Deploying New OneList Instance to AKS
- Alex Xie
- Kevin He
Prerequisites
Install Kubernetes CLI tool - kubectl. Instructions can be found here: Install Tools
Install the command-line tool of the Kubernetes hosting system:
Install Helm package manager
SQL Server connection string.
The SQL connection user account must have permission to create new databases and db_owner of the databases.
SSL certificate with all intermediate certificates in PFX or PEM format
Request the container registry login from IQX for pulling OneList images
SMTP server login and email address if email approval channel is enabled
Generate the Machine key for each environment. This is a Base64 string representing an array of 50 bytes.
Use tools like https://generate.plus/en/base64 to generate a random string of the required length.
Define the Kubernetes namespace for the OneList environment to be deployed. E.g. onelist-dev, onelist-qa, onelist-prod. It may be required to follow your company's naming standard for these namespaces.
Use this value to replace the <ONELIST_NAMESPACE> placeholder in the instructions below.
Define the label for the OneList environment to be deployed. This is a short label, e.g. dev, qa, prod. The first letter must be unique in all the environments planned and it is used as the suffix of the database names.
Use this value to replace the <environment> placeholder in the instructions below.
Download the below two files and put them in the same directory
Recommended Configuration
Enviroment | AKS | SQL |
|---|---|---|
Production | Cluster nodes:3; Cluster node size: 2 vCPU, 16GB RAM Minimum subnet size: /24 | Elastic pool: Standard, eDTU: 100, Data size: 100GB Firewall settings: Allow Azure services and resources to access this server = ON Database collation: SQL_Latin1_General_CP1_CI_AS Databases:
|
Non-production | Cluster nodes:3; Cluster node size: 2 vCPU, 16GB RAM Minimum subnet size: /24 | Elastic pool: Standard, eDTU: 50, Data size: 50GB Firewall settings: Allow Azure services and resources to access this server = ON Database collation: SQL_Latin1_General_CP1_CI_AS Databases: the "x" represents the environment tag, e.g. d for Development, q for QA.
|
Log on to Azure Kubernetes Service (AKS)
Log on to Azure by executing this command: az login
Tip: Specify the tenant if there are multiple tenants. E.g. az login --tenant <tenant>Setup the Azure log in with kubectl by executing this command: az aks get-credentials --resource-group <Azure_Resource_Group> --name <AKS_Cluster_Name>
Deployment steps
Open a command prompt from the folder that contains the YAML deployment files. Flow steps below to deploy OneList.
1. Create Kubernetes cluster and Application gateway
Follow this documentation to create a new AKS cluster with the AGIC add-on enabled.
2. Create the Kubernetes namespace
Run the command below to create the Kubernetes namespace for the OneList environment, e.g. onelist-dev.
kubectl create namespace <ONELIST_NAMESPACE>
For example:
kubectl create namespace onelist-dev
3. Edit values.yaml file
The values.yaml file configures the required environment variables that are used by OneList services.
Open the "values.yaml" in notepad and update the following fields with the actual value.
Config
RoleManager__MachineKey
The value is the generated machine key.Database__ConnectionString
The value is the SQL Server connection string. The name of the databases will be automatically specified by the services.ASPNETCORE_ENVIRONMENT
The value is <environment>.Smtp__UserName
Smtp__Password
Smtp__From
This is the sender email address of notifications from OneListSmtp__Host
This is the SMTP server OneList use to send notifications.Smtp__Port
This is the port of SMTP server.Smtp__UseSsl
Define if SMTP server uses SSL connection. For Office365 SMTP service, the value is always false.RootUrl
Root URL of the OneList site.Localization__DefaultCulture
The default culture. Use the code from: Supported LanguagesLocalization__DefaultTimeZone
The default time zone. The time zone id is the “TZ database name” from this page: List of tz database time zonessupportedCultures
Localization__SupportedCultures__0
The other supported cultures. Use the code from: Supported Languages. When there is more than one supported culture, add another Localization__SupportedCultures__n entry and increase the trailing number n by 1. E.g. Localization__SupportedCultures__1
imageCredentials
username
Login username of IQX container registry.password
Login password of IQX container registry.email
Your email address.
ingress
host
The DNS host name of the OneList application.
image
tag
Tag name of the images that are going to be deployed.
Save the "values.yaml" file.
4. Deploy OneList Helm chart
Enter the folder that contains the values.yaml and onelist.tgz files. Run the command below.
helm install <ONELIST_NAMESPACE> -n <ONELIST_NAMESPACE> -f .\values.yaml onelist.tgz
For example:
helm install onelist-dev -n onelist-dev -f .\values.yaml onelist.tgz
5. Configure SSL connection
Follow step 1 to 4 in this document. Migrate to use Azure Key Vault to host SSL certificate
6. Get the OneList public IP address
Run the following command to discover the public IP address for the environment so that DNS can be created and bound to this IP address.
kubectl get ingress -n <ONELIST_NAMESPACE>
7. Create the administrator user account
Navigate to the OneList URL in the browser, you will be presented to the following page to create the first user account. The System Administrator access is automatically granted to this user account.
Log on using the email and password of the newly created user account to complete the application configuration steps.