SMDS-Kubernetes Run Book
- Kubernetes onboarding :
- Perpetual K8s Cluster Application Onboard:
- Harbor Repository Onboard:
- Secrets Creation in Hashcorp Vault:
- K8s Deployment Steps:
- Service Mesh Onboard:
- K8s Links and tools:
To onboard the application we need to following steps
1.Create a PR to platform-data repository
Refer to the JSON examples below for guidance on adding an application to the Perpetual Platform AKS.
| Platform | Location |
|---|---|
| SMDS CMD | https://github.com/Maersk-Global/platform-data/blob/master/data/customers/cmd.json |
2.Below are the clusters for GDA, categorized into Production and Non-Production environments:
gda-np-ne-01,gda-np-westeurope-1,gda-prod-ne-01,gda-prod-westeurope-1
3.Cluster access is managed in Admiral through Azure AD Groups
- Harbor serves as the image repository managed internally by Maersk. The onboarding process for applications to Harbor is similar to that for AKS. Please refer to the following JSON files:
- https://github.com/Maersk-Global/Maersk-Harbor/blob/main/environments/prod/projects/smds-opsmdm.json
- https://github.com/Maersk-Global/Maersk-Harbor/blob/main/environments/prod/projects/smds-cmd-proxy.json 5.Access to Harbor is managed via Azure AD Groups
- opsmasterdatamanageme (Production) Team: smdsvmdm-harbor, 5957e121-1c0a-4fd4-96f5-3a6a9822f8b2
- customer-master-data-manageme (Production) Team: smdsvmdm-harbor, a1ebd605-83cf-49c1-b45b-821f22e18a65
Perpetual K8s Cluster Application Onboard:
It will help us with Creating Namespace and Access Management to the Perpetual GDA Clusters. Below link will give an idea about the Clusters.
Namespace Creation:
Application namespace configurations are stored as a JSON file in the Platform Data repository. For more information use the below link to configure. Perpetual K8s Cluster Application Onboard
Role-Based Access Control (RBAC) is applied to projects, so that only users with the appropriate roles can perform certain operations.
Harbor is a maersk manged repository to pust all the Docker Images for Deploymnets.
Please go through the below link to onboard harbor
Harbor Repository Onboard
Secrets Creation in Hashcorp Vault:
Hashcorp vault is the inbuilt feature of K8s to store secrets. Below are the simple steps to create the secrets in the vault.
Below documwnt will guide us how to add secrets
Secrets Creation in Hashcorp Vault
Note : Above mentioned topics are one time activity not required every time to do.
Below are the check list should follow to deploy the application in K8’s.
K8s Deployment Lifecylce.
| Service Principles and AD Group for K8s via Admiral |
|---|
| Service Principles and AD Group for Harbor via Admiral |
| Project Onboard to K8s to Platform Data(Namespace creation,Flux config repo,Cluster Access,Roles) |
| K8s Lens Setup |
| Enable Flux Configuration for the Project |
| Create Flux repo if not present for the platform |
| Harbor Onboarding for Projects |
| Add Github Project Links in Harbor Config JSON |
| Configure Harbor User to the respective Github Project |
| Make sure Harbor Token is created in all project Repos |
| Create Configuration YAML Files for each project in Flux repo |
| Enable Service Mesh configuration if required |
| Enable Service Mesh Traffic Policies to Admiral |
| Enable Service Mesh to External DNS Configuration |
| Enable Private Endpoint for All Postgres DB servers |
| Add Connection Strings and Password as secrets in Hashicorp Vault |
| Add Project Specific Secrets in the Vault |
| Add Docker Build and Push workflow in all build and delpoy yaml |
| Add Environment Specific Deploy Workflows |
| Enable Github Standards , Branch Policies in all repos |
| Update the application properties in the git repo for which application we are onboarding and naming as application_sit_we and application_sit_ne. |
| update in Spring profile (logback-spring) as well and also if required do changes in POM.xml |
| Add the yaml in the git hub workflow named as K8s_migration.yml |
| create traffic manager profile for both the region |
| APIGEE end points have made changes and need to verify |
| Need to test with application end points and service mesh working as excepted or not |
| Once deployed we need check for the akamai integration |
Purple Sea Service Mesh platform provides a comprehensive solution for managing service-to-service communication within a microservices-based architecture. It provides reliability, security, and observability for applications and makes operations easier within organizations.
In Simple, Service mesh is an application hosted in K8’s like other application. It will group/isolate the applications for faster response.
Service Mesh Onboard
Below are the New K8s CDT Url for SMDS :
| Platform Domains | K8s URL |
|---|---|
| SMDS Customer Master Data | https://smds-cmd-portal-ui-cdt-we01.maersk-digital.net/ |
| SMDS Facility Master Data | https://smds-opsmdm-facility-ui-cdt-app.maersk-digital.net/ |
| SMDS Geography Master Data | https://smds-opsmdm-geography-ui-cdt-we01.maersk-digital.net/ (WIP) |
| SMDS Commodity Master Data | https://smds-opsmdm-commodity-ui-cdt-app.maersk-digital.net/ (WIP) |
| SMDS Vessel Master Data | https://smds-opsmdm-vessel-ui-cdt-we01.maersk-digital.net/ (WIP) |
Tools Used
- K8s Lens Download https://k8slens.dev/download
- IntellIj Idea or VS Code
- All Command Line Utilities Download via https://community.chocolatey.org/packages/
- Rancher Desktop https://rancherdesktop.io/
- Minikube , Docker install via https://community.chocolatey.org/packages/
- External links Links and Tools List