Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

Kubernetes Linux cluster 2CPU, 7GB RAM. 3 node cluster is recommended for production environment.

SQL Server 2016 or later.

Prerequisites

...

  • Install Kubenetes CLI tool - kubectl. Instructions can be found here: https://kubernetes.io/docs/tasks/tools/install-kubectl/
  • Install the command line tool of the Kubernetes hosting system:
  • SQL Server connection string.
    • The SQL connection user account must have permission create new databases and db_owner of the databases.
  • SSL certificate and private key without password
  • Request the container registry login from IQX for pulling OneList images
  • SMTP server login and email address if email approval channel is enabled
  • Generate the Machine key and encode it to a base64 string for each environmentfor each environment. This is a Base64 string representing an array of 50 bytes.
  • Download these Yaml files

      ...

      ...

      View file
      nameonelist6-ingress.yaml
      height250
      View file
      nameonelist6-deployment.yaml
      height250
      View file
      nameingress-nginx-controller.yaml
      height250

      Minimum Requirement

      EnviromentAKSSQL
      Production

      Cluster nodes:3;

      Cluster node size: 2 vCPU, 8GB RAM

      Elastic pool: Standard,

      eDTU: 100,

      Data size: 100GB

      Firewall settings: Allow Azure services and resources to access this server = ON

      Database collation: SQL_Latin1_General_CP1_CI_AS

      Databases: 

      • OneList_p
      • RoleManager_p
      • Comms_p
      Non-production

      Cluster nodes:1;

      Cluster node size: 2 vCPU, 8GB RAM

      Elastic pool: Standard,

      eDTU: 50,

      Data size: 50GB

      Firewall settings: Allow Azure services and resources to access this server = ON

      Database collation: SQL_Latin1_General_CP1_CI_AS

      Databases: the "x" represents the environment tag, e.g. d for Development, q for QA.

      • OneList_x
      • RoleManager_x
      • Comms_x

      Log on to Azure Kubernetes Service (AKS)

      1. Log on to Azure by executing this command: az login
      2. Setup the Azure log in with kubectl by executing this command: az aks get-credentials --resource-group <Azure_Resource_Group> --name <Azure_Kubernetes_Service>

      Deployment steps

      Open a command prompt from the folder that contains the YAML deployment files. Flow steps below to deploy OneList.

      1. Create the Kubernetes namespace

      Run the command below to create the "onelist" namespacenamespace in Kubernetes, e.g. onelist.

      kubectl create namespace onelist<ONELIST_NAMESPACE>

      2. Create ConfigMap and Secret

      These Kubernetes ConfigMap and Secret defines the required environment variables that are used by OneList services. Open the "config.yaml" in notepad and update the following fields with the actual value. 

      • RoleManager__MachineKeyMachineKey 
        This is a base64 string representing a bit array of 44 bytesThe value is the generated machine key.
      • Database__ConnectionString
        The value is the SQL Server connection string. The name of the databases will be automatically specified by the services.
      • Smtp__UserName 
      • Smtp__Password
      • ASPNETCORE_ENVIRONMENT
        The value specifies the environment. It can be one of the following Production, Dev, QA.
      • Smtp__From
        This is the sender email address of notifications from OneList
      • Smtp__Host
        This is the SMTP server OneList use to send notifications.
      • Smtp__Port
        This is the port of SMTP server.
      • Smtp__UseSsl
        Define if SMTP server uses SSL connection.

      ...

      kubectl apply -f config.yaml --namespace onelist <ONELIST_NAMESPACE>

      3. Create the Secrete for pulling OneList images

      Replace placeholders in the command below and run it.

      kubectl create secret docker-registry iqx.acr --docker-server=https://iqxbusiness.azurecr.io --docker-username=<ACR_USERNAME USERNAME> --docker-password=ACR<ACR_PASSWORD PASSWORD> --docker-email=YOUR<YOUR_EMAIL_ADDRESS ADDRESS> --namespace onelist

      4. Create the TLS secrete

      Run the command below.

      kubectl create secret tls tls.onelist --cert YOURCERTIFICATEFILE --key YOURKEYFILE --namespace onelist

      ...

      namespace <ONELIST_NAMESPACE>

      4. Deploy OneList containers for the apps and services

      Run the 2 commands below.

      kubectl appy apply -f onelist6-deployment.yaml --namespace onelist <ONELIST_NAMESPACE>

      kubectl appy apply -f onelist6-service.yaml --namespace onelist

      ...

       <ONELIST_NAMESPACE>

      5. Create Nginx ingress service

      Run the 2 commands below.

      kubectl create -f ingress-nginx-controller.yaml --namespace onelistyaml

      kubectl create -f onelist6-ingress.yaml --namespace onelist

      Upgrade image version

      Upgrade all applications

      You need to know the namespace where OneList applications are deployed before proceeding with this upgrade. Download the upgrade.ps1 file.  <ONELIST_NAMESPACE>

      6. Create the TLS secrete

      Run the command below.

      powershell -f upgrade.ps1 -n namespaceofonelistapp -v x.x.x

      Upgrade a single application

      If image version update is required, use the command below as a template and apply proper parameters to update image version of applications. 

      kubectl set image deployment/onelistserver onelistserver=iqxbuild.azurecr.io/iqx.onelist.server:v6.2.2 -n namespaceofonelistapp

      Parameters:

      ...

      kubectl create secret tls tls.onelist --cert <SSL_CERTIFICATE_FILE> --key <PRIVATE_KEY_FILE> --namespace ingress-nginx

      7. Create the administrator user account

      • Navigate to the OneList URL in browser, you will be presented to following page to create the first user account. The System Administrator access is automatically granted to this user account.

      Image Added

      • Log on using the email and password of the newly created user account to complete the application configuration steps.