- Chuẩn bị
.envtừ.env.example. - Bật Docker daemon.
- Chạy
docker compose up -d --build.
One-shot init hiện tại:
core-api-initauth-service-initnotification-service-initfinance-service-initacademic-service-initengagement-service-initpeople-service-initanalytics-service-init- runtime services
- Fast local E2E:
node scripts/run-fast-e2e.mjs - Edge E2E qua
nginx:node scripts/run-edge-e2e.mjs - Production-like image smoke:
node scripts/run-image-smoke.mjs - Local security sweep:
node scripts/run-security-local.mjs - Production compose preflight:
node scripts/check-production-compose-config.mjs - Kubernetes preflight:
node scripts/run-k8s-preflight.mjs - Kubernetes local smoke:
node scripts/run-k8s-local-smoke.mjs - Kubernetes local deploy giữ nguyên resources:
node scripts/run-k8s-local-deploy.mjs - Kubernetes local edge helper:
node scripts/run-k8s-local-edge.mjs - Kubernetes local edge stop:
node scripts/stop-k8s-local-edge.mjs - Kubernetes local destroy:
node scripts/run-k8s-local-destroy.mjs - Cloudflare local tunnel:
node scripts/run-cloudflare-tunnel-local.mjs - Cloudflare local tunnel stop:
node scripts/stop-cloudflare-tunnel-local.mjs - Runtime container inventory:
node scripts/run-container-inventory.mjs
Use the read-only inventory when the local machine has many containers from CampusCore, monitoring, one-shot init jobs, and older projects:
node scripts/run-container-inventory.mjsThe script does not stop, remove, or mutate Docker containers or Kubernetes resources. It reports:
- Docker container name, image, health, restart count, exposed ports, and recent error-log signal summary.
- Kubernetes pods, deployments, services, image tags, readiness, restart count,
and recent error-log signal summary for the
campuscorenamespace. - A clear classification for each item:
healthy: long-running CampusCore runtime or Kubernetes workload is ready.expected exited: completed init/bootstrap jobs or transient probe containers that are not part of the runtime path.needs attention: CampusCore runtime item with unhealthy status, unexpected exit, or restart history. Recent log signals are also printed beside healthy items so operators can decide whether they are normal component noise or a follow-up issue.external residue: containers from other projects or old experiments. The audit records them but never removes them.
campuscore-mailhog is local-only developer tooling and may appear as running
without a Docker healthcheck. That is informational, not a production runtime
failure.
For CI-like behavior, set strict mode:
CONTAINER_INVENTORY_STRICT=1 node scripts/run-container-inventory.mjsStrict mode exits non-zero when a CampusCore runtime item lands in
needs attention. It still ignores external residue.
- Public liveness:
GET /healthquacore-api - Internal readiness:
GET /api/v1/health/readiness - Service internal routes không public qua
nginx
- PostgreSQL
- Redis
- RabbitMQ
- MinIO
core-apinotification-serviceauth-servicefinance-serviceacademic-serviceengagement-servicepeople-serviceanalytics-servicefrontendnginx
DOCKERHUB_USERNAMElà secret bắt buộc để publish Docker Hub.DOCKERHUB_NAMESPACEchỉ cần set khi namespace khác username.DOCKERHUB_TOKENlà secret đăng nhập ưu tiên cho Docker Hub publish từ CI/CD.latestchỉ cập nhật khi có semver release.
- Repo hiện có Kustomize manifests tại
k8s/basevàk8s/bootstrap, cùng overlay local-first tạik8s/overlays/docker-desktop. - Topology K8s giữ nguyên boundary runtime hiện tại:
core-api,auth-service,notification-service,finance-service,academic-service,engagement-service,people-service,analytics-service,frontend,nginx, cùng PostgreSQL, Redis, RabbitMQ, MinIO. - Với Docker Desktop, đường chuẩn là:
node scripts/run-k8s-preflight.mjsnode scripts/run-k8s-local-smoke.mjs
- Nếu muốn giữ stack chạy để Docker Desktop UI nhìn thấy tài nguyên:
node scripts/run-k8s-local-deploy.mjs- sau đó đổi namespace từ
defaultsangcampuscoretrong Docker Desktop Kubernetes UI - cách dùng khuyến nghị để mở edge local là
node scripts/run-k8s-local-edge.mjs - helper này sẽ giữ local listener ổn định ở
http://127.0.0.1:8080, đợi đủ/health,/login,/api/docs, và deny/api/v1/internal/*trước khi báo ready - helper tự quản lý
kubectl port-forward, tự restart khi listener rơi bất ngờ, và ghi state/log vàofrontend/test-results/k8s-local-edge* - các route contract như
/login,/api/docs, và deny/api/v1/internal/*vẫn được verify trongrun-k8s-local-smoke.mjsvàrun-k8s-local-deploy.mjs - nếu cần fallback thủ công, vẫn có thể dùng
kubectl -n campuscore port-forward service/campuscore-nginx 8080:80, nhưng đây chỉ là đường debug - log
Handling connection for 8080hoặcerror copying from local connection to remote stream ... wsarecv ...từ rawkubectl port-forwardthường chỉ là client-disconnect noise nếuhttp://127.0.0.1:8080/healthvẫn lên - khi cần dọn, chạy
node scripts/run-k8s-local-destroy.mjs - nếu chỉ muốn dừng listener local mà giữ cluster, chạy
node scripts/stop-k8s-local-edge.mjs - nếu chỉ muốn reconcile lại runtime trên namespace đang tồn tại, dùng
K8S_REUSE_NAMESPACE=1 node scripts/run-k8s-local-deploy.mjs - bootstrap jobs chỉ được replay khi chủ động set
K8S_FORCE_BOOTSTRAP_REPLAY=1
- Overlay Docker Desktop bật Swagger local, tắt secure cookie flag cho HTTP local, và dùng
ClusterIP+ port-forward chocampuscore-nginx. - Repo cũng đã có
k8s/overlays/staging-genericvàk8s/overlays/prod-genericlàm khung cloud-agnostic cho staging/prod. - Nếu cluster dùng
ExternalSecret+cert-manager, có thể bắt đầu từk8s/overlays/staging-operatorhoặck8s/overlays/prod-operatorđể thay static secret placeholder bằng operator-managed resources. - Nếu muốn chuẩn bị overlay riêng cho staging/prod thật, copy từ
k8s/templates/private-operator/staginghoặck8s/templates/private-operator/prodra private repo/overlay rồi điền hostname, TLS secret, ingress annotations,ClusterSecretStore,ClusterIssuer, và remote secret key thật. - Render private template trước khi apply:
kubectl kustomize k8s/templates/private-operator/stagingkubectl kustomize k8s/templates/private-operator/staging/bootstrapkubectl kustomize k8s/templates/private-operator/prodkubectl kustomize k8s/templates/private-operator/prod/bootstrap
- Cloudflare nếu dùng sau này chỉ đứng trước ingress; checklist domain/DNS/TLS nằm tại
docs/CLOUDFLARE.md. - Checklist ingress/TLS/secrets cho generic overlays và operator overlays nằm tại
docs/K8S_HANDOFF.md. - Nếu chưa có IP public/cloud Kubernetes thật, có thể expose local Docker Desktop Kubernetes qua Cloudflare Tunnel bằng
node scripts/run-cloudflare-tunnel-local.mjs. Với Docker connector, Public Hostname service URL trong Cloudflare làhttp://host.docker.internal:8080. - Bootstrap schema/migration vẫn là bước operator-managed riêng, giống policy production compose hiện tại.