Prerequisites

Install Kubernetes CLI tool - kubectl. Instructions can be found here: https://kubernetes.io/docs/tasks/tools/install-kubectl/
Install the command-line tool of the Kubernetes hosting system:
- Azure (AKS) https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-windows?view=azure-cli-latest
SQL Server connection string.
- The SQL connection user account must have permission to create new databases and db_owner of the databases.
SSL certificate and private key without password
Request the container registry login from IQX for pulling OneList images
SMTP server login and email address if email approval channel is enabled
Generate the Machine key for each environment. This is a Base64 string representing an array of 50 bytes.
- Use tools like https://generate.plus/en/base64 to generate a random string of the required length.
Define the Kubernetes namespace for the OneList environment to be deployed. E.g. onelist-dev, onelist-qa, onelist-prod. It may be required to follow your company's naming standard for these namespaces.
- Use this value to replace the <ONELIST_NAMESPACE> placeholder in the instructions below.
Define the label for the OneList environment to be deployed. This is a short label, e.g. dev, qa, prod. The first letter must be unique in all the environments planned and it is used as the suffix of the database names.
- Use this value to replace the <environment> placeholder in the instructions below.
Define TLS secret name. If the SSL certificate is a wildcard certificate then create the tls.onelist secrete for all environments. If a non-wildcard certificate is used then create the tls.onelist.<environment> secret for the targeted environment.
Download these Yaml files

...

Enviroment

AKS

SQL

Production

Cluster nodes:3;

Cluster node size: 2 vCPU, 7GB RAM

Elastic pool: Standard,

eDTU: 100,

Data size: 100GB

Firewall settings: Allow Azure services and resources to access this server = ON

Database collation: SQL_Latin1_General_CP1_CI_AS

Databases:

OneList_p
RoleManager_p
Comms_p

Non-production

Cluster nodes:3;

Cluster node size: 2 vCPU, 7GB RAM

Elastic pool: Standard,

eDTU: 50,

Data size: 50GB

Firewall settings: Allow Azure services and resources to access this server = ON

Database collation: SQL_Latin1_General_CP1_CI_AS

Databases: the "x" represents the environment tag, e.g. d for Development, q for QA.

OneList_x
RoleManager_x
Comms_x

Log on to Azure Kubernetes Service (AKS)

...

kubectl create namespace <ONELIST_NAMESPACE>

For example:

kubectl create namespace onelist-dev

2. Create ConfigMap and Secret

...

RoleManager__MachineKey
The value is the generated machine key.
Database__ConnectionString
The value is the SQL Server connection string. The name of the databases will be automatically specified by the services.
ASPNETCORE_ENVIRONMENT
The value is <environment>.
Smtp__UserName
Smtp__Password
Smtp__From
This is the sender email address of notifications from OneList
Smtp__Host
This is the SMTP server OneList use to send notifications.
Smtp__Port
This is the port of SMTP server.
Smtp__UseSsl
Define if SMTP server uses SSL connection. For Office365 SMTP service, the value is always false.

...

kubectl apply -f config.yaml --namespace <ONELIST_NAMESPACE>

For example:

kubectl apply -f config.yaml --namespace onelist-dev

3. Create the Secrete for pulling OneList images

Replace placeholders in the command below and run it.

kubectl create secret docker-registry iqx.acr --docker-server=https://iqxbusiness.azurecr.io/ --docker-username=<ACR_USERNAME> --docker-password=<ACR_PASSWORD> --docker-email=<YOUR_EMAIL_ADDRESS> --namespace <ONELIST_NAMESPACE>

For example: kubectl create secret docker-registry iqx.acr --docker-server=https://iqxbusiness.azurecr.io/ --docker-username=acr_username --docker-password=acr_password --docker-email=myemail@example.com --namespace onelist-dev

4. Deploy OneList containers for the apps and services

Run the 2 commands below.

kubectl apply -f onelist6f onelist-deployment.yaml --namespace <ONELIST_NAMESPACE>

kubectl apply -f onelist6f onelist-service.yaml --namespace <ONELIST_NAMESPACE>

For example:

kubectl apply -f onelist6f onelist-deployment.yaml --namespace onelist-dev

kubectl apply -f onelist6f onelist-service.yaml --namespace onelist-dev

5. Create Nginx ingress service

...

5.1 Deploy the first OneList environment (namespace)

Open the ingress-nginx-controller.yaml file in notepad.

Find and replace '<environment>' with the environment label.
Find and replace '<tls secret name>' with the TLS secret name.
Save your changes and close the file.

Open onelist6onelist-ingress.yaml in notepad.

Find and replace '<environment>' with the environment label.
Save your changes and close the file.

Run the 2 commands below.

kubectl create -f ingress-nginx-controller.yaml

kubectl create -f onelist6f onelist-ingress.yaml --namespace <ONELIST_NAMESPACE>

For example:

kubectl create -f ingress-nginx-controller.yaml

kubectl create -f onelist6f onelist-ingress.yaml --namespace onelist-dev

5.2 Deploy additional OneList environment (namespace)

Open the ingress-nginx-controller-additional-environment.yaml file in notepad.

Find and replace '<environment>' with the environment label.
Find and replace '<tls secret name>' with the TLS secret name.
Save your changes and close the file.

Open onelist6onelist-ingress.yaml in notepad.

Find and replace '<environment>' with the name of the environment.
Save your changes and close the file.

Run the 2 commands below.

kubectl create -f ingress-nginx-controller-additional-environment.yaml

kubectl create -f onelist6f onelist-ingress.yaml --namespace <ONELIST_NAMESPACE>

For example:

kubectl create -f ingress-nginx-controller-additional-environment.yaml

kubectl create -f onelist6f onelist-ingress.yaml --namespace onelist-dev

6. Create the TLS secrete for SSL certificate

Run the command below to create the secret.

kubectl create secret tls <tls secret name> --cert <SSL_CERTIFICATE_FILE> --key <PRIVATE_KEY_FILE> --namespace ingress-nginx

For example:

Wildcard certificate: kubectl create secret tls tls.onelist --cert c:\certificates\certificate.cer --key c:\certificates\certifcate.key --namespace ingress-nginx
Non-wildcard certificate: kubectl create secret tls tls.onelist.dev --cert c:\certificates\certificate.cer --key c:\certificates\certifcate.key --namespace ingress-nginx

7. Get the OneList public IP address

Run the following command to discover the public IP address for the environment so that DNS can be created and bound to this IP address.

kubectl get service -n ingress-nginx

8. Create the administrator user account

...

Versions Compared

Old Version 9

New Version 10

Key

Log on to Azure Kubernetes Service (AKS)

2. Create ConfigMap and Secret

3. Create the Secrete for pulling OneList images

4. Deploy OneList containers for the apps and services

5. Create Nginx ingress service

5.1 Deploy the first OneList environment (namespace)

5.2 Deploy additional OneList environment (namespace)

6. Create the TLS secrete for SSL certificate

For example:

7. Get the OneList public IP address

8. Create the administrator user account

Page Comparison

Versions Compared

Old Version 9

New Version 10

Key

Log on to Azure Kubernetes Service (AKS)

2. Create ConfigMap and Secret

3. Create the Secrete for pulling OneList images

4. Deploy OneList containers for the apps and services

5. Create Nginx ingress service

5.1 Deploy the first OneList environment (namespace)

5.2 Deploy additional OneList environment (namespace)

6. Create the TLS secrete for SSL certificate

For example:

7. Get the OneList public IP address

8. Create the administrator user account