-
Notifications
You must be signed in to change notification settings - Fork 0
Deploying ENAPSO Services on Kubernetes: A Step by Step Guide
This guide provides step-by-step instructions for deploying ENAPSO services on a Kubernetes platform with dependencies such as GraphDB, Keycloak, and Redis.
Before you start, make sure you have the following:
- Access to a Kubernetes platform
- Knowledge of the
kubectlcommand line tool - Helm
- Docker registry access token
- ENAPSO files located in the "onprem-resources/kubernetes" folder at the root of the repository:
- enapso-config.yaml
- enapso-deploy-svc.yaml
- enapso-ing.yaml (if using ingress)
- graphdb/graphdb-deploy-svc.yaml
- graphdb/graph-pvc.yaml
- graphdb/data (for GraphDB)
- Access to a Kubernetes platform
- Knowledge of kubectl command line tool
- Docker registry access token
- Config map file onprem-resources/kubernetes/enapso-config.yaml
- YAML file for deployments and services onprem-resources/kubernetes/enapso-deploy-svc.yaml
- Ingress rules file onprem-resources/kubernetes/enapso-ing.yaml (if using ingress)
- GraphDB YAML file onprem-resources/kubernetes/graphdb/enapso-graphdb-deploy-svc-pvc.yaml
To deploy GraphDB, follow these steps:
- Apply the enapso-graphdb-deploy-svc-pvc.yaml file using the following command:
kubectl apply -f ./onprem-resources/kubernetes/graphdb/graphdb-deploy-svc-pvc.yaml
This will deploy the GraphDB container, service, and storage claim. Version 10.0.3 will be used and the volume will be mounted with the PVC. A service for GraphDB will also be created which will be internally used by the ENAPSO services.
- (Optional) If you want to use the initial data provided for GraphDB, copy the data to your running pod and it will be stored in your PVC with the following command:
kubectl cp ./onprem-resources/kubernetes/graphdb/data <namespace>/<pod>:/opt/graphdb/
Replace <namespace> with your namespace and <pod> with the name of your running GraphDB pod.
Note: After deploying GraphDB, it's important to create an initial tenant with a name (for example, enapso-system) and set the credentials in the enapso-config.yaml file. The repository name, username, and password should be passed in the enapso-config.yaml file for later use. However, if you import the initial data provided with this guide, it already includes the enapso-system repository and a demo-tenant repository for you to get started quickly. Alternatively, you can manually create your own repository and upload data in it by opening the GraphDB port securely so that only your specific IP can access its frontend and creating the repository "demo-tenant" and "enapso-system"
For deploying Keycloak, please refer to the Deploying Keycloak and Postgres on Kubernetes for ENAPSO Services guide.
Note: Make sure to set the Keycloak host in the enapso-config.yaml file according to your setup after deploying Keycloak.
To deploy Redis, you will need to use Helm, a package manager for Kubernetes that helps simplify the deployment and management of applications on a Kubernetes cluster.
To install Redis with Helm, run the following command:
helm install redis bitnami/redis --set global.redis.password=<YourRedisPasswordHere>
Replace with your desired password. This command will install Redis with Helm and set the password, which should later be passed in your enapso-config.yaml file.
After running the above command, Helm will download the Redis chart from the Bitnami repository and install Redis on your Kubernetes cluster. The Redis chart includes a Redis master and slave deployment.
Note that before running the above command, you will need to have Helm installed on your machine and configured to work with your Kubernetes cluster. You can find more information on installing and using Helm in the official Helm documentation.
- Create Docker Registry Secret To create the Docker registry secret, run the following kubectl command:
kubectl create secret docker-registry gitlab-registry-enapso-sdk --namespace <NAMESPACE> --docker-server='19459-gitlab-85d53-registry.nws.netways.de' --docker-username=<DOCKER_USERNAME> --docker-password=<DOCKER_PASSWORD> -o yaml --dry-run=client | kubectl apply -f -
Here, replace the <SECRET_NAME> ( you could set it as gitlab-registry-enapso-sdk as it would be the same in the enapso-deploy-svc) and placeholders with your desired values. <DOCKER_SERVER> is the registry server ('19459-gitlab-85d53-registry.nws.netways.de' ), and <DOCKER_USERNAME> and <DOCKER_PASSWORD> should be set to your access token credentials.
- Set up Config Map File Set up the ./onprem-resources/kubernetes/enapso-config.yaml file with the necessary configurations for your setup. Here's an example configuration:
host: localhost/[yourhost]
schemes: http/https
security_authentication: keycloak
security_authorization: keycloak
graphdb_cache: local
graphdb_dbUrl: http://graphdb:7200/
graphdb_triplestore: graphdb
graphdb_schema: enapso-system
graphdb_user: admin
graphdb_pass: root
keycloak_host: http://keycloak:8080/
redis_host: redis-master
redis_port: "6379"
redis_password: <your password>
graphdb_namedGraph: http://ont.enapso.com/enapso-sparql-templates
Adjust the data according to your setup.
- Apply YAML File for Deployments and Services Apply the YAML file enapso-deploy-svc.yaml for deployments and services. Run the following command:
kubectl apply -f ./onprem-resources/kubernetes/enapso-deploy-svc.yaml
This will pull all the images from the registry with the secret you created and run them in your Kubernetes environment. The ports on which the services are running have already being set up here. You can modify the number of replicas as per your needs. You can also set the services to clusterIP type if you require that.
- Verify that Services are Running Verify that all the pods are running with the following command:
kubectl get pods
This should show all the pods are running. If there's any error, please contact your support team.
- Set up Ingress Rules Set up the ingress rules with the file enapso-ing.yaml. If you're using the AWS Application Load Balancer (ALB), the rules should be set up accordingly. If you're using ingress, you can take over the rules and specify your own basepath to reach the services. The ports are already configured in it.
You have now successfully deployed SDK services on your Kubernetes platform! If you have any questions or concerns, please contact your support team.