Versions Compared

Version Old Version 11 New Version 12
Changes made by

Kevin He

Kevin He

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: EKS OneList - 7.2.0

...

  • Install Kubernetes CLI tool - kubectl. Instructions can be found here: https://kubernetes.io/docs/tasks/tools/install-kubectl/

  • Install the AWS CLI version 2:

  • Install Helm package manager

  • SQL Server connection string.

    • The SQL user account specified in the connection string must have the db_owner role of the databases so it can create or change tables.

  • Request the container registry login from IQX for pulling OneList images;

  • SMTP server login and sender email address. A full mailbox is required if email approval channel is enabled;

  • Generate the Machine Key for each environment. This is a Base64 string representing an array of 50 bytes.

  • Define the Kubernetes namespace for the OneList environment to be deployed. E.g. onelist-dev, onelist-qa, onelist-prod. It may be required to follow your company's naming standard for these namespaces.

    • Use this value to  replace the <ONELIST_NAMESPACE> placeholder in the instructions below.

  • Define the label for the OneList environment to be deployed. This is a short label, e.g. dev, qa, prod. The first letter must be unique in all the environments planned and it is used as the suffix of the database names.

    • Use this value to replace the <environment> placeholder in the instructions below.

  • Request a Public Certificate using ACM or Import a Certificate into ACM.

  • Download these Yaml files

    alb-onelist-ingress

    the below two files and put them in the same directory.

View file
namevalues.yaml

...

View file
nameonelist

...

.

...

tgz

...

 

Recommended Configuration

...

2. Create ConfigMap and Secret

These Kubernetes ConfigMap and Secret contains The values.yaml file configures the required environment variables that are used by OneList services.

Open the "configvalues.yaml" in notepad and update the following fields with the actual value. 

  • Config

    • RoleManager__MachineKey 
      The value is the generated machine key.

    • Database__ConnectionString
      The value is the SQL Server connection string. The name of the databases will be automatically specified by the services.

    • ASPNETCORE_ENVIRONMENT
      The value is <environment>.

    • Smtp__UserName 

    • Smtp__Password

    • Smtp__From
      This is the sender email address of notifications from OneList

    • Smtp__Host
      This is the SMTP server OneList use to send notifications.

    • Smtp__Port
      This is the port of SMTP server.

    • Smtp__UseSsl
      Define if SMTP server uses SSL connection. For Office365 SMTP service, the value is always false. 

Save the "config.yaml" file then run the command below.

kubectl apply -f config.yaml --namespace <ONELIST_NAMESPACE>

For example: 

kubectl apply -f config.yaml --namespace onelist-dev

3. Create the Secrete for pulling OneList images

Replace placeholders in the command below and run it.

kubectl create secret docker-registry iqx.acr --docker-server=https://iqxbusiness.azurecr.io/ --docker-username=<ACR_USERNAME> --docker-password=<ACR_PASSWORD> --docker-email=<YOUR_EMAIL_ADDRESS> --namespace <ONELIST_NAMESPACE>

For example: kubectl create secret docker-registry iqx.acr --docker-server=https://iqxbusiness.azurecr.io/ --docker-username=acr_username --docker-password=acr_password --docker-email=myemail@example.com --namespace onelist-dev

4. Deploy OneList containers for the apps and services

Run the 2 commands below.

kubectl apply -f onelist-deployment.yaml --namespace <ONELIST_NAMESPACE>

kubectl apply -f alb-onelist-service.yaml --namespace <ONELIST_NAMESPACE>

For example:

kubectl apply -f onelist-deployment.yaml --namespace onelist-dev

kubectl apply -f alb-onelist-service.yaml --namespace onelist-dev

...

    • Localization__DefaultCulture
      The default culture. Use the code from: Supported Languages

    • Localization__DefaultTimeZone
      The default time zone. The time zone id is the “TZ database name” from this page: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones

    • supportedCultures

      • Localization__SupportedCultures__0
        The other supported cultures. Use the code from: Supported Languages. When there is more than one supported culture, add another Localization__SupportedCultures__n entry and increase the trailing number n by 1. E.g. Localization__SupportedCultures__1

  • imageCredentials

    • username
      Login username of IQX container registry.

    • password
      Login password of IQX container registry.

    • email
      Your email address.

  • ingress

    • host
      The DNS host name of the OneList application.

    • certArn
      ARN of the SSL certificate in ACM.

  • image

    • tag
      Tag name of the images that are going to be deployed.

Save the "values.yaml" file.

3. Create Ingress object and ALB load balancer

Follow the instructions in 5.1 to deploy the first OneList environment and the instructions in 5.2 to deploy the additional environments. 

5.1  Deploy the first OneList environment (namespace)

Create ALB Ingress ControllerCreate ALB Ingress Controller. Skip this step if ALB Ingress Controller has already been created.

  • Follow the deployment steps 1-10 in this documentation to create an ALB controller in kube-system namespace.

Open alb-onelist-ingress.yaml in notepad.

  • Find and replace '<SSL certificate ARN>' with the ARN of certificate in ACM.

  • Save your changes and close the file.

4. Deploy OneList Helm chart

Enter the folder that contains the values.yaml and onelist.tgz files. Run the command below.

kubectl apply -f alb-onelist-ingress.yaml --namespace <ONELIST_NAMESPACE>helm install <ONELIST_NAMESPACE> -n <ONELIST_NAMESPACE> -f .\values.yaml onelist.tgz

For example:

kubectl apply -f alb-onelist-ingress.yaml --namespace onelist-dev

5.2 Deploy additional OneList environment (namespace)

Open alb-onelist-ingress.yaml in notepad.

  • Find and replace '<SSL certificate ARN>' with the ARN of certificate in ACM.

  • Save your changes and close the file.

Run the command below.

kubectl apply -f alb-onelist-ingress.yaml --namespace <ONELIST_NAMESPACE>

For example:

kubectl apply -f alb-onelist-ingress.yaml --namespace onelist-dev

...

helm install onelist-dev -n onelist-dev -f .\values.yaml onelist.tgz

5. Get the generated AWS public URL for OneList DNS configuration

Run the following command to discover the public URL of the environment for configuring the OneList DNS alias.

...

The AWS public URL is similar to this: e6325261-onelist650-onelis-7461-1342161572.ap-southeast-2.elb.amazonaws.com

...

6. Create the administrator user account

  • Navigate to the OneList URL in the browser, you will be presented to the following page to create the first user account. The System Administrator access is automatically granted to this user account.

...