Sample Kubernetes Deployment (Manifest Files)¶
On this page you will find an example of a deployment of the sedex Client on a Kubernetes cluster. These manifest files can serve as a starting point for your own deployment.
Preparation¶
Create namespace¶
kind: Namespace
apiVersion: v1
metadata:
name: sedex
labels:
name: sedex
Create Volumes¶
apiVersion: v1
kind: PersistentVolume
metadata:
name: sedex-client-1-1234-1-data-pv
spec:
storageClassName: ""
claimRef:
name: sedex-client-1-1234-1-data-pvc
namespace: sedex
capacity:
storage: 1Gi
accessModes:
- ReadWriteOnce
nfs:
server: my-nfs-host
path: "/share/sedex-data-1-1234-1/"
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: sedex-client-1-1234-1-data-pvc
namespace: sedex
labels:
app: sedex-client-1-1234-1
spec:
storageClassName: ""
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: sedex-client-1-1234-1-interface-pv
spec:
storageClassName: ""
claimRef:
name: sedex-client-1-1234-1-interface-pvc
namespace: sedex
capacity:
storage: 1Gi
accessModes:
- ReadWriteOnce
nfs:
server: my-nfs-host
path: "/share/sedex-interface-1-1234-1/"
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: sedex-client-1-1234-1-interface-pvc
namespace: sedex
labels:
app: sedex-client-1-1234-1
spec:
storageClassName: ""
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
Phase 1 - Initial Configuration¶
Type 2a) Scripted Initial Configuration with Existing Certificate¶
apiVersion: batch/v1
kind: Job
metadata:
name: sedex-client-1-1234-1-init-p12-job
namespace: sedex
spec:
template:
spec:
volumes:
- name: sedex-client-1-1234-1-data-volume
persistentVolumeClaim:
claimName: sedex-client-1-1234-1-data-pvc
- name: sedex-client-1-1234-1-interface-volume
persistentVolumeClaim:
claimName: sedex-client-1-1234-1-interface-pvc
containers:
- name: sedex-client
image: sedexch/sedex-client:container-1.1
volumeMounts:
- mountPath: "/sedex-data"
name: sedex-client-1-1234-1-data-volume
- mountPath: "/sedex-interface"
name: sedex-client-1-1234-1-interface-volume
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsUser: 1000
runAsGroup: 1000
env:
- name: SEDEX_ID
value: "1-1234-1"
- name: SEDEX_KEYSTORE
value: "MIIhYwIBAzCCIRw[.......]ySRkNwQUSEYvLgj2xBMAtWXBdwCCJ9I+2gICAwGGoA=="
- name: SEDEX_KEYSTORE_PASSWORD
value: "AKUZ62HDVN"
command:
- init-script-existing-cert.sh
restartPolicy: Never
backoffLimit: 2
Type 2b) Scripted Initial Configuration with CRID and OTP¶
apiVersion: batch/v1
kind: Job
metadata:
name: sedex-client-1-1234-1-init-crid-otp-job
namespace: sedex
spec:
template:
spec:
volumes:
- name: sedex-client-1-1234-1-data-volume
persistentVolumeClaim:
claimName: sedex-client-1-1234-1-data-pvc
- name: sedex-client-1-1234-1-interface-volume
persistentVolumeClaim:
claimName: sedex-client-1-1234-1-interface-pvc
containers:
- name: sedex-client
image: sedexch/sedex-client:container-1.1
volumeMounts:
- mountPath: "/sedex-data"
name: sedex-client-1-1234-1-data-volume
- mountPath: "/sedex-interface"
name: sedex-client-1-1234-1-interface-volume
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsUser: 1000
runAsGroup: 1000
env:
- name: SEDEX_ID
value: "1-1234-1"
- name: SEDEX_CRID
value: "3b-20-81-a3-7a"
- name: SEDEX_OTP
value: "JSMG-TKTV-CCBT-IFEJ"
command:
- init-script-new-cert.sh
restartPolicy: Never
backoffLimit: 2
Phase 2 - Run¶
Container Deplyoment¶
apiVersion: apps/v1
kind: Deployment
metadata:
name: sedex-client-1-1234-1-deployment
namespace: sedex
labels:
app: sedex-client-1-1234-1
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: sedex-client-1-1234-1
template:
metadata:
labels:
app: sedex-client-1-1234-1
spec:
volumes:
- name: sedex-client-1-1234-1-data-volume
persistentVolumeClaim:
claimName: sedex-client-1-1234-1-data-pvc
- name: sedex-client-1-1234-1-interface-volume
persistentVolumeClaim:
claimName: sedex-client-1-1234-1-interface-pvc
containers:
- name: sedex-client
image: sedexch/sedex-client:container-1.1
ports:
- containerPort: 8000
- containerPort: 8080
- containerPort: 8443
volumeMounts:
- mountPath: "/sedex-data"
name: sedex-client-1-1234-1-data-volume
- mountPath: "/sedex-interface"
name: sedex-client-1-1234-1-interface-volume
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsUser: 1000
runAsGroup: 1000
startupProbe:
exec:
command:
- ./scripts/health/check-processes.sh
initialDelaySeconds: 10
failureThreshold: 10
periodSeconds: 5
livenessProbe:
exec:
command:
- ./scripts/health/check-processes.sh
failureThreshold: 3
periodSeconds: 5
readinessProbe:
exec:
command:
- ./scripts/health/check-readiness.sh
failureThreshold: 3
periodSeconds: 5
Service¶
apiVersion: v1
kind: Service
metadata:
name: sedex-client-1-1234-1-service
namespace: sedex
spec:
selector:
app: sedex-client-1-1234-1
type: NodePort
ports:
- protocol: TCP
port: 30020
targetPort: 8000
name: "monitoring-http"
nodePort: 30020
- protocol: TCP
port: 30021
targetPort: 8080
name: "wsproxy-http"
nodePort: 30021
- protocol: TCP
port: 30022
targetPort: 8443
name: "wsproxy-https"
nodePort: 30022