Merge pull request #37 from oracle-quickstart/helm_deploy_fix

Fixed deployment of mushop app using 'setup' and 'mushop' helm charts
oracle-quickstart · Sep 27, 2022 · 6c2e0e0 · 6c2e0e0
2 parents 57b7502 + c4fc517
commit 6c2e0e0
Show file tree

Hide file tree

Showing 5 changed files with 59 additions and 35 deletions.
diff --git a/deploy/complete/helm-chart/mushop/values-dev.yaml b/deploy/complete/helm-chart/mushop/values-dev.yaml
@@ -1,17 +1,23 @@
 global:
   cloud: oci
+  mock:
+    service: "none"
   ociAuthSecret: oci-credentials        # OCI authentication credentials secret name
   ossConnectionSecret: oss-connection   # Previously created streaming secret name
   oadbAdminSecret: oadb-admin           # Name of DB Admin secret created separately
   oadbWalletSecret: oadb-wallet         # Name of wallet secret created separately
   oadbConnectionSecret: oadb-connection # Name of connection secret created separately
   oosBucketSecret: oos-bucket           # Object storage bucket secret name (optional)
-  oapmConnectionSecret: oapm-connection # Name of application monitoring secret created separately
+  ociDeploymentConfigMap: oci-deployment  # Name of Deployment details config map
 
 ingress:
   hosts: # Configure ingress to support host-specific routing
     # - yourname.mushop.com 
 
+tags:
+  atp: true                               # General flag to use Oracle Autonomous Database
+  streaming: false                        # General flag to use Oracle Streaming Service
+
 api:
   env:
     trackingEnabled:          # Flag that enables sending of tracking events to events service. If event service is not deployed set to "false".

diff --git a/deploy/complete/helm-chart/setup/requirements.yaml b/deploy/complete/helm-chart/setup/requirements.yaml
@@ -15,19 +15,14 @@ dependencies:
     repository: https://grafana.github.io/helm-charts
   # HPA Metrics
   - name: metrics-server
-    version: 2.11.4
+    version: 3.8.2
     condition: metrics-server.enabled
-    repository: https://charts.helm.sh/stable
+    repository: https://kubernetes-sigs.github.io/metrics-server
   # Ingress Controller
   - name: ingress-nginx
-    version: 4.0.1
+    version: 4.2.3
     condition: ingress-nginx.enabled
     repository: https://kubernetes.github.io/ingress-nginx
-  # Service Catalog
-  - name: catalog
-    version: 0.3.1
-    condition: catalog.enabled
-    repository: https://kubernetes-sigs.github.io/service-catalog
   # cert-manager
   - name: cert-manager
     version: 1.5.3

diff --git a/deploy/complete/helm-chart/setup/templates/prom-datasource.yaml b/deploy/complete/helm-chart/setup/templates/prom-datasource.yaml
@@ -8,7 +8,7 @@ metadata:
   name: {{ include "setup.fullname" . }}-prometheus-grafana-datasource
   labels:
     grafana_datasource: '1'
-  {{ include "setup.labels" . | indent 4 }}
+{{ include "setup.labels" . | indent 4 }}
 data:
   datasource.yaml: |-
     apiVersion: 1

diff --git a/src/docs/content/quickstart/helm.md b/src/docs/content/quickstart/helm.md
@@ -52,7 +52,17 @@ These services must be provisioned manually and are configured using kubernetes
 
 #### Configure
 
-1. Provision an Autonomous Transaction Processing (ATP) database. Once **RUNNING** download the DB Connection Wallet and configure secrets as follows:
+1. Provision an Autonomous Transaction Processing (ATP) database. Once **RUNNING**:
+
+    - Configure `Oracle Database API for MongoDB`
+
+        - Update network access type to `Secure access from allowed IPs and VCNs only` and set your public IP address.
+
+        - Go to `Database Actions`, select `Oracle Database API for MongoDB` related service, extract the database host from the url and copy it for later usage (`oadb_host` value in the `oadb-connection` secret)
+
+            > Extracted host format: \<adb-id\>-\<db-name\>.adb.\<oci-region\>.oraclecloudapps.com
+
+        - Update network access type by replacing your public IP address with the OKE virtual cloud network.
 
    - Create `oadb-admin` secret containing the database administrator password. Used once for schema initializations.
 
@@ -62,7 +72,7 @@ These services must be provisioned manually and are configured using kubernetes
          --from-literal=oadb_admin_pw='<DB_ADMIN_PASSWORD>'
        ```
 
-   - Create `oadb-wallet` secret with the Wallet _contents_ using the downloaded `Wallet_*.zip`. The extracted `Wallet_*` directory is specified as the secret contents.
+   - Download the DB Connection Wallet and create `oadb-wallet` secret with the Wallet _contents_ using the downloaded `Wallet_*.zip`. The extracted `Wallet_*` directory is specified as the secret contents.
 
        ```shell
        kubectl create secret generic oadb-wallet \
@@ -78,18 +88,37 @@ These services must be provisioned manually and are configured using kubernetes
          --from-literal=oadb_wallet_pw='<DB_WALLET_PASSWORD>' \
          --from-literal=oadb_service='<DB_TNS_NAME>' \
          --from-literal=oadb_ocid='<DB_OCID>' \
+         --from-literal=oadb_host='<DB_HOST>'
        ```
 
      > Each database has 5 unique TNS Names displayed when the Wallet is downloaded an example would be `mushopdb_TP`.
 
-1. **Optional**: Instead of creating a shared database for the entire application, you may establish full separation of services by provisioning _individual_ ATP instances for each service that requires a database. To do so, repeat the previous steps for each database,and give each secret a unique name, for example: `carts-oadb-admin`, `carts-oadb-connection`, `carts-oadb-wallet`.
+1. **Optional**: Instead of creating a shared database for the entire application, you may establish full separation of services by provisioning _individual_ ATP instances for each service that requires a database. To do so, repeat the previous steps for each database (_Oracle Database API for MongoDB configuration step and oadb_host in the oadb-connection secret are required only for the carts database_) and give each secret a unique name, for example: `carts-oadb-admin`, `carts-oadb-connection`, `carts-oadb-wallet`.
 
    - `carts`
    - `catalogue`
    - `orders`
    - `user`
 
-1. Provision a Streaming instance from the [Oracle Cloud Infrastructure Console](https://console.us-phoenix-1.oraclecloud.com/storage/streaming), and make note of the created Stream Pool configuration values bootstrapServers and stream pool ID.
+1. Authorize instances to manage ATP databases
+
+    - Create a Dynamic Group
+
+        Navigate to `Identity -> Dynamic Groups -> Create Dynamic Group`
+
+            Name: <DynamicGroupName>
+            Description: <DynamicGroupDescription>
+            Matching Rules: ANY {ALL {instance.compartment.id = '<COMPARTMENT ID>'},ALL {resource.type = 'cluster', resource.compartment.id = '<COMPARTMENT ID>'}}
+
+    - Create an IAM Policy
+
+        Navigate to `Identity -> Policies -> Create Policy`
+
+            Name: <PolicyName>
+            Description: <PolicyDescription>
+            Statement: Allow dynamic-group <DynamicGroupName> to manage autonomous-database-family in compartment id <COMPARTMENT ID>
+
+1. **Optional**: Provision a Streaming instance from the [Oracle Cloud Infrastructure Console](https://console.us-phoenix-1.oraclecloud.com/storage/streaming), and make note of the created Stream Pool configuration values bootstrapServers and stream pool ID.
 
    - Create `oss-connection` secret containing the Stream connection details.
 
@@ -100,11 +129,11 @@ These services must be provisioned manually and are configured using kubernetes
          --from-literal=jaasConfig='<JAAS CONFIG>'
        ```
 
-   Note that `<OSS STREAM BOOTSTRAP SERVERS>` and `<JAAS CONFIG>` values can can be found in the `Stream Pool -> Kafka Connection Setting`. In case you want to connect under different user then the `<JAAS CONFIG>` format is:
-    ```
-    jaasConfig="org.apache.kafka.common.security.plain.PlainLoginModule required username=\"<USER_COMPARTMENT_NAME>/<USER_NAME>/<OSS_POOL_ID>\" password=\"<USER_TOKEN>\";"
-    ```
-   Make sure the user has permission to write to the given stream.
+       Note that `<OSS STREAM BOOTSTRAP SERVERS>` and `<JAAS CONFIG>` values can can be found in the `Stream Pool -> Kafka Connection Setting`. In case you want to connect under different user then the `<JAAS CONFIG>` format is:
+       ```
+       jaasConfig="org.apache.kafka.common.security.plain.PlainLoginModule required username=\"<USER_COMPARTMENT_NAME>/<USER_NAME>/<OSS_POOL_ID>\" password=\"<USER_TOKEN>\";"
+       ```
+       Make sure the user has permission to write to the given stream.
 
 1. Configure a config map with deployment details:
 
@@ -123,7 +152,7 @@ These services must be provisioned manually and are configured using kubernetes
     1. Edit the `mushop.tfvars`:
 
      ```shell
-       kubectl create secret generic oss-connection \
+       kubectl create secret generic oapm-connection \
          --namespace mushop \
          --from-literal=zipkin_enabled=true \
          --from-literal=zipkin_path='<APM DOMAIN DATA UPLOAD ENDPOINT>' \

diff --git a/src/docs/layouts/shortcodes/content/setup.md b/src/docs/layouts/shortcodes/content/setup.md
@@ -9,7 +9,6 @@ application features.
 | [Grafana](https://github.com/helm/charts/blob/master/stable/grafana/README.md) | Infrastructure/service visualization dashboards | `grafana.enabled` | true |
 | [Metrics Server](https://github.com/helm/charts/blob/master/stable/metrics-server/README.md) | Support for Horizontal Pod Autoscaling | `metrics-server.enabled` | true |
 | [Ingress Nginx](https://kubernetes.github.io/ingress-nginx/) | Ingress controller and public Load Balancer | `ingress-nginx.enabled` | true |
-| [Service Catalog](https://github.com/kubernetes-sigs/service-catalog/blob/master/charts/catalog/README.md) | Service Catalog chart utilized by Oracle Service Broker | `catalog.enabled` | true |
 | [Cert Manager](https://github.com/jetstack/cert-manager/blob/master/README.md) | x509 certificate management for Kubernetes | `cert-manager.enabled` | true |
 | [Jenkins](https://github.com/helm/charts/blob/master/stable/jenkins/README.md) | Jenkins automation server on Kubernetes | `jenkins.enabled` | false |
 
@@ -25,27 +24,22 @@ From `deploy/complete/helm-chart` directory:
 
 1. Install `setup` chart:
 
-    ```shell--helm2
-    helm install setup \
-      --name mushop-utils \
-      --namespace mushop-utilities
-    ```
-
-    ```shell--helm3
+    ```shell
     kubectl create ns mushop-utilities
     ```
 
-    ```shell--helm3
+    ```shell
     helm install mushop-utils setup \
       --namespace mushop-utilities
     ```
->  **OPTIONAL** The Jenkins automation server can be enabled by setting `jenkins.enabled` to `true` in `values.yaml` or by adding the command line flag `--set jenkins.enabled=true` in the `helm install` command above.
 
-  ```shell--helm3
-  helm install mushop-utils setup \
-    --namespace mushop-utilities \
-    --set jenkins.enabled=true
-  ```
+   > **OPTIONAL** The Jenkins automation server can be enabled by setting `jenkins.enabled` to `true` in `values.yaml` or by adding the command line flag `--set jenkins.enabled=true` in the `helm install` command above.
+
+    ```shell
+    helm install mushop-utils setup \
+      --namespace mushop-utilities \
+      --set jenkins.enabled=true
+    ```
 
 1. **NOTE** the public `EXTERNAL-IP` assigned to the ingress controller load balancer: