Tài liệu kỹ thuật chi tiết — 15/18 tasks hoàn thành (83%)
| Project ID | newskyexpress |
| Region | asia-southeast1 (Singapore) |
| Service Account | odoo-k8s-sa@newskyexpress.iam.gserviceaccount.com |
| IAM Roles | Compute Admin, Storage Admin, Container Admin |
| Billing | Linked & active |
Toàn bộ hạ tầng được quản lý bằng Terraform, cho phép recreate môi trường trong <30 phút.
| File | Mục đích |
|---|---|
main.tf | VMs, firewall rules, static IPs, startup scripts |
variables.tf | Project config, machine types, regions, secrets |
outputs.tf | IP addresses, SSH commands, URLs |
terraform.tfvars | Environment-specific values (gitignored) |
staging/ | Staging environment (separate state) |
allow-odoo : tcp:30069 (Odoo web) allow-portainer : tcp:30778 (Portainer) allow-http-https : tcp:80,443 allow-ssh : tcp:22
VPC default network với firewall rules cho Odoo, Portainer, SSH, HTTP/HTTPS.
gcloud compute firewall-rules list --project=newskyexpress # allow-odoo (30069), allow-portainer (30778), allow-ssh (22), allow-http (80,443)
| VM Name | odoo-production |
| Machine Type | e2-medium (2 vCPU, 4GB RAM) |
| OS | Ubuntu 22.04 LTS |
| Static IP | 35.240.147.252 |
| Disk | 60GB SSD persistent |
| K8s | k3s v1.28+ (CNCF certified Kubernetes) |
k3s = Lightweight certified Kubernetes (by Rancher/SUSE) - CNCF Certified: ✅ 100% compatible K8s API - Memory footprint: ~512MB vs GKE ~2GB+ - Cost: chỉ trả tiền VM (~$25/tháng) vs GKE ($70+ cluster fee)
| VM Name | odoo-staging |
| Machine Type | e2-small (2 vCPU, 2GB RAM) — Spot instance |
| Static IP | 136.110.0.245 |
| Odoo URL | http://136.110.0.245:30069 |
PostgreSQL 16 chạy trong Kubernetes pod với Persistent Volume Claim (PVC) 20GB SSD.
| Version | PostgreSQL 16 |
| Storage | PVC 20GB SSD (host-path) |
| UID | 70 (postgres user) |
| Backup | Manual pg_dump → GCS (planned: daily cron) |
# Permission fix (UID 70 for PG, UID 101 for Odoo) scripts/fix_perms.sh — chown -R 70:70 /data/pg, chown -R 101:101 /data/odoo
Odoo 17 CE chạy trong Kubernetes pod, expose qua NodePort 30069.
FROM odoo:17 COPY ./addons /mnt/extra-addons # Bake custom modules vào image
| Resource | Chi tiết |
|---|---|
| Deployment | 1 replica, Odoo 17 CE |
| Service | NodePort 30069 → 8069 |
| PVC (filestore) | 20GB host-path |
| PVC (addons) | Host-path /data/addons |
22 custom modules đã được deploy vào Odoo 17 qua CI/CD pipeline.
GitHub: newlighttechcloud-abc/odoo-custom-modules Branch: production → auto-deploy khi push
Tier C CI/CD: GitHub Actions → SSH → git pull → copy addons → kubectl rollout restart
.github/workflows/deploy.ymlTrigger: push to 'production' branch Steps: 1. SSH vào Production VM 2. cd /home/odoo-custom-modules && git pull 3. cp -r addons/* /data/addons/ 4. kubectl rollout restart deployment/odoo 5. Verify: curl http://localhost:30069
| Secret | Mục đích |
|---|---|
PROD_SSH_KEY | SSH private key cho Production VM |
PROD_HOST | 35.240.147.252 |
PROD_USER | odoo-deploy |
Database từ môi trường cũ đã được restore thành công lên Production.
| Script | Chức năng |
|---|---|
fix_perms.sh | Fix ownership UID 70/101 cho PG/Odoo PVCs |
fix_modules.sh | Clear asset cache, run module update |
fix_broken_views.sh | Remove broken views (delivery_address field) |
fix_addons_mount.sh | Replace symlinks with real file copies |
update_all_modules.sh | Full module update after changes |
| URL | http://35.240.147.252:30778 |
| Version | Portainer CE (Agent mode) |
| Features | Container logs, restart, resource monitoring |
Database backup via pg_dump. Filestore backup via rsync/tar. Planned: daily cron to GCS bucket.
GCP Compute Monitoring active. Uptime checks planned khi có domain.
Cần domain từ Bên B để cấu hình SSL cert (Let's Encrypt) + reverse proxy.
SSH key-only auth, firewall whitelist, IAM least privilege, secrets in GitHub Secrets.
Sẽ ký khi tất cả tasks GĐ2 hoàn thành.