Example deployment
In this example we will set up a KIND cluster locally. Deploy nginx-ingress controller and then deploy gen3.
Set up Kubernetes in Docker
Using Kind we will be setting up a local kubernetes cluster.
Since we will rely on port 80/443 we also need to forward that to the Kind cluster. The cluster can be created using this command:
cat <<EOF | kind create cluster --config=-
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
kubeadmConfigPatches:
- |
kind: InitConfiguration
nodeRegistration:
kubeletExtraArgs:
node-labels: "ingress-ready=true"
extraPortMappings:
- containerPort: 80
hostPort: 80
protocol: TCP
- containerPort: 443
hostPort: 443
protocol: TCP
EOF
Then we need to set up an ingress controller. For this example we will use nginx-ingress
https://kind.sigs.k8s.io/docs/user/ingress/
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml
The manifests contains kind specific patches to forward the hostPorts to the ingress controller, set taint tolerations and schedule it to the custom labelled node.
Now the Ingress is all setup. Wait until is ready to process requests running:
kubectl wait --namespace ingress-nginx \
--for=condition=ready pod \
--selector=app.kubernetes.io/component=controller \
--timeout=90s
Obtain certificate and create k8s secret
Option 1: Certbot
A certificate can be created using certbot. It will ask you to create a DNS TXT record to verify domain ownership.
sudo certbot certonly --manual --preferred-challenges=dns -d dev.planx-pla.net
Complete the DNS challenge, wait for DNS (1-5 min) and then click continue.
Once you have the certificate create a kubernetes secret with it.
kubectl create secret tls <secret-name> --cert=<path-to-certificate.pem> --key=<path-to-key.pem>
We will use this secret later on in our deployment.
Option 2: Self-signed cert
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=dev.planx-pla.net"
kubectl create secret tls gen3-tls --key tls.key --cert tls.crt
Prepare values.yaml
This is the values.yaml
file used to deploy the developer environment
global:
hostname: dev.planx-pla.net
# Deploy postgres/elasticsearch in same deployment for development purposes.
dev: true
arborist:
enabled: true
fence:
FENCE_CONFIG:
# if true, will bypass OIDC login, and login a user with username "test"
# WARNING: DO NOT ENABLE IN PRODUCTION (for testing purposes only)
MOCK_AUTH: true
Deploy gen3
helm repo add gen3 https://helm.gen3.org
helm upgrade --install dev gen3/gen3 -f values.yaml
Update /etc/hosts
To access your Gen3 instance locally, add an entry to your /etc/hosts file (on macOS/Linux) or your equivalent hosts file on Windows:
127.0.0.1 dev.planx-pla.net
Now you should be able to reach your Gen3 install at "dev.planx-pla.net" or whatever url you set.