main
ROOT /
pages /
deploy-into-k8s.md
86 lines | ISO-8859-1 | 4 KB

Deploy into Kubernetes Cluster


Prerequisite

  1. Kubernetes cluster version 1.18 or higher
  2. connected to the cluster
  3. kubectl and helm installed

Installation

  1. Install OneDev chart into cluster:

    $ helm install onedev onedev --repo https://dl.cloudsmith.io/public/onedev/onedev/helm/charts --namespace onedev --create-namespace
    

    Check here for configurable helm values

  2. OneDev will create a load balancer for external access. Run below command to get external ip of the load balancer:

    $ kubectl get service onedev -n onedev
    
  3. Pointer your browser to http://<external ip> to access OneDev
  4. Continue to setup ingress and letsencrypt below if desired

NOTE:

  • Besides creating resources in namespace onedev, a cluster role onedev and associated cluster role binding onedev will be created in default namespace. This is necessary as OneDev needs to be granted some cluster-wide permissions to run builds as pods
  • OneDev will create two persistent volume claims, one to store MySQL database files, and another to store OneDev data including repositories. The actual place of these volumes varies depending on your Kubernetes cluster config. On Google Kubernetes Engine, they will be created as Google persistent disks

Ingress Setup

The installation procedure above requires a separate load balancer which can be expensive. In case the cluster already has an ingress controller serving external traffic, you can configure OneDev to be accessed via virtual host of the ingress controller with below procedure:

  1. Get external ip address of the ingress controller. For a default installation of nginx controller, this can be shown with below command:

    $ kubectl get service ingress-nginx-controller -n ingress-nginx
    
  2. Configure your DNS provider to add a A record to associate OneDev DNS name with external ip address of nginx controller above.

    NOTE: this is NOT the ip address of OneDev load balancer we used previously

  3. Run below command to tell ingress controller to route traffic of above DNS name to OneDev:

    $ helm upgrade onedev onedev --repo https://dl.cloudsmith.io/public/onedev/onedev/helm/charts --namespace onedev --set ingress.host=<OneDev DNS name> --set ingress.class=<ingress class> --reuse-values
    

    Here <OneDev DNS name> should be replaced by DNS name specified in step 2, and <ingress class> should be replaced by ingress class of desired ingress controller, which is normally nginx for nginx controller

  4. Now you should be able to access OneDev via url http://<OneDev DNS name>

  5. To enable SSH access to OneDev repositories, you need to configure ingress controller to forward traffic of certain port to OneDev SSH service. For nginx controller, this can be achieved by upgrading controller with option --set tcp.<ssh port number>=onedev/onedev:22, for instance:

    $ helm upgrade ingress-nginx ingress-nginx --repo https://kubernetes.github.io/ingress-nginx --namespace ingress-nginx --create-namespace --set tcp.2222=onedev/onedev:22 --reuse-values
    

    Then update SSH server url at OneDev side via menu Administration/Security Setting/SSH Setting. For above example, the SSH server url will be ssh://<OneDev DNS name>:2222

LetsEncrypt Setup

  1. Make sure OneDev is installed following this guide

  2. Make sure your cluster has ingress controller installed. If not, run below command to install:

    $ helm install ingress-nginx ingress-nginx --repo https://kubernetes.github.io/ingress-nginx --namespace ingress-nginx --create-namespace
    
  3. Set up ingress for OneDev following this guide

  4. To automatically get/renew certificate from LetsEncrypt, a cert manager is required. Install with below command if the cluster does not have one:

    $ kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.6.0/cert-manager.yaml
    
  5. Run command below to configure OneDev to request certificate from LetsEncrypt for the DNS name specified previously

    $ helm upgrade onedev onedev --repo https://dl.cloudsmith.io/public/onedev/onedev/helm/charts --namespace onedev --set ingress.tls=true --set letsencrypt.email=<an email address> --reuse-values
    

    Here <an email address> should be replaced by an email address used to receive certificate notifications such as invalidation/expiration etc.

  6. Wait a while, and access OneDev from browser with url https://<OneDev DNS name>. If the certificate is invalid, run command below to check the certificate status:

    $ kubectl describe certificate onedev-tls -n onedev
    
Please wait...
Page is in error, reload to recover