Initial Kubernetes deployment¶
Prerequisites¶
The steps assume the follow steps described on previous pages have been accomplished:
Created the project on Google Cloud Platform and configured the
gcloudandkubectlapps.Created the cluster and persistent storage.
Customized the configuration files, see Configuring LTD Keeper on Kubernetes.
Step 1. Deploy configurations¶
Deploy the configurations with:
kubectl apply -f keeper-secrets-prod.yaml
kubectl apply -f keeper-config-prod.yaml
kubectl apply -f keeper-tls-secrets.yaml
kubectl apply -f cloudsql-secrets.yaml
You can see they have been deployed with:
kubectl get secrets
kubectl get configmaps
Step 2. Deploy redis¶
kubectl apply -f redis-deployment.yaml
kubectl apply -f redis-service.yaml
Step 3. Deploy the maintenance pod¶
We use a standalone maintenance pod to initialize the database.
Deploy the pod:
kubectl create -f keeper-mgmt-pod.yaml
Watch for the pod to be created with kubectl get pods.
Once it’s ready, log in:
kubectl exec keeper-mgmt -c uwsgi -i -t /bin/bash
From the uwsgi container’s prompt:
FLASK_APP=keeper flask createdb
FLASK_APP=keeper flask init
This will:
Create tables in a blank database.
Seed an administrative user account (based on
default-useranddefault-passwordfields in thekeeper-secretsresource).
exit from the keeper-mgmt shell and then take down the maintenance pod:
kubectl delete pod keeper-mgmt
Wait for the pod to terminate by watching kubectl get pods.
Step 4. Deploy LTD Dasher¶
Deploy LTD Dasher into the same namespace. See https://github.com/lsst-sqre/ltd-dasher.
Step 5. Deploy LTD Keeper¶
As an API server, LTD Keeper is run as a deployment, which is Kubernetes short-hand for a replication controller with Pod templates.
The application server and Celery worker pool are separately-managed deployments:
kubectl create -f keeper-deployment.yaml
kubectl create -f keeper-worker-deployment.yaml
Watch for the deployment to complete:
kubectl get deployments -w
Step 6. Deploy services¶
kubectl apply -f keeper-service.yaml
Step 7. Deploy the Ingress¶
kubectl apply -f ingress.yaml
Watch for the keeper ingress to start up:
kubectl get ingress -w
Once an external IP appears, set the domain’s A record to that IP.
You can now verify that Keeper is serving over HTTPS:
curl https://keeper.lsst.codes/
(Substitute your deployment hostname as necessary.)