Alternative 2: Ansible - Step-by-Step

Step-by-step deployment option uses kubectl and Helm commands to facilitate a more customized deployment plan

PreviousAlternative 1: Ansible - Fully Automated NextCloud Specific Details

Last updated 4 months ago

Alternative 2: Ansible - Step-by-Step

Step-by-step deployment option uses kubectl and Helm commands to facilitate a more customized deployment plan

Why do we have a step-by-step deployment alternative?

While it is possible to automate all the deployment steps listed in this section, since one of core propositions of Rierino is an open architecture, we provide our clients full transparency over the list of activities that are happening.

This approach also allows customization of each step based on performance and cost optimization decisions.

Set-up the Deployer

Rierino platform uses a central deployment coordinator, facilitated through Kubernetes jobs and services. As the first step for deployment, this coordinator should be configured.

Create a "deployment" namespace on Kubernetes cluster, to be used solely by the central deployment coordinator

kubectl create namespace deployment

Create a "deployer-sa" service account on "deployment" namespace, which will be used as the service account for deployment activities

kubectl create serviceaccount --namespace=deployment deployer-sa

Create a "deployer-admin" cluster role with cluster admin rights

kubectl create clusterrole deployer-admin --verb=* --resource=*

Create a cluster role binding, assigning "deployer-admin" role to "deployer-sa" service account on "deployment" namespace

kubectl create clusterrolebinding deployer-admin:deployment:deployer-sa --clusterrole=deployer-admin --serviceaccount=deployment:deployer-sa --namespace=deployment

Install on "deployment" namespace, which will initialize config maps and secrets for the deployer

helm upgrade --install global-deployment https://rierino-open.github.io/helm-charts/unit/global --namespace=deployment

Set global secrets on "deployment" namespace, which will be used for access to Rierino artifacts during deployments

Add your provided Rierino username and password for the :

kubectl patch secret global-secrets-env --namespace deployment --type=json -p='[{"op" : "add", "path" : "/data/MAVEN_USER", "value" : "[BASE64 ENCODED USERNAME]"}]'

kubectl patch secret global-secrets-env --namespace deployment --type=json -p='[{"op" : "add", "path" : "/data/MAVEN_PASSWORD", "value" : "[BASE64 ENCODED PASSWORD]"}]'

kubectl patch secret global-secrets-env --namespace deployment --type=json -p='[{"op" : "replace", "path" : "/data/GIT_TOKEN", "value" : "[BASE64 ENCODED TOKEN]"}]'

kubectl patch secret global-secrets-env --namespace deployment --type=json -p='[{"op" : "replace", "path" : "/data/ASSET_TOKEN", "value" : "[BASE64 ENCODED TOKEN]"}]'

kubectl patch secret global-secrets-env --namespace deployment --type=json -p='[{"op" : "add", "path" : "/data/DOCKER_USER", "value" : "[BASE64 ENCODED USERNAME]"}]'

kubectl patch secret global-secrets-env --namespace deployment --type=json -p='[{"op" : "add", "path" : "/data/DOCKER_PASSWORD", "value" : "[BASE64 ENCODED PASSWORD]"}]'

If you are using AWS as the cloud provider, add your AWS credentials:

kubectl patch secret global-secrets-env --namespace deployment --type=json -p='[{"op" : "add", "path" : "/data/AWS_ACCESS_KEY_ID", "value" : "[BASE64 ENCODED AWS_ACCESS_KEY_ID]"}]'

kubectl patch secret global-secrets-env --namespace deployment --type=json -p='[{"op" : "add", "path" : "/data/AWS_SECRET_KEY", "value" : "[BASE64 ENCODED AWS_SECRET_KEY]"}]'

If you are using GCP as the cloud provider, add your service account file:

kubectl patch secret global-secrets --namespace deployment --type=json -p='[{"op" : "add", "path" : "/data/service_account.json", "value" : "[BASE64 ENCODED SERVICE ACCOUNT FILE]"}]'

Other cloud providers may require additional credentials as well as customization of ansible inventory files.

You can also provide all these secrets during initial installation of the deployment global helm chart using sourceEncoded variable.

helm upgrade --install --force global-deployerapi https://rierino-open.github.io/helm-charts/unit/deployerapi --namespace=deployment --set cloud=gcp --set pool=infra-pool

Now, you can start deploying Rierino workloads and services using the deployer job and deployer api service.

Deployer jobs use Ansible playbooks, which in turn install helm charts, for service deployments. While it is possible to use helm charts directly for service deployments instead, this approach allows centralized management of asset credentials, as well as more structured utilization of deployment asset files to set details of chart parameters.

Populate Assets

Import MongoDB data including configuration of the core services as well as any business modules that will be later used

helm upgrade --install global-deployer-job https://rierino-open.github.io/helm-charts/unit/deployer --namespace=deployment --set playbook=playbooks/_application/mongodb-import.yml --set cloud=

You can add --set values.mongodb_uri=[MONGODB_URI] parameter if MongoDB servers are not already tagged and can be discovered by Ansible inventory plugin.

Create Kafka topics that will be utilized by runners

helm upgrade --install global-deployer-job https://rierino-open.github.io/helm-charts/unit/deployer --namespace=deployment --set playbook=playbooks/_application/kafka-create-topic.yml --set cloud=gcp

You can add --set values.kafkaServers=[KAFKA_SERVERS] parameter if Kafka servers are not already tagged and can be discovered by Ansible inventory plugin.

Create Keycloak realm and clients, if authentication will be used with a Keycloak based authentication service

helm upgrade --install global-deployer-job https://rierino-open.github.io/helm-charts/unit/deployer --namespace=deployment --set playbook=playbooks/_application/keycloak-create-realm.yml --set cloud=gcp--set values.keycloak_admin_user=[KEYCLOAK_USER] --set values.keycloak_admin_password=[KEYCLOAK_PASSWORD]

You can add --set values.kc_api_uri=[KEYCLOAK_URI] parameter if Keycloak server is not already tagged and can be discovered by Ansible inventory plugin.

If additional systems will be utilized, you can use related deployment assets (e.g. Elasticsearch, Druid imports) as well.

Deploy Admin Core Runners

The first set of Rierino services provide the admin core runners, which can be utilized afterwards to deploy additional services through the admin UI itself.

Prepare Namespace

Create a "admin-backend" namespace on Kubernetes cluster, to be used by admin core runners

kubectl create namespace admin-backend

helm upgrade --install global-deployer-job https://rierino-open.github.io/helm-charts/unit/deployer --namespace=deployment --set playbook=playbooks/_application/global-helm.yml --set cloud= --set values.assetSource= --set values.namespace=

Deploy Core Runners

helm upgrade --install global-deployer-job https://rierino-open.github.io/helm-charts/unit/deployer --namespace=deployment --set playbook=playbooks/_application/runner-helm.yml --set cloud=gcp --set values.assetSource=core --set values.source= --set values.deploymentId=

Check from your cloud service provider to confirm that admin_core deployment is now up and running in admin-backend namespace.

Deploy Authentication Runner

helm upgrade --install global-deployer-job https://rierino-open.github.io/helm-charts/unit/deployer --namespace=deployment --set playbook=playbooks/_application/runner-helm.yml --set cloud=gcp --set values.assetSource=core --set values.source= --set values.deploymentId=

Check from your cloud service provider to confirm that admin_token deployment is now up and running in admin-backend namespace.

Deploy Admin Gateway Services

Next set of Rierino services provide the admin gateway and authentication services, which expose backend runners to outside the cluster.

Prepare Namespace

Create a "admin-gateway" namespace on Kubernetes cluster, to be used for API gateway, authentication and session management services

kubectl create namespace admin-gateway

helm upgrade --install global-deployer-job https://rierino-open.github.io/helm-charts/unit/deployer --namespace=deployment --set playbook=playbooks/_application/global-helm.yml --set cloud= --set values.assetSource= --set values.namespace=

Set global secrets on "admin-gateway" namespace, which will be used for authentication operations on API gateway and authentication server

Add secrets required by admin gateway:

kubectl patch secret global-secrets --namespace admin-gateway --type=json -p='[{"op" : "add", "path" : "/data/properties", "value" : "[BASE64 ENCODED PROPERTIES]"}]'

Where properties should include:

rierinoKV.shared.gateway.secret=

Deploy API Gateway

helm upgrade --install global-deployer-job https://rierino-open.github.io/helm-charts/unit/deployer --namespace=deployment --set playbook=playbooks/_application/gateway-helm.yml  --set cloud=gcp --set values.assetSource=core --set values.controller=gateway_admin

Check from your cloud service provider to confirm that gateway_admin deployment is now up and running in admin-gateway namespace. You should be also able to send curl requests to load balancer endpoint for this service.

Deploy Admin UI

Last component to deploy for initialization of Rierino core platform is the admin UI, which allows user interaction with backend services.

Prepare Namespace

Create a "admin-ui" namespace on Kubernetes cluster, to be used for admin user interface services

kubectl create namespace admin-ui

helm upgrade --install global-deployer-job https://rierino-open.github.io/helm-charts/unit/deployer --namespace=deployment --set playbook=playbooks/_application/global-helm.yml --set cloud= --set values.assetSource= --set values.namespace=

Deploy Front-end

helm upgrade --install global-deployer-job https://rierino-open.github.io/helm-charts/unit/deployer --namespace=deployment --set playbook=playbooks/_application/adminui-helm.yml  --set cloud=gcp --set values.call_values.rierinoPullPolicy=Always

Check from your cloud service provider to confirm that adminui deployment is now up and running in admin-ui namespace. You should be also able to use and internet browser to access the load balancer endpoint for this service and start using Rierino.

PreviousAlternative 1: Ansible - Fully Automated NextCloud Specific Details

Last updated 4 months ago