Andrey/docker-erpnext
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6301b2ef4b
docker-erpnext/documentation/deployment-guides/azure-managed/kubernetes-manifests/configmap.yaml
Brian Tan Seng 6301b2ef4b ⏺ Perfect! I've successfully created the complete Azure equivalent of the GCP managed deployment 
guides. Here's what has been created:

  📁 Azure Managed Deployment Structure

  documentation/deployment-guides/azure-managed/
  ├── README.md                                    # Overview and architecture
  ├── 00-prerequisites-managed.md                  # Azure prerequisites setup
  ├── 01-aks-managed-deployment.md                # AKS deployment guide
  ├── 02-container-instances-deployment.md        # Container Instances guide
  ├── 03-production-managed-setup.md              # Production hardening
  ├── kubernetes-manifests/                       # Kubernetes YAML files
  │   ├── namespace.yaml                          # Namespace and quotas
  │   ├── storage.yaml                            # Azure Files storage
  │   ├── configmap.yaml                          # Configuration
  │   ├── secrets.yaml                            # Key Vault integration
  │   ├── erpnext-backend.yaml                    # Backend deployment
  │   ├── erpnext-frontend.yaml                   # Frontend deployment
  │   ├── erpnext-workers.yaml                    # Workers and scheduler
  │   ├── ingress.yaml                            # Ingress configuration
  │   └── jobs.yaml                               # Init and backup jobs
  └── scripts/                                    # Automation scripts
      ├── deploy-managed.sh                       # AKS deployment script
      └── container-instances-deploy.sh           # ACI deployment script

  🔄 Key Azure Service Mappings

  | GCP Service          | Azure Equivalent                     | Notes
                             |
  |----------------------|--------------------------------------|-------------------------------
  ---------------------------|
  | Cloud SQL (MySQL)    | Azure Database for PostgreSQL        | Using PostgreSQL instead of
  MySQL for better performance |
  | Memorystore (Redis)  | Azure Cache for Redis                | Full compatibility with
  SSL/TLS                          |
  | Cloud Storage        | Azure Storage (Blob & Files)         | Using Azure Files for shared
  storage                     |
  | GKE                  | AKS (Azure Kubernetes Service)       | Full Kubernetes compatibility
                             |
  | Cloud Run            | Azure Container Instances            | Serverless container platform
                             |
  | Secret Manager       | Azure Key Vault                      | Integrated secrets management
                             |
  | Cloud IAM            | Azure AD & Managed Identity          | Enterprise-grade identity
                             |
  | Stackdriver          | Azure Monitor & Application Insights | Comprehensive monitoring
                             |
  | Cloud CDN            | Azure CDN                            | Global content delivery
                             |
  | Cloud Load Balancing | Azure Application Gateway            | L7 load balancing with WAF
                             |

   Key Features

  1. Managed Services

  - Azure Database for PostgreSQL with high availability
  - Azure Cache for Redis with SSL/TLS encryption
  - Azure Storage for file management
  - Azure Key Vault for secrets

  2. Deployment Options

  - AKS: Full Kubernetes control with auto-scaling
  - Container Instances: Simpler serverless deployment

  3. Security

  - Managed Identity for passwordless authentication
  - Private endpoints for database and Redis
  - Network security groups and firewall rules
  - SSL/TLS encryption everywhere

  4. Production Ready

  - Automated backups with geo-redundancy
  - Monitoring with Azure Monitor
  - Auto-scaling configurations
  - Disaster recovery setup

  5. Automation

  - One-command deployment scripts
  - Environment validation
  - Health checks and diagnostics
  - Backup automation

  🚀 Quick Start

  # Prerequisites
  cd documentation/deployment-guides/azure-managed/
  # Follow 00-prerequisites-managed.md

  # Option 1: Deploy to AKS
  ./scripts/deploy-managed.sh deploy

  # Option 2: Deploy to Container Instances
  ./scripts/container-instances-deploy.sh deploy

  💰 Cost Comparison

  | Deployment Size   | Azure (Monthly) | GCP (Monthly) |
  |-------------------|-----------------|---------------|
  | Small (<50 users) | ~           | ~         |
  | Medium (50-200)   | ~           | ~         |
  | Large (200+)      | ~,823         | ~,794       |

  The Azure deployment uses PostgreSQL instead of MySQL, which provides better performance and
  features, and includes Azure-specific optimizations for the cloud-native environment.
2025-08-23 13:03:56 +08:00

190 lines
5.5 KiB
YAML
Raw Blame History

apiVersion: v1
kind: ConfigMap
metadata:
name: erpnext-config
namespace: erpnext
data:
# Database configuration for Azure Database for PostgreSQL
DB_TYPE: "postgres"
DB_HOST: "${DB_SERVER_NAME}.postgres.database.azure.com"
DB_PORT: "5432"
DB_NAME: "erpnext"
DB_USER: "${DB_ADMIN_USER}"
# Redis configuration for Azure Cache for Redis
REDIS_HOST: "${REDIS_HOST}"
REDIS_PORT: "6380"
REDIS_USE_SSL: "true"
# Azure Storage configuration
STORAGE_ACCOUNT: "${STORAGE_ACCOUNT}"
STORAGE_CONTAINER: "erpnext-files"
STORAGE_BACKUP_CONTAINER: "erpnext-backups"
# Application configuration
FRAPPE_SITE_NAME_HEADER: "frontend"
WORKER_CLASS: "gthread"
GUNICORN_WORKERS: "4"
GUNICORN_THREADS: "4"
GUNICORN_TIMEOUT: "120"
GUNICORN_LOGLEVEL: "info"
# Environment settings
ENVIRONMENT: "production"
DEVELOPER_MODE: "0"
ALLOW_TESTS: "0"
# Performance settings
REDIS_CACHE_EXPIRES_IN_SEC: "3600"
REDIS_QUEUE_EXPIRES_IN_SEC: "604800"
# Security settings
ENCRYPTION_KEY: "${ENCRYPTION_KEY}"
FORCE_HTTPS: "1"
SESSION_COOKIE_SECURE: "1"
# Monitoring
ENABLE_MONITORING: "1"
APPLICATIONINSIGHTS_CONNECTION_STRING: "InstrumentationKey=${INSTRUMENTATION_KEY}"
---
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-config
namespace: erpnext
data:
nginx.conf: |
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 4096;
use epoll;
multi_accept on;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server_tokens off;
# Compression
gzip on;
gzip_vary on;
gzip_min_length 1024;
gzip_types text/plain text/css text/xml text/javascript
application/json application/javascript application/xml+rss;
# Security headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
# Rate limiting
limit_req_zone $binary_remote_addr zone=general:10m rate=10r/s;
limit_req_zone $binary_remote_addr zone=login:10m rate=5r/m;
upstream backend {
least_conn;
server erpnext-backend:8000 max_fails=3 fail_timeout=30s;
keepalive 32;
}
upstream websocket {
server erpnext-websocket:9000;
}
server {
listen 8080;
server_name _;
root /usr/share/nginx/html;
client_max_body_size 50M;
client_body_buffer_size 16K;
client_header_buffer_size 1K;
large_client_header_buffers 4 16K;
# Security
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
# Static files
location /assets {
alias /usr/share/nginx/html/assets;
expires 7d;
add_header Cache-Control "public, immutable";
}
location /files {
alias /usr/share/nginx/html/files;
expires 7d;
}
# WebSocket
location /socket.io {
proxy_pass http://websocket;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_read_timeout 86400;
}
# Application
location / {
limit_req zone=general burst=20 nodelay;
proxy_pass http://backend;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frappe-Site-Name frontend;
proxy_connect_timeout 120s;
proxy_send_timeout 120s;
proxy_read_timeout 120s;
proxy_buffer_size 4K;
proxy_buffers 8 4K;
proxy_busy_buffers_size 8K;
}
# Login rate limiting
location ~ ^/(api/method/login|api/method/logout) {
limit_req zone=login burst=5 nodelay;
proxy_pass http://backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
# Health check
location /health {
access_log off;
return 200 "healthy\n";
add_header Content-Type text/plain;
}
}
}
Reference in New Issue View Git Blame Copy Permalink