-
Notifications
You must be signed in to change notification settings - Fork 115
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #51 from chirangaalwis/kubernetes-is-fix-q2-merge-…
…conflicts Merge 5.6.x branch to master branch
- Loading branch information
Showing
54 changed files
with
1,250 additions
and
826 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,7 +1,123 @@ | ||
| # Kubernetes Resources for WSO2 Identity Server | ||
| *Kubernetes Resources for container-based deployments of WSO2 Identity Server* | ||
| # Kubernetes and Helm Resources for WSO2 Identity Server | ||
| *Kubernetes and Helm Resources for container-based deployments of WSO2 Identity Server deployment patterns* | ||
|
|
||
| This repository contains Kubernetes resources required for, | ||
| * [A clustered deployment of WSO2 Identity Server](is) | ||
| This repository contains Kubernetes and Helm resources required for, | ||
|
|
||
| * [A clustered deployment of WSO2 Identity Server with Analytics support](is-with-analytics) | ||
| * A clustered deployment of WSO2 Identity Server | ||
|
|
||
| * A clustered deployment of WSO2 Identity Server with Analytics support | ||
|
|
||
| ## Deploy Kubernetes resources | ||
|
|
||
| In order to deploy Kubernetes resources for each deployment pattern, follow the **Quick Start Guide**s for each deployment pattern | ||
| given below: | ||
|
|
||
| * [A clustered deployment of WSO2 Identity Server](is/README.md) | ||
|
|
||
| * [A clustered deployment of WSO2 Identity Server with Analytics support](is-with-analytics/README.md) | ||
|
|
||
| ## Deploy Helm resources | ||
|
|
||
| In order to deploy Helm resources for each deployment pattern, follow the **Quick Start Guide**s for each deployment pattern | ||
| given below: | ||
|
|
||
| * [A clustered deployment of WSO2 Identity Server](helm/is/README.md) | ||
|
|
||
| * [A clustered deployment of WSO2 Identity Server with Analytics support](helm/is-with-analytics/README.md) | ||
|
|
||
| ## How to update configurations | ||
|
|
||
| Kubernetes resources for WSO2 products use Kubernetes [ConfigMaps](https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/) | ||
| to pass on the minimum set of configurations required to setup a product deployment pattern. | ||
|
|
||
| For example, the minimum set of configurations required to setup a clustered deployment of WSO2 Identity Server can be found | ||
| in `<KUBERNETES_HOME>/is/confs` directory. The Kubernetes ConfigMaps are generated from these files. | ||
|
|
||
| If you intend to pass on any additional files with configuration changes, third-party libraries, OSGi bundles and security | ||
| related artifacts to the Kubernetes cluster, you may mount the desired content to `/home/wso2carbon/wso2-server-volume` directory path within | ||
| a WSO2 product Docker container. | ||
|
|
||
| The following example depicts how this can be achieved when passing additional configurations to WSO2 Identity Server | ||
| in a clustered deployment of WSO2 Identity Server: | ||
|
|
||
| a. In order to apply the updated configurations, WSO2 product server instances need to be restarted. Hence, un-deploy all the Kubernetes resources | ||
| corresponding to the product deployment, if they are already deployed. | ||
|
|
||
| b. Create and export a directory within the NFS server instance. | ||
|
|
||
| c. Add the additional configuration files, third-party libraries, OSGi bundles and security related artifacts, into appropriate | ||
| folders matching that of the relevant WSO2 product home folder structure, within the previously created directory. | ||
|
|
||
| d. Grant ownership to `wso2carbon` user and `wso2` group, for the directory created in step (b). | ||
|
|
||
| ``` | ||
| sudo chown -R wso2carbon:wso2 <directory_name> | ||
| ``` | ||
| e. Grant read-write-execute permissions to the `wso2carbon` user, for the directory created in step (b). | ||
|
|
||
| ``` | ||
| chmod -R 700 <directory_name> | ||
| ``` | ||
|
|
||
| f. Map the directory created in step (b) to a Kubernetes [Persistent Volume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) | ||
| in the `<KUBERNETES_HOME>/is/volumes/persistent-volumes.yaml` file. For example, append the following entry to the file: | ||
|
|
||
| ``` | ||
| apiVersion: v1 | ||
| kind: PersistentVolume | ||
| metadata: | ||
| name: identity-server-additional-config-pv | ||
| labels: | ||
| purpose: is-additional-configs | ||
| spec: | ||
| capacity: | ||
| storage: 1Gi | ||
| accessModes: | ||
| - ReadWriteMany | ||
| persistentVolumeReclaimPolicy: Retain | ||
| nfs: | ||
| server: <NFS_SERVER_IP> | ||
| path: "<NFS_LOCATION_PATH>" | ||
| ``` | ||
|
|
||
| Provide the appropriate `NFS_SERVER_IP` and `NFS_LOCATION_PATH`. | ||
|
|
||
| g. Create a Kubernetes Persistent Volume Claim to bind with the Kubernetes Persistent Volume created in step e. For example, append the following entry | ||
| to the file `<KUBERNETES_HOME>/is/identity-server-volume-claim.yaml`: | ||
|
|
||
| ``` | ||
| apiVersion: v1 | ||
| kind: PersistentVolumeClaim | ||
| metadata: | ||
| name: identity-server-additional-config-volume-claim | ||
| spec: | ||
| accessModes: | ||
| - ReadWriteMany | ||
| resources: | ||
| requests: | ||
| storage: 1Gi | ||
| storageClassName: "" | ||
| selector: | ||
| matchLabels: | ||
| purpose: is-additional-configs | ||
| ``` | ||
|
|
||
| h. Update the appropriate Kubernetes [Deployment](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/) resource(s). | ||
| For example in the discussed scenario, update the volumes (`spec.template.spec.volumes`) and volume mounts (`spec.template.spec.containers[wso2is].volumeMounts`) in | ||
| `<KUBERNETES_HOME>/is/identity-server-deployment.yaml` file as follows: | ||
|
|
||
| ``` | ||
| volumeMounts: | ||
| ... | ||
| - name: is-additional-config-storage-volume | ||
| mountPath: "/home/wso2carbon/wso2-server-volume" | ||
| volumes: | ||
| ... | ||
| - name: is-additional-config-storage-volume | ||
| persistentVolumeClaim: | ||
| claimName: identity-server-additional-config-volume-claim | ||
| ``` | ||
|
|
||
| i. Deploy the Kubernetes resources as defined in section **Quick Start Guide** for a clustered deployment of WSO2 Identity Server. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,101 +1,135 @@ | ||
| # Helm Charts for deployment of WSO2 Identity Server with Analytics | ||
| # Helm Chart for deployment of WSO2 Identity Server with WSO2 Identity Server Analytics | ||
|
|
||
| ## Contents | ||
|
|
||
| * [Prerequisites](#prerequisites) | ||
| * [Quick Start Guide](#quick-start-guide) | ||
|
|
||
| ## Prerequisites | ||
|
|
||
| * In order to use these Kubernetes resources, you will need an active [Free Trial Subscription](https://wso2.com/free-trial-subscription) | ||
| from WSO2 since the referring Docker images hosted at docker.wso2.com contains the latest updates and fixes for WSO2 Enterprise Identity Server. | ||
| You can sign up for a Free Trial Subscription [here](https://wso2.com/free-trial-subscription).<br><br> | ||
| * In order to use WSO2 Helm resources, you need an active WSO2 subscription. If you do not possess an active WSO2 | ||
| subscription already, you can sign up for a WSO2 Free Trial Subscription from [here](https://wso2.com/free-trial-subscription).<br><br> | ||
|
|
||
| * Install [Git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git), [Helm](https://github.com/kubernetes/helm/blob/master/docs/install.md) | ||
| (and Tiller) and [Kubernetes client](https://kubernetes.io/docs/tasks/tools/install-kubectl/) in order to run the | ||
| (and Tiller) and [Kubernetes client](https://kubernetes.io/docs/tasks/tools/install-kubectl/) (compatible with v1.10) in order to run the | ||
| steps provided in the following quick start guide.<br><br> | ||
|
|
||
| * An already setup [Kubernetes cluster](https://kubernetes.io/docs/setup/pick-right-solution/).<br><br> | ||
|
|
||
| * Install [NGINX Ingress Controller](https://kubernetes.github.io/ingress-nginx/deploy/). This can | ||
| be easily done via | ||
| ``` | ||
| helm install stable/nginx-ingress --name nginx-wso2is-analytics --set rbac.create=true | ||
| ``` | ||
|
|
||
| ## Quick Start Guide | ||
| >In the context of this document, <br> | ||
| >* `KUBERNETES_HOME` will refer to a local copy of the [`wso2/kubernetes-is`](https://github.com/wso2/kubernetes-is/) | ||
| Git repository. <br> | ||
| >* `HELM_HOME` will refer to `<KUBERNETES_HOME>/helm/is-with-analytics`. <br> | ||
| ##### 1. Checkout Kubernetes Resources for WSO2 Identity server Git repository: | ||
| ##### 1. Clone the Kubernetes Resources for WSO2 Identity Server Git repository. | ||
|
|
||
| ``` | ||
| git clone https://github.com/wso2/kubernetes-is.git | ||
| ``` | ||
|
|
||
| ##### 2. Provide configurations: | ||
| ##### 2. Setup a Network File System (NFS) to be used for persistent storage. | ||
|
|
||
| Create and export unique directories within the NFS server instance for each of the following Kubernetes Persistent Volume | ||
| resources defined in the `<HELM_HOME>/is-with-analytics/values.yaml` file: | ||
|
|
||
| * `sharedDeploymentLocationPath` | ||
| * `sharedTenantsLocationPath` | ||
| * `analytics1DataLocationPath` | ||
| * `analytics2DataLocationPath` | ||
|
|
||
| Grant ownership to `wso2carbon` user and `wso2` group, for each of the previously created directories. | ||
|
|
||
| 1. The default product configurations are available at `<HELM_HOME>/is-with-analytics-conf/confs` folder. Change the | ||
| ``` | ||
| sudo chown -R wso2carbon:wso2 <directory_name> | ||
| ``` | ||
|
|
||
| Grant read-write-execute permissions to the `wso2carbon` user, for each of the previously created directories. | ||
|
|
||
| ``` | ||
| chmod -R 700 <directory_name> | ||
| ``` | ||
|
|
||
| ##### 3. Provide configurations. | ||
|
|
||
| a. The default product configurations are available at `<HELM_HOME>/is-with-analytics-conf/confs` folder. Change the | ||
| configurations as necessary. | ||
|
|
||
| 2. Open the `<HELM_HOME>/is-with-analytics-conf/values.yaml` and provide the following values. | ||
|
|
||
| `username`: Username of your Free Trial Subscription<br> | ||
| `password`: Password of your Free Trial Subscription<br> | ||
| `email`: Docker email<br> | ||
| `namespace`: Namespace<br> | ||
| `svcaccount`: Service Account<br> | ||
| `serverIp`: NFS Server IP<br> | ||
| `locationPath`: NFS location path<br> | ||
| `sharedDeploymentLocationPath`: NFS shared deployment directory(<IS_HOME>/repository/deployment) location for IS<br> | ||
| `sharedTentsLocationPath`: NFS shared tenants directory(<IS_HOME>/repository/tenants) location for IS<br> | ||
| `analytics1DataLocationPath`: NFS volume for Indexed data for Analytics node 1(<DAS_HOME>/repository/data)<br> | ||
| `analytics2DataLocationPath`: NFS volume for Indexed data for Analytics node 2(<DAS_HOME>/repository/data) | ||
| b. Open the `<HELM_HOME>/is-with-analytics-conf/values.yaml` and provide the following values. | ||
|
|
||
| | Parameter | Description | | ||
| |---------------------------------|-------------------------------------------------------------------------------------------| | ||
| | `username` | Your WSO2 username | | ||
| | `password` | Your WSO2 password | | ||
| | `email` | Docker email | | ||
| | `namespace` | Kubernetes Namespace in which the resources are deployed | | ||
| | `svcaccount` | Kubernetes Service Account in the `namespace` to which product instance pods are attached | | ||
| | `serverIp` | NFS Server IP | | ||
| | `sharedDeploymentLocationPath` | NFS shared deployment directory(`<IS_HOME>/repository/deployment`) location for EI | | ||
| | `sharedTenantsLocationPath` | NFS shared tenants directory(`<IS_HOME>/repository/tenants`) location for EI | | ||
| | `analytics1DataLocationPath` | NFS volume for Indexed data for Analytics node 1(`<DAS_HOME>/repository/data`) | | ||
| | `analytics2DataLocationPath` | NFS volume for Indexed data for Analytics node 2(`<DAS_HOME>/repository/data`) | | ||
|
|
||
| c. Open the `<HELM_HOME>/is-with-analytics-deployment/values.yaml` and provide the following values. | ||
|
|
||
| 3. Open the `<HELM_HOME>/is-with-analytics-deployment/values.yaml` and provide the following values. | ||
| | Parameter | Description | | ||
| |---------------------------------|-------------------------------------------------------------------------------------------| | ||
| | `namespace` | Kubernetes Namespace in which the resources are deployed | | ||
| | `svcaccount` | Kubernetes Service Account in the `namespace` to which product instance pods are attached | | ||
|
|
||
| `namespace`: Namespace<br> | ||
| `svcaccount`: Service Account | ||
|
|
||
| ##### 3. Deploy the configurations: | ||
|
|
||
| ##### 4. Deploy the configurations. | ||
|
|
||
| ``` | ||
| helm install --name <RELEASE_NAME> <HELM_HOME>/is-with-analytics-conf | ||
| ``` | ||
|
|
||
| ##### 4. Deploy MySql: | ||
| If there is an external product database(s), add those configurations as stated at `step 2.1`. Otherwise, run the below | ||
| command to create the product database. | ||
| ##### 5. Deploy product database(s) using MySQL in Kubernetes. | ||
|
|
||
| ``` | ||
| helm install --name wso2is-with-analytics-rdbms-service -f <HELM_HOME>/mysql/values.yaml | ||
| stable/mysql --namespace <NAMESPACE> | ||
| helm install --name wso2is-with-analytics-rdbms-service -f <HELM_HOME>/mysql/values.yaml stable/mysql --namespace <NAMESPACE> | ||
| ``` | ||
| `NAMESPACE` should be same as `step 2.2`. | ||
|
|
||
| ##### 5. Deploy WSO2 Enterprise Identity server: | ||
| `NAMESPACE` should be same as in `step 3.b`. | ||
|
|
||
| For a serious deployment (e.g. production grade setup), it is recommended to connect product instances to a user owned and managed RDBMS instance. | ||
|
|
||
| ##### 6. Deploy WSO2 Identity Server with WSO2 Identity Server Analytics. | ||
|
|
||
| ``` | ||
| helm install --name <RELEASE_NAME> <HELM_HOME>/is-with-analytics-deployment | ||
| ``` | ||
|
|
||
| ##### 6. Access Management Console: | ||
| ##### 7. Access Management Console. | ||
|
|
||
| Default deployment will expose two publicly accessible hosts, namely:<br> | ||
| 1. `wso2is` - To expose Administrative services and Management Console<br> | ||
| 2. `wso2is-analytics` - To expose Analytics server<br> | ||
| Default deployment will expose `wso2is` and `wso2is-analytics` hosts (to expose Administrative services and Management Console). | ||
|
|
||
| To access the console in a test environment, | ||
| To access the console in the environment, | ||
|
|
||
| 1. Obtain the external IP (`EXTERNAL-IP`) of the Ingress resources by listing down the Kubernetes Ingresses (using `kubectl get ing`). | ||
| a. Obtain the external IP (`EXTERNAL-IP`) of the Ingress resources by listing down the Kubernetes Ingresses. | ||
|
|
||
| e.g. | ||
| ``` | ||
| kubectl get ing | ||
| ``` | ||
|
|
||
| ``` | ||
| NAME HOSTS ADDRESS PORTS AGE | ||
| wso2is-with-analytics-is-analytics-ingress wso2is-analytics <EXTERNAL-IP> 80, 443 9m | ||
| wso2is-with-analytics-is-ingress wso2is <EXTERNAL-IP> 80, 443 9m | ||
| NAME HOSTS ADDRESS PORTS AGE | ||
| wso2is-with-analytics-is-analytics-ingress wso2is-analytics <EXTERNAL-IP> 80, 443 3m | ||
| wso2is-with-analytics-is-ingress wso2is <EXTERNAL-IP> 80, 443 3m | ||
| ``` | ||
|
|
||
| 2. Add the above two hosts as entries in /etc/hosts file as follows: | ||
| b. Add the above host as an entry in /etc/hosts file as follows: | ||
|
|
||
| ``` | ||
| <EXTERNAL-IP> wso2is | ||
| <EXTERNAL-IP> wso2is-analytics | ||
| <EXTERNAL-IP> wso2is | ||
| ``` | ||
|
|
||
| 3. Try navigating to `https://wso2is/carbon` from your favorite browser. | ||
| c. Try navigating to `https://wso2is/carbon` and `https://wso2is-analytics/carbon` from your favorite browser. | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.