Tweek use RSA keys for communication between the services, and for accessing git storage.

Generating keys

In order to generate this keys, use the script in Tweek repo: https://github.com/Soluto/tweek/blob/master/utils/generate_keys.sh

Mounting the keys

In each service you should mount the relevant files, and configure the service using environment variables:

  • GIT (public)
    • PUBLIC_KEY_PATH=/run/secrets/id_rsa.pub
  • API (pfx)
    • PUBLIC_KEY_PATH=/run/secrets/certificate.pfx
  • Editor (private)
    • GIT_PRIVATE_KEY_PATH=/run/secrets/id_rsa
  • Authoring (private, public)
    • GIT_PUBLIC_KEY_PATH=/run/secrets/id_rsa.pub
    • GIT_PRIVATE_KEY_PATH=/run/secrets/id_rsa
  • Publishing (private, public)
    • GIT_PUBLIC_KEY_PATH=/run/secrets/id_rsa.pub
  • Gateway (Private)
    • TWEEKGATEWAY_SECURITY_TWEEKSECRETKEY_PATH=/run/secrets/tweek_ssh_private_key

All public/private keys can be also consumed as base64 value environment variables (add example).

Linking Git repository

Publishing service should work against an upstream git repo (can be hosted anywhere, Github, Gitlab, CodeCommit, etc…):

  • Publishing
    • GIT_PUBLIC_KEY_PATH=/run/secrets/tweek_ssh_public_key
    • GIT_SERVER_PRIVATE_KEY_PATH=/run/secrets/id_rsa # or use a different one, depend on upstream
    • GIT_UPSTREAM_URI=ssh://[email protected]/tweek/repo

Linking Between services

Most services are configured by default to talk to each other, but if you want to customize it:

  • Api
    • -> Minio
    • -> Nats
  • Editor
    • -> Api - TWEEK_API_HOSTNAME=http://api
    • -> Authoring - AUTHORING_API_HOSTNAME=http://authoring:3000
  • Publishing
    • -> Minio
    • -> Nats
  • Gateway
    • -> Minio
    • -> Nats
    • -> Api
    • -> Authoring
    • -> Publishing

Example configurations

You can checkout dev folder for compose/swarm configuration docker-compose.

There’s a also a Kubernetes example