Setup in Azure Kubernetes Services
Deploy Eclipse Dirigible in Azure Kubernetes Services(AKS) environment.
Note
- Configure Azure DNS Zone
- Setup letsencrypt certificate for your domain.
Steps
-
Access the Azure Kubernetes Services (AKS) environment via the Azure cli:
-
Create deployment configuration file:
deployment.yamlapiVersion: apps/v1 kind: Deployment metadata: name: dirigible spec: replicas: 1 selector: matchLabels: app: dirigible template: metadata: labels: app: dirigible spec: containers: - name: dirigible image: dirigiblelabs/dirigible-all:latest imagePullPolicy: Always resources: requests: memory: "1Gi" cpu: "0.5" limits: memory: "4Gi" cpu: "2" ports: - name: http containerPort: 8080 env: - name: DIRIGIBLE_THEME_DEFAULT value: "fiori"apiVersion: apps/v1 kind: Deployment metadata: name: dirigible spec: replicas: 1 strategy: type: Recreate selector: matchLabels: app: dirigible template: metadata: labels: app: dirigible spec: containers: - name: dirigible image: dirigiblelabs/dirigible-all:latest imagePullPolicy: Always resources: requests: memory: "1Gi" cpu: "0.5" limits: memory: "4Gi" cpu: "2" ports: - name: http containerPort: 8080 env: - name: DIRIGIBLE_THEME_DEFAULT value: "fiori" volumeMounts: - name: dirigible-data mountPath: /usr/local/tomcat/target/dirigible/repository volumes: - name: dirigible-data persistentVolumeClaim: claimName: "dirigible-data" --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: dirigible-data spec: accessModes: - ReadWriteOnce resources: requests: storage: 1GiapiVersion: apps/v1 kind: Deployment metadata: name: dirigible spec: replicas: 1 strategy: type: Recreate selector: matchLabels: app: dirigible template: metadata: labels: app: dirigible spec: containers: - name: dirigible image: dirigiblelabs/dirigible-keycloak:latest imagePullPolicy: Always resources: requests: memory: "1Gi" cpu: "0.5" limits: memory: "4Gi" cpu: "2" ports: - name: http containerPort: 8080 env: - name: DIRIGIBLE_THEME_DEFAULT value: "fiori" - name: DIRIGIBLE_KEYCLOAK_ENABLED value: "true" - name: DIRIGIBLE_KEYCLOAK_AUTH_SERVER_URL value: <your-keycloak-auth-server> - name: DIRIGIBLE_KEYCLOAK_REALM value: <your-keycloak-realm> - name: DIRIGIBLE_KEYCLOAK_SSL_REQUIRED value: external - name: DIRIGIBLE_KEYCLOAK_CLIENT_ID value: <your-keycloak-client-id> - name: DIRIGIBLE_KEYCLOAK_CONFIDENTIAL_PORT value: "443" volumeMounts: - name: dirigible-data mountPath: /usr/local/tomcat/target/dirigible/repository volumes: - name: dirigible-data persistentVolumeClaim: claimName: "dirigible-data" --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: dirigible-data spec: accessModes: - ReadWriteOnce resources: requests: storage: 1GiReplace Placeholders
Before deploying, replace the following placeholders:
<your-keycloak-auth-server>with your Keycloak Auth server (e.g.https://keycloak-server/auth/).<your-keycloak-realm>with your Keycloak Realm (e.g.my-realm).<your-keycloak-client-id>with your Keycloak Client Id (e.g.my-client).
-
Create service configuration file:
service.yamlapiVersion: v1 kind: Service metadata: name: dirigible labels: app: dirigible spec: ports: - name: http port: 8080 type: ClusterIP selector: app: dirigibleapiVersion: v1 kind: Service metadata: name: dirigible labels: app: dirigible spec: ports: - name: http port: 8080 type: NodePort selector: app: dirigible --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: dirigible spec: rules: - host: dirigible http: paths: - path: / pathType: Prefix backend: service: name: dirigible port: number: 8080Note
- You can find more information on this page: Azure DNS Zone Setup.
apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: dirigible spec: secretName: dirigible issuerRef: name: letsencrypt kind: ClusterIssuer commonName: "dirigible.<your-custom-domain>" dnsNames: - "dirigible.<your-custom-domain>" --- apiVersion: networking.istio.io/v1beta1 kind: Gateway metadata: name: dirigible-gateway spec: selector: istio: ingressgateway servers: - hosts: - dirigible.<your-custom-domain> port: name: http number: 80 protocol: HTTP # Initially it should be commented, then uncomment to enforce https! # tls: # httpsRedirect: true tls: httpsRedirect: false - hosts: - dirigible.<your-custom-domain> port: name: https-443 number: 443 protocol: HTTPS tls: credentialName: dirigible mode: SIMPLE --- apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: dirigible spec: hosts: - dirigible.default.svc.cluster.local - dirigible.<your-custom-domain> gateways: - dirigible-gateway - mesh http: - match: - uri: prefix: / route: - destination: port: number: 8080 host: dirigible.default.svc.cluster.localReplace Placeholders
Before deploying, replace the following placeholders:
<your-cloud-dns-zone-name>with your Cloud DNS Zone name (e.g.my-zone).<istio-ingress-gateway-ip>with your Istio Ingress Gateway IP (e.g.32.118.56.186).<your-custom-domain>with your custom domain (e.g.my-company.com).
To enforce HTTPS, after the initial deployment, update the following fragment:
# Initially it should be commented, then uncomment to enforce https! # tls: # httpsRedirect: true -
Deploy to the Azure Cluster with:
kubectl apply -f deployment.yml kubectl apply -f service.yml -
Open a web browser and go to:
https://dirigible.<your-azure-kubernetes-service-domain>