You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

When deploying Aspire in a Kubernetes cluster.

Prerequisites

The current guide assumes that a Elasticsearch/Kibana services have already been deployed, and basic authentication is used.

See ECK quickstart on how to deploy Elasticsearch / Kibana on Kubernetes.

If using HTTPS on elasticsearch, make sure the certificate is signed by a Trusted CA, otherwise you would need to have access to its CA certificate, and import it into a JKS for Aspire to trust. See Enable HTTPS for instructions on how to import a certificate authority.

For AWS Elasticsearch configuration see Elasticsearch NoSQL Provider Properties.

On this guide

Step-by-step guide

Deploy Elasticsearch and Kibana.

Skip these steps if you already have an Elasticsearch cluster for Aspire to use

The current guide is based on ECK quickstart

  1. Install custom resource definitions

    kubectl create -f https://download.elastic.co/downloads/eck/1.7.0/crds.yaml
kubectl apply -f https://download.elastic.co/downloads/eck/1.7.0/operator.yaml
  2. Deploy Elasticsearch cluster (single node)

    1. Create a file called elasticsearch.yaml

      elasticsearch.yaml 
      apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
  name: quickstart
spec:
  version: 7.9.2
  nodeSets:
  - name: default
    count: 1
    config:
      node.store.allow_mmap: false

    2. Deploy the Elasticsearch cluster

      kubectl apply -f elasticsearch.yaml
  3. Obtain Basic Authentication password

    1. The password will be stored in the environment variable called "PASSWORD"

      PASSWORD=$(kubectl get secret quickstart-es-elastic-user -o go-template='{{.data.elastic | base64decode}}')
  4. Deploy Kibana cluster

    1. Create a file called kibana.yaml

      kibana.yaml 
      apiVersion: kibana.k8s.elastic.co/v1
kind: Kibana
metadata:
  name: quickstart
spec:
  version: 7.9.2
  count: 1
  elasticsearchRef:
    name: quickstart

    2. Deploy Kibana

      kubectl apply -f kibana.yaml

  5. Expose Kibana's port locally

    kubectl port-forward service/quickstart-kb-http 5601
  6. Browse to Kibana at https://localhost:5601/ (HTTPS warnings will appear on the browser due to the self-signed certificates elasticsearch and kibana generates)
    1. Log in using username "elastic" and the password obtained at step #3.

Deploy Aspire 5

  1. (Optional) Upload Kibana Dashboards

    1. Download export.ndjson


    2. Kibana's port should be forwared into localhost:5601 as of Step #6 on the Elasticsearch deployment instructions

    3. The environment variable $PASSWORD should hold the elastic's user password as of Step #3 on the Elasticsearch deployment instructions.

      curl -u "elastic:$PASSWORD" -k -F 'file=@/path/to/export.ndjson' -H 'kbn-xsrf:reporting' "https://localhost:5601/api/saved_objects/_import?overwrite=true"
  2. Create kubernetes secret for connecting to SCA docker registry

    1. Replace <EMAIL> and <PASSWORD> with your registered email and password

      kubectl create secret docker-registry regcred \
--docker-server=docker.repository.sca.accenture.com \
--docker-username=<EMAIL> \
--docker-password=<PASSWORD>\
--docker-email=<EMAIL>
  3. Create Aspire ConfigMap
    1. Holds common configuration options for your Aspire 5 deployment.

    2. Create file called aspire-config.yaml

      aspire-config.yaml 
      apiVersion: v1
kind: ConfigMap
metadata:
  name: aspire-config
data:
  aspire_noSql_elastic_server: https://quickstart-es-http:9200
  aspire_noSql_elastic_user: elastic
  aspire_noSql_elastic_authentication_basic: "true"
  com_accenture_aspire_ssl_trustAll: "true"

    3. Deploy ConfigMap

      kubectl apply -f aspire-config.yaml
  4. Upload License and Settings to Elasticsearch

    1. Create a file called aspire-upload-job.yaml

      aspire-upload-job.yaml 
      apiVersion: batch/v1
kind: Job
metadata:
  name: aspire-upload
spec:
  template:
    spec:
      containers:
       - name: aspire-upload-reg-pod
         image: docker.repository.sca.accenture.com/docker/aspire:5.0-rc
         command: [ "/bin/bash", "-c", "sleep 2m && ./opt/aspire/upload-license-settings.sh" ]
         env:
          - name: ASPIRE_LICENSE_PATH
            value: /tmp/AspireLicense.lic
          - name: ASPIRE_SETTINGS_PATH
            value: /tmp/settings.json
          - name: aspire_noSql_elastic_password
            valueFrom:
              secretKeyRef:
                name: quickstart-es-elastic-user
                key: elastic
         envFrom:
           - configMapRef:
               name: aspire-config
      restartPolicy: Never
      imagePullSecrets:
        - name: regcred
  backoffLimit: 4

    2. Run job

      kubectl apply -f aspire-upload-job.yaml

    3. Immediately after running the job, you will have 2 minutes to copy the AspireLicense.lic and settings.json into the /tmp folder on the aspire-upload pod.

      kubectl get pods | grep aspire-upload | awk -v OFS='' '{print $1,":/tmp/"}' | xargs kubectl cp /path/to/config/AspireLicense.lic
kubectl get pods | grep aspire-upload | awk -v OFS='' '{print $1,":/tmp/"}' | xargs kubectl cp /path/to/config/settings.json

    4. Wait until it has uploaded the files

      kubectl get pods | grep aspire-upload | awk '{print $1}' | xargs kubectl -f log
  5. Deploy Managers

    1. Create file called aspire-managers.yaml

      aspire-managers.yaml 
      kind: Service
metadata:
  name: aspire-managers
  labels:
    app: aspire-managers
spec:
  ports:
  - port: 50505
    name: aspire-manager
  clusterIP: None
  selector:
    app: aspire-managers
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: aspire-manager
spec:
  selector:
    matchLabels:
      app: aspire-managers # has to match .spec.template.metadata.labels
  serviceName: "aspire-managers"
  replicas: 1 # by default is 1
  template:
    metadata:
      labels:
        app: aspire-managers # has to match .spec.selector.matchLabels
    spec:
      terminationGracePeriodSeconds: 10
      containers:
        - name: aspire-managers
          image: docker.repository.sca.accenture.com/docker/aspire-basic:5.0-rc
          resources:
            requests:
              memory: "2048Mi"
              cpu: 1
            limits:
              memory: "4096Mi"
              cpu: 2
          ports:
            - containerPort: 50505
              name: aspire-manager
          env:
            - name: ASPIRE_MANAGER_NODE
              value: 'true'
            - name: aspire_noSql_elastic_password
              valueFrom:
                secretKeyRef:
                  name: quickstart-es-elastic-user
                  key: elastic
          envFrom:
            - configMapRef:
                name: aspire-config
          command: ["/bin/bash"]
          args:
            - -c
            - >-
                export com_accenture_aspire_server_hostname=$(hostname -f) &&
                ./opt/aspire/entrypoint.sh
      imagePullSecrets:
        - name: regcred

    2. Deploy managers

      kubectl apply -f aspire-managers.yaml
  6. Deploy Workers

    1. Create file called aspire-workers.yaml

      aspire-workers.yaml 
      apiVersion: v1
kind: Service
metadata:
  name: aspire-workers
  labels:
    app: aspire-workers
spec:
  ports:
  - port: 50505
    name: aspire-worker
  clusterIP: None
  selector:
    app: aspire-workers
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: aspire-worker
spec:
  selector:
    matchLabels:
      app: aspire-workers # has to match .spec.template.metadata.labels
  serviceName: "aspire-workers"
  replicas: 2 # by default is 1
  template:
    metadata:
      labels:
        app: aspire-workers # has to match .spec.selector.matchLabels
    spec:
      terminationGracePeriodSeconds: 10
      containers:
        - name: aspire-workers
          image: docker.repository.sca.accenture.com/docker/aspire-basic:5.0-rc
          resources:
            requests:
              memory: "4096Mi"
              cpu: 2
            limits:
              memory: "8096Mi"
              cpu: 4
          ports:
            - containerPort: 50505
              name: aspire-worker
          env:
            - name: ASPIRE_WORKER_NODE
              value: 'true'
            - name: aspire_noSql_elastic_password
              valueFrom:
                secretKeyRef:
                  name: quickstart-es-elastic-user
                  key: elastic
          envFrom:
            - configMapRef:
                name: aspire-config
          command: ["/bin/bash"]
          args:
            - -c
            - >-
                export com_accenture_aspire_server_hostname=$(hostname -f) &&
                ./opt/aspire/entrypoint.sh

      imagePullSecrets:
        - name: regcred

    2. Deploy workers

      kubectl apply -f aspire-workers.yaml

  7. Expose Manager port

    kubectl port-forward pod/aspire-manager-0 5050
  8. Browse to Aspire Admin UI at http://localhost:50505



  • No labels

Copyright © 2024 Accenture

Contact Us: [email protected]