Installing DevOps Plan with Emissary-ingress Load Balancer

You can install DevOps Plan with Emissary-ingress load balancer when you plan to scale up hcl-devopsplan pods by running multiple instances. The Emissary-ingress load balancer distributes network traffic to all hcl-devopsplan pods. Once you have multiple instances of hcl-devopsplan running, you can perform rolling updates without downtime.

Before you begin

  1. Prepare the cluster for installation of a helm chart.
  2. Check the openssl version that is installed in your environment. It must be version 1.1.1 or later.
    $ openssl version
  OpenSSL 1.1.1s  1 Nov 2022
  3. Make sure that port 443 is not in use.
      netstat -anp | grep 443 | grep LISTEN

Procedure

  1. Install Emissary-ingress into your cluster.
    You can install Emissary-ingress using Helm. For more information, see the Emissary-ingress quick start guide.
    • To install Emissary-ingress into your cluster using Helm:
      # Add the Repo:
helm repo add datawire https://app.getambassador.io
helm repo update
 
# Create Namespace and Install:
kubectl create namespace emissary && \
kubectl apply -f https://app.getambassador.io/yaml/emissary/3.9.1/emissary-crds.yaml
kubectl wait --timeout=90s --for=condition=available deployment emissary-apiext -n emissary-system
helm install emissary-ingress --namespace emissary datawire/emissary-ingress && \
kubectl -n emissary wait --for condition=available --timeout=90s deploy -lapp.kubernetes.io/instance=emissary-ingress
    • Check the emissary resources and make sure that all resources have been deployed and that they are running:
      kubectl get all -n emissary
kubectl get all -n emissary-system
      If emissary-ingress service EXTERNAL-IP is in a pending state, then you must use Port Forwarding to Access Applications in a Cluster.
      kubectl port-forward deployment/emissary-ingress --address [Your_External_IP_Address] 443:8443 -n emissary
  2. Generate Ingress Secrets:
    1. Set values: Set the Ingress Domain address and Namespace name:
      INGRESS_DOMAIN=[Your_External_IP_Address].nip.io
NAMESPACE=[namespace_name]
    2. Create namespace:
      kubectl create namespace $NAMESPACE
    3. Create ingress secrets:
      helm pull devops-plan/hcl-devopsplan-prod --untar \ 
  && chmod +x hcl-devopsplan-prod/files/*.sh \
  && bash hcl-devopsplan/files/certificate.sh -n $NAMESPACE -s ingress $INGRESS_DOMAIN
      To check that the ingress and ingress-ca secrets are created, run the following:
      kubectl get secret -n $NAMESPACE | grep ingress
  3. Install DevOps Plan. 
    helm upgrade --install hcl-devopsplan devops-plan/hcl-devopsplan-prod \
  --namespace $NAMESPACE \
  --set global.imagePullSecret=[secret-name] \
  --set global.certSecretName=ingress \
  --set global.domain=$INGRESS_DOMAIN \
  --set replicaCount=[Number_of_replica]
    Ensure that the ingress URL mapping is created.
    kubectl get mapping -n $NAMESPACE
  4. Run helm status hcl-devopsplan -n devopsplan to retrieve the username and password for the Opensearch Dashboard, Keycloak, and PostgreSQL.
  5. Start the Keycloak home page by using https://hcl-devopsplan-keycloak.$INGRESS_DOMAIN/ and trust the keycloak certificate.
  6. Start the DevOps Plan home page in your browser by using https://hcl-devopsplan.$INGRESS_DOMAIN/.