From c4fc51796ffb86c48699acbbb22d58c13dc0f528 Mon Sep 17 00:00:00 2001 From: Milenko Supic Date: Tue, 27 Sep 2022 12:37:48 +0200 Subject: [PATCH] Fixed deployment of mushop app using 'setup' and 'mushop' helm charts. Also updated `oci-micronaut/quickstart/helm/` web page --- .../helm-chart/mushop/values-dev.yaml | 8 ++- .../helm-chart/setup/requirements.yaml | 11 ++--- .../setup/templates/prom-datasource.yaml | 2 +- src/docs/content/quickstart/helm.md | 49 +++++++++++++++---- src/docs/layouts/shortcodes/content/setup.md | 24 ++++----- 5 files changed, 59 insertions(+), 35 deletions(-) diff --git a/deploy/complete/helm-chart/mushop/values-dev.yaml b/deploy/complete/helm-chart/mushop/values-dev.yaml index 605c76a8..57534141 100644 --- a/deploy/complete/helm-chart/mushop/values-dev.yaml +++ b/deploy/complete/helm-chart/mushop/values-dev.yaml @@ -1,17 +1,23 @@ global: cloud: oci + mock: + service: "none" ociAuthSecret: oci-credentials # OCI authentication credentials secret name ossConnectionSecret: oss-connection # Previously created streaming secret name oadbAdminSecret: oadb-admin # Name of DB Admin secret created separately oadbWalletSecret: oadb-wallet # Name of wallet secret created separately oadbConnectionSecret: oadb-connection # Name of connection secret created separately oosBucketSecret: oos-bucket # Object storage bucket secret name (optional) - oapmConnectionSecret: oapm-connection # Name of application monitoring secret created separately + ociDeploymentConfigMap: oci-deployment # Name of Deployment details config map ingress: hosts: # Configure ingress to support host-specific routing # - yourname.mushop.com +tags: + atp: true # General flag to use Oracle Autonomous Database + streaming: false # General flag to use Oracle Streaming Service + api: env: trackingEnabled: # Flag that enables sending of tracking events to events service. If event service is not deployed set to "false". diff --git a/deploy/complete/helm-chart/setup/requirements.yaml b/deploy/complete/helm-chart/setup/requirements.yaml index 93965ad1..02f424be 100644 --- a/deploy/complete/helm-chart/setup/requirements.yaml +++ b/deploy/complete/helm-chart/setup/requirements.yaml @@ -15,19 +15,14 @@ dependencies: repository: https://grafana.github.io/helm-charts # HPA Metrics - name: metrics-server - version: 2.11.4 + version: 3.8.2 condition: metrics-server.enabled - repository: https://charts.helm.sh/stable + repository: https://kubernetes-sigs.github.io/metrics-server # Ingress Controller - name: ingress-nginx - version: 4.0.1 + version: 4.2.3 condition: ingress-nginx.enabled repository: https://kubernetes.github.io/ingress-nginx - # Service Catalog - - name: catalog - version: 0.3.1 - condition: catalog.enabled - repository: https://kubernetes-sigs.github.io/service-catalog # cert-manager - name: cert-manager version: 1.5.3 diff --git a/deploy/complete/helm-chart/setup/templates/prom-datasource.yaml b/deploy/complete/helm-chart/setup/templates/prom-datasource.yaml index 5dbf1d7e..45da0e14 100644 --- a/deploy/complete/helm-chart/setup/templates/prom-datasource.yaml +++ b/deploy/complete/helm-chart/setup/templates/prom-datasource.yaml @@ -8,7 +8,7 @@ metadata: name: {{ include "setup.fullname" . }}-prometheus-grafana-datasource labels: grafana_datasource: '1' - {{ include "setup.labels" . | indent 4 }} +{{ include "setup.labels" . | indent 4 }} data: datasource.yaml: |- apiVersion: 1 diff --git a/src/docs/content/quickstart/helm.md b/src/docs/content/quickstart/helm.md index c31aaa45..5a53cdd4 100644 --- a/src/docs/content/quickstart/helm.md +++ b/src/docs/content/quickstart/helm.md @@ -52,7 +52,17 @@ These services must be provisioned manually and are configured using kubernetes #### Configure -1. Provision an Autonomous Transaction Processing (ATP) database. Once **RUNNING** download the DB Connection Wallet and configure secrets as follows: +1. Provision an Autonomous Transaction Processing (ATP) database. Once **RUNNING**: + + - Configure `Oracle Database API for MongoDB` + + - Update network access type to `Secure access from allowed IPs and VCNs only` and set your public IP address. + + - Go to `Database Actions`, select `Oracle Database API for MongoDB` related service, extract the database host from the url and copy it for later usage (`oadb_host` value in the `oadb-connection` secret) + + > Extracted host format: \-\.adb.\.oraclecloudapps.com + + - Update network access type by replacing your public IP address with the OKE virtual cloud network. - Create `oadb-admin` secret containing the database administrator password. Used once for schema initializations. @@ -62,7 +72,7 @@ These services must be provisioned manually and are configured using kubernetes --from-literal=oadb_admin_pw='' ``` - - Create `oadb-wallet` secret with the Wallet _contents_ using the downloaded `Wallet_*.zip`. The extracted `Wallet_*` directory is specified as the secret contents. + - Download the DB Connection Wallet and create `oadb-wallet` secret with the Wallet _contents_ using the downloaded `Wallet_*.zip`. The extracted `Wallet_*` directory is specified as the secret contents. ```shell kubectl create secret generic oadb-wallet \ @@ -78,18 +88,37 @@ These services must be provisioned manually and are configured using kubernetes --from-literal=oadb_wallet_pw='' \ --from-literal=oadb_service='' \ --from-literal=oadb_ocid='' \ + --from-literal=oadb_host='' ``` > Each database has 5 unique TNS Names displayed when the Wallet is downloaded an example would be `mushopdb_TP`. -1. **Optional**: Instead of creating a shared database for the entire application, you may establish full separation of services by provisioning _individual_ ATP instances for each service that requires a database. To do so, repeat the previous steps for each database,and give each secret a unique name, for example: `carts-oadb-admin`, `carts-oadb-connection`, `carts-oadb-wallet`. +1. **Optional**: Instead of creating a shared database for the entire application, you may establish full separation of services by provisioning _individual_ ATP instances for each service that requires a database. To do so, repeat the previous steps for each database (_Oracle Database API for MongoDB configuration step and oadb_host in the oadb-connection secret are required only for the carts database_) and give each secret a unique name, for example: `carts-oadb-admin`, `carts-oadb-connection`, `carts-oadb-wallet`. - `carts` - `catalogue` - `orders` - `user` -1. Provision a Streaming instance from the [Oracle Cloud Infrastructure Console](https://console.us-phoenix-1.oraclecloud.com/storage/streaming), and make note of the created Stream Pool configuration values bootstrapServers and stream pool ID. +1. Authorize instances to manage ATP databases + + - Create a Dynamic Group + + Navigate to `Identity -> Dynamic Groups -> Create Dynamic Group` + + Name: + Description: + Matching Rules: ANY {ALL {instance.compartment.id = ''},ALL {resource.type = 'cluster', resource.compartment.id = ''}} + + - Create an IAM Policy + + Navigate to `Identity -> Policies -> Create Policy` + + Name: + Description: + Statement: Allow dynamic-group to manage autonomous-database-family in compartment id + +1. **Optional**: Provision a Streaming instance from the [Oracle Cloud Infrastructure Console](https://console.us-phoenix-1.oraclecloud.com/storage/streaming), and make note of the created Stream Pool configuration values bootstrapServers and stream pool ID. - Create `oss-connection` secret containing the Stream connection details. @@ -100,11 +129,11 @@ These services must be provisioned manually and are configured using kubernetes --from-literal=jaasConfig='' ``` - Note that `` and `` values can can be found in the `Stream Pool -> Kafka Connection Setting`. In case you want to connect under different user then the `` format is: - ``` - jaasConfig="org.apache.kafka.common.security.plain.PlainLoginModule required username=\"//\" password=\"\";" - ``` - Make sure the user has permission to write to the given stream. + Note that `` and `` values can can be found in the `Stream Pool -> Kafka Connection Setting`. In case you want to connect under different user then the `` format is: + ``` + jaasConfig="org.apache.kafka.common.security.plain.PlainLoginModule required username=\"//\" password=\"\";" + ``` + Make sure the user has permission to write to the given stream. 1. Configure a config map with deployment details: @@ -123,7 +152,7 @@ These services must be provisioned manually and are configured using kubernetes 1. Edit the `mushop.tfvars`: ```shell - kubectl create secret generic oss-connection \ + kubectl create secret generic oapm-connection \ --namespace mushop \ --from-literal=zipkin_enabled=true \ --from-literal=zipkin_path='' \ diff --git a/src/docs/layouts/shortcodes/content/setup.md b/src/docs/layouts/shortcodes/content/setup.md index 2d4e523a..008a9711 100644 --- a/src/docs/layouts/shortcodes/content/setup.md +++ b/src/docs/layouts/shortcodes/content/setup.md @@ -9,7 +9,6 @@ application features. | [Grafana](https://github.com/helm/charts/blob/master/stable/grafana/README.md) | Infrastructure/service visualization dashboards | `grafana.enabled` | true | | [Metrics Server](https://github.com/helm/charts/blob/master/stable/metrics-server/README.md) | Support for Horizontal Pod Autoscaling | `metrics-server.enabled` | true | | [Ingress Nginx](https://kubernetes.github.io/ingress-nginx/) | Ingress controller and public Load Balancer | `ingress-nginx.enabled` | true | -| [Service Catalog](https://github.com/kubernetes-sigs/service-catalog/blob/master/charts/catalog/README.md) | Service Catalog chart utilized by Oracle Service Broker | `catalog.enabled` | true | | [Cert Manager](https://github.com/jetstack/cert-manager/blob/master/README.md) | x509 certificate management for Kubernetes | `cert-manager.enabled` | true | | [Jenkins](https://github.com/helm/charts/blob/master/stable/jenkins/README.md) | Jenkins automation server on Kubernetes | `jenkins.enabled` | false | @@ -25,27 +24,22 @@ From `deploy/complete/helm-chart` directory: 1. Install `setup` chart: - ```shell--helm2 - helm install setup \ - --name mushop-utils \ - --namespace mushop-utilities - ``` - - ```shell--helm3 + ```shell kubectl create ns mushop-utilities ``` - ```shell--helm3 + ```shell helm install mushop-utils setup \ --namespace mushop-utilities ``` -> **OPTIONAL** The Jenkins automation server can be enabled by setting `jenkins.enabled` to `true` in `values.yaml` or by adding the command line flag `--set jenkins.enabled=true` in the `helm install` command above. - ```shell--helm3 - helm install mushop-utils setup \ - --namespace mushop-utilities \ - --set jenkins.enabled=true - ``` + > **OPTIONAL** The Jenkins automation server can be enabled by setting `jenkins.enabled` to `true` in `values.yaml` or by adding the command line flag `--set jenkins.enabled=true` in the `helm install` command above. + + ```shell + helm install mushop-utils setup \ + --namespace mushop-utilities \ + --set jenkins.enabled=true + ``` 1. **NOTE** the public `EXTERNAL-IP` assigned to the ingress controller load balancer: