practiv_

Deploying the Run Platform

In this scenario we are managing the [production] cluster

Objective

Deploy the [production]-run-platform shown in the diagram

  • The developers and operators introduce change via source control
  • Instantiating the run platform environment is a one step manual command
  • keel is responsible for watching for docker image updates and doing rolling updates in kubernetes
  • Cert Manager takes care of TLS in the cluster, include letsencrypt registration and local CA’s
  • [production]-run-platform is the container that manages the forge namespace

Overview of the process

  • Find the relevant docker image to run from Jenkins
    • Open a cloud shell with the credentials for the correct cluster
  • Get the repository and environment passphrases
  • Run the docker image
  • Check out console to see the workloads turn up

Find the relevant images

Each cluster has a system image this is named after the cluster and provides the forge environment for the cluster.

In this case we have the [production] cluster which gives us the name [production]-run-platform

The declaration of the image can be found in Source Control with the Build Pipeline that actually generates the image.

This is the best place to find the latest image version

The version is listed in the Last Success column, in this case 1.2, this is for the image

docker-upload.build.forge.practiv.io/io.practiv/[production]/[production]-run-platform:1.2

Get the repository and environment passphrases

There is a store of credentials that you should know about, if not ask support@practiv.com

You need the

  • Docker registry user name: practiv-run
  • Docker registry password
  • The [production] cluster passphrase for secrets

In GCP Open a cloud shell

Go to the cloud console for the [production] Cluster

Use the connect button to open a cloud shell with the correct cluster credentials configured

In order to ensure we have the credentials for connecting to kube we need to run a command, lets list the namespaces so we know we are looking at the correct cluster.

kubectl get namespaces

The token will last an hour by default at the time of writing.

Run the initialization script

Once in the shell the process is simple

  • Log in to docker
  • run the create-run-platform command
  • Provide the credentials you sourced earlier

The script does several things

  • Deletes the existing forge namespace
  • create the forge namespace
  • create the docker registry secret
  • create the secrets passphrase
  • creates the admin role to allow the initalization to modify kube resources
  • execute the system image and run an upgrade

Here you go

docker login docker.build.forge.practiv.io
docker run --rm -it -v $(pwd)/.kube:/config/.kube -u $(id -u) docker.build.forge.practiv.io/io.practiv/[production]/[production]-run-platform:1.2 create-run-platform

If you see this error it means your token has expired, use kubectl in your Cloud Shell to reauth by running any command against the cluster.

Unable to connect to the server: error executing access token command "/google/google-cloud-sdk/bin/gcloud config config-helper --format=json": err=fork/exec /google/google-cloud-sdk/bin/gcloud: no such file or directory output= stderr=

Check out console to see the workloads turn up

The system image will have created a number of Kubernetes resources, watch in the console to see them turn up in the forge namespace

← Deploying an Environment
Developing for Kubernetes →