Prerequisites
Install Kubernetes CLI tool - kubectl. Instructions can be found here: https://kubernetes.io/docs/tasks/tools/install-kubectl/
Install the AWS CLI version 2:
SQL Server connection string.
The SQL connection user account must have permission to create new databases and db_owner of the databases.
SSL certificate and private key without password
Request the container registry login from IQX for pulling OneList images
SMTP server login and email address if email approval channel is enabled
Generate the Machine key for each environment. This is a Base64 string representing an array of 50 bytes.
Use tools like https://generate.plus/en/base64 to generate a random string of the required length.
Define the Kubernetes namespace for the OneList environment to be deployed. E.g. onelist-dev, onelist-qa, onelist-prod. It may be required to follow your company's naming standard for these namespaces.
Use this value to replace the <ONELIST_NAMESPACE> placeholder in the instructions below.
Define the label for the OneList environment to be deployed. This is a short label, e.g. dev, qa, prod. The first letter must be unique in all the environments planned and it is used as the suffix of the database names.
Use this value to replace the <environment> placeholder in the instructions below.
Request a Public Certificate using ACM or Import a Certificate into ACM.
Download these Yaml files
Recommended Configuration
Environments | EKS | SQL |
|---|---|---|
Production | Worker node: EC2 T3.large, 2 vCPU, 8 GiB RAM Worker node count: 3;
| Amazon RDS for SQL Server
Databases:
|
Non-production | Worker node: EC2 T3.large, 2 vCPU, 8 GiB RAM Worker node count: 3; | Amazon RDS for SQL Server
Databases: the "x" represents the environment tag, e.g. d for Development, q for QA.
|
Connect to EKS cluster
Configure your AWS CLI credential if it is not yet configured.
Run command below and input information prompted.
aws configure
For more information, see Configuring the AWS CLI.Set context to the EKS cluster. Run the command below.
aws eks --region <region> update-kubeconfig --name <cluster_name>
Deployment steps
Open a command prompt from the folder that contains the YAML deployment files. Flow steps below to deploy OneList.
1. Create the Kubernetes namespace
Run the command below to create the Kubernetes namespace for the OneList environment, e.g. onelist-dev.
kubectl create namespace <ONELIST_NAMESPACE>
For example:
kubectl create namespace onelist-dev
2. Create ConfigMap and Secret
These Kubernetes ConfigMap and Secret contains the required environment variables that are used by OneList services.
Open the "config.yaml" in notepad and update the following fields with the actual value.
RoleManager__MachineKey
The value is the generated machine key.Database__ConnectionString
The value is the SQL Server connection string. The name of the databases will be automatically specified by the services.ASPNETCORE_ENVIRONMENT
The value is <environment>.Smtp__UserName
Smtp__Password
Smtp__From
This is the sender email address of notifications from OneListSmtp__Host
This is the SMTP server OneList use to send notifications.Smtp__Port
This is the port of SMTP server.Smtp__UseSsl
Define if SMTP server uses SSL connection. For Office365 SMTP service, the value is always false.
Save the "config.yaml" file then run the command below.
kubectl apply -f config.yaml --namespace <ONELIST_NAMESPACE>
For example:
kubectl apply -f config.yaml --namespace onelist-dev
3. Create the Secrete for pulling OneList images
Replace placeholders in the command below and run it.
kubectl create secret docker-registry iqx.acr --docker-server=https://iqxbusiness.azurecr.io/ --docker-username=<ACR_USERNAME> --docker-password=<ACR_PASSWORD> --docker-email=<YOUR_EMAIL_ADDRESS> --namespace <ONELIST_NAMESPACE>
For example: kubectl create secret docker-registry iqx.acr --docker-server=https://iqxbusiness.azurecr.io/ --docker-username=acr_username --docker-password=acr_password --docker-email=myemail@example.com --namespace onelist-dev
4. Deploy OneList containers for the apps and services
Run the 2 commands below.
kubectl apply -f onelist-deployment.yaml --namespace <ONELIST_NAMESPACE>
kubectl apply -f alb-onelist-service.yaml --namespace <ONELIST_NAMESPACE>
For example:
kubectl apply -f onelist-deployment.yaml --namespace onelist-dev
kubectl apply -f onelist-service.yaml --namespace onelist-dev
5. Create Ingress object and ALB load balancer
Follow the instructions in 5.1 to deploy the first OneList environment and the instructions in 5.2 to deploy the additional environments.
5.1 Deploy the first OneList environment (namespace)
Create ALB Ingress Controller
Follow this documentation to create an ALB controller in kube-system namespace.
Open alb-onelist-ingress.yaml in notepad.
Find and replace '<SSL certificate ARN>' with the ARN of certificate in ACM.
Save your changes and close the file.
Run the command below.
kubectl apply -f alb-onelist-ingress.yaml --namespace <ONELIST_NAMESPACE>
For example:
kubectl apply -f alb-onelist-ingress.yaml --namespace onelist-dev
5.2 Deploy additional OneList environment (namespace)
Open alb-onelist-ingress.yaml in notepad.
Find and replace '<SSL certificate ARN>' with the ARN of certificate in ACM.
Save your changes and close the file.
Run the command below.
kubectl apply -f alb-onelist-ingress.yaml --namespace <ONELIST_NAMESPACE>
For example:
kubectl apply -f alb-onelist-ingress.yaml --namespace onelist-dev
6. Get the OneList public IP address
Run the following command to discover the public IP address for the environment so that DNS can be created and bound to this IP address.
kubectl get service -n ingress-nginx
7. Create the administrator user account
Navigate to the OneList URL in the browser, you will be presented to the following page to create the first user account. The System Administrator access is automatically granted to this user account.
Log on using the email and password of the newly created user account to complete the application configuration steps.