Skip to content

Latest commit

 

History

History

kubernetes

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
README.md
README.md
 
 
install_microk8s.sh
install_microk8s.sh
 
 
setup.example.tf
setup.example.tf
 
 
setup.example.tfvars
setup.example.tfvars
 
 

README.md

Install Onify on Kubernetes

To simplify the installation on Kubernetes we are currently using Terraform. You can checkout our Terraform modules.

Prerequisites

Kubernetes

You need to have a Kubernetes cluster (container platform) up and running, like Google Kubernetes Engine (GKE), Red Hat OpenShift or Azure Kubernetes Service (AKS) or MicroK8s (Linux machine).

Access to container images

You need access to the Onify Hub container images located at Google Container Registry (eu.gcr.io). For this you need a keyfile.json. Please contact [email protected] for more info.

You might also need access to GitHub Container Registry (ghcr.io). You need a username and a personal access token (PAT) for this.

Linux and MicroK8s

Installing Onify Hub on a single Linux machine requires MicroK8s and Terraform. Here is script to set everything up:

curl -L https://raw.githubusercontent.com/onify/install/default/hub/kubernetes/install_microk8s.sh | bash

Installation

  1. Create a .tf Terraform file (see setup.example.tf)
  2. Create a .tfvars file for Terraform variables (see setup.example.tfvars)
  3. Run terraform init to download and initialize Onify Terraform modules
  4. Run terraform plan to plan Onify infrastructure (optional)
  5. Run terraform apply to apply Onify infrastructure

Custom TLS

You can add your own custom cert instead of default Let's Encrypt. Create a Kubernetes secret manifest file container certificate and key. Here is an example:

Create a file called custom_tls_example.yaml containing:

apiVersion: v1
kind: Secret
metadata:
  name: onify-custom 
  namespace: default
type: kubernetes.io/tls
data:
  tls.crt: <base64-encoded-certificate>
  tls.key: <base64-encoded-private-key>

Then you need to apply the secret with:

kubectl apply -f custom_tls_example.yaml

And set the tls variable in the .tf file:

tls = "onify-custom"

Helix

Helix is default true but can be disabled with helix = false in the .tf file.

Helix path

Helix path is default /helix but can be changed with helix_path in the .tf file.

Ingress

Ingress is default true but can be disabled with ingress = false in the .tf file.

Troubleshooting

kubeconfig

You might need to run export KUBECONFIG=kubeconfig to get kubectl working.

kubectl port-forward

Use port forwarding to test the app and login with username and password.

kubectl port-forward --address localhost pod/onify-app-0 3000:3000 -n onify-{CLIENT CODE}-{INSTANCE CODE}

Access denied in Elasticsearch

Sometimes you will end up with a access denied error in the Elasticsearch logs related to the folder to store data. This is often related to access and can be fixed using this command:

chown -R 1000:2000 /usr/share/elasticsearch/data