Versions Compared

Old Version 7

changes.mady.by.user Isuru Ranawaka

Saved on

compared with

New Version 8

changes.mady.by.user Isuru Ranawaka

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The Cert-Manager component is used for the auto renewal of  Let’s Encrypt certificates[6]. This will install Cert-Manager into on the K8 Cluster. Nextly, Certificate Issuer is needed to be configured. For that, we have used the following configuration.

...

According to the above configuration, Let’ Encrypt will use the HTTP challenge. So port 80 should be opened, and traffic should be directed to K8 Cluster. If NodePort is used, ensure that traffic is reachable from outside through the standard ports. (configure reverse proxy) 

...

We have used Flutend, ElasticSearch, and Kibana to pull logs from all nodes. Flutend pulls all logs from nodes and stores them in ES storage. Kibana is pointed to ES as a dashboard and ES fetches all logs collected by Flutend. This logging stack is installed in on kube-logging namespace. 

Install Linkerd Service Mesh

We are using Linkerd Service Mesh[8] to enable SSL for internal inter-service communication and as a dashboard for services. The Following configuration will expose the Linkerd dashboard to the outside environment.

apiVersion: v1
kind: Secret
type: Opaque
metadata:
  name: web-ingress-auth
  namespace: linkerd
data:
  auth: YWRtaW46JGFwcjEkbjdDdTZnSGwkRTQ3b2dmN0NPOE5SWWpFakJPa1dNLgoK
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: web-ingress
  namespace: linkerd
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/upstream-vhost: linkerd-web.linkerd.svc.cluster.local:8084
    nginx.ingress.kubernetes.io/configuration-snippet: |
      proxy_set_header Origin "";
      proxy_hide_header l5d-remote-ip;
      proxy_hide_header l5d-server-id;
    nginx.ingress.kubernetes.io/auth-type: basic
    nginx.ingress.kubernetes.io/auth-secret: web-ingress-auth
    nginx.ingress.kubernetes.io/auth-realm: "Authentication Required"
    cert-manager.io/cluster-issuer: letsencrypt-production
spec:
  rules:
  - host: custos.scigap.org
    http:
      paths:
      - backend:
          serviceName: linkerd-web
          servicePort: 8084
  tls:
    - hosts:
        - custos.scigap.org
      secretName: tls-secret

...

This will build the source code and create docker images,  helm charts to be deployed in on K8 cluster and Java artifacts. Helm charts are created at the "target/helm" path. To publish docker images to the docker repository the then use following command.

       mvn dockerfile:push

...

     helm upgrade --name service_name --namespace custos chart_name     

Troubleshooting 

The  The main areas that you might need to troubleshoot are the Custos services and Databases. Troubleshooting Custos services are very easystraightforward, you can check the logs fom from the Kibana server related to the for the  Custos namespace, or you can directly log into the particular Pod relevant to the service and check for console logs. 

...

   First, check logs from the Kibana dashboard, or login  login into the Master and the Slave nodes pods and check for console logs. Most probably it should print errors.

   Steps to replace a database or migrate a database

  • First login to Slave node and stop Slave replication thread using 

...