diff --git a/README.md b/README.md index 150ff10b..bbc6690e 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,123 @@ -# Kubernetes Resources for WSO2 Identity Server -*Kubernetes Resources for container-based deployments of WSO2 Identity Server* +# Kubernetes and Helm Resources for WSO2 Identity Server +*Kubernetes and Helm Resources for container-based deployments of WSO2 Identity Server deployment patterns* -This repository contains Kubernetes resources required for, -* [A clustered deployment of WSO2 Identity Server](is) +This repository contains Kubernetes and Helm resources required for, -* [A clustered deployment of WSO2 Identity Server with Analytics support](is-with-analytics) +* A clustered deployment of WSO2 Identity Server + +* A clustered deployment of WSO2 Identity Server with Analytics support + +## Deploy Kubernetes resources + +In order to deploy Kubernetes resources for each deployment pattern, follow the **Quick Start Guide**s for each deployment pattern +given below: + +* [A clustered deployment of WSO2 Identity Server](is/README.md) + +* [A clustered deployment of WSO2 Identity Server with Analytics support](is-with-analytics/README.md) + +## Deploy Helm resources + +In order to deploy Helm resources for each deployment pattern, follow the **Quick Start Guide**s for each deployment pattern +given below: + +* [A clustered deployment of WSO2 Identity Server](helm/is/README.md) + +* [A clustered deployment of WSO2 Identity Server with Analytics support](helm/is-with-analytics/README.md) + +## How to update configurations + +Kubernetes resources for WSO2 products use Kubernetes [ConfigMaps](https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/) +to pass on the minimum set of configurations required to setup a product deployment pattern. + +For example, the minimum set of configurations required to setup a clustered deployment of WSO2 Identity Server can be found +in `/is/confs` directory. The Kubernetes ConfigMaps are generated from these files. + +If you intend to pass on any additional files with configuration changes, third-party libraries, OSGi bundles and security +related artifacts to the Kubernetes cluster, you may mount the desired content to `/home/wso2carbon/wso2-server-volume` directory path within +a WSO2 product Docker container. + +The following example depicts how this can be achieved when passing additional configurations to WSO2 Identity Server +in a clustered deployment of WSO2 Identity Server: + +a. In order to apply the updated configurations, WSO2 product server instances need to be restarted. Hence, un-deploy all the Kubernetes resources +corresponding to the product deployment, if they are already deployed. + +b. Create and export a directory within the NFS server instance. + +c. Add the additional configuration files, third-party libraries, OSGi bundles and security related artifacts, into appropriate +folders matching that of the relevant WSO2 product home folder structure, within the previously created directory. + +d. Grant ownership to `wso2carbon` user and `wso2` group, for the directory created in step (b). + + ``` + sudo chown -R wso2carbon:wso2 + ``` + +e. Grant read-write-execute permissions to the `wso2carbon` user, for the directory created in step (b). + + ``` + chmod -R 700 + ``` + +f. Map the directory created in step (b) to a Kubernetes [Persistent Volume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) +in the `/is/volumes/persistent-volumes.yaml` file. For example, append the following entry to the file: + +``` +apiVersion: v1 +kind: PersistentVolume +metadata: + name: identity-server-additional-config-pv + labels: + purpose: is-additional-configs +spec: + capacity: + storage: 1Gi + accessModes: + - ReadWriteMany + persistentVolumeReclaimPolicy: Retain + nfs: + server: + path: "" +``` + +Provide the appropriate `NFS_SERVER_IP` and `NFS_LOCATION_PATH`. + +g. Create a Kubernetes Persistent Volume Claim to bind with the Kubernetes Persistent Volume created in step e. For example, append the following entry +to the file `/is/identity-server-volume-claim.yaml`: + +``` +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: identity-server-additional-config-volume-claim +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Gi + storageClassName: "" + selector: + matchLabels: + purpose: is-additional-configs +``` + +h. Update the appropriate Kubernetes [Deployment](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/) resource(s). +For example in the discussed scenario, update the volumes (`spec.template.spec.volumes`) and volume mounts (`spec.template.spec.containers[wso2is].volumeMounts`) in +`/is/identity-server-deployment.yaml` file as follows: + +``` +volumeMounts: +... +- name: is-additional-config-storage-volume + mountPath: "/home/wso2carbon/wso2-server-volume" + +volumes: +... +- name: is-additional-config-storage-volume + persistentVolumeClaim: + claimName: identity-server-additional-config-volume-claim +``` + +i. Deploy the Kubernetes resources as defined in section **Quick Start Guide** for a clustered deployment of WSO2 Identity Server. diff --git a/helm/is-with-analytics/README.md b/helm/is-with-analytics/README.md index 1dcfd4b2..d01e9d3a 100644 --- a/helm/is-with-analytics/README.md +++ b/helm/is-with-analytics/README.md @@ -1,101 +1,135 @@ -# Helm Charts for deployment of WSO2 Identity Server with Analytics +# Helm Chart for deployment of WSO2 Identity Server with WSO2 Identity Server Analytics + +## Contents + +* [Prerequisites](#prerequisites) +* [Quick Start Guide](#quick-start-guide) ## Prerequisites -* In order to use these Kubernetes resources, you will need an active [Free Trial Subscription](https://wso2.com/free-trial-subscription) -from WSO2 since the referring Docker images hosted at docker.wso2.com contains the latest updates and fixes for WSO2 Enterprise Identity Server. -You can sign up for a Free Trial Subscription [here](https://wso2.com/free-trial-subscription).

+* In order to use WSO2 Helm resources, you need an active WSO2 subscription. If you do not possess an active WSO2 + subscription already, you can sign up for a WSO2 Free Trial Subscription from [here](https://wso2.com/free-trial-subscription).

* Install [Git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git), [Helm](https://github.com/kubernetes/helm/blob/master/docs/install.md) -(and Tiller) and [Kubernetes client](https://kubernetes.io/docs/tasks/tools/install-kubectl/) in order to run the +(and Tiller) and [Kubernetes client](https://kubernetes.io/docs/tasks/tools/install-kubectl/) (compatible with v1.10) in order to run the steps provided in the following quick start guide.

+* An already setup [Kubernetes cluster](https://kubernetes.io/docs/setup/pick-right-solution/).

+ * Install [NGINX Ingress Controller](https://kubernetes.github.io/ingress-nginx/deploy/). This can be easily done via ``` helm install stable/nginx-ingress --name nginx-wso2is-analytics --set rbac.create=true ``` + ## Quick Start Guide >In the context of this document,
>* `KUBERNETES_HOME` will refer to a local copy of the [`wso2/kubernetes-is`](https://github.com/wso2/kubernetes-is/) Git repository.
>* `HELM_HOME` will refer to `/helm/is-with-analytics`.
-##### 1. Checkout Kubernetes Resources for WSO2 Identity server Git repository: +##### 1. Clone the Kubernetes Resources for WSO2 Identity Server Git repository. ``` git clone https://github.com/wso2/kubernetes-is.git ``` -##### 2. Provide configurations: +##### 2. Setup a Network File System (NFS) to be used for persistent storage. + +Create and export unique directories within the NFS server instance for each of the following Kubernetes Persistent Volume +resources defined in the `/is-with-analytics/values.yaml` file: + +* `sharedDeploymentLocationPath` +* `sharedTenantsLocationPath` +* `analytics1DataLocationPath` +* `analytics2DataLocationPath` + +Grant ownership to `wso2carbon` user and `wso2` group, for each of the previously created directories. -1. The default product configurations are available at `/is-with-analytics-conf/confs` folder. Change the + ``` + sudo chown -R wso2carbon:wso2 + ``` + +Grant read-write-execute permissions to the `wso2carbon` user, for each of the previously created directories. + + ``` + chmod -R 700 + ``` + +##### 3. Provide configurations. + +a. The default product configurations are available at `/is-with-analytics-conf/confs` folder. Change the configurations as necessary. -2. Open the `/is-with-analytics-conf/values.yaml` and provide the following values. - - `username`: Username of your Free Trial Subscription
- `password`: Password of your Free Trial Subscription
- `email`: Docker email
- `namespace`: Namespace
- `svcaccount`: Service Account
- `serverIp`: NFS Server IP
- `locationPath`: NFS location path
- `sharedDeploymentLocationPath`: NFS shared deployment directory(/repository/deployment) location for IS
- `sharedTentsLocationPath`: NFS shared tenants directory(/repository/tenants) location for IS
- `analytics1DataLocationPath`: NFS volume for Indexed data for Analytics node 1(/repository/data)
- `analytics2DataLocationPath`: NFS volume for Indexed data for Analytics node 2(/repository/data) +b. Open the `/is-with-analytics-conf/values.yaml` and provide the following values. + +| Parameter | Description | +|---------------------------------|-------------------------------------------------------------------------------------------| +| `username` | Your WSO2 username | +| `password` | Your WSO2 password | +| `email` | Docker email | +| `namespace` | Kubernetes Namespace in which the resources are deployed | +| `svcaccount` | Kubernetes Service Account in the `namespace` to which product instance pods are attached | +| `serverIp` | NFS Server IP | +| `sharedDeploymentLocationPath` | NFS shared deployment directory(`/repository/deployment`) location for EI | +| `sharedTenantsLocationPath` | NFS shared tenants directory(`/repository/tenants`) location for EI | +| `analytics1DataLocationPath` | NFS volume for Indexed data for Analytics node 1(`/repository/data`) | +| `analytics2DataLocationPath` | NFS volume for Indexed data for Analytics node 2(`/repository/data`) | + +c. Open the `/is-with-analytics-deployment/values.yaml` and provide the following values. -3. Open the `/is-with-analytics-deployment/values.yaml` and provide the following values. +| Parameter | Description | +|---------------------------------|-------------------------------------------------------------------------------------------| +| `namespace` | Kubernetes Namespace in which the resources are deployed | +| `svcaccount` | Kubernetes Service Account in the `namespace` to which product instance pods are attached | - `namespace`: Namespace
- `svcaccount`: Service Account - -##### 3. Deploy the configurations: + +##### 4. Deploy the configurations. ``` helm install --name /is-with-analytics-conf ``` -##### 4. Deploy MySql: -If there is an external product database(s), add those configurations as stated at `step 2.1`. Otherwise, run the below - command to create the product database. +##### 5. Deploy product database(s) using MySQL in Kubernetes. + ``` -helm install --name wso2is-with-analytics-rdbms-service -f /mysql/values.yaml -stable/mysql --namespace +helm install --name wso2is-with-analytics-rdbms-service -f /mysql/values.yaml stable/mysql --namespace ``` -`NAMESPACE` should be same as `step 2.2`. -##### 5. Deploy WSO2 Enterprise Identity server: +`NAMESPACE` should be same as in `step 3.b`. + +For a serious deployment (e.g. production grade setup), it is recommended to connect product instances to a user owned and managed RDBMS instance. + +##### 6. Deploy WSO2 Identity Server with WSO2 Identity Server Analytics. ``` helm install --name /is-with-analytics-deployment ``` -##### 6. Access Management Console: +##### 7. Access Management Console. -Default deployment will expose two publicly accessible hosts, namely:
-1. `wso2is` - To expose Administrative services and Management Console
-2. `wso2is-analytics` - To expose Analytics server
+Default deployment will expose `wso2is` and `wso2is-analytics` hosts (to expose Administrative services and Management Console). -To access the console in a test environment, +To access the console in the environment, -1. Obtain the external IP (`EXTERNAL-IP`) of the Ingress resources by listing down the Kubernetes Ingresses (using `kubectl get ing`). +a. Obtain the external IP (`EXTERNAL-IP`) of the Ingress resources by listing down the Kubernetes Ingresses. -e.g. +``` +kubectl get ing +``` ``` -NAME HOSTS ADDRESS PORTS AGE -wso2is-with-analytics-is-analytics-ingress wso2is-analytics 80, 443 9m -wso2is-with-analytics-is-ingress wso2is 80, 443 9m +NAME HOSTS ADDRESS PORTS AGE +wso2is-with-analytics-is-analytics-ingress wso2is-analytics 80, 443 3m +wso2is-with-analytics-is-ingress wso2is 80, 443 3m ``` -2. Add the above two hosts as entries in /etc/hosts file as follows: +b. Add the above host as an entry in /etc/hosts file as follows: ``` - wso2is wso2is-analytics + wso2is ``` -3. Try navigating to `https://wso2is/carbon` from your favorite browser. +c. Try navigating to `https://wso2is/carbon` and `https://wso2is-analytics/carbon` from your favorite browser. diff --git a/helm/is-with-analytics/is-with-analytics-conf/confs/is-analytics-1/conf/axis2/axis2.xml b/helm/is-with-analytics/is-with-analytics-conf/confs/is-analytics-1/conf/axis2/axis2.xml index 00b9b349..670d4c38 100644 --- a/helm/is-with-analytics/is-with-analytics-conf/confs/is-analytics-1/conf/axis2/axis2.xml +++ b/helm/is-with-analytics/is-with-analytics-conf/confs/is-analytics-1/conf/axis2/axis2.xml @@ -73,10 +73,10 @@ axis2modules - WSO2 Identity Server Analytics-5.5.0 + WSO2 Identity Server Analytics-5.6.0 - WSO2 Identity Server Analytics-5.5.0 + WSO2 Identity Server Analytics-5.6.0 diff --git a/helm/is-with-analytics/is-with-analytics-conf/confs/is-analytics-1/conf/carbon.xml b/helm/is-with-analytics/is-with-analytics-conf/confs/is-analytics-1/conf/carbon.xml index 79ff505f..50bb5910 100644 --- a/helm/is-with-analytics/is-with-analytics-conf/confs/is-analytics-1/conf/carbon.xml +++ b/helm/is-with-analytics/is-with-analytics-conf/confs/is-analytics-1/conf/carbon.xml @@ -36,7 +36,7 @@ - 5.5.0 + 5.6.0 diff --git a/helm/is-with-analytics/is-with-analytics-conf/confs/is-analytics-2/conf/carbon.xml b/helm/is-with-analytics/is-with-analytics-conf/confs/is-analytics-2/conf/carbon.xml index 79ff505f..50bb5910 100644 --- a/helm/is-with-analytics/is-with-analytics-conf/confs/is-analytics-2/conf/carbon.xml +++ b/helm/is-with-analytics/is-with-analytics-conf/confs/is-analytics-2/conf/carbon.xml @@ -36,7 +36,7 @@ - 5.5.0 + 5.6.0 diff --git a/helm/is-with-analytics/is-with-analytics-conf/confs/is/conf/carbon.xml b/helm/is-with-analytics/is-with-analytics-conf/confs/is/conf/carbon.xml index 4b6abd0f..1b35fb7b 100644 --- a/helm/is-with-analytics/is-with-analytics-conf/confs/is/conf/carbon.xml +++ b/helm/is-with-analytics/is-with-analytics-conf/confs/is/conf/carbon.xml @@ -36,7 +36,7 @@ - 5.5.0 + 5.6.0 + true + + 20 + + 40 + @@ -189,6 +199,12 @@ true org.wso2.carbon.identity.oauth.tokenprocessor.PlainTextPersistenceProcessor + + false false @@ -603,13 +619,14 @@ + - + orderId="90" enable="false"/> + orderId="93" enable="true"/> @@ -634,6 +651,21 @@ + + + + + + + + + 300 + + + true + + 1000 + 1000 + 51200 + + + + + + http://localhost:8280/ + + 5 + + diff --git a/helm/is-with-analytics/is-with-analytics-conf/confs/is/deployment/server/eventpublishers/IsAnalytics-Publisher-wso2event-RoleData.xml b/helm/is-with-analytics/is-with-analytics-conf/confs/is/deployment/server/eventpublishers/IsAnalytics-Publisher-wso2event-RoleData.xml index 1ed4d0c2..29c9cc95 100644 --- a/helm/is-with-analytics/is-with-analytics-conf/confs/is/deployment/server/eventpublishers/IsAnalytics-Publisher-wso2event-RoleData.xml +++ b/helm/is-with-analytics/is-with-analytics-conf/confs/is/deployment/server/eventpublishers/IsAnalytics-Publisher-wso2event-RoleData.xml @@ -1,13 +1,32 @@ - - - - - admin - thrift - non-blocking - 0 - tcp://wso2is-with-analytics-is-analytics-1-service:7612,tcp://wso2is-with-analytics-is-analytics-2-service:7612 - admin - + + + + + + + admin + thrift + non-blocking + 0 + tcp://wso2is-with-analytics-is-analytics-1-service:7612,tcp://wso2is-with-analytics-is-analytics-2-service:7612 + admin + diff --git a/helm/is-with-analytics/is-with-analytics-conf/confs/is/deployment/server/eventpublishers/IsAnalytics-Publisher-wso2event-UserData.xml b/helm/is-with-analytics/is-with-analytics-conf/confs/is/deployment/server/eventpublishers/IsAnalytics-Publisher-wso2event-UserData.xml index 2b9b97ac..a6021d71 100644 --- a/helm/is-with-analytics/is-with-analytics-conf/confs/is/deployment/server/eventpublishers/IsAnalytics-Publisher-wso2event-UserData.xml +++ b/helm/is-with-analytics/is-with-analytics-conf/confs/is/deployment/server/eventpublishers/IsAnalytics-Publisher-wso2event-UserData.xml @@ -1,13 +1,32 @@ - - - - - admin - thrift - non-blocking - 0 - tcp://wso2is-with-analytics-is-analytics-1-service:7612,tcp://wso2is-with-analytics-is-analytics-2-service:7612 - admin - + + + + + + + admin + thrift + non-blocking + 0 + tcp://wso2is-with-analytics-is-analytics-1-service:7612,tcp://wso2is-with-analytics-is-analytics-2-service:7612 + admin + diff --git a/helm/is-with-analytics/is-with-analytics-conf/templates/_helpers.tpl b/helm/is-with-analytics/is-with-analytics-conf/templates/_helpers.tpl index cb84135c..082cbce5 100644 --- a/helm/is-with-analytics/is-with-analytics-conf/templates/_helpers.tpl +++ b/helm/is-with-analytics/is-with-analytics-conf/templates/_helpers.tpl @@ -15,7 +15,7 @@ limitations under the License. {{/* Expand the name of the chart. */}} -{{- define "scalable-is-with-analytics-conf.name" -}} +{{- define "is-with-analytics-conf.name" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} {{- end -}} @@ -24,7 +24,7 @@ Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). If release name contains chart name it will be used as a full name. */}} -{{- define "scalable-is-with-analytics-conf.fullname" -}} +{{- define "is-with-analytics-conf.fullname" -}} {{- if .Values.fullnameOverride -}} {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} {{- else -}} @@ -40,6 +40,6 @@ If release name contains chart name it will be used as a full name. {{/* Create chart name and version as used by the chart label. */}} -{{- define "scalable-is-with-analytics-conf.chart" -}} +{{- define "is-with-analytics-conf.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} diff --git a/helm/is-with-analytics/is-with-analytics-conf/templates/persistent-volumes.yaml b/helm/is-with-analytics/is-with-analytics-conf/templates/persistent-volumes.yaml index 99bb48ae..10f6f0fb 100644 --- a/helm/is-with-analytics/is-with-analytics-conf/templates/persistent-volumes.yaml +++ b/helm/is-with-analytics/is-with-analytics-conf/templates/persistent-volumes.yaml @@ -46,7 +46,7 @@ spec: persistentVolumeReclaimPolicy: Retain nfs: server: {{ .Values.serverIp }} - path: {{ .Values.sharedTentsLocationPath }} + path: {{ .Values.sharedTenantsLocationPath }} --- @@ -60,7 +60,7 @@ metadata: node: wso2is-analytics-1 spec: capacity: - storage: 1Gi + storage: 20Gi accessModes: - ReadWriteMany persistentVolumeReclaimPolicy: Retain @@ -80,10 +80,50 @@ metadata: node: wso2is-analytics-2 spec: capacity: - storage: 1Gi + storage: 20Gi accessModes: - ReadWriteMany persistentVolumeReclaimPolicy: Retain nfs: server: {{ .Values.serverIp }} path: {{ .Values.analytics2DataLocationPath }} + +--- + +apiVersion: v1 +kind: PersistentVolume +metadata: + name: wso2is-with-analytics-is-analytics-pv-1 + namespace : {{ .Values.namespace }} + labels: + purpose: analytics + node: wso2is-analytics-1 +spec: + capacity: + storage: 1Gi + accessModes: + - ReadWriteMany + persistentVolumeReclaimPolicy: Retain + nfs: + server: {{ .Values.serverIp }} + path: {{ .Values.analytics1LocationPath }} + +--- + +apiVersion: v1 +kind: PersistentVolume +metadata: + name: wso2is-with-analytics-is-analytics-pv-2 + namespace : {{ .Values.namespace }} + labels: + purpose: analytics + node: wso2is-analytics-2 +spec: + capacity: + storage: 1Gi + accessModes: + - ReadWriteMany + persistentVolumeReclaimPolicy: Retain + nfs: + server: {{ .Values.serverIp }} + path: {{ .Values.analytics2LocationPath }} diff --git a/helm/is-with-analytics/is-with-analytics-conf/values.yaml b/helm/is-with-analytics/is-with-analytics-conf/values.yaml index 0151dd5b..db903290 100644 --- a/helm/is-with-analytics/is-with-analytics-conf/values.yaml +++ b/helm/is-with-analytics/is-with-analytics-conf/values.yaml @@ -5,8 +5,11 @@ email: "" namespace: "wso2" svcaccount: "wso2svc-account" serverIp: "" -sharedDeploymentLocationPath: "" -sharedTentsLocationPath: "" -analytics1DataLocationPath: "" -analytics2DataLocationPath: "" +sharedDeploymentLocationPath: "" +sharedTenantsLocationPath: "" +analytics1DataLocationPath: "" +analytics2DataLocationPath: "" +analytics1LocationPath: "" +analytics2LocationPath: "" + diff --git a/helm/is-with-analytics/is-with-analytics-deployment/templates/_helpers.tpl b/helm/is-with-analytics/is-with-analytics-deployment/templates/_helpers.tpl index 62d99ad5..9e78340f 100644 --- a/helm/is-with-analytics/is-with-analytics-deployment/templates/_helpers.tpl +++ b/helm/is-with-analytics/is-with-analytics-deployment/templates/_helpers.tpl @@ -2,7 +2,7 @@ {{/* Expand the name of the chart. */}} -{{- define "scalable-is-with-analytics-deployment.name" -}} +{{- define "is-with-analytics-deployment.name" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} {{- end -}} @@ -11,7 +11,7 @@ Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). If release name contains chart name it will be used as a full name. */}} -{{- define "scalable-is-with-analytics-deployment.fullname" -}} +{{- define "is-with-analytics-deployment.fullname" -}} {{- if .Values.fullnameOverride -}} {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} {{- else -}} @@ -27,6 +27,6 @@ If release name contains chart name it will be used as a full name. {{/* Create chart name and version as used by the chart label. */}} -{{- define "scalable-is-with-analytics-deployment.chart" -}} +{{- define "is-with-analytics-deployment.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} diff --git a/helm/is-with-analytics/is-with-analytics-deployment/templates/identity-server-analytics-1-deployment.yaml b/helm/is-with-analytics/is-with-analytics-deployment/templates/identity-server-analytics-1-deployment.yaml index bac0073d..6a89d075 100644 --- a/helm/is-with-analytics/is-with-analytics-deployment/templates/identity-server-analytics-1-deployment.yaml +++ b/helm/is-with-analytics/is-with-analytics-deployment/templates/identity-server-analytics-1-deployment.yaml @@ -33,7 +33,7 @@ spec: spec: containers: - name: wso2is-with-analytics-is-analytics-1 - image: docker.wso2.com/wso2is-analytics:5.5.0 + image: docker.wso2.com/wso2is-analytics:5.6.0 resources: limits: memory: "4Gi" @@ -127,8 +127,10 @@ spec: mountPath: /home/wso2carbon/kubernetes-volumes/is-analytics/conf-datasources - name: is-analytics-1-deployment-portal mountPath: /home/wso2carbon/kubernetes-volumes/is-analytics/conf-portal + - name: analytics-persistent-disk + mountPath: /home/wso2carbon/wso2is-analytics-5.6.0/repository/conf/analytics - name: data-persistent-disk - mountPath: /home/wso2carbon/wso2is-analytics-5.5.0/repository/data + mountPath: /home/wso2carbon/wso2is-analytics-5.6.0/repository/data serviceAccountName: "wso2svc-account" imagePullSecrets: - name: wso2creds @@ -151,6 +153,9 @@ spec: - name: is-analytics-1-deployment-portal configMap: name: is-analytics-1-deployment-portal + - name: analytics-persistent-disk + persistentVolumeClaim: + claimName: is-analytics-1-analytics-volume-claim - name: data-persistent-disk persistentVolumeClaim: claimName: is-analytics-1-data-volume-claim diff --git a/helm/is-with-analytics/is-with-analytics-deployment/templates/identity-server-analytics-1-service.yaml b/helm/is-with-analytics/is-with-analytics-deployment/templates/identity-server-analytics-1-service.yaml index 7117d364..bf991a82 100644 --- a/helm/is-with-analytics/is-with-analytics-deployment/templates/identity-server-analytics-1-service.yaml +++ b/helm/is-with-analytics/is-with-analytics-deployment/templates/identity-server-analytics-1-service.yaml @@ -30,78 +30,78 @@ spec: port: 7712 protocol: TCP - - name: 'spark-1' + name: 'spark-port-1' port: 11225 protocol: TCP - - name: 'spark-2' + name: 'spark-port-2' port: 10006 protocol: TCP - - name: 'spark-3' + name: 'spark-port-3' port: 11001 protocol: TCP - - name: 'spark-44' + name: 'spark-port-4' protocol: TCP port: 8082 - - name: 'spark-5' + name: 'spark-port-5' protocol: TCP port: 4041 - - name: 'spark6' + name: 'spark-port-6' protocol: TCP port: 12001 - - name: 'spark7' + name: 'spark-port-7' protocol: TCP port: 12002 - - name: 'spark8' + name: 'spark-port-8' protocol: TCP port: 12003 - - name: 'spark9' + name: 'spark-port-9' protocol: TCP port: 12004 - - name: 'spark10' + name: 'spark-port-10' protocol: TCP port: 12005 - - name: 'analytics1' + name: 'analytics-port-1' protocol: TCP port: 10007 - - name: 'analytics2' + name: 'analytics-port-2' protocol: TCP port: 11002 - - name: 'analytics3' + name: 'analytics-port-3' protocol: TCP port: 12501 - - name: 'analytics5' + name: 'analytics-port-4' protocol: TCP port: 13001 - - name: 'analytics6' + name: 'analytics-port-5' protocol: TCP port: 13501 - - name: 'analytics7' + name: 'analytics-port-6' protocol: TCP port: 14501 - - name: 'analytics8' + name: 'analytics-port-7' protocol: TCP port: 7078 - - name: 'analytics9' + name: 'analytics-port-8' protocol: TCP port: 6067 - - name: 'analytics10' + name: 'analytics-port-9' protocol: TCP port: 11003 diff --git a/helm/is-with-analytics/is-with-analytics-deployment/templates/identity-server-analytics-2-deployment.yaml b/helm/is-with-analytics/is-with-analytics-deployment/templates/identity-server-analytics-2-deployment.yaml index a5bbab41..3a0d3624 100644 --- a/helm/is-with-analytics/is-with-analytics-deployment/templates/identity-server-analytics-2-deployment.yaml +++ b/helm/is-with-analytics/is-with-analytics-deployment/templates/identity-server-analytics-2-deployment.yaml @@ -33,7 +33,7 @@ spec: spec: containers: - name: wso2is-with-analytics-is-analytics-2 - image: docker.wso2.com/wso2is-analytics:5.5.0 + image: docker.wso2.com/wso2is-analytics:5.6.0 resources: limits: memory: "4Gi" @@ -127,8 +127,10 @@ spec: mountPath: /home/wso2carbon/kubernetes-volumes/is-analytics/conf-datasources - name: is-analytics-2-deployment-portal mountPath: /home/wso2carbon/kubernetes-volumes/is-analytics/conf-portal + - name: analytics-persistent-disk + mountPath: /home/wso2carbon/wso2is-analytics-5.6.0/repository/conf/analytics - name: data-persistent-disk - mountPath: /home/wso2carbon/wso2is-analytics-5.5.0/repository/data + mountPath: /home/wso2carbon/wso2is-analytics-5.6.0/repository/data serviceAccountName: "wso2svc-account" imagePullSecrets: - name: wso2creds @@ -151,6 +153,9 @@ spec: - name: is-analytics-2-deployment-portal configMap: name: is-analytics-2-deployment-portal + - name: analytics-persistent-disk + persistentVolumeClaim: + claimName: is-analytics-2-analytics-volume-claim - name: data-persistent-disk persistentVolumeClaim: claimName: is-analytics-2-data-volume-claim diff --git a/helm/is-with-analytics/is-with-analytics-deployment/templates/identity-server-analytics-2-service.yaml b/helm/is-with-analytics/is-with-analytics-deployment/templates/identity-server-analytics-2-service.yaml index 9547000f..eec447f9 100644 --- a/helm/is-with-analytics/is-with-analytics-deployment/templates/identity-server-analytics-2-service.yaml +++ b/helm/is-with-analytics/is-with-analytics-deployment/templates/identity-server-analytics-2-service.yaml @@ -30,78 +30,78 @@ spec: port: 7712 protocol: TCP - - name: 'spark-1' + name: 'spark-port-1' port: 11225 protocol: TCP - - name: 'spark-2' + name: 'spark-port-2' port: 10006 protocol: TCP - - name: 'spark-3' + name: 'spark-port-3' port: 11001 protocol: TCP - - name: 'spark-44' + name: 'spark-port-4' protocol: TCP port: 8082 - - name: 'spark-5' + name: 'spark-port-5' protocol: TCP port: 4041 - - name: 'spark6' + name: 'spark-port-6' protocol: TCP port: 12001 - - name: 'spark7' + name: 'spark-port-7' protocol: TCP port: 12002 - - name: 'spark8' + name: 'spark-port-8' protocol: TCP port: 12003 - - name: 'spark9' + name: 'spark-port-9' protocol: TCP port: 12004 - - name: 'spark10' + name: 'spark-port-10' protocol: TCP port: 12005 - - name: 'analytics1' + name: 'analytics-port-1' protocol: TCP port: 10007 - - name: 'analytics2' + name: 'analytics-port-2' protocol: TCP port: 11002 - - name: 'analytics3' + name: 'analytics-port-3' protocol: TCP port: 12501 - - name: 'analytics5' + name: 'analytics-port-4' protocol: TCP port: 13001 - - name: 'analytics6' + name: 'analytics-port-5' protocol: TCP port: 13501 - - name: 'analytics7' + name: 'analytics-port-6' protocol: TCP port: 14501 - - name: 'analytics8' + name: 'analytics-port-7' protocol: TCP port: 7078 - - name: 'analytics9' + name: 'analytics-port-8' protocol: TCP port: 6067 - - name: 'analytics10' + name: 'analytics-port-9' protocol: TCP port: 11003 diff --git a/helm/is-with-analytics/is-with-analytics-deployment/templates/identity-server-analytics-volume-claims.yaml b/helm/is-with-analytics/is-with-analytics-deployment/templates/identity-server-analytics-volume-claims.yaml index d4df5615..8d45ac6f 100644 --- a/helm/is-with-analytics/is-with-analytics-deployment/templates/identity-server-analytics-volume-claims.yaml +++ b/helm/is-with-analytics/is-with-analytics-deployment/templates/identity-server-analytics-volume-claims.yaml @@ -22,7 +22,7 @@ spec: - ReadWriteMany resources: requests: - storage: 1Gi + storage: 20Gi storageClassName: "" selector: matchLabels: @@ -41,9 +41,47 @@ spec: - ReadWriteMany resources: requests: - storage: 1Gi + storage: 20Gi storageClassName: "" selector: matchLabels: purpose: analytics-data node: wso2is-analytics-2 + +--- + +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: is-analytics-1-analytics-volume-claim + namespace : {{ .Values.namespace }} +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Gi + storageClassName: "" + selector: + matchLabels: + purpose: analytics + node: wso2is-analytics-1 + +--- + +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: is-analytics-2-analytics-volume-claim + namespace : {{ .Values.namespace }} +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Gi + storageClassName: "" + selector: + matchLabels: + purpose: analytics + node: wso2is-analytics-2 diff --git a/helm/is-with-analytics/is-with-analytics-deployment/templates/identity-server-deployment.yaml b/helm/is-with-analytics/is-with-analytics-deployment/templates/identity-server-deployment.yaml index 90310eb7..f4fe19ee 100644 --- a/helm/is-with-analytics/is-with-analytics-deployment/templates/identity-server-deployment.yaml +++ b/helm/is-with-analytics/is-with-analytics-deployment/templates/identity-server-deployment.yaml @@ -32,7 +32,7 @@ spec: spec: containers: - name: wso2is-with-analytics-is - image: docker.wso2.com/wso2is:5.5.0 + image: docker.wso2.com/wso2is:5.6.0 livenessProbe: exec: command: @@ -67,9 +67,9 @@ spec: - name: identity-server-conf-event-publishers mountPath: /home/wso2carbon/kubernetes-volumes/is/conf-event-publishers - name: shared-deployment-persistent-disk - mountPath: /home/wso2carbon/wso2is-5.5.0/repository/deployment + mountPath: /home/wso2carbon/wso2is-5.6.0/repository/deployment - name: shared-tenants-persistent-disk - mountPath: /home/wso2carbon/wso2is-5.5.0/repository/tenants + mountPath: /home/wso2carbon/wso2is-5.6.0/repository/tenants serviceAccountName: "wso2svc-account" imagePullSecrets: - name: wso2creds diff --git a/helm/is/README.md b/helm/is/README.md index f01fdc3b..4340cc58 100644 --- a/helm/is/README.md +++ b/helm/is/README.md @@ -1,95 +1,127 @@ -# Helm Charts for deployment of WSO2 Identity Server +# Helm Chart for deployment of WSO2 Identity Server + +## Contents + +* [Prerequisites](#prerequisites) +* [Quick Start Guide](#quick-start-guide) ## Prerequisites -* In order to use these Kubernetes resources, you will need an active [Free Trial Subscription](https://wso2.com/free-trial-subscription) -from WSO2 since the referring Docker images hosted at docker.wso2.com contains the latest updates and fixes for WSO2 Enterprise Identity Server. -You can sign up for a Free Trial Subscription [here](https://wso2.com/free-trial-subscription).

+* In order to use WSO2 Helm resources, you need an active WSO2 subscription. If you do not possess an active WSO2 + subscription already, you can sign up for a WSO2 Free Trial Subscription from [here](https://wso2.com/free-trial-subscription).

* Install [Git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git), [Helm](https://github.com/kubernetes/helm/blob/master/docs/install.md) -(and Tiller) and [Kubernetes client](https://kubernetes.io/docs/tasks/tools/install-kubectl/) in order to run the +(and Tiller) and [Kubernetes client](https://kubernetes.io/docs/tasks/tools/install-kubectl/) (compatible with v1.10) in order to run the steps provided in the following quick start guide.

+* An already setup [Kubernetes cluster](https://kubernetes.io/docs/setup/pick-right-solution/).

+ * Install [NGINX Ingress Controller](https://kubernetes.github.io/ingress-nginx/deploy/). This can be easily done via ``` helm install stable/nginx-ingress --name nginx-wso2is --set rbac.create=true ``` + ## Quick Start Guide >In the context of this document,
>* `KUBERNETES_HOME` will refer to a local copy of the [`wso2/kubernetes-is`](https://github.com/wso2/kubernetes-is/) Git repository.
>* `HELM_HOME` will refer to `/helm/is`.
-##### 1. Checkout Kubernetes Resources for WSO2 Identity server Git repository: +##### 1. Clone the Kubernetes Resources for WSO2 Identity Server Git repository. ``` git clone https://github.com/wso2/kubernetes-is.git ``` -##### 2. Provide configurations: +##### 2. Setup a Network File System (NFS) to be used for persistent storage. + +Create and export unique directories within the NFS server instance for each of the following Kubernetes Persistent Volume +resources defined in the `/is-conf/values.yaml` file: + +* `sharedDeploymentLocationPath` +* `sharedTenantsLocationPath` + +Grant ownership to `wso2carbon` user and `wso2` group, for each of the previously created directories. + + ``` + sudo chown -R wso2carbon:wso2 + ``` + +Grant read-write-execute permissions to the `wso2carbon` user, for each of the previously created directories. + + ``` + chmod -R 700 + ``` + +##### 3. Provide configurations. -1. The default product configurations are available at `/is-conf/confs` folder. Change the +a. The default product configurations are available at `/is-conf/confs` folder. Change the configurations as necessary. -2. Open the `/is-conf/values.yaml` and provide the following values. +b. Open the `/is-conf/values.yaml` and provide the following values. - `username`: Username of your Free Trial Subscription
- `password`: Password of your Free Trial Subscription
- `email`: Docker email
- `namespace`: Namespace
- `svcaccount`: Service Account
- `serverIp`: NFS Server IP
- `sharedDeploymentLocationPath`: NFS shared deployment directory(/repository/deployment) location for IS
- `sharedTentsLocationPath`: NFS shared tenants directory(/repository/tenants) location for IS - -3. Open the `/is-deployment/values.yaml` and provide the following values. +| Parameter | Description | +|---------------------------------|-------------------------------------------------------------------------------------------| +| `username` | Your WSO2 username | +| `password` | Your WSO2 password | +| `email` | Docker email | +| `namespace` | Kubernetes Namespace in which the resources are deployed | +| `svcaccount` | Kubernetes Service Account in the `namespace` to which product instance pods are attached | +| `serverIp` | NFS Server IP | +| `sharedDeploymentLocationPath` | NFS shared deployment directory(`/repository/deployment`) location for EI | +| `sharedTenantsLocationPath` | NFS shared tenants directory(`/repository/tenants`) location for EI | - `namespace`: Namespace
- `svcaccount`: Service Account +c. Open the `/is-deployment/values.yaml` and provide the following values. -##### 3. Deploy the configurations: +| Parameter | Description | +|---------------------------------|-------------------------------------------------------------------------------------------| +| `namespace` | Kubernetes Namespace in which the resources are deployed | +| `svcaccount` | Kubernetes Service Account in the `namespace` to which product instance pods are attached | + +##### 4. Deploy the configurations. ``` helm install --name /is-conf ``` -##### 4. Deploy MySql: -If there is an external product database(s), add those configurations as stated at `step 2.1`. Otherwise, run the below - command to create the product database. +##### 5. Deploy product database(s) using MySQL in Kubernetes. + ``` -helm install --name wso2is-rdbms-service -f /mysql/values.yaml -stable/mysql --namespace +helm install --name wso2is-rdbms-service -f /mysql/values.yaml stable/mysql --namespace ``` -`NAMESPACE` should be same as `step 2.2`. -##### 5. Deploy WSO2 Enterprise Identity server: +`NAMESPACE` should be same as in `step 3.b`. + +For a serious deployment (e.g. production grade setup), it is recommended to connect product instances to a user owned and managed RDBMS instance. + +##### 6. Deploy WSO2 Identity server. ``` helm install --name /is-deployment ``` -##### 6. Access Management Console: +##### 7. Access Management Console. -Default deployment will expose following publicly accessible host, namely:
-1. `wso2is` - To expose Administrative services and Management Console
+Default deployment will expose `wso2is` host (to expose Administrative services and Management Console). -To access the console in a test environment, +To access the console in the environment, -1. Obtain the external IP (`EXTERNAL-IP`) of the Ingress resources by listing down the Kubernetes Ingresses (using `kubectl get ing`). +a. Obtain the external IP (`EXTERNAL-IP`) of the Ingress resources by listing down the Kubernetes Ingresses. -e.g. +``` +kubectl get ing +``` ``` -NAME HOSTS ADDRESS PORTS AGE -wso2is-ingress wso2is 80, 443 9m +NAME HOSTS ADDRESS PORTS AGE +wso2is-ingress wso2is 80, 443 3m ``` -2. Add the above two hosts as entries in /etc/hosts file as follows: +b. Add the above host as an entry in /etc/hosts file as follows: ``` wso2is ``` -3. Try navigating to `https://wso2is/carbon` from your favorite browser. - +c. Try navigating to `https://wso2is/carbon` from your favorite browser. diff --git a/helm/is/is-conf/confs/bin/wso2server.sh b/helm/is/is-conf/confs/bin/wso2server.sh deleted file mode 100644 index a69d70d1..00000000 --- a/helm/is/is-conf/confs/bin/wso2server.sh +++ /dev/null @@ -1,318 +0,0 @@ -#!/bin/sh -# ---------------------------------------------------------------------------- -# Copyright 2018 WSO2, Inc. http://www.wso2.org -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# ---------------------------------------------------------------------------- -# Main Script for the WSO2 Carbon Server -# -# Environment Variable Prequisites -# -# CARBON_HOME Home of WSO2 Carbon installation. If not set I will try -# to figure it out. -# -# JAVA_HOME Must point at your Java Development Kit installation. -# -# JAVA_OPTS (Optional) Java runtime options used when the commands -# is executed. -# -# NOTE: Borrowed generously from Apache Tomcat startup scripts. -# ----------------------------------------------------------------------------- - -# OS specific support. $var _must_ be set to either true or false. -#ulimit -n 100000 - -cygwin=false; -darwin=false; -os400=false; -mingw=false; -case "`uname`" in -CYGWIN*) cygwin=true;; -MINGW*) mingw=true;; -OS400*) os400=true;; -Darwin*) darwin=true - if [ -z "$JAVA_VERSION" ] ; then - JAVA_VERSION="CurrentJDK" - else - echo "Using Java version: $JAVA_VERSION" - fi - if [ -z "$JAVA_HOME" ] ; then - JAVA_HOME=/System/Library/Frameworks/JavaVM.framework/Versions/${JAVA_VERSION}/Home - fi - ;; -esac - -# resolve links - $0 may be a softlink -PRG="$0" - -while [ -h "$PRG" ]; do - ls=`ls -ld "$PRG"` - link=`expr "$ls" : '.*-> \(.*\)$'` - if expr "$link" : '.*/.*' > /dev/null; then - PRG="$link" - else - PRG=`dirname "$PRG"`/"$link" - fi -done - -# Get standard environment variables -PRGDIR=`dirname "$PRG"` - -# Only set CARBON_HOME if not already set -[ -z "$CARBON_HOME" ] && CARBON_HOME=`cd "$PRGDIR/.." ; pwd` - -# Set AXIS2_HOME. Needed for One Click JAR Download -AXIS2_HOME="$CARBON_HOME" - -# For Cygwin, ensure paths are in UNIX format before anything is touched -if $cygwin; then - [ -n "$JAVA_HOME" ] && JAVA_HOME=`cygpath --unix "$JAVA_HOME"` - [ -n "$CARBON_HOME" ] && CARBON_HOME=`cygpath --unix "$CARBON_HOME"` - [ -n "$AXIS2_HOME" ] && CARBON_HOME=`cygpath --unix "$CARBON_HOME"` -fi - -# For OS400 -if $os400; then - # Set job priority to standard for interactive (interactive - 6) by using - # the interactive priority - 6, the helper threads that respond to requests - # will be running at the same priority as interactive jobs. - COMMAND='chgjob job('$JOBNAME') runpty(6)' - system $COMMAND - - # Enable multi threading - QIBM_MULTI_THREADED=Y - export QIBM_MULTI_THREADED -fi - -# For Migwn, ensure paths are in UNIX format before anything is touched -if $mingw ; then - [ -n "$CARBON_HOME" ] && - CARBON_HOME="`(cd "$CARBON_HOME"; pwd)`" - [ -n "$JAVA_HOME" ] && - JAVA_HOME="`(cd "$JAVA_HOME"; pwd)`" - [ -n "$AXIS2_HOME" ] && - CARBON_HOME="`(cd "$CARBON_HOME"; pwd)`" - # TODO classpath? -fi - -if [ -z "$JAVACMD" ] ; then - if [ -n "$JAVA_HOME" ] ; then - if [ -x "$JAVA_HOME/jre/sh/java" ] ; then - # IBM's JDK on AIX uses strange locations for the executables - JAVACMD="$JAVA_HOME/jre/sh/java" - else - JAVACMD="$JAVA_HOME/bin/java" - fi - else - JAVACMD=java - fi -fi - -if [ ! -x "$JAVACMD" ] ; then - echo "Error: JAVA_HOME is not defined correctly." - echo " CARBON cannot execute $JAVACMD" - exit 1 -fi - -# if JAVA_HOME is not set we're not happy -if [ -z "$JAVA_HOME" ]; then - echo "You must set the JAVA_HOME variable before running CARBON." - exit 1 -fi - -if [ -e "$CARBON_HOME/wso2carbon.pid" ]; then - PID=`cat "$CARBON_HOME"/wso2carbon.pid` -fi - -# ----- Process the input command ---------------------------------------------- -args="" -for c in $* -do - if [ "$c" = "--debug" ] || [ "$c" = "-debug" ] || [ "$c" = "debug" ]; then - CMD="--debug" - continue - elif [ "$CMD" = "--debug" ]; then - if [ -z "$PORT" ]; then - PORT=$c - fi - elif [ "$c" = "--stop" ] || [ "$c" = "-stop" ] || [ "$c" = "stop" ]; then - CMD="stop" - elif [ "$c" = "--start" ] || [ "$c" = "-start" ] || [ "$c" = "start" ]; then - CMD="start" - elif [ "$c" = "--version" ] || [ "$c" = "-version" ] || [ "$c" = "version" ]; then - CMD="version" - elif [ "$c" = "--restart" ] || [ "$c" = "-restart" ] || [ "$c" = "restart" ]; then - CMD="restart" - elif [ "$c" = "--test" ] || [ "$c" = "-test" ] || [ "$c" = "test" ]; then - CMD="test" - else - args="$args $c" - fi -done - -if [ "$CMD" = "--debug" ]; then - if [ "$PORT" = "" ]; then - echo " Please specify the debug port after the --debug option" - exit 1 - fi - if [ -n "$JAVA_OPTS" ]; then - echo "Warning !!!. User specified JAVA_OPTS will be ignored, once you give the --debug option." - fi - CMD="RUN" - JAVA_OPTS="-Xdebug -Xnoagent -Djava.compiler=NONE -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=$PORT" - echo "Please start the remote debugging client to continue..." -elif [ "$CMD" = "start" ]; then - if [ -e "$CARBON_HOME/wso2carbon.pid" ]; then - if ps -p $PID > /dev/null ; then - echo "Process is already running" - exit 0 - fi - fi - export CARBON_HOME="$CARBON_HOME" -# using nohup sh to avoid erros in solaris OS.TODO - nohup sh "$CARBON_HOME"/bin/wso2server.sh $args > /dev/null 2>&1 & - exit 0 -elif [ "$CMD" = "stop" ]; then - export CARBON_HOME="$CARBON_HOME" - kill -term `cat "$CARBON_HOME"/wso2carbon.pid` - exit 0 -elif [ "$CMD" = "restart" ]; then - export CARBON_HOME="$CARBON_HOME" - kill -term `cat "$CARBON_HOME"/wso2carbon.pid` - process_status=0 - pid=`cat "$CARBON_HOME"/wso2carbon.pid` - while [ "$process_status" -eq "0" ] - do - sleep 1; - ps -p$pid 2>&1 > /dev/null - process_status=$? - done - -# using nohup sh to avoid erros in solaris OS.TODO - nohup sh "$CARBON_HOME"/bin/wso2server.sh $args > /dev/null 2>&1 & - exit 0 -elif [ "$CMD" = "test" ]; then - JAVACMD="exec "$JAVACMD"" -elif [ "$CMD" = "version" ]; then - cat "$CARBON_HOME"/bin/version.txt - cat "$CARBON_HOME"/bin/wso2carbon-version.txt - exit 0 -fi - -# ---------- Handle the SSL Issue with proper JDK version -------------------- -jdk_17=`$JAVA_HOME/bin/java -version 2>&1 | grep "1.[7|8]"` -if [ "$jdk_17" = "" ]; then - echo " Starting WSO2 Carbon (in unsupported JDK)" - echo " [ERROR] CARBON is supported only on JDK 1.7 and 1.8" -fi - -CARBON_XBOOTCLASSPATH="" -for f in "$CARBON_HOME"/lib/xboot/*.jar -do - if [ "$f" != "$CARBON_HOME/lib/xboot/*.jar" ];then - CARBON_XBOOTCLASSPATH="$CARBON_XBOOTCLASSPATH":$f - fi -done - -JAVA_ENDORSED_DIRS="$CARBON_HOME/lib/endorsed":"$JAVA_HOME/jre/lib/endorsed":"$JAVA_HOME/lib/endorsed" - -CARBON_CLASSPATH="" -if [ -e "$JAVA_HOME/lib/tools.jar" ]; then - CARBON_CLASSPATH="$JAVA_HOME/lib/tools.jar" -fi -for f in "$CARBON_HOME"/bin/*.jar -do - if [ "$f" != "$CARBON_HOME/bin/*.jar" ];then - CARBON_CLASSPATH="$CARBON_CLASSPATH":$f - fi -done -for t in "$CARBON_HOME"/lib/commons-lang*.jar -do - CARBON_CLASSPATH="$CARBON_CLASSPATH":$t -done -# For Cygwin, switch paths to Windows format before running java -if $cygwin; then - JAVA_HOME=`cygpath --absolute --windows "$JAVA_HOME"` - CARBON_HOME=`cygpath --absolute --windows "$CARBON_HOME"` - AXIS2_HOME=`cygpath --absolute --windows "$CARBON_HOME"` - CLASSPATH=`cygpath --path --windows "$CLASSPATH"` - JAVA_ENDORSED_DIRS=`cygpath --path --windows "$JAVA_ENDORSED_DIRS"` - CARBON_CLASSPATH=`cygpath --path --windows "$CARBON_CLASSPATH"` - CARBON_XBOOTCLASSPATH=`cygpath --path --windows "$CARBON_XBOOTCLASSPATH"` -fi - -# ----- Execute The Requested Command ----------------------------------------- - -echo JAVA_HOME environment variable is set to $JAVA_HOME -echo CARBON_HOME environment variable is set to "$CARBON_HOME" - -cd "$CARBON_HOME" - -TMP_DIR="$CARBON_HOME"/tmp -if [ -d "$TMP_DIR" ]; then -rm -rf "$TMP_DIR"/* -fi - -START_EXIT_STATUS=121 -status=$START_EXIT_STATUS - -if [ -z "$JVM_MEM_OPTS" ]; then - java_version=$("$JAVACMD" -version 2>&1 | awk -F '"' '/version/ {print $2}') - JVM_MEM_OPTS="-Xms256m -Xmx1024m" - if [ "$java_version" \< "1.8" ]; then - JVM_MEM_OPTS="$JVM_MEM_OPTS -XX:MaxPermSize=256m" - fi -fi -echo "Using Java memory options: $JVM_MEM_OPTS" - -#To monitor a Carbon server in remote JMX mode on linux host machines, set the below system property. -# -Djava.rmi.server.hostname="your.IP.goes.here" - -while [ "$status" = "$START_EXIT_STATUS" ] -do - $JAVACMD \ - -Xbootclasspath/a:"$CARBON_XBOOTCLASSPATH" \ - $JVM_MEM_OPTS \ - -XX:+HeapDumpOnOutOfMemoryError \ - -XX:HeapDumpPath="$CARBON_HOME/repository/logs/heap-dump.hprof" \ - $JAVA_OPTS \ - -Dcom.sun.management.jmxremote \ - -classpath "$CARBON_CLASSPATH" \ - -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" \ - -Djava.io.tmpdir="$CARBON_HOME/tmp" \ - -Dcatalina.base="$CARBON_HOME/lib/tomcat" \ - -Dwso2.server.standalone=true \ - -Dcarbon.registry.root=/ \ - -Djava.command="$JAVACMD" \ - -Dcarbon.home="$CARBON_HOME" \ - -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager \ - -Dcarbon.config.dir.path="$CARBON_HOME/repository/conf" \ - -Djava.util.logging.config.file="$CARBON_HOME/repository/conf/etc/logging-bridge.properties" \ - -Dcomponents.repo="$CARBON_HOME/repository/components/plugins" \ - -Dconf.location="$CARBON_HOME/repository/conf"\ - -Dcom.atomikos.icatch.file="$CARBON_HOME/lib/transactions.properties" \ - -Dcom.atomikos.icatch.hide_init_file_path=true \ - -Dorg.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING=false \ - -Dorg.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER=true \ - -Dcom.sun.jndi.ldap.connect.pool.authentication=simple \ - -Dcom.sun.jndi.ldap.connect.pool.timeout=3000 \ - -Dorg.terracotta.quartz.skipUpdateCheck=true \ - -Djava.security.egd=file:/dev/./urandom \ - -Dfile.encoding=UTF8 \ - -Djava.net.preferIPv4Stack=true \ - -Dcom.ibm.cacheLocalHost=true \ - -DworkerNode=false \ - org.wso2.carbon.bootstrap.Bootstrap $* - status=$? -done diff --git a/helm/is/is-conf/confs/repository/conf/axis2/axis2.xml b/helm/is/is-conf/confs/repository/conf/axis2/axis2.xml index 60db6c66..ee761786 100644 --- a/helm/is/is-conf/confs/repository/conf/axis2/axis2.xml +++ b/helm/is/is-conf/confs/repository/conf/axis2/axis2.xml @@ -73,10 +73,10 @@ axis2modules - WSO2 Identity Server-5.5.0 + WSO2 Identity Server-5.6.0 - WSO2 Identity Server-5.5.0 + WSO2 Identity Server-5.6.0 diff --git a/helm/is/is-conf/confs/repository/conf/carbon.xml b/helm/is/is-conf/confs/repository/conf/carbon.xml index 4b6abd0f..1b35fb7b 100644 --- a/helm/is/is-conf/confs/repository/conf/carbon.xml +++ b/helm/is/is-conf/confs/repository/conf/carbon.xml @@ -36,7 +36,7 @@ - 5.5.0 + 5.6.0 + true + + 20 + + 40 + @@ -189,6 +199,12 @@ true org.wso2.carbon.identity.oauth.tokenprocessor.PlainTextPersistenceProcessor + + false false @@ -603,13 +619,14 @@ + - + orderId="90" enable="false"/> + orderId="93" enable="true"/> @@ -634,6 +651,21 @@ + + + + + + + + + 300 + + + true + + 1000 + 1000 + 51200 + + + + + + http://localhost:8280/ + + 5 + + diff --git a/helm/is/is-conf/templates/is-conf-bin.yaml b/helm/is/is-conf/templates/is-conf-bin.yaml deleted file mode 100644 index d8b69920..00000000 --- a/helm/is/is-conf/templates/is-conf-bin.yaml +++ /dev/null @@ -1,30 +0,0 @@ -# Copyright (c) 2018, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: is-conf-bin - namespace : {{ .Values.namespace }} -data: - {{- $file := .Files }} - {{- range $path, $byte := .Files.Glob "confs/bin/*" }} - {{- $list := $path | splitList "/"}} - {{- $length := len $list }} - {{- $last := add $length -1 }} - {{ index $list $last }}: |- - {{- range $file.Lines $path }} - {{ . }} - {{- end }} - {{- end }} diff --git a/helm/is/is-conf/templates/persistent-volumes.yaml b/helm/is/is-conf/templates/persistent-volumes.yaml index bad9bc49..2c6018a4 100644 --- a/helm/is/is-conf/templates/persistent-volumes.yaml +++ b/helm/is/is-conf/templates/persistent-volumes.yaml @@ -15,7 +15,7 @@ apiVersion: v1 kind: PersistentVolume metadata: - name: wso2is-with-analytics-shared-deployment-pv + name: wso2is-shared-deployment-pv namespace : {{ .Values.namespace }} labels: purpose: is-shared-deployment @@ -34,7 +34,7 @@ spec: apiVersion: v1 kind: PersistentVolume metadata: - name: wso2is-with-analytics-shared-tenants-pv + name: wso2is-shared-tenants-pv namespace : {{ .Values.namespace }} labels: purpose: is-shared-tenants @@ -46,4 +46,4 @@ spec: persistentVolumeReclaimPolicy: Retain nfs: server: {{ .Values.serverIp }} - path: {{ .Values.sharedTentsLocationPath }} \ No newline at end of file + path: {{ .Values.sharedTenantsLocationPath }} \ No newline at end of file diff --git a/helm/is/is-conf/values.yaml b/helm/is/is-conf/values.yaml index f8bb84ad..687a3094 100644 --- a/helm/is/is-conf/values.yaml +++ b/helm/is/is-conf/values.yaml @@ -6,4 +6,4 @@ namespace: "wso2" svcaccount: "wso2svc-account" serverIp: "" sharedDeploymentLocationPath: "" -sharedTentsLocationPath: "" +sharedTenantsLocationPath: "" diff --git a/helm/is/is-deployment/templates/identity-server-deployment.yaml b/helm/is/is-deployment/templates/identity-server-deployment.yaml index e81e051d..5e55f388 100644 --- a/helm/is/is-deployment/templates/identity-server-deployment.yaml +++ b/helm/is/is-deployment/templates/identity-server-deployment.yaml @@ -32,7 +32,7 @@ spec: spec: containers: - name: wso2is - image: docker.wso2.com/wso2is:5.5.0 + image: docker.wso2.com/wso2is:5.6.0 livenessProbe: exec: command: @@ -65,9 +65,9 @@ spec: - name: identity-server-conf-identity mountPath: /home/wso2carbon/kubernetes-volumes/is/conf-identity - name: shared-deployment-persistent-disk - mountPath: /home/wso2carbon/wso2is-5.5.0/repository/deployment + mountPath: /home/wso2carbon/wso2is-5.6.0/repository/deployment - name: shared-tenants-persistent-disk - mountPath: /home/wso2carbon/wso2is-5.5.0/repository/tenants + mountPath: /home/wso2carbon/wso2is-5.6.0/repository/tenants serviceAccountName: "wso2svc-account" imagePullSecrets: - name: wso2creds diff --git a/is-with-analytics/README.md b/is-with-analytics/README.md index af32e61d..959bc2aa 100644 --- a/is-with-analytics/README.md +++ b/is-with-analytics/README.md @@ -1,26 +1,39 @@ # Kubernetes Resources for deployment of WSO2 Identity Server with WSO2 Identity Server Analytics -Core Kubernetes resources for a clustered deployment of WSO2 Identity Server with WSO2 Identity Server Analytics. +Core Kubernetes resources for a [clustered deployment of WSO2 Identity Server with WSO2 Identity Server Analytics](https://docs.wso2.com/display/IS560/Setting+Up+Deployment+Pattern+2). ![A clustered deployment WSO2 Identity Server with Identity Server Analytics support](is-with-analytics.png) +## Contents + +* [Prerequisites](#prerequisites) +* [Quick Start Guide](#quick-start-guide) + ## Prerequisites -* In order to use WSO2 Kubernetes resources, you need an active WSO2 subscription. If you do not possess an active WSO2 -subscription already, you can sign up for a WSO2 Free Trial Subscription from [here](https://wso2.com/free-trial-subscription).

+* In order to use WSO2 Kubernetes resources, you need an active WSO2 subscription. If you do not possess an active +WSO2 subscription already, you can sign up for a WSO2 Free Trial Subscription from [here](https://wso2.com/free-trial-subscription).

+ +* Install [Git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git) and [Kubernetes client](https://kubernetes.io/docs/tasks/tools/install-kubectl/) (compatible with v1.10) +in order to run the steps provided in the following quick start guide.

+ +* An already setup [Kubernetes cluster](https://kubernetes.io/docs/setup/pick-right-solution/).

-* Install [Git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git), [Docker](https://www.docker.com/get-docker) -(version 17.09.0 or above) and [Kubernetes client](https://kubernetes.io/docs/tasks/tools/install-kubectl/) -in order to run the steps provided
in the following quick start guide.

+* A pre-configured Network File System (NFS) to be used as the persistent volume for artifact sharing and persistence. +In the NFS server instance, create a Linux system user account named `wso2carbon` with user id `802` and a system group named `wso2` with group id `802`. +Add the `wso2carbon` user to the group `wso2`. -* An already setup [Kubernetes cluster](https://kubernetes.io/docs/setup/pick-right-solution/)

+``` +groupadd --system -g 802 wso2 +useradd --system -g 802 -u 802 wso2carbon +``` ## Quick Start Guide >In the context of this document, `KUBERNETES_HOME` will refer to a local copy of the [`wso2/kubernetes-is`](https://github.com/wso2/kubernetes-is/) Git repository.
-##### 1. Checkout Kubernetes Resources for WSO2 Identity Server Git repository: +##### 1. Clone the Kubernetes Resources for WSO2 Identity Server Git repository. ``` git clone https://github.com/wso2/kubernetes-is.git @@ -33,13 +46,13 @@ kubectl create namespace wso2 kubectl create serviceaccount wso2svc-account -n wso2 ``` -Then, switch the context to new `wso2` namespace from `default` namespace. +Then, switch the context to new `wso2` namespace. ``` kubectl config set-context $(kubectl config current-context) --namespace=wso2 ``` -##### 3. Create a Kubernetes Secret for pulling the required Docker images from [`WSO2 Docker Registry`](https://docker.wso2.com): +##### 3. Create a Kubernetes Secret for pulling the required Docker images from [`WSO2 Docker Registry`](https://docker.wso2.com). Create a Kubernetes Secret named `wso2creds` in the cluster to authenticate with the WSO2 Docker Registry, to pull the required images. @@ -53,27 +66,27 @@ kubectl create secret docker-registry wso2creds --docker-server=docker.wso2.com Please see [Kubernetes official documentation](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-secret-in-the-cluster-that-holds-your-authorization-token) for further details. -##### 4. Setup and configure external product database(s): +##### 4. Setup product database(s). -Setup the external product databases. Please refer to WSO2 Identity Server's [official documentation](https://docs.wso2.com/display/IS550/Setting+Up+Separate+Databases+for+Clustering) +Setup the external product databases. Please refer to WSO2 Identity Server's [official documentation](https://docs.wso2.com/display/IS560/Setting+Up+Separate+Databases+for+Clustering) on creating the required databases for the deployment. Provide appropriate connection URLs, corresponding to the created external databases and the relevant driver class names for the data sources defined in the following files: -* `KUBERNETES_HOME/is-with-analytics/confs/is/datasources/master-datasources.xml` -* `KUBERNETES_HOME/is-with-analytics/confs/is/datasources/bps-datasources.xml` -* `KUBERNETES_HOME/is-with-analytics/confs/is-analytics-1/datasources/master-datasources.xml` -* `KUBERNETES_HOME/is-with-analytics/confs/is-analytics-1/datasources/analytics-datasources.xml` -* `KUBERNETES_HOME/is-with-analytics/confs/is-analytics-2/datasources/master-datasources.xml` -* `KUBERNETES_HOME/is-with-analytics/confs/is-analytics-2/datasources/analytics-datasources.xml` +* `/is-with-analytics/confs/is/datasources/master-datasources.xml` +* `/is-with-analytics/confs/is/datasources/bps-datasources.xml` +* `/is-with-analytics/confs/is-analytics-1/datasources/master-datasources.xml` +* `/is-with-analytics/confs/is-analytics-1/datasources/analytics-datasources.xml` +* `/is-with-analytics/confs/is-analytics-2/datasources/master-datasources.xml` +* `/is-with-analytics/confs/is-analytics-2/datasources/analytics-datasources.xml` Please refer WSO2's [official documentation](https://docs.wso2.com/display/ADMIN44x/Configuring+master-datasources.xml) on configuring data sources. **Note**: * For **evaluation purposes**, you can use Kubernetes resources provided in the directory
-`KUBERNETES_HOME/is-with-analytics/extras/rdbms/mysql` for deploying the product databases, using MySQL in Kubernetes. However, this approach of product database deployment is +`/is-with-analytics/extras/rdbms/mysql` for deploying the product databases, using MySQL in Kubernetes. However, this approach of product database deployment is **not recommended** for a production setup. * For using these Kubernetes resources, @@ -84,12 +97,16 @@ Please refer WSO2's [official documentation](https://docs.wso2.com/display/ADMIN kubectl create configmap mysql-dbscripts --from-file=/is-with-analytics/extras/confs/mysql/dbscripts/ ``` - Setup a Network File System (NFS) to be used as the persistent volume for persisting MySQL DB data. - Provide read-write-executable permissions to `other` users, for the folder `NFS_LOCATION_PATH`. - Update the NFS server IP (`NFS_SERVER_IP`) and export path (`NFS_LOCATION_PATH`) of persistent volume resource - named `wso2is-with-analytics-mysql-pv` in the file `/is-with-analytics/extras/rdbms/volumes/persistent-volumes.yaml`. + Here, a Network File System (NFS) is needed to be used for persisting MySQL DB data. + + Create and export a directory within the NFS server instance. + + Provide read-write-execute permissions to other users for the created folder. - Then, deploy the persistent volume resource and volume claim as follows: + Update the Kubernetes Persistent Volume resource with the corresponding NFS server IP (`NFS_SERVER_IP`) and exported, + NFS server directory path (`NFS_LOCATION_PATH`) in `/is-with-analytics/extras/rdbms/volumes/persistent-volumes.yaml`. + + Deploy the persistent volume resource and volume claim as follows: ``` kubectl create -f /is-with-analytics/extras/rdbms/mysql/mysql-persistent-volume-claim.yaml @@ -111,24 +128,24 @@ kubectl create --username=admin --password= -f /is-with-analytics/volumes/persistent-volumes.yaml` file. -Update the NFS server IP (`NFS_SERVER_IP`) and export path (`NFS_LOCATION_PATH`) of persistent volume resources, +Grant ownership to `wso2carbon` user and `wso2` group, for each of the previously created directories. -* `wso2is-with-analytics-shared-deployment-pv` -* `wso2is-with-analytics-shared-tenants-pv` -* `wso2is-with-analytics-is-analytics-data-pv-1` -* `wso2is-with-analytics-is-analytics-data-pv-2` -* `wso2is-with-analytics-is-analytics-pv-1` -* `wso2is-with-analytics-is-analytics-pv-2` +``` +sudo chown -R wso2carbon:wso2 +``` -in `/is-with-analytics/volumes/persistent-volumes.yaml` file. +Grant read-write-execute permissions to the `wso2carbon` user, for each of the previously created directories. -Create a user named `wso2carbon` with user id `802` and a group named `wso2` with group id `802` in the NFS node. -Add `wso2carbon` user to the group `wso2`. +``` +chmod -R 700 +``` -Then, provide ownership of the exported folder `NFS_LOCATION_PATH` (used for artifact sharing) to `wso2carbon` user and `wso2` group. -And provide read-write-executable permissions to owning `wso2carbon` user, for the folder `NFS_LOCATION_PATH`. +Update each Kubernetes Persistent Volume resource with the corresponding NFS server IP (`NFS_SERVER_IP`) and exported, NFS server directory path (`NFS_LOCATION_PATH`). Then, deploy the persistent volume resource and volume claim as follows: @@ -138,7 +155,7 @@ kubectl create -f /is-with-analytics/is-analytics/identity-serv kubectl create -f /is-with-analytics/volumes/persistent-volumes.yaml ``` -##### 7. Create Kubernetes ConfigMaps for passing WSO2 product configurations into the Kubernetes cluster: +##### 7. Create Kubernetes ConfigMaps for passing WSO2 product configurations into the Kubernetes cluster. ``` kubectl create configmap identity-server-conf --from-file=/is-with-analytics/confs/is/conf/ @@ -162,7 +179,7 @@ kubectl create configmap is-analytics-2-conf-datasources --from-file=/is-with-analytics/confs/is-analytics-2/deployment/server/jaggeryapps/portal/configs ``` -##### 8. Create Kubernetes Services and Deployments for WSO2 Identity Server and Analytics: +##### 8. Create Kubernetes Services and Deployments for WSO2 Identity Server and Analytics. ``` kubectl create -f /is-with-analytics/is/identity-server-service.yaml @@ -174,7 +191,7 @@ kubectl create -f /is-with-analytics/is-analytics/identity-serv kubectl create -f /is-with-analytics/is-analytics/identity-server-analytics-service.yaml ``` -##### 9. Deploy Kubernetes Ingress resource: +##### 9. Deploy Kubernetes Ingress resource. The WSO2 Identity Server and Identity Server Analytics Kubernetes Ingress resources use the NGINX Ingress Controller. @@ -188,15 +205,17 @@ kubectl create -f /is-with-analytics/ingresses/identity-server- kubectl create -f /is-with-analytics/ingresses/identity-server-analytics-ingress.yaml ``` -##### 10. Access Management Consoles: +##### 10. Access Management Consoles. Default deployment will expose `wso2is` and `wso2is-analytics` hosts (to expose Administrative services and Management Console). To access the console in the environment, -1. Obtain the external IP (`EXTERNAL-IP`) of the Ingress resources by listing down the Kubernetes Ingresses (using `kubectl get ing`). +a. Obtain the external IP (`EXTERNAL-IP`) of the Ingress resources by listing down the Kubernetes Ingresses. -e.g. +``` +kubectl get ing +``` ``` NAME HOSTS ADDRESS PORTS AGE @@ -204,16 +223,16 @@ wso2is-with-analytics-is-analytics-ingress wso2is-analytics wso2is-with-analytics-is-ingress wso2is 80, 443 3m ``` -2. Add the above host as an entry in /etc/hosts file as follows: +b. Add the above host as an entry in /etc/hosts file as follows: ``` wso2is-analytics wso2is ``` -3. Try navigating to `https://wso2is/carbon` and `https://wso2is-analytics/carbon` from your favorite browser. +c. Try navigating to `https://wso2is/carbon` and `https://wso2is-analytics/carbon` from your favorite browser. -##### 11. Scale up using `kubectl scale`: +##### 11. Scale up using `kubectl scale`. Default deployment runs a single replica (or pod) of WSO2 Identity server. To scale this deployment into any `` number of container replicas, upon your requirement, simply run following Kubernetes client command on the terminal. diff --git a/is-with-analytics/confs/is-analytics-1/conf/axis2/axis2.xml b/is-with-analytics/confs/is-analytics-1/conf/axis2/axis2.xml index 5f15064a..dc770b2e 100644 --- a/is-with-analytics/confs/is-analytics-1/conf/axis2/axis2.xml +++ b/is-with-analytics/confs/is-analytics-1/conf/axis2/axis2.xml @@ -73,10 +73,10 @@ axis2modules - WSO2 Identity Server Analytics-5.5.0 + WSO2 Identity Server Analytics-5.6.0 - WSO2 Identity Server Analytics-5.5.0 + WSO2 Identity Server Analytics-5.6.0 diff --git a/is-with-analytics/confs/is-analytics-1/conf/carbon.xml b/is-with-analytics/confs/is-analytics-1/conf/carbon.xml index 79ff505f..50bb5910 100644 --- a/is-with-analytics/confs/is-analytics-1/conf/carbon.xml +++ b/is-with-analytics/confs/is-analytics-1/conf/carbon.xml @@ -36,7 +36,7 @@ - 5.5.0 + 5.6.0 diff --git a/is-with-analytics/confs/is-analytics-2/conf/carbon.xml b/is-with-analytics/confs/is-analytics-2/conf/carbon.xml index 79ff505f..50bb5910 100644 --- a/is-with-analytics/confs/is-analytics-2/conf/carbon.xml +++ b/is-with-analytics/confs/is-analytics-2/conf/carbon.xml @@ -36,7 +36,7 @@ - 5.5.0 + 5.6.0 diff --git a/is-with-analytics/confs/is/conf/carbon.xml b/is-with-analytics/confs/is/conf/carbon.xml index 4b6abd0f..1b35fb7b 100644 --- a/is-with-analytics/confs/is/conf/carbon.xml +++ b/is-with-analytics/confs/is/conf/carbon.xml @@ -36,7 +36,7 @@ - 5.5.0 + 5.6.0 + true + + 20 + + 40 + @@ -189,6 +199,12 @@ true org.wso2.carbon.identity.oauth.tokenprocessor.PlainTextPersistenceProcessor + + false false @@ -603,13 +619,14 @@ + - + orderId="90" enable="false"/> + orderId="93" enable="true"/> @@ -634,6 +651,21 @@ + + + + + + + + + 300 + + + true + + 1000 + 1000 + 51200 + + + + + + http://localhost:8280/ + + 5 + + diff --git a/is-with-analytics/confs/is/deployment/server/eventpublishers/IsAnalytics-Publisher-wso2event-RoleData.xml b/is-with-analytics/confs/is/deployment/server/eventpublishers/IsAnalytics-Publisher-wso2event-RoleData.xml index 1ed4d0c2..29c9cc95 100644 --- a/is-with-analytics/confs/is/deployment/server/eventpublishers/IsAnalytics-Publisher-wso2event-RoleData.xml +++ b/is-with-analytics/confs/is/deployment/server/eventpublishers/IsAnalytics-Publisher-wso2event-RoleData.xml @@ -1,13 +1,32 @@ - - - - - admin - thrift - non-blocking - 0 - tcp://wso2is-with-analytics-is-analytics-1-service:7612,tcp://wso2is-with-analytics-is-analytics-2-service:7612 - admin - + + + + + + + admin + thrift + non-blocking + 0 + tcp://wso2is-with-analytics-is-analytics-1-service:7612,tcp://wso2is-with-analytics-is-analytics-2-service:7612 + admin + diff --git a/is-with-analytics/confs/is/deployment/server/eventpublishers/IsAnalytics-Publisher-wso2event-UserData.xml b/is-with-analytics/confs/is/deployment/server/eventpublishers/IsAnalytics-Publisher-wso2event-UserData.xml index 2b9b97ac..a6021d71 100644 --- a/is-with-analytics/confs/is/deployment/server/eventpublishers/IsAnalytics-Publisher-wso2event-UserData.xml +++ b/is-with-analytics/confs/is/deployment/server/eventpublishers/IsAnalytics-Publisher-wso2event-UserData.xml @@ -1,13 +1,32 @@ - - - - - admin - thrift - non-blocking - 0 - tcp://wso2is-with-analytics-is-analytics-1-service:7612,tcp://wso2is-with-analytics-is-analytics-2-service:7612 - admin - + + + + + + + admin + thrift + non-blocking + 0 + tcp://wso2is-with-analytics-is-analytics-1-service:7612,tcp://wso2is-with-analytics-is-analytics-2-service:7612 + admin + diff --git a/is-with-analytics/extras/rdbms/mysql/mysql-deployment.yaml b/is-with-analytics/extras/rdbms/mysql/mysql-deployment.yaml index d6e5a0be..a500cabc 100644 --- a/is-with-analytics/extras/rdbms/mysql/mysql-deployment.yaml +++ b/is-with-analytics/extras/rdbms/mysql/mysql-deployment.yaml @@ -53,3 +53,4 @@ spec: persistentVolumeClaim: claimName: wso2is-with-analytics-rdbms-volume-claim serviceAccountName: "wso2svc-account" + \ No newline at end of file diff --git a/is-with-analytics/is-analytics/identity-server-analytics-1-deployment.yaml b/is-with-analytics/is-analytics/identity-server-analytics-1-deployment.yaml index 7eb1c60d..baf19437 100644 --- a/is-with-analytics/is-analytics/identity-server-analytics-1-deployment.yaml +++ b/is-with-analytics/is-analytics/identity-server-analytics-1-deployment.yaml @@ -32,7 +32,7 @@ spec: spec: containers: - name: wso2is-with-analytics-is-analytics-1 - image: docker.wso2.com/wso2is-analytics:5.5.0 + image: docker.wso2.com/wso2is-analytics:5.6.0 resources: limits: memory: "4Gi" @@ -127,9 +127,9 @@ spec: - name: is-analytics-1-deployment-portal mountPath: /home/wso2carbon/kubernetes-volumes/is-analytics/conf-portal - name: analytics-persistent-disk - mountPath: /home/wso2carbon/wso2is-analytics-5.5.0/repository/conf/analytics + mountPath: /home/wso2carbon/wso2is-analytics-5.6.0/repository/conf/analytics - name: data-persistent-disk - mountPath: /home/wso2carbon/wso2is-analytics-5.5.0/repository/data + mountPath: /home/wso2carbon/wso2is-analytics-5.6.0/repository/data serviceAccountName: "wso2svc-account" imagePullSecrets: - name: wso2creds diff --git a/is-with-analytics/is-analytics/identity-server-analytics-2-deployment.yaml b/is-with-analytics/is-analytics/identity-server-analytics-2-deployment.yaml index 50cdf4ff..2f1aea60 100644 --- a/is-with-analytics/is-analytics/identity-server-analytics-2-deployment.yaml +++ b/is-with-analytics/is-analytics/identity-server-analytics-2-deployment.yaml @@ -32,7 +32,7 @@ spec: spec: containers: - name: wso2is-with-analytics-is-analytics-2 - image: docker.wso2.com/wso2is-analytics:5.5.0 + image: docker.wso2.com/wso2is-analytics:5.6.0 resources: limits: memory: "4Gi" @@ -127,9 +127,9 @@ spec: - name: is-analytics-2-deployment-portal mountPath: /home/wso2carbon/kubernetes-volumes/is-analytics/conf-portal - name: analytics-persistent-disk - mountPath: /home/wso2carbon/wso2is-analytics-5.5.0/repository/conf/analytics + mountPath: /home/wso2carbon/wso2is-analytics-5.6.0/repository/conf/analytics - name: data-persistent-disk - mountPath: /home/wso2carbon/wso2is-analytics-5.5.0/repository/data + mountPath: /home/wso2carbon/wso2is-analytics-5.6.0/repository/data serviceAccountName: "wso2svc-account" imagePullSecrets: - name: wso2creds diff --git a/is-with-analytics/is-analytics/identity-server-analytics-volume-claims.yaml b/is-with-analytics/is-analytics/identity-server-analytics-volume-claims.yaml index 628c5992..e6f2bed5 100644 --- a/is-with-analytics/is-analytics/identity-server-analytics-volume-claims.yaml +++ b/is-with-analytics/is-analytics/identity-server-analytics-volume-claims.yaml @@ -21,7 +21,7 @@ spec: - ReadWriteMany resources: requests: - storage: 1Gi + storage: 20Gi storageClassName: "" selector: matchLabels: @@ -39,7 +39,7 @@ spec: - ReadWriteMany resources: requests: - storage: 1Gi + storage: 20Gi storageClassName: "" selector: matchLabels: diff --git a/is-with-analytics/is/identity-server-deployment.yaml b/is-with-analytics/is/identity-server-deployment.yaml index ecc185c3..eee606e3 100644 --- a/is-with-analytics/is/identity-server-deployment.yaml +++ b/is-with-analytics/is/identity-server-deployment.yaml @@ -31,7 +31,7 @@ spec: spec: containers: - name: wso2is-with-analytics-is - image: docker.wso2.com/wso2is:5.5.0 + image: docker.wso2.com/wso2is:5.6.0 livenessProbe: exec: command: @@ -66,9 +66,9 @@ spec: - name: identity-server-conf-event-publishers mountPath: /home/wso2carbon/kubernetes-volumes/is/conf-event-publishers - name: shared-deployment-persistent-disk - mountPath: /home/wso2carbon/wso2is-5.5.0/repository/deployment + mountPath: /home/wso2carbon/wso2is-5.6.0/repository/deployment - name: shared-tenants-persistent-disk - mountPath: /home/wso2carbon/wso2is-5.5.0/repository/tenants + mountPath: /home/wso2carbon/wso2is-5.6.0/repository/tenants serviceAccountName: "wso2svc-account" imagePullSecrets: - name: wso2creds diff --git a/is-with-analytics/scripts/README.md b/is-with-analytics/scripts/README.md index d5b09819..d42928b7 100644 --- a/is-with-analytics/scripts/README.md +++ b/is-with-analytics/scripts/README.md @@ -1,67 +1,111 @@ # Kubernetes Test Resources for deployment of WSO2 Identity Server with WSO2 Identity Server Analytics Kubernetes Test Resources for WSO2 Identity Server and Analytics contain artifacts, which can be used to test the core -Kubernetes resources provided for a clustered deployment of WSO2 Identity Server with WSO2 Identity Server Analytics. +Kubernetes resources provided for a [clustered deployment of WSO2 Identity Server with WSO2 Identity Server Analytics](https://docs.wso2.com/display/IS560/Setting+Up+Deployment+Pattern+2). + +## Contents + +* [Prerequisites](#prerequisites) +* [Quick Start Guide](#quick-start-guide) ## Prerequisites -* In order to use WSO2 Kubernetes resources, you need an active WSO2 subscription. If you do not possess an active WSO2 -subscription already, you can sign up for a WSO2 Free Trial Subscription from [here](https://wso2.com/free-trial-subscription).

+* In order to use WSO2 Kubernetes resources, you need an active WSO2 subscription. If you do not possess an active +WSO2 subscription already, you can sign up for a WSO2 Free Trial Subscription from [here](https://wso2.com/free-trial-subscription).

+ +* Install [Git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git) and [Kubernetes client](https://kubernetes.io/docs/tasks/tools/install-kubectl/) (compatible with v1.10) +in order to run the steps provided in the following quick start guide.

+ +* An already setup [Kubernetes cluster](https://kubernetes.io/docs/setup/pick-right-solution/).

+ +* A pre-configured Network File System (NFS) to be used as the persistent volume for artifact sharing and persistence. +In the NFS server instance, create a Linux system user account named `wso2carbon` with user id `802` and a system group named `wso2` with group id `802`. +Add the `wso2carbon` user to the group `wso2`. -* Install [Git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git), [Docker](https://www.docker.com/get-docker) -(version 17.09.0 or above) and [Kubernetes client](https://kubernetes.io/docs/tasks/tools/install-kubectl/) -in order to run the steps provided
in the following quick start guide.

+``` +groupadd --system -g 802 wso2 +useradd --system -g 802 -u 802 wso2carbon +``` -* An already setup [Kubernetes cluster](https://kubernetes.io/docs/setup/pick-right-solution/)

- ## Quick Start Guide >In the context of this document, `KUBERNETES_HOME` will refer to a local copy of the [`wso2/kubernetes-is`](https://github.com/wso2/kubernetes-is/) Git repository.
-##### 1. Checkout Kubernetes Resources for WSO2 Identity Server Git repository: +##### 1. Clone the Kubernetes Resources for WSO2 Identity Server Git repository. ``` git clone https://github.com/wso2/kubernetes-is.git ``` -##### 2. Deploy Kubernetes Ingress resource: +##### 2. Deploy Kubernetes Ingress resource. The WSO2 Identity Server Kubernetes Ingress resource uses the NGINX Ingress Controller. In order to enable the NGINX Ingress controller in the desired cloud or on-premise environment, please refer the official documentation, [NGINX Ingress Controller Installation Guide](https://kubernetes.github.io/ingress-nginx/deploy/). -##### 3. Setup a Network File System (NFS) to be used as the persistent volume for artifact sharing across Identity Server and Analytics instances. +##### 3. Setup a Network File System (NFS) to be used for persistent storage. + +Create and export unique directories within the NFS server instance for each Kubernetes Persistent Volume resource defined in the +`/is-with-analytics/volumes/persistent-volumes.yaml` file. + +Grant ownership to `wso2carbon` user and `wso2` group, for each of the previously created directories. + +``` +sudo chown -R wso2carbon:wso2 +``` + +Grant read-write-execute permissions to the `wso2carbon` user, for each of the previously created directories. + +``` +chmod -R 700 +``` + +Update each Kubernetes Persistent Volume resource with the corresponding NFS server IP (`NFS_SERVER_IP`) and exported, NFS server directory path (`NFS_LOCATION_PATH`). -Update the NFS server IP (`NFS_SERVER_IP`) and export path (`NFS_LOCATION_PATH`) of persistent volume resources, +##### 4. Setup product database(s). -* `wso2is-with-analytics-shared-deployment-pv` -* `wso2is-with-analytics-shared-tenants-pv` -* `wso2is-with-analytics-is-analytics-pv-1` -* `wso2is-with-analytics-is-analytics-pv-2` -* `wso2is-with-analytics-is-analytics-data-pv-1` -* `wso2is-with-analytics-is-analytics-data-pv-2` +For **evaluation purposes**, -in `/is-with-analytics/volumes/persistent-volumes.yaml` file. +* You can use Kubernetes resources provided in the directory `KUBERNETES_HOME/is-with-analytics/extras/rdbms/mysql` +for deploying the product databases, using MySQL in Kubernetes. However, this approach of product database deployment is +**not recommended** for a production setup. -Create a user named `wso2carbon` with user id `802` and a group named `wso2` with group id `802` in the NFS node. -Add `wso2carbon` user to the group `wso2`. +* For using these Kubernetes resources, -Then, provide ownership of the exported folder `NFS_LOCATION_PATH` (used for artifact sharing) to `wso2carbon` user and `wso2` group. -And provide read-write-executable permissions to owning `wso2carbon` user, for the folder `NFS_LOCATION_PATH`. + Here, a Network File System (NFS) is needed to be used for persisting MySQL DB data. + + Create and export a directory within the NFS server instance. + + Provide read-write-execute permissions to other users for the created folder. + + Update the Kubernetes Persistent Volume resource with the corresponding NFS server IP (`NFS_SERVER_IP`) and exported, + NFS server directory path (`NFS_LOCATION_PATH`) in `/is-with-analytics/extras/rdbms/volumes/persistent-volumes.yaml`. + +In a **production grade setup**, -Finally, setup a Network File System (NFS) to be used as the persistent volume for persisting MySQL DB data. -Provide read-write-executable permissions to `other` users, for the folder `NFS_LOCATION_PATH`. -Update the NFS server IP (`NFS_SERVER_IP`) and export path (`NFS_LOCATION_PATH`) of persistent volume resource -named `wso2is-with-analytics-mysql-pv` in the file `/is-with-analytics/extras/rdbms/volumes/persistent-volumes.yaml`. +* Setup the external product databases. Please refer to WSO2 Identity Server's [official documentation](https://docs.wso2.com/display/IS560/Setting+Up+Separate+Databases+for+Clustering) + on creating the required databases for the deployment. + + Provide appropriate connection URLs, corresponding to the created external databases and the relevant driver class names for the data sources defined in + the following files: + + * `/is-with-analytics/confs/is/datasources/master-datasources.xml` + * `/is-with-analytics/confs/is/datasources/bps-datasources.xml` + * `/is-with-analytics/confs/is-analytics-1/datasources/master-datasources.xml` + * `/is-with-analytics/confs/is-analytics-1/datasources/analytics-datasources.xml` + * `/is-with-analytics/confs/is-analytics-2/datasources/master-datasources.xml` + * `/is-with-analytics/confs/is-analytics-2/datasources/analytics-datasources.xml` + + Please refer WSO2's [official documentation](https://docs.wso2.com/display/ADMIN44x/Configuring+master-datasources.xml) on configuring data sources. -##### 4. Deploy Kubernetes resources: +##### 5. Deploy Kubernetes resources. -Change directory to `KUBERNETES_HOME/is-with-analytics/scripts` and execute the `deploy.sh` shell script on the terminal, with the appropriate configurations as follows: +Change directory to `/is-with-analytics/scripts` and execute the `deploy.sh` shell script on the terminal, with the appropriate configurations as follows: ``` -./deploy.sh --wso2-subscription-username= --wso2-subscription-password= --cluster-admin-password= +./deploy.sh --wso2-username= --wso2-password= --cluster-admin-password= ``` * A Kubernetes Secret named `wso2creds` in the cluster to authenticate with the [`WSO2 Docker Registry`](https://docker.wso2.com), to pull the required images. @@ -76,13 +120,17 @@ The following details need to be replaced in the relevant command. >To un-deploy, be on the same directory and execute the `undeploy.sh` shell script on the terminal. -##### 5. Access Management Consoles: +##### 6. Access Management Consoles: Default deployment will expose `wso2is` and `wso2is-analytics` hosts (to expose Administrative services and Management Console). To access the console in the environment, -1. Obtain the external IP (`EXTERNAL-IP`) of the Ingress resources by listing down the Kubernetes Ingresses (using `kubectl get ing`). +a. Obtain the external IP (`EXTERNAL-IP`) of the Ingress resources by listing down the Kubernetes Ingresses. + +``` +kubectl get ing +``` e.g. @@ -92,22 +140,22 @@ wso2is-with-analytics-is-analytics-ingress wso2is-analytics wso2is-with-analytics-is-ingress wso2is 80, 443 3m ``` -2. Add the above host as an entry in /etc/hosts file as follows: +b. Add the above host as an entry in /etc/hosts file as follows: ``` wso2is-analytics wso2is ``` -3. Try navigating to `https://wso2is/carbon` and `https://wso2is-analytics/carbon` from your favorite browser. +c. Try navigating to `https://wso2is/carbon` and `https://wso2is-analytics/carbon` from your favorite browser. -##### 6. Scale up using `kubectl scale`: +##### 7. Scale up using `kubectl scale`: Default deployment runs two replicas (or pods) of WSO2 Identity server. To scale this deployment into any `` number of container replicas, upon your requirement, simply run following Kubernetes client command on the terminal. ``` -kubectl scale --replicas= -f /is/identity-server-deployment.yaml +kubectl scale --replicas= -f /is-with-analytics/is/identity-server-deployment.yaml ``` For example, If `` is 2, you are here scaling up this deployment from 1 to 2 container replicas. diff --git a/is-with-analytics/volumes/persistent-volumes.yaml b/is-with-analytics/volumes/persistent-volumes.yaml index 354e918a..dd2bf7ef 100644 --- a/is-with-analytics/volumes/persistent-volumes.yaml +++ b/is-with-analytics/volumes/persistent-volumes.yaml @@ -57,7 +57,7 @@ metadata: node: wso2is-analytics-1 spec: capacity: - storage: 1Gi + storage: 20Gi accessModes: - ReadWriteMany persistentVolumeReclaimPolicy: Retain @@ -74,6 +74,44 @@ metadata: labels: purpose: analytics-data node: wso2is-analytics-2 +spec: + capacity: + storage: 20Gi + accessModes: + - ReadWriteMany + persistentVolumeReclaimPolicy: Retain + nfs: + server: + path: "" + +--- + +apiVersion: v1 +kind: PersistentVolume +metadata: + name: wso2is-with-analytics-is-analytics-pv-1 + labels: + purpose: analytics + node: wso2is-analytics-1 +spec: + capacity: + storage: 1Gi + accessModes: + - ReadWriteMany + persistentVolumeReclaimPolicy: Retain + nfs: + server: + path: "" + +--- + +apiVersion: v1 +kind: PersistentVolume +metadata: + name: wso2is-with-analytics-is-analytics-pv-2 + labels: + purpose: analytics + node: wso2is-analytics-2 spec: capacity: storage: 1Gi diff --git a/is/README.md b/is/README.md index 19e91e45..ce77e8e4 100644 --- a/is/README.md +++ b/is/README.md @@ -1,26 +1,40 @@ # Kubernetes Resources for deployment of WSO2 Identity Server -Core Kubernetes resources for a clustered deployment of WSO2 Identity Server. +Core Kubernetes resources for a [clustered deployment of WSO2 Identity Server](https://docs.wso2.com/display/IS560/Setting+Up+Deployment+Pattern+1). ![A clustered deployment WSO2 Identity Server](is.png) +## Contents + +* [Prerequisites](#prerequisites) +* [Quick Start Guide](#quick-start-guide) + + ## Prerequisites -* In order to use WSO2 Kubernetes resources, you need an active WSO2 subscription. If you do not possess an active WSO2 -subscription already, you can sign up for a WSO2 Free Trial Subscription from [here](https://wso2.com/free-trial-subscription).

+* In order to use WSO2 Kubernetes resources, you need an active WSO2 subscription. If you do not possess an active +WSO2 subscription already, you can sign up for a WSO2 Free Trial Subscription from [here](https://wso2.com/free-trial-subscription).

+ +* Install [Git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git) and [Kubernetes client](https://kubernetes.io/docs/tasks/tools/install-kubectl/) (compatible with v1.10) +in order to run the steps provided in the following quick start guide.

+ +* An already setup [Kubernetes cluster](https://kubernetes.io/docs/setup/pick-right-solution/).

-* Install [Git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git), [Docker](https://www.docker.com/get-docker) -(version 17.09.0 or above) and [Kubernetes client](https://kubernetes.io/docs/tasks/tools/install-kubectl/) -in order to run the steps provided
in the following quick start guide.

+* A pre-configured Network File System (NFS) to be used as the persistent volume for artifact sharing and persistence. +In the NFS server instance, create a Linux system user account named `wso2carbon` with user id `802` and a system group named `wso2` with group id `802`. +Add the `wso2carbon` user to the group `wso2`. + +``` +groupadd --system -g 802 wso2 +useradd --system -g 802 -u 802 wso2carbon +``` -* An already setup [Kubernetes cluster](https://kubernetes.io/docs/setup/pick-right-solution/)

- ## Quick Start Guide >In the context of this document, `KUBERNETES_HOME` will refer to a local copy of the [`wso2/kubernetes-is`](https://github.com/wso2/kubernetes-is/) Git repository.
-##### 1. Checkout Kubernetes Resources for WSO2 Identity Server Git repository: +##### 1. Clone the Kubernetes Resources for WSO2 Identity Server Git repository: ``` git clone https://github.com/wso2/kubernetes-is.git @@ -33,7 +47,7 @@ kubectl create namespace wso2 kubectl create serviceaccount wso2svc-account -n wso2 ``` -Then, switch the context to new `wso2` namespace from `default` namespace. +Then, switch the context to new `wso2` namespace. ``` kubectl config set-context $(kubectl config current-context) --namespace=wso2 @@ -53,23 +67,23 @@ kubectl create secret docker-registry wso2creds --docker-server=docker.wso2.com Please see [Kubernetes official documentation](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-secret-in-the-cluster-that-holds-your-authorization-token) for further details. -##### 4. Setup and configure external product database(s): +##### 4. Setup product database(s): -Setup the external product databases. Please refer to WSO2 Identity Server's [official documentation](https://docs.wso2.com/display/IS550/Setting+Up+Separate+Databases+for+Clustering) +Setup the external product databases. Please refer to WSO2 Identity Server's [official documentation](https://docs.wso2.com/display/IS560/Setting+Up+Separate+Databases+for+Clustering) on creating the required databases for the deployment. Provide appropriate connection URLs, corresponding to the created external databases and the relevant driver class names for the data sources defined in the following files: -* `KUBERNETES_HOME/is/confs/is/datasources/master-datasources.xml` -* `KUBERNETES_HOME/is/confs/is/datasources/bps-datasources.xml` +* `/is/confs/is/datasources/master-datasources.xml` +* `/is/confs/is/datasources/bps-datasources.xml` Please refer WSO2's [official documentation](https://docs.wso2.com/display/ADMIN44x/Configuring+master-datasources.xml) on configuring data sources. **Note**: * For **evaluation purposes**, you can use Kubernetes resources provided in the directory
-`KUBERNETES_HOME/is/extras/rdbms/mysql` for deploying the product databases, using MySQL in Kubernetes. However, this approach of product database deployment is +`/is/extras/rdbms/mysql` for deploying the product databases, using MySQL in Kubernetes. However, this approach of product database deployment is **not recommended** for a production setup. * For using these Kubernetes resources, @@ -80,12 +94,16 @@ Please refer WSO2's [official documentation](https://docs.wso2.com/display/ADMIN kubectl create configmap mysql-dbscripts --from-file=/is/extras/confs/mysql/dbscripts/ ``` - Setup a Network File System (NFS) to be used as the persistent volume for persisting MySQL DB data. - Provide read-write-executable permissions to `other` users, for the folder `NFS_LOCATION_PATH`. - Update the NFS server IP (`NFS_SERVER_IP`) and export path (`NFS_LOCATION_PATH`) of persistent volume resource - named `wso2is-mysql-pv` in the file `/is/extras/rdbms/volumes/persistent-volumes.yaml`. + Here, a Network File System (NFS) is needed to be used for persisting MySQL DB data. + + Create and export a directory within the NFS server instance. + + Provide read-write-execute permissions to other users for the created folder. - Then, deploy the persistent volume resource and volume claim as follows: + Update the Kubernetes Persistent Volume resource with the corresponding NFS server IP (`NFS_SERVER_IP`) and exported, + NFS server directory path (`NFS_LOCATION_PATH`) in `/is/extras/rdbms/volumes/persistent-volumes.yaml`. + + Deploy the persistent volume resource and volume claim as follows: ``` kubectl create -f /is/extras/rdbms/mysql/mysql-persistent-volume-claim.yaml @@ -107,20 +125,24 @@ kubectl create --username=admin --password= -f /is/volumes/persistent-volumes.yaml` file. -* `wso2is-shared-deployment-pv` -* `wso2is-shared-tenants-pv` +Grant ownership to `wso2carbon` user and `wso2` group, for each of the previously created directories. -in `/is/volumes/persistent-volumes.yaml` file. +``` +sudo chown -R wso2carbon:wso2 +``` -Create a user named `wso2carbon` with user id `802` and a group named `wso2` with group id `802` in the NFS node. -Add `wso2carbon` user to the group `wso2`. +Grant read-write-execute permissions to the `wso2carbon` user, for each of the previously created directories. + +``` +chmod -R 700 +``` -Then, provide ownership of the exported folder `NFS_LOCATION_PATH` (used for artifact sharing) to `wso2carbon` user and `wso2` group. -And provide read-write-executable permissions to owning `wso2carbon` user, for the folder `NFS_LOCATION_PATH`. +Update each Kubernetes Persistent Volume resource with the corresponding NFS server IP (`NFS_SERVER_IP`) and exported, NFS server directory path (`NFS_LOCATION_PATH`). Then, deploy the persistent volume resource and volume claim as follows: @@ -128,7 +150,7 @@ Then, deploy the persistent volume resource and volume claim as follows: kubectl create -f /is/identity-server-volume-claims.yaml kubectl create -f /is/volumes/persistent-volumes.yaml ``` - + ##### 7. Create Kubernetes ConfigMaps for passing WSO2 product configurations into the Kubernetes cluster: ``` @@ -164,22 +186,24 @@ Default deployment will expose `wso2is` host (to expose Administrative services To access the console in the environment, -1. Obtain the external IP (`EXTERNAL-IP`) of the Ingress resources by listing down the Kubernetes Ingresses (using `kubectl get ing`). +a. Obtain the external IP (`EXTERNAL-IP`) of the Ingress resources by listing down the Kubernetes Ingresses. -e.g. +``` +kubectl get ing +``` ``` NAME HOSTS ADDRESS PORTS AGE wso2is-ingress wso2is 80, 443 3m ``` -2. Add the above host as an entry in /etc/hosts file as follows: +b. Add the above host as an entry in /etc/hosts file as follows: ``` wso2is ``` -3. Try navigating to `https://wso2is/carbon` from your favorite browser. +c. Try navigating to `https://wso2is/carbon` from your favorite browser. ##### 11. Scale up using `kubectl scale`: diff --git a/is/confs/axis2/axis2.xml b/is/confs/axis2/axis2.xml index 60db6c66..ee761786 100644 --- a/is/confs/axis2/axis2.xml +++ b/is/confs/axis2/axis2.xml @@ -73,10 +73,10 @@ axis2modules - WSO2 Identity Server-5.5.0 + WSO2 Identity Server-5.6.0 - WSO2 Identity Server-5.5.0 + WSO2 Identity Server-5.6.0 diff --git a/is/confs/carbon.xml b/is/confs/carbon.xml index 4b6abd0f..280be2db 100644 --- a/is/confs/carbon.xml +++ b/is/confs/carbon.xml @@ -36,7 +36,7 @@ - 5.5.0 + 5.6.0 - + 8000 - - - - - 10500 - + + + + 10500 + + @@ -323,10 +323,10 @@ ${carbon.home}/repository/conf/axis2/axis2_client.xml true - - + + @@ -345,11 +345,11 @@ Default User Role - + - + --> + - - - - - - - - + + + + + + + + @@ -426,16 +426,16 @@ --> UserManager - - false + + false - org.wso2.carbon.identity.provider.AttributeCallbackHandler + org.wso2.carbon.identity.provider.AttributeCallbackHandler - - org.wso2.carbon.identity.sts.store.DBTokenStore + + org.wso2.carbon.identity.sts.store.DBTokenStore true @@ -445,11 +445,11 @@ - -claim_mgt_menu -identity_mgt_emailtemplate_menu -identity_security_questions_menu - + + claim_mgt_menu + identity_mgt_emailtemplate_menu + identity_security_questions_menu + - + - default repository - http://product-dist.wso2.com/p2/carbon/releases/wilkes/ + default repository + http://product-dist.wso2.com/p2/carbon/releases/wilkes/ - - - - - true - - - - - - true - + + + + + true + + + + + + true + diff --git a/is/confs/identity/identity.xml b/is/confs/identity/identity.xml index 89737d18..03476b82 100644 --- a/is/confs/identity/identity.xml +++ b/is/confs/identity/identity.xml @@ -42,6 +42,16 @@ true + + + true + + 20 + + 40 + @@ -189,6 +199,12 @@ true org.wso2.carbon.identity.oauth.tokenprocessor.PlainTextPersistenceProcessor + + false false @@ -603,13 +619,14 @@ + - + orderId="90" enable="false"/> + orderId="93" enable="true"/> @@ -634,6 +651,21 @@ + + + + + + + + + + enable="true" timeout="300" capacity="5000" isDistributed="false"/> @@ -811,6 +843,9 @@ /permission/admin/manage/identity/applicationmgt + + + @@ -835,4 +870,21 @@ 300 + + + true + + 1000 + 1000 + 51200 + + + + + + http://localhost:8280/ + + 5 + + diff --git a/is/extras/confs/rdbms/mysql/dbscripts/init.sql b/is/extras/confs/rdbms/mysql/dbscripts/init.sql index 906b5bf7..44665e4f 100644 --- a/is/extras/confs/rdbms/mysql/dbscripts/init.sql +++ b/is/extras/confs/rdbms/mysql/dbscripts/init.sql @@ -540,6 +540,7 @@ CREATE TABLE IF NOT EXISTS IDN_OAUTH_CONSUMER_APPS ( USER_ACCESS_TOKEN_EXPIRE_TIME BIGINT DEFAULT 3600000, APP_ACCESS_TOKEN_EXPIRE_TIME BIGINT DEFAULT 3600000, REFRESH_TOKEN_EXPIRE_TIME BIGINT DEFAULT 84600000, + ID_TOKEN_EXPIRE_TIME BIGINT DEFAULT 3600000, CONSTRAINT CONSUMER_KEY_CONSTRAINT UNIQUE (CONSUMER_KEY), PRIMARY KEY (ID) )ENGINE INNODB; @@ -608,6 +609,9 @@ CREATE INDEX IDX_TC ON IDN_OAUTH2_ACCESS_TOKEN(TIME_CREATED); CREATE INDEX IDX_ATH ON IDN_OAUTH2_ACCESS_TOKEN(ACCESS_TOKEN_HASH); +CREATE INDEX IDX_AT_TI_UD ON IDN_OAUTH2_ACCESS_TOKEN(AUTHZ_USER, TENANT_ID, TOKEN_STATE, USER_DOMAIN); + + CREATE TABLE IF NOT EXISTS IDN_OAUTH2_AUTHORIZATION_CODE ( CODE_ID VARCHAR (255), AUTHORIZATION_CODE VARCHAR(2048), @@ -631,6 +635,9 @@ CREATE TABLE IF NOT EXISTS IDN_OAUTH2_AUTHORIZATION_CODE ( CREATE INDEX IDX_AUTHORIZATION_CODE_HASH ON IDN_OAUTH2_AUTHORIZATION_CODE (AUTHORIZATION_CODE_HASH,CONSUMER_KEY_ID); +CREATE INDEX IDX_AUTHORIZATION_CODE_AU_TI ON IDN_OAUTH2_AUTHORIZATION_CODE (AUTHZ_USER,TENANT_ID, USER_DOMAIN, STATE); + + CREATE TABLE IF NOT EXISTS IDN_OAUTH2_ACCESS_TOKEN_SCOPE ( TOKEN_ID VARCHAR (255), TOKEN_SCOPE VARCHAR (60), @@ -671,6 +678,11 @@ CREATE TABLE IF NOT EXISTS IDN_SCIM_GROUP ( PRIMARY KEY (ID) )ENGINE INNODB; +CREATE INDEX IDX_IDN_SCIM_GROUP_TI_RN ON IDN_SCIM_GROUP (TENANT_ID, ROLE_NAME); + +CREATE INDEX IDX_IDN_SCIM_GROUP_TI_RN_AN ON IDN_SCIM_GROUP (TENANT_ID, ROLE_NAME, ATTR_NAME); + + CREATE TABLE IF NOT EXISTS IDN_OPENID_REMEMBER_ME ( USER_NAME VARCHAR(255) NOT NULL, TENANT_ID INTEGER DEFAULT 0, @@ -743,9 +755,27 @@ CREATE TABLE IF NOT EXISTS IDN_AUTH_SESSION_STORE ( SESSION_OBJECT BLOB, TIME_CREATED BIGINT, TENANT_ID INTEGER DEFAULT -1, + EXPIRY_TIME BIGINT, + PRIMARY KEY (SESSION_ID, SESSION_TYPE, TIME_CREATED, OPERATION) +)ENGINE INNODB; + +CREATE INDEX IDX_IDN_AUTH_SESSION_STORE_TIME ON IDN_AUTH_SESSION_STORE (TIME_CREATED); + + +CREATE TABLE IF NOT EXISTS IDN_AUTH_TEMP_SESSION_STORE ( + SESSION_ID VARCHAR (100) NOT NULL, + SESSION_TYPE VARCHAR(100) NOT NULL, + OPERATION VARCHAR(10) NOT NULL, + SESSION_OBJECT BLOB, + TIME_CREATED BIGINT, + TENANT_ID INTEGER DEFAULT -1, + EXPIRY_TIME BIGINT, PRIMARY KEY (SESSION_ID, SESSION_TYPE, TIME_CREATED, OPERATION) )ENGINE INNODB; +CREATE INDEX IDX_IDN_AUTH_TEMP_SESSION_STORE_TIME ON IDN_AUTH_TEMP_SESSION_STORE (TIME_CREATED); + + CREATE TABLE IF NOT EXISTS SP_APP ( ID INTEGER NOT NULL AUTO_INCREMENT, TENANT_ID INTEGER NOT NULL, @@ -817,6 +847,15 @@ CREATE TABLE IF NOT EXISTS SP_FEDERATED_IDP ( ALTER TABLE SP_FEDERATED_IDP ADD CONSTRAINT STEP_ID_CONSTRAINT FOREIGN KEY (ID) REFERENCES SP_AUTH_STEP (ID) ON DELETE CASCADE; +CREATE TABLE IF NOT EXISTS SP_CLAIM_DIALECT ( + ID INTEGER NOT NULL AUTO_INCREMENT, + TENANT_ID INTEGER NOT NULL, + SP_DIALECT VARCHAR (512) NOT NULL, + APP_ID INTEGER NOT NULL, + PRIMARY KEY (ID)); + +ALTER TABLE SP_CLAIM_DIALECT ADD CONSTRAINT DIALECTID_APPID_CONSTRAINT FOREIGN KEY (APP_ID) REFERENCES SP_APP (ID) ON DELETE CASCADE; + CREATE TABLE IF NOT EXISTS SP_CLAIM_MAPPING ( ID INTEGER NOT NULL AUTO_INCREMENT, TENANT_ID INTEGER NOT NULL, diff --git a/is/identity-server-deployment.yaml b/is/identity-server-deployment.yaml index 8c8f59db..0590ea4d 100644 --- a/is/identity-server-deployment.yaml +++ b/is/identity-server-deployment.yaml @@ -31,7 +31,7 @@ spec: spec: containers: - name: wso2is - image: docker.wso2.com/wso2is:5.5.0 + image: docker.wso2.com/wso2is:5.6.0 livenessProbe: exec: command: @@ -64,9 +64,9 @@ spec: - name: identity-server-conf-identity mountPath: /home/wso2carbon/kubernetes-volumes/is/conf-identity - name: shared-deployment-persistent-disk - mountPath: /home/wso2carbon/wso2is-5.5.0/repository/deployment + mountPath: /home/wso2carbon/wso2is-5.6.0/repository/deployment - name: shared-tenants-persistent-disk - mountPath: /home/wso2carbon/wso2is-5.5.0/repository/tenants + mountPath: /home/wso2carbon/wso2is-5.6.0/repository/tenants serviceAccountName: "wso2svc-account" imagePullSecrets: - name: wso2creds diff --git a/is/scripts/README.md b/is/scripts/README.md index a1d45887..63fa7a08 100644 --- a/is/scripts/README.md +++ b/is/scripts/README.md @@ -1,63 +1,107 @@ # Kubernetes Test Resources for deployment of WSO2 Identity Server Kubernetes Test Resources for WSO2 Identity Server contain artifacts, which can be used to test the core -Kubernetes resources provided for a clustered deployment of WSO2 Identity Server. +Kubernetes resources provided for a [clustered deployment of WSO2 Identity Server](https://docs.wso2.com/display/IS560/Setting+Up+Deployment+Pattern+1). + +## Contents + +* [Prerequisites](#prerequisites) +* [Quick Start Guide](#quick-start-guide) ## Prerequisites -* In order to use WSO2 Kubernetes resources, you need an active WSO2 subscription. If you do not possess an active WSO2 -subscription already, you can sign up for a WSO2 Free Trial Subscription from [here](https://wso2.com/free-trial-subscription).

+* In order to use WSO2 Kubernetes resources, you need an active WSO2 subscription. If you do not possess an active +WSO2 subscription already, you can sign up for a WSO2 Free Trial Subscription from [here](https://wso2.com/free-trial-subscription).

+ +* Install [Git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git) and [Kubernetes client](https://kubernetes.io/docs/tasks/tools/install-kubectl/) (compatible with v1.10) +in order to run the steps provided in the following quick start guide.

-* Install [Git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git), [Docker](https://www.docker.com/get-docker) -(version 17.09.0 or above) and [Kubernetes client](https://kubernetes.io/docs/tasks/tools/install-kubectl/) -in order to run the steps provided
in the following quick start guide.

+* An already setup [Kubernetes cluster](https://kubernetes.io/docs/setup/pick-right-solution/).

+ +* A pre-configured Network File System (NFS) to be used as the persistent volume for artifact sharing and persistence. +In the NFS server instance, create a Linux system user account named `wso2carbon` with user id `802` and a system group named `wso2` with group id `802`. +Add the `wso2carbon` user to the group `wso2`. + +``` +groupadd --system -g 802 wso2 +useradd --system -g 802 -u 802 wso2carbon +``` -* An already setup [Kubernetes cluster](https://kubernetes.io/docs/setup/pick-right-solution/)

- ## Quick Start Guide >In the context of this document, `KUBERNETES_HOME` will refer to a local copy of the [`wso2/kubernetes-is`](https://github.com/wso2/kubernetes-is/) Git repository.
-##### 1. Checkout Kubernetes Resources for WSO2 Identity Server Git repository: +##### 1. Clone the Kubernetes Resources for WSO2 Identity Server Git repository. ``` git clone https://github.com/wso2/kubernetes-is.git ``` -##### 2. Deploy Kubernetes Ingress resource: +##### 2. Deploy Kubernetes Ingress resource. The WSO2 Identity Server Kubernetes Ingress resource uses the NGINX Ingress Controller. In order to enable the NGINX Ingress controller in the desired cloud or on-premise environment, please refer the official documentation, [NGINX Ingress Controller Installation Guide](https://kubernetes.github.io/ingress-nginx/deploy/). -##### 3. Setup a Network File System (NFS) to be used as the persistent volume for artifact sharing across Identity Server and Analytics instances. +##### 3. Setup a Network File System (NFS) to be used for persistent storage. + +Create and export unique directories within the NFS server instance for each Kubernetes Persistent Volume resource defined in the +`/is/volumes/persistent-volumes.yaml` file. + +Grant ownership to `wso2carbon` user and `wso2` group, for each of the previously created directories. + +``` +sudo chown -R wso2carbon:wso2 +``` + +Grant read-write-execute permissions to the `wso2carbon` user, for each of the previously created directories. + +``` +chmod -R 700 +``` + +Update each Kubernetes Persistent Volume resource with the corresponding NFS server IP (`NFS_SERVER_IP`) and exported, NFS server directory path (`NFS_LOCATION_PATH`). -Update the NFS server IP (`NFS_SERVER_IP`) and export path (`NFS_LOCATION_PATH`) of persistent volume resources, +##### 4. Setup product database(s). -* `wso2is-shared-deployment-pv` -* `wso2is-shared-tenants-pv` +For **evaluation purposes**, -in `/is/volumes/persistent-volumes.yaml` file. +* You can use Kubernetes resources provided in the directory `KUBERNETES_HOME/is/extras/rdbms/mysql` +for deploying the product databases, using MySQL in Kubernetes. However, this approach of product database deployment is +**not recommended** for a production setup. -Create a user named `wso2carbon` with user id `802` and a group named `wso2` with group id `802` in the NFS node. -Add `wso2carbon` user to the group `wso2`. +* For using these Kubernetes resources, -Then, provide ownership of the exported folder `NFS_LOCATION_PATH` (used for artifact sharing) to `wso2carbon` user and `wso2` group. -And provide read-write-executable permissions to owning `wso2carbon` user, for the folder `NFS_LOCATION_PATH`. + Here, a Network File System (NFS) is needed to be used for persisting MySQL DB data. + + Create and export a directory within the NFS server instance. + + Provide read-write-execute permissions to other users for the created folder. + + Update the Kubernetes Persistent Volume resource with the corresponding NFS server IP (`NFS_SERVER_IP`) and exported, + NFS server directory path (`NFS_LOCATION_PATH`) in `/is/extras/rdbms/volumes/persistent-volumes.yaml`. + +In a **production grade setup**, -Finally, setup a Network File System (NFS) to be used as the persistent volume for persisting MySQL DB data. -Provide read-write-executable permissions to `other` users, for the folder `NFS_LOCATION_PATH`. -Update the NFS server IP (`NFS_SERVER_IP`) and export path (`NFS_LOCATION_PATH`) of persistent volume resource -named `wso2is-mysql-pv` in the file `/is/extras/rdbms/volumes/persistent-volumes.yaml`. +* Setup the external product databases. Please refer to WSO2 Identity Server's [official documentation](https://docs.wso2.com/display/IS560/Setting+Up+Separate+Databases+for+Clustering) + on creating the required databases for the deployment. + + Provide appropriate connection URLs, corresponding to the created external databases and the relevant driver class names for the data sources defined in + the following files: + + * `/is/confs/is/datasources/master-datasources.xml` + * `/is/confs/is/datasources/bps-datasources.xml` -##### 4. Deploy Kubernetes resources: + Please refer WSO2's [official documentation](https://docs.wso2.com/display/ADMIN44x/Configuring+master-datasources.xml) on configuring data sources. + +##### 5. Deploy Kubernetes resources: -Change directory to `KUBERNETES_HOME/is/scripts` and execute the `deploy.sh` shell script on the terminal, with the appropriate configurations as follows: +Change directory to `/is/scripts` and execute the `deploy.sh` shell script on the terminal, with the appropriate configurations as follows: ``` -./deploy.sh --wso2-subscription-username= --wso2-subscription-password= --cluster-admin-password= +./deploy.sh --wso2-username= --wso2-password= --cluster-admin-password= ``` * A Kubernetes Secret named `wso2creds` in the cluster to authenticate with the [`WSO2 Docker Registry`](https://docker.wso2.com), to pull the required images. @@ -72,36 +116,38 @@ The following details need to be replaced in the relevant command. >To un-deploy, be on the same directory and execute the `undeploy.sh` shell script on the terminal. -##### 5. Access Management Console: +##### 6. Access Management Console: Default deployment will expose `wso2is` host (to expose Administrative services and Management Console). To access the console in the environment, -1. Obtain the external IP (`EXTERNAL-IP`) of the Ingress resources by listing down the Kubernetes Ingresses (using `kubectl get ing`). +a. Obtain the external IP (`EXTERNAL-IP`) of the Ingress resources by listing down the Kubernetes Ingresses. -e.g. +``` +kubectl get ing +``` ``` NAME HOSTS ADDRESS PORTS AGE wso2is-ingress wso2is 80, 443 3m ``` -2. Add the above host as an entry in /etc/hosts file as follows: +b. Add the above host as an entry in /etc/hosts file as follows: ``` wso2is ``` -3. Try navigating to `https://wso2is/carbon` from your favorite browser. +c. Try navigating to `https://wso2is/carbon` from your favorite browser. -##### 6. Scale up using `kubectl scale`: +##### 7. Scale up using `kubectl scale`: Default deployment runs a single replica (or pod) of WSO2 Identity server. To scale this deployment into any `` number of container replicas, upon your requirement, simply run following Kubernetes client command on the terminal. ``` -kubectl scale --replicas= -f /is-with-analytics/is/identity-server-deployment.yaml +kubectl scale --replicas= -f /is/identity-server-deployment.yaml ``` For example, If `` is 2, you are here scaling up this deployment from 1 to 2 container replicas.