Prerequisites

Before deployment of services, you need to install enabling systems and provision servers based on your requirements

Provision Enabling Systems

At a minimum level, deployment of the Rierino platform requires specific enabling systems to be in place, such as a database for persistence. It is recommended that the following (or equivalent systems supported by Rierino) be deployed before starting the platform deployment:

MongoDB

Deploy a MongoDB instance or cluster, to be used as the main data system (alternative data systems can be used with different state managers)
Enable replication on MongoDB if not already enabled, restart services and initiate replication which is required for redundancy as well as change data capture purposes

:
  replSetName: rs0

rs.initiate({ _id: "rs0", version: 1,
members: [
  { _id: 0, host : ":[MONGO_PORT]" }, 
  ...
]})

Kafka

Deploy a Kafka instance or cluster, to be used as the main messaging system (while optional, it is recommended as it allows async services and centralized command management)

Keycloak

Deploy a Keycloak instance or cluster, to be used as the authentication provider (unless solution will be used insecurely for development or a state authentication provider will be used instead)

If deployed as , set tags / labels for deployed systems as follows, which will enable automated population of system addresses in Ansible playbooks:

Instances

AWS (tags:Name)

GCP (labels)

MongoDB

mongodb

Kafka

kafka

Keycloak

keycloak

Why don't we bundle these systems to our solution?

While it is possible to bundle these systems into our deployment packages and enable one-click deployments, it goes against our open architecture principles, where we let our clients replace any external system in our solution architecture or use their existing components for the same.

Also, these are the systems where private customer and commercially sensitive enterprise data is stored, hence we give our clients full control over their deployment and configuration (such as configuring authentication, encryption of data in transit and at rest).

If you don't already have these systems or would like to automated their deployment, check out vendor specific details for .

Set-up Initial Deployment Host

Depending on the option(s) you choose for the next step, install required tools on the machine you will be running deployments from

Install Terraform if you will be using it to provision the Kubernetes cluster:

Install Ansible, collections and their dependencies, if you will be following fully automated deployment option:

pip install kubernetes boto3 botocore
ansible-galaxy collection install kubernetes.core

You can also use the Rierino public Docker image specific to your cloud provider instead of manually installing these dependencies:

Set-up your cloud access credentials that will be used by these tools as environment variables based on your cloud provider and the installed tools (e.g. AWS_ACCESS_KEY_ID, AWS_SECRET_KEY for AWS deployment, kubeconfig file for kubectl)

It is also possible to deploy remotely using helm charts without setting up such initial deployment host, but this approach is recommended as it provides more control and visibility during first deployment.

Provision a Kubernetes Cluster

Create a Kubernetes cluster for Rierino services with the following node pools. If you already have a cluster, you can just create these node pools on that specific cluster.

Node Pool

Usage

admin-node-pool

Used by admin gateway and runner pods

ui-node-pool

Used by admin UI pods

ops-node-pool

Used by CDC and calculation runner pods

infra-node-pool

Used by deployer pods

Terraform Option

If you choose to automate provisioning with Terraform, you can clone our and run the following commands:

git clone --branch release-[RIERINO_VERSION] https://[GIT_USER]:[GIT_TOKEN]@github.com/rierino-open/deployment
cd deployment/environments/[CLOUD]
terraform init
terraform plan 
terraform apply -var="[VARIABLES]"

Terraform apply command will output kubeconfig contents, which should be saved as it will be required as an input file in following steps.

Configure Network Connectivity

Configure firewall settings of your cloud provider to ensure accessibility between the Kubernetes cluster (as well as ) and MongoDB, Kafka, Keycloak instances on required ports (or by providing all to all access adding them to a shared security group).
Issue SSL certificates for load balancers that will be exposed externally.
Issue the following static IPs and DNS mappings for load balancers that will be exposed externally. Alternatively, you can use DNS mappings with load balancer public addresses once they are deployed on following steps.

Static IP

DNS Name

Usage

admin-gateway-lb-ip

admin-api.[DOMAIN]

External access to API gateway

admin-ui-lb-ip

admin-ui.[DOMAIN]

External access to UI

Rierino platform does not expose any resources publicly, other than the load balancer services.

If you wish to access additional system components (such as MongoDB, Keyloak UI, etc.), you can configure their firewall and network settings manually to allow public access.

PreviousKubernetes Deployment NextRecommended: Helm - Fully Automated

Last updated 1 year ago