Launching the drakemall chart on a new cluster of kuberentes: ## Installing the Chart ## Prerequisites - Kubernetes 1.8+ - PV provisioner support in the underlying infrastructure ### Google Kubernetes Engine (the hard way) In this guide described way to deploy qa environment Setup workspace ```bash $ # pull docker image with installed kubectl, gcloud, helm and other useful deps $ docker-compose -f docker-compose.console.yml pull console $ # install npm deps $ npm install && npm link $ # run console $ cls $ # now you inside console $ export KUBECONFIG=~/.kube/config # be careful cause this dir will be removed when docker container has been stopped $ kubectl version -c $ gcloud version $ # authenticate a user account with gcloud $ gcloud auth login --brief ``` Create Kubernetes cluster ```bash # Fetch a kube config (https://cloud.google.com/sdk/gcloud/reference/container/clusters/get-credentials) $ export GKE_CLUSTER_NAME="drakemall-qa" $ gcloud config set project $PROJECT_NAME $ gcloud config set compute/zone europe-west3-a $ $ gcloud container clusters create $GKE_CLUSTER_NAME $ kubectl config current-context # should be point to $GKE_CLUSTER_NAME cluster ``` # Configure Kubernetes cluster for production ```bash $ export KUBE_NAMESPACE=live $ kubectl create namespace $KUBE_NAMESPACE $ # https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-secret-in-the-cluster-that-holds-your-authorization-token $ # you need to create a personal token to get access to Gitlab Container Registry https://docs.gitlab.com/ee/user/project/container_registry.html#using-with-private-projects $ export GITLAB_USERNAME=yor_username $ export GITLAB_PRIVATE_TOKEN= $ kubectl create secret docker-registry gitlab-container-registry --namespace $KUBE_NAMESPACE --docker-username $GITLAB_USERNAME --docker-password $GITLAB_PRIVATE_TOKEN --docker-server registry.gitlab.com --docker-email ignored@bets.io $ $ export SERVICE_ACCOUNT_NAME=tiller $ export TILLER_NAMESPACE=$KUBE_NAMESPACE $ $ kubectl create serviceaccount --namespace "$KUBE_NAMESPACE" "$SERVICE_ACCOUNT_NAME" $ kubectl --namespace $KUBE_NAMESPACE get -o json serviceaccounts "$SERVICE_ACCOUNT_NAME" | jq -rM '.imagePullSecrets[0].name = "gitlab-container-registry"' | kubectl apply -f - $ kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount="$KUBE_NAMESPACE:$SERVICE_ACCOUNT_NAME" $ helm init --service-account "$SERVICE_ACCOUNT_NAME" --upgrade ``` ### Launch Redis within Kubernetes (not recommended) ```bash $ export REDIS_PASSWORD="$(pwgen 21 1)" $ helm upgrade --namespace=live --install --set password=$REDIS_PASSWORD --namespace kube-system elegant-antelope ./charts/redis ``` Redis password should be updated on Vault server using REDIS_URL env variable before install drakemall chart or set directly to `drakemall.env` ```bash drakemall: imagePullPolicy: IfNotPresent replicaCount: 1 image: registry.gitlab.com/skinholdings/drakemall tag: v1.55.0 env: - name: FOO value: bar - name: REDIS_URL value: "redis://:$REDIS_PASSWORD@elegant-antelope.live.cluster.local:6379/0" ``` ### Launch Drakemall In advance variables (qa.values.yaml, live.values.yaml) must be decrypted using a git secret. Please provide your __email address__ to repo maintainers in order to give access for you. #### Vault token Create Vault token, assumed that you have root permissions to _Vault_ server in order to create vault tokens ```bash $ export VAULT_TOKEN="$(vault token create --role=app -use-limit=0 -format=json | jq -r .auth.client_token)" ``` #### Public LoadBalancer IP ```bash $ gcloud compute addresses create "$PROJECT_NAME" --region europe-west3 $ export LOAD_BALANCER_IP= ``` #### Helm release Create helm release ```bash $ helm upgrade --debug --install --namespace $KUBE_NAMESPACE -f ./charts/drakemall/live.values.yaml --set-string vault.token=$VAULT_TOKEN,service.loadBalancerIP=$LOAD_BALANCER_IP wrinkled-macaw ./charts/drakemal ``` Keep to two helm releases side by side in order to be able to switch between releases in CloudFlare when you need to deploy a new version of drakemall frontend ```bash $ gcloud compute addresses create "$PROJECT_NAME" --region europe-west3 $ export LOAD_BALANCER_IP= $ $ helm upgrade --debug --install --namespace $KUBE_NAMESPACE -f ./charts/drakemall/live.values.yaml --set-string vault.token=$VAULT_TOKEN,service.loadBalancerIP=$LOAD_BALANCER_IP guiding-moose ./charts/drakemal ``` 4) Check services: ```bash $ helm ls ``` ## Configure Kubernetes cluster for QA purposes ```bash $ export KUBE_NAMESPACE=qa $ kubectl create namespace $KUBE_NAMESPACE $ # https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-secret-in-the-cluster-that-holds-your-authorization-token $ # you need to create a personal token to get access to Gitlab Container Registry https://docs.gitlab.com/ee/user/project/container_registry.html#using-with-private-projects $ export GITLAB_USERNAME=yor_username $ export GITLAB_PRIVATE_TOKEN= $ kubectl create secret docker-registry gitlab-container-registry --namespace $KUBE_NAMESPACE --docker-username $GITLAB_USERNAME --docker-password $GITLAB_PRIVATE_TOKEN --docker-server registry.gitlab.com --docker-email ignored@bets.io $ $ export SERVICE_ACCOUNT_NAME=tiller $ export TILLER_NAMESPACE=$KUBE_NAMESPACE $ $ kubectl create serviceaccount --namespace "$KUBE_NAMESPACE" "$SERVICE_ACCOUNT_NAME" $ kubectl --namespace $KUBE_NAMESPACE get -o json serviceaccounts "$SERVICE_ACCOUNT_NAME" | jq -rM '.imagePullSecrets[0].name = "gitlab-container-registry"' | kubectl apply -f - $ kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount="$KUBE_NAMESPACE:$SERVICE_ACCOUNT_NAME" $ helm init --service-account "$SERVICE_ACCOUNT_NAME" --upgrade ``` ### Launch Redis ```bash $ export REDIS_PASSWORD="$(pwgen 21 1)" $ helm upgrade --install --set password=$REDIS_PASSWORD --namespace kube-system intent-garfish ./charts/redis ``` Redis password should be updated on Vault server using REDIS_URL env variable before install drakemall chart ```bash REDIS_URL=redis://:$REDIS_PASSWORD@intent-garfish.kube-system.cluster.local:6379/0 ``` ### Launch Drakemall In advance variables (qa.values.yaml, live.values.yaml) must be decrypted using a git secret. Please provide your __email address__ to repo maintainers in order to give access for you. #### Vault token Create Vault token, assumed that you have root permissions to _Vault_ server in order to create vault tokens ```bash $ export VAULT_TOKEN="$(vault token create --role=developer -use-limit=0 -format=json | jq -r .auth.client_token)" ``` #### Public LoadBalancer IP ```bash $ gcloud compute addresses create "$PROJECT_NAME" --region europe-west3 $ export LOAD_BALANCER_IP= ``` #### Helm release Create helm release ```bash $ helm upgrade --debug --install --namespace $KUBE_NAMESPACE -f ./charts/drakemall/qa.values.yaml --set-string vault.token=$VAULT_TOKEN,service.loadBalancerIP=$LOAD_BALANCER_IP foiled-coral ./charts/drakemal ``` 4) Check services: ```bash $ helm ls ``` ## Installing the Chart for development 1) Launch Redis ```bash $ export REDIS_PASSWORD="$(pwgen 21 1)" $ helm upgrade --install --set password=$REDIS_PASSWORD --name intent-garfish --namespace kube-system ./charts/redis ``` Redis password should be updated on Vault server using REDIS_URL env variable before install drakemall chart ```bash REDIS_URL=redis://$REDIS_PASSWORD:intent-garfish.kube-system.cluster.local:6379/0 ``` 2) Launch keel (optional for development, skip for installing live environent) ```bash git clone https://github.com/keel-hq/keel cd ./keel/chart/keel/ helm install --name keel -f values.yaml --namespace kube-system ./ ``` 3) Launch Drakemall In advance variables (qa.values.yaml, live.values.yaml) must be decrypted using a git secret. Please provide your email address to repo maintainers in order to give access for you. ```bash helm upgrade --install --namespace qa -f ./charts/drakemall/qa.values.yaml foiled-coral ./charts/drakemall ``` 4) Check services: ```bash $ helm ls ``` ## Uninstalling the Chart To uninstall/delete the `my-release` deployment: ```bash $ helm delete my-release ``` ## Configuration The following table lists the configurable parameters of the Redis chart and their default values. | Parameter | Description | Default | |--------------------------------------------|----------------------------------------------------------------------------------------------------------------|--------------------------------------| | `domain_name` | Domain name (drakemall.com or drakemall.io), by default points to dev.drakemall.com and used by Vault | `dev.drakemall.com` | | `serviceAccountName` | Kubernetes Service Account name (account with predefined access for Docker Registry) | `tiller` | | `drakemall.replicaCount` | How many pods need to create | `1` | | `drakemall.image` | Drakemall server image name | `registry.gitlab.com/skinholdings/drakemall` | | `drakemall.tag` | Drakemall server tag name | `v1.55.0` | | `frontend.replicaCount` | How many pods need to create | `1` | | `frontend.image` | Drakemall frontend image name | `registry.gitlab.com/skinholdings/drakemall-frontend/nginx-proxy` | | `frontend.tag` | Drakemall frontend tag name | `v1.53.4` |