Skip to content

Commit

Permalink
Merge pull request #48 from chirangaalwis/kubernetes-is-v5.6.x-readme…
Browse files Browse the repository at this point in the history
…-docs

Update README.md documentation of Kubernetes and Helm resources
  • Loading branch information
msmshariq authored Jul 10, 2018
2 parents 7ef445f + f51a419 commit 454d9c9
Show file tree
Hide file tree
Showing 7 changed files with 496 additions and 258 deletions.
126 changes: 121 additions & 5 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,123 @@
# Kubernetes Resources for WSO2 Identity Server
*Kubernetes Resources for container-based deployments of WSO2 Identity Server*
# Kubernetes and Helm Resources for WSO2 Identity Server
*Kubernetes and Helm Resources for container-based deployments of WSO2 Identity Server deployment patterns*

This repository contains Kubernetes resources required for,
* [A clustered deployment of WSO2 Identity Server](is)
This repository contains Kubernetes and Helm resources required for,

* [A clustered deployment of WSO2 Identity Server with Analytics support](is-with-analytics)
* A clustered deployment of WSO2 Identity Server

* A clustered deployment of WSO2 Identity Server with Analytics support

## Deploy Kubernetes resources

In order to deploy Kubernetes resources for each deployment pattern, follow the **Quick Start Guide**s for each deployment pattern
given below:

* [A clustered deployment of WSO2 Identity Server](is/README.md)

* [A clustered deployment of WSO2 Identity Server with Analytics support](is-with-analytics/README.md)

## Deploy Helm resources

In order to deploy Helm resources for each deployment pattern, follow the **Quick Start Guide**s for each deployment pattern
given below:

* [A clustered deployment of WSO2 Identity Server](helm/is/README.md)

* [A clustered deployment of WSO2 Identity Server with Analytics support](helm/is-with-analytics/README.md)

## How to update configurations

Kubernetes resources for WSO2 products use Kubernetes [ConfigMaps](https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/)
to pass on the minimum set of configurations required to setup a product deployment pattern.

For example, the minimum set of configurations required to setup a clustered deployment of WSO2 Identity Server can be found
in `<KUBERNETES_HOME>/is/confs` directory. The Kubernetes ConfigMaps are generated from these files.

If you intend to pass on any additional files with configuration changes, third-party libraries, OSGi bundles and security
related artifacts to the Kubernetes cluster, you may mount the desired content to `/home/wso2carbon/wso2-server-volume` directory path within
a WSO2 product Docker container.

The following example depicts how this can be achieved when passing additional configurations to WSO2 Identity Server
in a clustered deployment of WSO2 Identity Server:

a. In order to apply the updated configurations, WSO2 product server instances need to be restarted. Hence, un-deploy all the Kubernetes resources
corresponding to the product deployment, if they are already deployed.

b. Create and export a directory within the NFS server instance.

c. Add the additional configuration files, third-party libraries, OSGi bundles and security related artifacts, into appropriate
folders matching that of the relevant WSO2 product home folder structure, within the previously created directory.

d. Grant ownership to `wso2carbon` user and `wso2` group, for the directory created in step (b).

```
sudo chown -R wso2carbon:wso2 <directory_name>
```
e. Grant read-write-execute permissions to the `wso2carbon` user, for the directory created in step (b).

```
chmod -R 700 <directory_name>
```

f. Map the directory created in step (b) to a Kubernetes [Persistent Volume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/)
in the `<KUBERNETES_HOME>/is/volumes/persistent-volumes.yaml` file. For example, append the following entry to the file:

```
apiVersion: v1
kind: PersistentVolume
metadata:
name: identity-server-additional-config-pv
labels:
purpose: is-additional-configs
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Retain
nfs:
server: <NFS_SERVER_IP>
path: "<NFS_LOCATION_PATH>"
```

Provide the appropriate `NFS_SERVER_IP` and `NFS_LOCATION_PATH`.

g. Create a Kubernetes Persistent Volume Claim to bind with the Kubernetes Persistent Volume created in step e. For example, append the following entry
to the file `<KUBERNETES_HOME>/is/identity-server-volume-claim.yaml`:

```
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: identity-server-additional-config-volume-claim
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
storageClassName: ""
selector:
matchLabels:
purpose: is-additional-configs
```

h. Update the appropriate Kubernetes [Deployment](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/) resource(s).
For example in the discussed scenario, update the volumes (`spec.template.spec.volumes`) and volume mounts (`spec.template.spec.containers[wso2is].volumeMounts`) in
`<KUBERNETES_HOME>/is/identity-server-deployment.yaml` file as follows:

```
volumeMounts:
...
- name: is-additional-config-storage-volume
mountPath: "/home/wso2carbon/wso2-server-volume"
volumes:
...
- name: is-additional-config-storage-volume
persistentVolumeClaim:
claimName: identity-server-additional-config-volume-claim
```

i. Deploy the Kubernetes resources as defined in section **Quick Start Guide** for a clustered deployment of WSO2 Identity Server.
132 changes: 85 additions & 47 deletions helm/is-with-analytics/README.md
Original file line number Diff line number Diff line change
@@ -1,101 +1,139 @@
# Helm Charts for deployment of WSO2 Identity Server with Analytics
# Helm Chart for deployment of WSO2 Identity Server with WSO2 Identity Server Analytics

## Contents

* [Prerequisites](#prerequisites)
* [Quick Start Guide](#quick-start-guide)

## Prerequisites
In order to use WSO2 Helm resources, you need an active WSO2 subscription. If you do not possess an active WSO2

* In order to use WSO2 Helm resources, you need an active WSO2 subscription. If you do not possess an active WSO2
subscription already, you can sign up for a WSO2 Free Trial Subscription from [here](https://wso2.com/free-trial-subscription).<br><br>

* Install [Git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git), [Helm](https://github.com/kubernetes/helm/blob/master/docs/install.md)
(and Tiller) and [Kubernetes client](https://kubernetes.io/docs/tasks/tools/install-kubectl/) in order to run the
(and Tiller) and [Kubernetes client](https://kubernetes.io/docs/tasks/tools/install-kubectl/) (compatible with v1.10) in order to run the
steps provided in the following quick start guide.<br><br>

* An already setup [Kubernetes cluster](https://kubernetes.io/docs/setup/pick-right-solution/).<br><br>

* Install [NGINX Ingress Controller](https://kubernetes.github.io/ingress-nginx/deploy/). This can
be easily done via
```
helm install stable/nginx-ingress --name nginx-wso2is-analytics --set rbac.create=true
```

## Quick Start Guide
>In the context of this document, <br>
>* `KUBERNETES_HOME` will refer to a local copy of the [`wso2/kubernetes-is`](https://github.com/wso2/kubernetes-is/)
Git repository. <br>
>* `HELM_HOME` will refer to `<KUBERNETES_HOME>/helm/is-with-analytics`. <br>
##### 1. Checkout Kubernetes Resources for WSO2 Identity server Git repository:
##### 1. Clone the Kubernetes Resources for WSO2 Identity Server Git repository.

```
git clone https://github.com/wso2/kubernetes-is.git
```

##### 2. Provide configurations:
##### 2. Setup a Network File System (NFS) to be used for persistent storage.

Create and export unique directories within the NFS server instance for each of the following Kubernetes Persistent Volume
resources defined in the `<HELM_HOME>/is-conf/values.yaml` file:

* `sharedDeploymentLocationPath`
* `sharedTenantsLocationPath`
* `analytics1DataLocationPath`
* `analytics2DataLocationPath`
* `analytics1LocationPath`
* `analytics2LocationPath`

Grant ownership to `wso2carbon` user and `wso2` group, for each of the previously created directories.

```
sudo chown -R wso2carbon:wso2 <directory_name>
```

Grant read-write-execute permissions to the `wso2carbon` user, for each of the previously created directories.

```
chmod -R 700 <directory_name>
```

##### 3. Provide configurations.

1. The default product configurations are available at `<HELM_HOME>/is-with-analytics-conf/confs` folder. Change the
a. The default product configurations are available at `<HELM_HOME>/is-with-analytics-conf/confs` folder. Change the
configurations as necessary.

2. Open the `<HELM_HOME>/is-with-analytics-conf/values.yaml` and provide the following values.

`username`: Username of your Free Trial Subscription<br>
`password`: Password of your Free Trial Subscription<br>
`email`: Docker email<br>
`namespace`: Namespace<br>
`svcaccount`: Service Account<br>
`serverIp`: NFS Server IP<br>
`locationPath`: NFS location path<br>
`sharedDeploymentLocationPath`: NFS shared deployment directory(<IS_HOME>/repository/deployment) location for IS<br>
`sharedTenantsLocationPath`: NFS shared tenants directory(<IS_HOME>/repository/tenants) location for IS<br>
`analytics1DataLocationPath`: NFS volume for Indexed data for Analytics node 1(<DAS_HOME>/repository/data)<br>
`analytics2DataLocationPath`: NFS volume for Indexed data for Analytics node 2(<DAS_HOME>/repository/data)<br>
`analytics1LocationPath`: NFS volume for Analytics data for Analytics node 1(<DAS_HOME>/repository/analytics)<br>
`analytics2LocationPath`: NFS volume for Analytics data for Analytics node 2(<DAS_HOME>/repository/analytics)

3. Open the `<HELM_HOME>/is-with-analytics-deployment/values.yaml` and provide the following values.

`namespace`: Namespace<br>
`svcaccount`: Service Account
b. Open the `<HELM_HOME>/is-with-analytics-conf/values.yaml` and provide the following values.

| Parameter | Description |
|---------------------------------|-------------------------------------------------------------------------------------------|
| `username` | Your WSO2 username |
| `password` | Your WSO2 password |
| `email` | Docker email |
| `namespace` | Kubernetes Namespace in which the resources are deployed |
| `svcaccount` | Kubernetes Service Account in the `namespace` to which product instance pods are attached |
| `serverIp` | NFS Server IP |
| `sharedDeploymentLocationPath` | NFS shared deployment directory(`<IS_HOME>/repository/deployment`) location for EI |
| `sharedTenantsLocationPath` | NFS shared tenants directory(`<IS_HOME>/repository/tenants`) location for EI |
| `analytics1DataLocationPath` | NFS volume for Indexed data for Analytics node 1(`<DAS_HOME>/repository/data`) |
| `analytics2DataLocationPath` | NFS volume for Indexed data for Analytics node 2(`<DAS_HOME>/repository/data`) |
| `analytics1LocationPath` | NFS volume for Analytics data for Analytics node 1(`<DAS_HOME>/repository/analytics`) |
| `analytics2LocationPath` | NFS volume for Analytics data for Analytics node 2(`<DAS_HOME>/repository/analytics`) |

c. Open the `<HELM_HOME>/is-with-analytics-deployment/values.yaml` and provide the following values.

##### 3. Deploy the configurations:
| Parameter | Description |
|---------------------------------|-------------------------------------------------------------------------------------------|
| `namespace` | Kubernetes Namespace in which the resources are deployed |
| `svcaccount` | Kubernetes Service Account in the `namespace` to which product instance pods are attached |


##### 4. Deploy the configurations.

```
helm install --name <RELEASE_NAME> <HELM_HOME>/is-with-analytics-conf
```

##### 4. Deploy MySQL:
If there is an external product database(s), add those configurations as stated at `step 2.1`. Otherwise, run the below
command to create the product database.
##### 5. Deploy product database(s) using MySQL in Kubernetes.

```
helm install --name wso2is-with-analytics-rdbms-service -f <HELM_HOME>/mysql/values.yaml
stable/mysql --namespace <NAMESPACE>
helm install --name wso2is-with-analytics-rdbms-service -f <HELM_HOME>/mysql/values.yaml stable/mysql --namespace <NAMESPACE>
```
`NAMESPACE` should be same as `step 2.2`.

##### 5. Deploy WSO2 Enterprise Identity server:
`NAMESPACE` should be same as in `step 3.b`.

For a serious deployment (e.g. production grade setup), it is recommended to connect product instances to a user owned and managed RDBMS instance.

##### 6. Deploy WSO2 Identity Server with WSO2 Identity Server Analytics.

```
helm install --name <RELEASE_NAME> <HELM_HOME>/is-with-analytics-deployment
```

##### 6. Access Management Console:
##### 7. Access Management Console.

Default deployment will expose two publicly accessible hosts, namely:<br>
1. `wso2is` - To expose Administrative services and Management Console<br>
2. `wso2is-analytics` - To expose Analytics server<br>
Default deployment will expose `wso2is` and `wso2is-analytics` hosts (to expose Administrative services and Management Console).

To access the console in a test environment,
To access the console in the environment,

1. Obtain the external IP (`EXTERNAL-IP`) of the Ingress resources by listing down the Kubernetes Ingresses (using `kubectl get ing -n wso2`).
a. Obtain the external IP (`EXTERNAL-IP`) of the Ingress resources by listing down the Kubernetes Ingresses.

e.g.
```
kubectl get ing
```

```
NAME HOSTS ADDRESS PORTS AGE
wso2is-with-analytics-is-analytics-ingress wso2is-analytics <EXTERNAL-IP> 80, 443 9m
wso2is-with-analytics-is-ingress wso2is <EXTERNAL-IP> 80, 443 9m
NAME HOSTS ADDRESS PORTS AGE
wso2is-with-analytics-is-analytics-ingress wso2is-analytics <EXTERNAL-IP> 80, 443 3m
wso2is-with-analytics-is-ingress wso2is <EXTERNAL-IP> 80, 443 3m
```

2. Add the above two hosts as entries in /etc/hosts file as follows:
b. Add the above host as an entry in /etc/hosts file as follows:

```
<EXTERNAL-IP> wso2is
<EXTERNAL-IP> wso2is-analytics
<EXTERNAL-IP> wso2is
```

3. Try navigating to `https://wso2is/carbon` from your favorite browser.
c. Try navigating to `https://wso2is/carbon` and `https://wso2is-analytics/carbon` from your favorite browser.

Loading

0 comments on commit 454d9c9

Please sign in to comment.