Example deployment

In this example we will set up a KIND cluster locally. Deploy nginx-ingress controller and then deploy gen3.

Set up Kubernetes in Docker

Using Kind we will be setting up a local kubernetes cluster.

Since we will rely on port 80/443 we also need to forward that to the Kind cluster. The cluster can be created using this command:

cat <<EOF | kind create cluster --config=-
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
  kubeadmConfigPatches:
  - |
    kind: InitConfiguration
    nodeRegistration:
      kubeletExtraArgs:
        node-labels: "ingress-ready=true"
  extraPortMappings:
  - containerPort: 80
    hostPort: 80
    protocol: TCP
  - containerPort: 443
    hostPort: 443
    protocol: TCP
EOF

Then we need to set up an ingress controller. For this example we will use nginx-ingress

https://kind.sigs.k8s.io/docs/user/ingress/

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml

The manifests contains kind specific patches to forward the hostPorts to the ingress controller, set taint tolerations and schedule it to the custom labelled node.

Now the Ingress is all setup. Wait until is ready to process requests running:

kubectl wait --namespace ingress-nginx \
  --for=condition=ready pod \
  --selector=app.kubernetes.io/component=controller \
  --timeout=90s

Obtain certificate and create k8s secret

Option 1: Certbot

A certificate can be created using certbot. It will ask you to create a DNS TXT record to verify domain ownership.

sudo certbot certonly --manual --preferred-challenges=dns -d dev.planx-pla.net

Complete the DNS challenge, wait for DNS (1-5 min) and then click continue.

Once you have the certificate create a kubernetes secret with it.

kubectl create secret tls <secret-name> --cert=<path-to-certificate.pem> --key=<path-to-key.pem>

We will use this secret later on in our deployment.

Option 2: Self-signed cert

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=dev.planx-pla.net"
kubectl create secret tls gen3-tls --key tls.key --cert tls.crt

Prepare values.yaml

This is the values.yaml file used to deploy the developer environment

global:
  hostname: dev.planx-pla.net
  # Deploy postgres/elasticsearch in same deployment for development purposes. 
  dev: true

arborist:
  enabled: true



fence:
  FENCE_CONFIG:
    # if true, will bypass OIDC login, and login a user with username "test"
    # WARNING: DO NOT ENABLE IN PRODUCTION (for testing purposes only)
    MOCK_AUTH: true

Deploy gen3

helm repo add gen3 https://helm.gen3.org
helm upgrade --install dev gen3/gen3 -f values.yaml

Update /etc/hosts

To access your Gen3 instance locally, add an entry to your /etc/hosts file (on macOS/Linux) or your equivalent hosts file on Windows:

127.0.0.1 dev.planx-pla.net

Now you should be able to reach your Gen3 install at "dev.planx-pla.net" or whatever url you set.

Example deployment

Set up Kubernetes in Docker​

Obtain certificate and create k8s secret​

Option 1: Certbot​

Option 2: Self-signed cert​

Prepare values.yaml​

Deploy gen3​

Update /etc/hosts​