You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
« Previous
Version 5
Next »
When deploying Aspire in a Kubernetes cluster.
Prerequisites
The current guide assumes that a Elasticsearch/Kibana services have already been deployed, and basic authentication is used.
See ECK quickstart on how to deploy Elasticsearch / Kibana on Kubernetes.
If using HTTPS on elasticsearch, make sure the certificate is signed by a Trusted CA, otherwise you would need to have access to its CA certificate, and import it into a JKS for Aspire to trust. See Enable HTTPS for instructions on how to import a certificate authority.
For AWS Elasticsearch configuration see Elasticsearch NoSQL Provider Properties.
Step-by-step guide
Deploy Elasticsearch and Kibana.
(Skip these steps if you already have an Elasticsearch cluster for Aspire to use). The current guide is based on ECK quickstart
Install custom resource definitions
kubectl create -f https://download.elastic.co/downloads/eck/1.7.0/crds.yaml
kubectl apply -f https://download.elastic.co/downloads/eck/1.7.0/operator.yaml
- Deploy Elasticsearch cluster (single node)
Create a file called elasticsearch.yaml
apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
name: quickstart
spec:
version: 7.9.2
nodeSets:
- name: default
count: 1
config:
node.store.allow_mmap: false
Deploy the Elasticsearch cluster
kubectl apply -f elasticsearch.yaml
- Obtain Basic Authentication password
The password will be stored in the environment variable called "PASSWORD"
PASSWORD=$(kubectl get secret quickstart-es-elastic-user -o go-template='{{.data.elastic | base64decode}}')
- Deploy Kibana cluster
Create a file called kibana.yaml
apiVersion: kibana.k8s.elastic.co/v1
kind: Kibana
metadata:
name: quickstart
spec:
version: 7.9.2
count: 1
elasticsearchRef:
name: quickstart
Deploy Kibana
kubectl apply -f kibana.yaml
Expose Kibana's port locally
kubectl port-forward service/quickstart-kb-http 5601
- Browse to Kibana at https://localhost:5601/ (HTTPS warnings will appear on the browser due to the self-signed certificates elasticsearch and kibana generates)
- Log in using username "elastic" and the password obtained at step #3.
Deploy Aspire 5
(Optional) Upload Kibana Dashboards
- Download export.ndjson
Kibana's port should be forwared into localhost:5601 as of Step #6 on the Elasticsearch deployment instructions
The environment variable $PASSWORD should hold the elastic's user password as of Step #3 on the Elasticsearch deployment instructions.
curl -u "elastic:$PASSWORD" -k -F 'file=@/path/to/export.ndjson' -H 'kbn-xsrf:reporting' "https://localhost:5601/api/saved_objects/_import?overwrite=true"
- Create kubernetes secret for connecting to SCA docker registry
Replace <EMAIL> and <PASSWORD> with your registered email and password
kubectl create secret docker-registry regcred \
--docker-server=docker.repository.sca.accenture.com \
--docker-username=<EMAIL> \
--docker-password=<PASSWORD>\
--docker-email=<EMAIL>
- Create Aspire ConfigMap
- Holds common configuration options for your Aspire 5 deployment.
Create file called aspire-config.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: aspire-config
data:
aspire_noSql_elastic_server: https://quickstart-es-http:9200
aspire_noSql_elastic_user: elastic
aspire_noSql_elastic_authentication_basic: "true"
com_accenture_aspire_ssl_trustAll: "true"
Deploy ConfigMap
kubectl apply -f aspire-config.yaml
- Upload License and Settings to Elasticsearch
Create a file called aspire-upload-job.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: aspire-upload
spec:
template:
spec:
containers:
- name: aspire-upload-reg-pod
image: docker.repository.sca.accenture.com/docker/aspire:5.0-rc
command: [ "/bin/bash", "-c", "sleep 2m && ./opt/aspire/upload-license-settings.sh" ]
env:
- name: ASPIRE_LICENSE_PATH
value: /tmp/AspireLicense.lic
- name: ASPIRE_SETTINGS_PATH
value: /tmp/settings.json
- name: aspire_noSql_elastic_password
valueFrom:
secretKeyRef:
name: quickstart-es-elastic-user
key: elastic
envFrom:
- configMapRef:
name: aspire-config
restartPolicy: Never
imagePullSecrets:
- name: regcred
backoffLimit: 4
Run job
kubectl apply -f aspire-upload-job.yaml
Immediately after running the job, you will have 2 minutes to copy the AspireLicense.lic and settings.json into the /tmp folder on the aspire-upload pod.
kubectl get pods | grep aspire-upload | awk -v OFS='' '{print $1,":/tmp/"}' | xargs kubectl cp /path/to/config/AspireLicense.lic
kubectl get pods | grep aspire-upload | awk -v OFS='' '{print $1,":/tmp/"}' | xargs kubectl cp /path/to/config/settings.json
Wait until it has uploaded the files
kubectl get pods | grep aspire-upload | awk '{print $1}' | xargs kubectl -f log
- Deploy Managers
Create file called aspire-managers.yaml
kind: Service
metadata:
name: aspire-managers
labels:
app: aspire-managers
spec:
ports:
- port: 50505
name: aspire-manager
clusterIP: None
selector:
app: aspire-managers
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: aspire-manager
spec:
selector:
matchLabels:
app: aspire-managers # has to match .spec.template.metadata.labels
serviceName: "aspire-managers"
replicas: 1 # by default is 1
template:
metadata:
labels:
app: aspire-managers # has to match .spec.selector.matchLabels
spec:
terminationGracePeriodSeconds: 10
containers:
- name: aspire-managers
image: docker.repository.sca.accenture.com/docker/aspire-basic:5.0-rc
resources:
requests:
memory: "2048Mi"
cpu: 1
limits:
memory: "4096Mi"
cpu: 2
ports:
- containerPort: 50505
name: aspire-manager
env:
- name: ASPIRE_MANAGER_NODE
value: 'true'
- name: aspire_noSql_elastic_password
valueFrom:
secretKeyRef:
name: quickstart-es-elastic-user
key: elastic
envFrom:
- configMapRef:
name: aspire-config
command: ["/bin/bash"]
args:
- -c
- >-
export com_accenture_aspire_server_hostname=$(hostname -f) &&
./opt/aspire/entrypoint.sh
imagePullSecrets:
- name: regcred
Deploy managers
kubectl apply -f aspire-managers.yaml
- Deploy Workers
Create file called aspire-workers.yaml
apiVersion: v1
kind: Service
metadata:
name: aspire-workers
labels:
app: aspire-workers
spec:
ports:
- port: 50505
name: aspire-worker
clusterIP: None
selector:
app: aspire-workers
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: aspire-worker
spec:
selector:
matchLabels:
app: aspire-workers # has to match .spec.template.metadata.labels
serviceName: "aspire-workers"
replicas: 2 # by default is 1
template:
metadata:
labels:
app: aspire-workers # has to match .spec.selector.matchLabels
spec:
terminationGracePeriodSeconds: 10
containers:
- name: aspire-workers
image: docker.repository.sca.accenture.com/docker/aspire-basic:5.0-rc
resources:
requests:
memory: "4096Mi"
cpu: 2
limits:
memory: "8096Mi"
cpu: 4
ports:
- containerPort: 50505
name: aspire-worker
env:
- name: ASPIRE_WORKER_NODE
value: 'true'
- name: aspire_noSql_elastic_password
valueFrom:
secretKeyRef:
name: quickstart-es-elastic-user
key: elastic
envFrom:
- configMapRef:
name: aspire-config
command: ["/bin/bash"]
args:
- -c
- >-
export com_accenture_aspire_server_hostname=$(hostname -f) &&
./opt/aspire/entrypoint.sh
imagePullSecrets:
- name: regcred
Deploy workers
kubectl apply -f aspire-workers.yaml
Expose Manager port
kubectl port-forward pod/aspire-manager-0 5050
- Browse to Aspire Admin UI at http://localhost:50505