⚠️ This readme is OUTDATED. Please refer to https://kadaster-labs.github.io/sensrnet-home/Deployment/ for the latest instructions on how to install the SensRNet application.
This repository contains all operations steps and scripts needed to operate the Kubernetes environments on which the application will run.
- An Azure account It is assumed that you have an Azure account with the right permissions to create an AKS cluster.
- Azure CLI The Azure CLI is necessary for interaction with Azure from the command line.
- Git git is required for checking out the source code. We recommend Git Bash for Windows as it also satisfies the next point.
- A Bash shell Most of the script used for handling secrets are written in bash. You can use Mac, Linux or tools for Windows like Git Bash or WSL.
- kubectl & kustomize CLI's The kubectl and kustomize command line tools are required to interact and deploy to Kubernetes clusters.
Clone all repos by running the clone_all_repos.sh script directly on your command line. The contents of the file can be inspected here. The script clones all repositories related to Sensrnet to the current folder.
$ curl -s -L https://raw.githubusercontent.com/kadaster-labs/sensrnet-ops/main/clone_all_repos.sh | bashNote: We strongly recommend to first inspect the content of scripts from remote sources.
As the application is built using Docker containers, it can be run in any container runtime.
It is possible to run all code locally for development purposes with Docker Desktop, using Docker Compose. Each repository contains a docker-compose.yaml file. Each component can then be lifted by running docker-compose up.
To also see how the components work within a Kubernetes cluster (just as it will run in the cloud), you can install Kubernetes locally and deploy there. Kubernetes can be run in Docker and is provided by default with a Docker Desktop installation. The cluster will then be named docker-desktop. Please note that Kubernetes in Docker does not contain a metrics server.
A popular alternative is minikube, which provides a fully-featured Kubernetes cluster.
First make sure that you're logged in to your Azure account on the command line.
$ az loginThen, create an AKS cluster if you haven't done so.
# (Optional) if you are member of multiple Azure subscriptions, make sure you set the tool to operate in the right one
$ az account set --subscription $SUBSCRIPTION
# Create a resource group in which the AKS cluster will reside.
$ az group create --name $RESOURCE_GROUP --location westeuropeLastly, the credentials to connect to the AKS cluster are required by the Kubernetes CLI. The connection details can be saved to the ~/.kube/config using the following command, where $CLUSTER_NAME is the name of the cluster as defined in Azure and $RESOURCE_GROUP the resource group in which the cluster resides.
# Create the AKS cluster
$ az aks create --resource-group $RESOURCE_GROUP --name $CLUSTER_NAME --generate-ssh-keysCredentials are never committed directly into this repo (or any!) but are stored in the GPG file: secrets/secrets.json.gpg (within Kadaster, it contains a symbolic link to git repo for bookkeeping)
If you haven't got an encrypted secrets file yet, or want to decrypt the current one, run (after populating/updating secrets.json):
$ ./secrets.sh encrypt secrets/secrets.json <PASSPHRASE>The example file secrets.json is provided in this repository. It is highly recommended that you set your own values in this value.
The file can then be decrypted with:
$ ./secrets.sh decrypt ../secrets/secrets.json.gpg <PASSPHRASE>Before any images can be deployed on the created cluster, we'll assume that you have the encrypted secrets file.
Since each secret will live in the same namespace as the pod that'll use them, we'll have to first create the namespaces.
$ kubectl apply -f namespaces.yamlOnce the namespaces have been created in the Kubernetes cluster, we can then deploy the secrets.
python deployAllSecrets.py --inputfile <jsonfile> --cluster <cluster>The secrets should now have been deployed successfully. You can check if they are created by inspecting:
$ kubectl get secrets -ASee Secrets on how to update and store the secrets file locally. Every time you update the secrets, you have to rerun these steps.
You can use your own favorite monitoring and logging solutions, or make use of the Haven suggested stacks Prometheus and Loki:
haven addons install prometheus-stack
haven addons install loki
The rest of the deployments can proceed as regular. The deployment files for each component can be built using Kustomize in their respective folders and deployed. Please note: whenever a namespace is recreated, the corresponding secrets would be have to redeployed first.
For each of the source code repos, run:
$ kustomize build deployment/overlays/(prod|test|local) | kubectl apply -f -Please read CONTRIBUTING.md for details on our code of conduct, and the process for submitting pull requests to us.
Should you have any questions or concerns, please reach out to one of the project's Maintainers.
This work is licensed under a EUPL v1.2 license.