Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Prerequisites
  • Install Kubernetes CLI tool - kubectl. Instructions can be found here: https://kubernetes.io/docs/tasks/tools/install-kubectl/
  • Install the command-line tool of the Kubernetes hosting system:
  • SQL Server connection string.
    • The SQL connection user account must have permission to create new databases and db_owner of the databases.
  • SSL certificate and private key without password
  • Request the container registry login from IQX for pulling OneList images
  • SMTP server login and email address if email approval channel is enabled
  • Generate the Machine key for each environment. This is a Base64 string representing an array of 50 bytes.
  • Define the Kubernetes namespace for the OneList environment to be deployed. E.g. onelist-dev, onelist-qa, onelist-prod. It may be required to follow your company's naming standard for these namespaces.
    • Use this value to  replace the <ONELIST_NAMESPACEplaceholder in the instructions below.
  • Define the label for the OneList environment to be deployed. This is a short label, e.g. dev, qa, prod. The first letter must be unique in all the environments planned and it is used as the suffix of the database names.
    • Use this value to replace the <environment> placeholder in the instructions below.
  • Define TLS secret name. If the SSL certificate is a wildcard certificate then create the tls.onelist secrete for all environments. If a non-wildcard certificate is used then create the tls.onelist.<environmentsecret for the targeted environment.
  • Download these Yaml files

Recommended Configuration

...

Cluster nodes:3;

Cluster node size: 2 vCPU, 7GB RAM

...

Elastic pool: Standard,

eDTU: 100,

Data size: 100GB

Firewall settings: Allow Azure services and resources to access this server = ON

Database collation: SQL_Latin1_General_CP1_CI_AS

Databases: 

  • OneList_p
  • RoleManager_p
  • Comms_p

...

Cluster nodes:3;

Cluster node size: 2 vCPU, 7GB RAM

...

Elastic pool: Standard,

eDTU: 50,

Data size: 50GB

Firewall settings: Allow Azure services and resources to access this server = ON

Database collation: SQL_Latin1_General_CP1_CI_AS

Databases: the "x" represents the environment tag, e.g. d for Development, q for QA.

  • OneList_x
  • RoleManager_x
  • Comms_x

Log on to Azure Kubernetes Service (AKS)

  1. Log on to Azure by executing this command: az login
    Tip: Specify the tenant if there are multiple tenants. E.g. az login --tenant <tenant>
  2. Setup the Azure log in with kubectl by executing this command: az aks get-credentials --resource-group <Azure_Resource_Group> --name <AKS_Cluster_Name>

Deployment steps

Open a command prompt from the folder that contains the YAML deployment files. Flow steps below to deploy OneList.

1. Create the Kubernetes namespace

Run the command below to create the Kubernetes namespace for the OneList environment, e.g. onelist-dev.

kubectl create namespace <ONELIST_NAMESPACE>

For example: 

kubectl create namespace onelist-dev

2. Create ConfigMap and Secret

These Kubernetes ConfigMap and Secret contains the required environment variables that are used by OneList services.

Open the "config.yaml" in notepad and update the following fields with the actual value. 

  • RoleManager__MachineKey 
    The value is the generated machine key.
  • Database__ConnectionString
    The value is the SQL Server connection string. The name of the databases will be automatically specified by the services.
  • ASPNETCORE_ENVIRONMENT
    The value is <environment>.
  • Smtp__UserName 
  • Smtp__Password
  • Smtp__From
    This is the sender email address of notifications from OneList
  • Smtp__Host
    This is the SMTP server OneList use to send notifications.
  • Smtp__Port
    This is the port of SMTP server.
  • Smtp__UseSsl
    Define if SMTP server uses SSL connection. For Office365 SMTP service, the value is always false. 

Save the "config.yaml" file then run the command below.

kubectl apply -f config.yaml --namespace <ONELIST_NAMESPACE>

For example: 

kubectl apply -f config.yaml --namespace onelist-dev

3. Create the Secrete for pulling OneList images

Replace placeholders in the command below and run it.

kubectl create secret docker-registry iqx.acr --docker-server=https://iqxbusiness.azurecr.io/ --docker-username=<ACR_USERNAME> --docker-password=<ACR_PASSWORD> --docker-email=<YOUR_EMAIL_ADDRESS> --namespace <ONELIST_NAMESPACE>

For example: kubectl create secret docker-registry iqx.acr --docker-server=https://iqxbusiness.azurecr.io/ --docker-username=acr_username --docker-password=acr_password --docker-email=myemail@example.com --namespace onelist-dev

4. Deploy OneList containers for the apps and services

Run the 2 commands below.

kubectl apply -f onelist6-deployment.yaml --namespace <ONELIST_NAMESPACE>

kubectl apply -f onelist6-service.yaml --namespace <ONELIST_NAMESPACE>

For example:

kubectl apply -f onelist6-deployment.yaml --namespace onelist-dev

kubectl apply -f onelist6-service.yaml --namespace onelist-dev

5. Create Nginx ingress service

Follow the instructions in 5.1 to deploy the first OneList environment and the instructions in 5.2 to deploy the additional environments. 

5.1  Deploy the first OneList environment (namespace)

Open the ingress-nginx-controller.yaml file in notepad. 

  • Find and replace '<environment>' with the environment label.
  • Find and replace '<tls secret name>' with the TLS secret name.
  • Save your changes and close the file.

Open onelist6-ingress.yaml in notepad.

  • Find and replace '<environment>' with the environment label.
  • Save your changes and close the file.

Run the 2 commands below.

kubectl create -f ingress-nginx-controller.yaml

kubectl create -f onelist6-ingress.yaml --namespace <ONELIST_NAMESPACE>

For example:

kubectl create -f ingress-nginx-controller.yaml

kubectl create -f onelist6-ingress.yaml --namespace onelist-dev

5.2 Deploy additional OneList environment (namespace)

Open the ingress-nginx-controller-additional-environment.yaml file in notepad. 

  • Find and replace '<environment>' with the environment label.
  • Find and replace '<tls secret name>' with the TLS secret name. 
  • Save your changes and close the file.

Open onelist6-ingress.yaml in notepad.

  • Find and replace '<environment>' with  the name of the environment.
  • Save your changes and close the file.

Run the 2 commands below.

kubectl create -f ingress-nginx-controller-additional-environment.yaml

kubectl create -f onelist6-ingress.yaml --namespace <ONELIST_NAMESPACE>

For example:

kubectl create -f ingress-nginx-controller-additional-environment.yaml

kubectl create -f onelist6-ingress.yaml --namespace onelist-dev

6. Create the TLS secrete for SSL certificate

Run the command below to create the secret. 

kubectl create secret tls <tls secret name> --cert <SSL_CERTIFICATE_FILE> --key <PRIVATE_KEY_FILE> --namespace ingress-nginx

For example: 

  • Wildcard certificate: kubectl create secret tls tls.onelist --cert c:\certificates\certificate.cer --key c:\certificates\certifcate.key --namespace ingress-nginx
  • Non-wildcard certificate: kubectl create secret tls tls.onelist.dev --cert c:\certificates\certificate.cer --key c:\certificates\certifcate.key  --namespace ingress-nginx

...

Prerequisites

  • Install Kubernetes CLI tool - kubectl. Instructions can be found here: https://kubernetes.io/docs/tasks/tools/install-kubectl/

  • Install the command-line tool of the Kubernetes hosting system:

  • Install Helm package manager

  • SQL Server connection string.

    • The SQL connection user account must have permission to create new databases and db_owner of the databases.

  • SSL certificate with all intermediate certificates in PFX or PEM format

  • Request the container registry login from IQX for pulling OneList images

  • SMTP server login and email address if email approval channel is enabled

  • Generate the Machine key for each environment. This is a Base64 string representing an array of 50 bytes.

  • Define the Kubernetes namespace for the OneList environment to be deployed. E.g. onelist-dev, onelist-qa, onelist-prod. It may be required to follow your company's naming standard for these namespaces.

    • Use this value to  replace the <ONELIST_NAMESPACE> placeholder in the instructions below.

  • Define the label for the OneList environment to be deployed. This is a short label, e.g. dev, qa, prod. The first letter must be unique in all the environments planned and it is used as the suffix of the database names.

    • Use this value to replace the <environment> placeholder in the instructions below.

  • Download the below two files and put them in the same directory

View file
namevalues.yaml
View file
nameonelist.tgz

 

Recommended Configuration

Enviroment

AKS

SQL

Production

Cluster nodes:3;

Cluster node size: 2 vCPU, 16GB RAM

Minimum subnet size: /24

Elastic pool: Standard,

eDTU: 100,

Data size: 100GB

Firewall settings: Allow Azure services and resources to access this server = ON

Database collation: SQL_Latin1_General_CP1_CI_AS

Databases: 

  • OneList_p

  • RoleManager_p

  • Comms_p

Non-production

Cluster nodes:3;

Cluster node size: 2 vCPU, 16GB RAM

Minimum subnet size: /24

Elastic pool: Standard,

eDTU: 50,

Data size: 50GB

Firewall settings: Allow Azure services and resources to access this server = ON

Database collation: SQL_Latin1_General_CP1_CI_AS

Databases: the "x" represents the environment tag, e.g. d for Development, q for QA.

  • OneList_x

  • RoleManager_x

  • Comms_x

Log on to Azure Kubernetes Service (AKS)

  1. Log on to Azure by executing this command: az login
    Tip: Specify the tenant if there are multiple tenants. E.g. az login --tenant <tenant>

  2. Setup the Azure log in with kubectl by executing this command: az aks get-credentials --resource-group <Azure_Resource_Group> --name <AKS_Cluster_Name>

Deployment steps

Open a command prompt from the folder that contains the YAML deployment files. Flow steps below to deploy OneList.

1. Create Kubernetes cluster and Application gateway

Follow this documentation to create a new AKS cluster with the AGIC add-on enabled.

https://docs.microsoft.com/en-us/azure/application-gateway/tutorial-ingress-controller-add-on-new#deploy-an-aks-cluster-with-the-add-on-enabled

2. Create the Kubernetes namespace

Run the command below to create the Kubernetes namespace for the OneList environment, e.g. onelist-dev.

kubectl create namespace <ONELIST_NAMESPACE>

For example: 

kubectl create namespace onelist-dev

3. Edit values.yaml file

The values.yaml file configures the required environment variables that are used by OneList services.

Open the "values.yaml" in notepad and update the following fields with the actual value. 

  • Config

    • RoleManager__MachineKey 
      The value is the generated machine key.

    • Database__ConnectionString
      The value is the SQL Server connection string. The name of the databases will be automatically specified by the services.

    • ASPNETCORE_ENVIRONMENT
      The value is <environment>.

    • Smtp__UserName 

    • Smtp__Password

    • Smtp__From
      This is the sender email address of notifications from OneList

    • Smtp__Host
      This is the SMTP server OneList use to send notifications.

    • Smtp__Port
      This is the port of SMTP server.

    • Smtp__UseSsl
      Define if SMTP server uses SSL connection. For Office365 SMTP service, the value is always false. 

    • RootUrl
      Root URL of the OneList site.

    • Localization__DefaultCulture
      The default culture. Use the code from: Supported Languages

    • Localization__DefaultTimeZone
      The default time zone. The time zone id is the “TZ database name” from this page: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones

    • supportedCultures

      • Localization__SupportedCultures__0
        The other supported cultures. Use the code from: Supported Languages. When there is more than one supported culture, add another Localization__SupportedCultures__n entry and increase the trailing number n by 1. E.g. Localization__SupportedCultures__1

  • imageCredentials

    • username
      Login username of IQX container registry.

    • password
      Login password of IQX container registry.

    • email
      Your email address.

  • ingress

    • host
      The DNS host name of the OneList application.

  • image

    • tag
      Tag name of the images that are going to be deployed.

Save the "values.yaml" file.

4. Deploy OneList Helm chart

Enter the folder that contains the values.yaml and onelist.tgz files. Run the command below.

helm install <ONELIST_NAMESPACE> -n <ONELIST_NAMESPACE> -f .\values.yaml onelist.tgz

For example:

helm install onelist-dev -n onelist-dev -f .\values.yaml onelist.tgz

5. Configure SSL connection

Follow step 1 to 4 in this document. Migrate to use Azure Key Vault to host SSL certificate

6. Get the OneList public IP address

Run the following command to discover the public IP address for the environment so that DNS can be created and bound to this IP address.

kubectl get service ingress -n ingress-nginx

...

<ONELIST_NAMESPACE>

7. Create the administrator user account

  • Navigate to the OneList URL in the browser, you will be presented to the following page to create the first user account. The System Administrator access is automatically granted to this user account.

...

  • Log on using the email and password of the newly created user account to complete the application configuration steps.