Skip these steps if you already have an Elasticsearch cluster for Aspire to use and go directly to Deploying Aspire 5.
The guide below is based on ECK quickstart. If you need a production deployment or a more detailed process description, please refer to:
Run Elasticsearch on ECK | Elastic Cloud on Kubernetes [master] | Elastic
Node configuration | Elastic Cloud on Kubernetes [master] | Elastic
Install custom resource definitions
kubectl create -f https://download.elastic.co/downloads/eck/1.7.0/crds.yaml kubectl apply -f https://download.elastic.co/downloads/eck/1.7.0/operator.yaml
Create a file called elasticsearch.yaml
Deploy the Elasticsearch cluster
kubectl apply -f elasticsearch.yaml
The password will be stored in the environment variable called "PASSWORD"
PASSWORD=$(kubectl get secret quickstart-es-elastic-user -o go-template='{{.data.elastic | base64decode}}')
Create a file called kibana.yaml
Deploy Kibana
kubectl apply -f kibana.yaml
Expose Kibana's port locally
kubectl port-forward service/quickstart-kb-http 5601
(Optional) Upload Kibana Dashboards
Kibana's port should be forwarded into localhost:5601 as of Step #6 on the Elasticsearch deployment instructions
The environment variable $PASSWORD should hold the elastic's user password as of Step #3 on the Elasticsearch deployment instructions.
curl -u "elastic:$PASSWORD" -k -F 'file=@/path/to/export.ndjson' \ -H 'kbn-xsrf:reporting' \ "https://localhost:5601/api/saved_objects/_import?overwrite=true"
Replace <EMAIL> and <PASSWORD> with your registered email and password
kubectl create secret docker-registry regcred \ --docker-server=docker.repository.sca.accenture.com \ --docker-username=<EMAIL> \ --docker-password=<PASSWORD>\ --docker-email=<EMAIL>
Create a file called aspire-config.yaml
The com_accenture_aspire_ssl_trustAll is not recommended to be set as true in production environments, the recommended way is to import the untrusted certificate into a Java Key Store (see Configuring a Certificate Store) and then importing using the com_accenture_aspire_ssl_truststore_file property (see SSL Certificates Properties).
Deploy ConfigMap
kubectl apply -f aspire-config.yaml
Create a secret containing your settings.json and AspireLicense.lic files
kubectl create secret generic aspire-license-settings \ --from-file=/path/to/AspireLicense.lic \ --from-file=/path/to/config/settings.json
Create a file called aspire-upload-job.yaml
When using a non local kubernetes cluster, make sure to change the image url to where the images are hosted.
Run job
kubectl apply -f aspire-upload-job.yaml
Wait until it has uploaded the files
kubectl get pods | grep aspire-upload | awk '{print $1}' | xargs kubectl logs -f
Create a random 32 bytes file which will be your key
head -c 32 /dev/urandom > encryption.key
Create the secret using the encryption.key file
kubectl create secret generic aspire-encryption-key --from-file=encryption.key
Create Kubernetes ConfigMap holding the CA and Java Keystore with the certificate for the Aspire servers
kubectl create secret generic aspire-encryption-key --from-file=encryption.key --from-file myKeystore.jks
Create a file called aspire-managers.yaml
Deploy managers
kubectl apply -f aspire-managers.yaml
Create a file called aspire-workers.yaml
Deploy workers
kubectl apply -f aspire-workers.yaml
Expose Manager port
kubectl port-forward pod/aspire-manager-0 50505