 784319947@qq.com
## @param odooPassword Odoo user password
## Defaults to a random 10-character alphanumeric string if not set
## ref: https://github.com/bitnami/containers/tree/main/bitnami/odoo#configuration
##
odooPassword: "Odoo12345"
## @param odooSkipInstall Skip Odoo installation wizard
##
odooSkipInstall: false
## @param loadDemoData Whether to load demo data for all modules during initialization
## ref: https://github.com/bitnami/containers/tree/main/bitnami/odoo#configuration
##
loadDemoData: true
## SMTP mail delivery configuration
## ref: https://github.com/bitnami/containers/tree/main/bitnami/odoo/#smtp-configuration
## @param smtpHost SMTP server host
## @param smtpPort SMTP server port
## @param smtpUser SMTP username
## @param smtpPassword SMTP user password
## @param smtpProtocol SMTP protocol
##
smtpHost: "smtp.qq.com"
smtpPort: "465"
smtpUser: "784319947@qq.com"
smtpPassword: "jgjfnjcfomgcbdaf"
smtpProtocol: ""
## @param allowEmptyPassword Allow the container to be started with blank passwords
##
allowEmptyPassword: false

## @section Odoo deployment parameters
##

## @param replicaCount Number of Odoo replicas to deploy
## NOTE: ReadWriteMany PVC(s) are required if replicaCount > 1
##
replicaCount: 1
## Odoo container ports
## @param containerPorts.http Odoo HTTP container port
##
containerPorts:
  http: 8069
## @param affinity Affinity for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
## NOTE: podAffinityPreset, podAntiAffinityPreset, and  nodeAffinityPreset will be ignored when it's set
##
affinity: {}
## @param nodeSelector Node labels for pod assignment
## ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## @param tolerations Tolerations for pod assignment
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []

## @section Traffic Exposure Parameters
##

## Odoo service parameters
##
service:
  ## @param service.type Odoo service type
  ##
  type: LoadBalancer
  ## @param service.ports.http Odoo service HTTP port
  ##
  ports:
    http: 80
  ## @param service.nodePorts.http NodePort for the Odoo HTTP endpoint
  ## NOTE: choose port between <30000-32767>
  ##
  nodePorts:
    http: ""
  ## @param service.sessionAffinity Control where client requests go, to the same pod or round-robin
  ## Values: ClientIP or None
  ## ref: https://kubernetes.io/docs/user-guide/services/
  ##
  sessionAffinity: None

## Configure the ingress resource that allows you to access the Odoo installation
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
##
ingress:
  ## @param ingress.enabled Enable ingress record generation for Odoo
  ##
  enabled: true
  ## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
  ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
  ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
  ##
  ingressClassName: "nginx"
  ## @param ingress.pathType Ingress path type
  ##
  pathType: ImplementationSpecific
  ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set)
  ##
  apiVersion: ""
  ## @param ingress.hostname Default host for the ingress record
  ##
  hostname: odoo.ole12138.cn
  ## @param ingress.path Default path for the ingress record
  ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
  ##
  path: /
  ## @param ingress.annotations [object] Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
  ## Use this parameter to set the required annotations for cert-manager, see
  ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
  ## e.g:
  ## annotations:
  ##   kubernetes.io/ingress.class: nginx
  ##   cert-manager.io/cluster-issuer: cluster-issuer-name
  ##
  annotations: {}
    
  ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter
  ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname | trunc 63 | trimSuffix "-" }}`
  ## You can:
  ##   - Use the `ingress.secrets` parameter to create this TLS secret
  ##   - Rely on cert-manager to create it by setting the corresponding annotations
  ##   - Rely on Helm to create self-signed certificates by setting `ingress.tls=true` and `ingress.certManager=false`
  ##
  tls: true
  ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
  ##
  selfSigned: true

## @section Persistence Parameters
##

## Persistence Parameters
## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/
##
persistence:
  ## @param persistence.enabled Enable persistence using Persistent Volume Claims
  ##
  enabled: true



## @section Database Parameters

## PostgreSQL chart configuration
## ref: https://github.com/bitnami/charts/blob/main/bitnami/postgresql/values.yaml
## @param postgresql.enabled Switch to enable or disable the PostgreSQL helm chart
## @param postgresql.auth.username Name for a custom user to create
## @param postgresql.auth.password Password for the custom user to create
## @param postgresql.auth.database Name for a custom database to create
## @param postgresql.auth.existingSecret Name of existing secret to use for PostgreSQL credentials
## @param postgresql.architecture PostgreSQL architecture (`standalone` or `replication`)
##
postgresql:
  enabled: true
  auth:
    username: bn_odoo
    password: ""
    database: bitnami_odoo
    existingSecret: ""
  architecture: standalone

这里使用默认的storageclass.

设置默认的odoo密码

设置默认的odoo邮箱

设置邮箱服务器配置

开启ingress,开启tls

使用默认的postgresql数据库.

部署安装

[root@jingmin-kube-archlinux odoo]# cd ..
[root@jingmin-kube-archlinux k8s]# helm install odoo -f ./odoo/my-override-values.yaml ./odoo/
coalesce.go:223: warning: destination for postgresql.networkPolicy.egressRules.customRules is a table. Ignoring non-table value ([])
NAME: odoo
LAST DEPLOYED: Sat Sep  9 13:54:51 2023
NAMESPACE: odoo
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
CHART NAME: odoo
CHART VERSION: 23.3.2
APP VERSION: 16.0.20230815

** Please be patient while the chart is being deployed **

1. Get the Odoo URL indicated on the Ingress Rule and associate it to your cluster external IP:

   export CLUSTER_IP=$(minikube ip) # On Minikube. Use: `kubectl cluster-info` on others K8s clusters
   export HOSTNAME=$(kubectl get ingress --namespace odoo odoo -o jsonpath='{.spec.rules[0].host}')
   echo "Odoo URL: http://$HOSTNAME/"
   echo "$CLUSTER_IP  $HOSTNAME" | sudo tee -a /etc/hosts

2. Obtain the login credentials

  export ODOO_EMAIL=784319947@qq.com
  export ODOO_PASSWORD=$(kubectl get secret --namespace "odoo" odoo -o jsonpath="{.data.odoo-password}" | base64 -d)

  echo Email   : $ODOO_EMAIL
  echo Password: $ODOO_PASSWORD

这里提示了一些查看帐号密码的信息.

去域名服务商那里,更新下 odoo.ole1213.cn的dns指向.我这里有一层代理,与本文无关(略)

配tls证书

先配下cert-manager的issuer,用于提供证书, 使用由Let’s Encrypt颁发的证书。

之前章节配好了cert-manager，在当前命名空间下还是建一下staging和production环境的issuer (由Let’s Encrypt提供服务)

修改其中的邮箱部分，用于创建账号，以及将来有证书将要过期相关的内容会发到对应的邮箱

[root@jingmin-kube-archlinux odoo]# vim staging-issuer.yaml 
[root@jingmin-kube-archlinux odoo]# cat staging-issuer.yaml 
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: letsencrypt-staging
spec:
  acme:
    # The ACME server URL
    server: https://acme-staging-v02.api.letsencrypt.org/directory
    # Email address used for ACME registration
    email: 784319947@qq.com
    # Name of a secret used to store the ACME account private key
    privateKeySecretRef:
      name: letsencrypt-staging
    # Enable the HTTP-01 challenge provider
    solvers:
      - http01:
          ingress:
            ingressClassName: nginx

部署staging-issuer

kubectl create -f ./staging-issuer.yaml

类似的方式，创建production-issuer

wget https://raw.githubusercontent.com/cert-manager/website/master/content/docs/tutorials/acme/example/production-issuer.yaml

同样，修改其中的邮箱为自己的邮箱

[root@jingmin-kube-archlinux odoo]# vim production-issuer.yaml 
[root@jingmin-kube-archlinux odoo]# cat production-issuer.yaml 
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    # The ACME server URL
    server: https://acme-v02.api.letsencrypt.org/directory
    # Email address used for ACME registration
    email: 784319947@qq.com
    # Name of a secret used to store the ACME account private key
    privateKeySecretRef:
      name: letsencrypt-prod
    # Enable the HTTP-01 challenge provider
    solvers:
      - http01:
          ingress:
            ingressClassName: nginx

部署到当前命名空间中

kubectl create -f ./production-issuer.yaml

这两个issuer都通过http01的方式向Let’s Encrypt 发出challenge.

kubectl describe issuer

可以看到description中都有一条Message: The ACME account was registered with the ACME server

向ingress中，

添加cert-manager的issuer注解cert-manager.io/issuer: letsencrypt-staging，

以及添加tls的hosts和secretsName部分（secretsName名称随便起，cert-manager会自动生成）

[root@jingmin-kube-archlinux k8s]# kubectl edit ingress odoo 
[root@jingmin-kube-archlinux k8s]# kubectl get ingress odoo -o yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    cert-manager.io/issuer: letsencrypt-staging
    meta.helm.sh/release-name: odoo
    meta.helm.sh/release-namespace: odoo
  creationTimestamp: "2023-09-09T05:54:53Z"
  generation: 2
  labels:
    app.kubernetes.io/instance: odoo
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: odoo
    helm.sh/chart: odoo-23.3.2
  name: odoo
  namespace: odoo
  resourceVersion: "3643309"
  uid: 1b7c4db0-8ac6-4198-b925-04c56140ba87
spec:
  ingressClassName: nginx
  rules:
  - host: odoo.ole12138.cn
    http:
      paths:
      - backend:
          service:
            name: odoo
            port:
              name: http
        path: /
        pathType: ImplementationSpecific
  tls:
  - hosts:
    - odoo.ole12138.cn
    secretName: odoo.ole12138.cn-tls
status:
  loadBalancer:
    ingress:
    - ip: 192.168.1.100

在浏览器中，使用https访问ingress地址https://nexus.ole12138.cn/, 会有提示警告，看下证书，以及颁发者（虽然是提示无效，但不是k8s或odoo提供默认的fake证书，那就是Let’s Encrypt提供的staging证书）。

现在再修改一下ingress中annotations中的issuer，切换为production环境的issuer。注意其中一行： cert-manager.io/issuer: letsencrypt-prod

[root@jingmin-kube-archlinux k8s]# kubectl edit ingress odoo 
ingress.networking.k8s.io/odoo edited
[root@jingmin-kube-archlinux k8s]# kubectl get ingress odoo -o yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    cert-manager.io/issuer: letsencrypt-prod
    meta.helm.sh/release-name: odoo
    meta.helm.sh/release-namespace: odoo
  creationTimestamp: "2023-09-09T05:54:53Z"
  generation: 2
  labels:
    app.kubernetes.io/instance: odoo
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: odoo
    helm.sh/chart: odoo-23.3.2
  name: odoo
  namespace: odoo
  resourceVersion: "3643705"
  uid: 1b7c4db0-8ac6-4198-b925-04c56140ba87
spec:
  ingressClassName: nginx
  rules:
  - host: odoo.ole12138.cn
    http:
      paths:
      - backend:
          service:
            name: odoo
            port:
              name: http
        path: /
        pathType: ImplementationSpecific
  tls:
  - hosts:
    - odoo.ole12138.cn
    secretName: odoo.ole12138.cn-tls
status:
  loadBalancer:
    ingress:
    - ip: 192.168.1.100

再次在浏览器中，以https方式，访问nacos的ingress地址https://nexus.ole12138.cn/. 正常的话，可以直接访通，没有任何警告。看下地址栏前面的锁头标志，点看看下证书，确认是Let’s Encrypt颁发的。

odoo安装

odoo安装

配置

部署安装

配tls证书

评论

发表回复取消回复

odoo安装

odoo安装

配置

部署安装

配tls证书

评论

发表回复 取消回复

发表回复取消回复