Versions Compared

Old Version 5

changes.mady.by.user Adnan Alkallas

Saved on

compared with

New Version 6

changes.mady.by.user Josefin Klang (Deactivated)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This article describes how to deploy the Smart ID Messaging component a Hermod image on Kubernetes.

Prerequisites for

...

Hermod deployment

  • A Kubernetes service subscription where you need to must create and deploy Hermod

  • A public DNS name which devices can reach

  • Matching certificates for the public address

  • An installed/deployed instance of an SQL server, for example, PostgreSQL, Microsoft SQL Server, Maria DB, or Oracle

...

  1. Sign in to Nexus Support portal.

  2. Go to Nexus Smart ID Clients (Personal and Hermod) > Smart ID Messaging  and select a Hermod version to download the *.zip file. 

  3. Unpack the *.zip file.

  4. Open the extracted folder, for example, 3.x.y.RELEASE
    The folder contains the Hermod installation file and a simple-setup file to set up a default configuration. 

  5. Unpack simple-setup.zip

  6. Store Place the docker image somewhere so for on a location where the Kubernetes cluster needs to pull can access and pull the image from.

Create

...

the storage YML file

Edit the file hermod-config with the correct values for your environment. It will be used to store Hermod configuration file.

Expand
titleExample

Example: hermod-config.yml

Code Block
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  annotations:
  finalizers:
  - kubernetes.io/pvc-protection
  name: hermod-config
  namespace: test
spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 1Gi
  storageClassName: default
  volumeMode: Filesystem
  volumeName: hermod-config

Create the Hermod deployment

...

yml file

Edit the file hermod-deployment with the correct values for your environment.

Info

Important! The actual values must match the specific deployment scenarios. The hermod-depoyment code below is only intended as an example. 

Expand
titleExample

Example: hermod-deployment.yml

Code Block
apiVersion: v1
items:
- apiVersion: apps/v1
  kind: Deployment
  metadata:
    annotations:
      deployment.kubernetes.io/revision: "2"
    generation: 3
    labels:
      app: hermod
    name: hermod
    namespace: test
  spec:
    replicas: 1
    revisionHistoryLimit: 2
    selector:
      matchLabels:
        app: hermod
    strategy:
      rollingUpdate:
        maxSurge: 1
        maxUnavailable: 0
      type: RollingUpdate
    template:
      metadata:
        labels:
          app: hermod
          configmap-version: "1"
        annotations:
          prometheus.io/scrape: "true"
          prometheus.io/scheme: "http"
          prometheus.io/path: "prometheus"
          prometheus.io/port: "20400"
        name: hermod
      spec:
        containers:
        - args: 
          image: nexusgocontainerregistry.azurecr.io/nexus-personal/hermod:3.7.0.RELEASE
          imagePullPolicy: Always
          args:
          - --spring.profiles.active=native
          - --spring.datasource.url=${DB_URI}
          - --spring.datasource.username=${DB_USERNAME}
          - --spring.datasource.password=${DB_PASSWORD}
          name: hermod
          ports:
          - containerPort: 20400
            protocol: TCP
          resources: {}
          env:
          - name: JAVA_OPTS
            value: -Xms256m -Xmx512m -XX:MaxMetaspaceSize=512m -XX:CompressedClassSpaceSize=64m
              -Xss256k -Xmn8m -XX:InitialCodeCacheSize=4m -XX:ReservedCodeCacheSize=64m
              -XX:MaxDirectMemorySize=64m
          - name: DB_URI
            valueFrom:
              secretKeyRef:
                key: DB_URI
                name: hermod-secret-test-postgres
          - name: DB_USERNAME
            valueFrom:
              secretKeyRef:
                key: DB_USERNAME
                name: hermod-secret-test-postgres
          - name: DB_PASSWORD
            valueFrom:
              secretKeyRef:
                key: DB_PASSWORD
                name: hermod-secret-test-postgres
          readinessProbe:
            httpGet:
              path: /ms
              port: 20400
            initialDelaySeconds: 20
            timeoutSeconds: 5
            periodSeconds: 30
          securityContext:
            privileged: false         
            runAsNonRoot: true
            runAsUser: 1000
          terminationMessagePath: /dev/termination-log
          volumeMounts:
            - name: hermod-config
              mountPath: /home/docker/config
        volumes:
        - name: hermod-config
          configMap:
            name: hermod
        dnsPolicy: ClusterFirst
        restartPolicy: Always
        securityContext: {}
        terminationGracePeriodSeconds: 30
kind: List
metadata: {}
resourceVersion: ""
selfLink: ""

Create the Hermod configuration

...

yml file

Edit the file hermod-configuration with the correct values for your environment.

Info

Important!  The actual values must match the specific deployment scenarios such as configure clientId, public URL, TLS/SSL and url, username, password for the specified database. The code below is only intended as an example. 

Expand
titleExample

Example: hermod-configuration.yml

Code Block
kind: ConfigMap
apiVersion: v1
metadata:
  name: hermod
  namespace: test
data:
  application.yml: |-

    logging:
      level:
        org.springframework.context.annotation.AnnotationConfigApplicationContext: ERROR
        org.springframework.boot.SpringApplication: ERROR
        org.springframework.cloud.config.client: ERROR
        org.springframework.web.reactive.function.client.WebClient: TRACE
        com.netflix: INFO
        reactor.netty.http.client: TRACE
        com.nexusgroup: TRACE
        com.relayrides: INFO
        org.mongodb.driver: TRACE
        com.nexusgroup.plugout.message.server.filters.VersionHttpFilter: ERROR
        com.nexusgroup.cod.hermod.service.MessagePlugoutService: ERROR
        org.hibernate.stat: DEBUG
        #org.apache.http: TRACE
      pattern:
        console: "%d{yyyy-MM-dd}T%d{HH:mm:ss.SSS}Z ${LOG_LEVEL_PATTERN:- %5p} [%t] %-40.40logger{39} [%mdc] : %m%n${LOG_EXCEPTION_CONVERSION_WORD:%wEx}"
    
    server:
      servlet:
        context-path: /
      error:
        include-message: always
        include-binding-errors: never
        include-stacktrace: never
        include-exception: false

    springdoc:
      override-with-generic-response: false
      api-docs:
        enabled: false
      swagger-ui:
        enabled: false

    spring:
    
      jpa:
        properties:
          hibernate:
            show-sql: false
            format-sql: true
            generate-statistics: false
        hibernate:
          ddl-auto: validate
      cloud:
        kubernetes:
          reload:
            enabled: true
    management:
      info:
        env:
          enabled: true
      endpoints:
        web:
          exposure:
            include: health, info, refresh, prometheus
      endpoint:
        prometheus:
          enabled: true

    application:

      rest:
        client:
          keep-a-live-timeout: -1
          connection-timeout: 8

      hermod:
    
        scheduler:
          exec:
            threads: 100

        rest:
          uribase:
          hide-exceptions: false

        # Hide sensitive/long data in event logs?
        events:
          hide-sensitive: true
    
        # All clients have moved to HermodCfg server. Use the scripts in ../hermodcfg/ to add/modify/list
        allowed-clients:
          # X-Api-Key: aGVybW9kLXRlc3Q6NzliNjU3NTA4Nzc3NDA4YmE0MDZmMzU0M2NhODdmYWRiNzQyY2Y2Yzc2MTM0NzQxODlkYmVmMjk1YTI1MjMyYw==
          - client-id: hermod-test
            key: 56UGzk8qZm67YDhkzwuEfpYkLMubram8P9KryXGG9PEa76Xnku5Z6B7c8MKAf66X
            # Optional username:password to be supplied for basic authentication in callbacks
            # callback-basic-auth: username:password
            # The callback URL base for this specific client
            callback-url: http://hermod:20400
    
    
        # Message server library settings
        message-server-library:
    
          # Make sure you also change the certificates above
           public-url: https://<my-hermod-server>:20400/ms

Create the Hermod service

...

yml file

Edit the file hermod-service with the correct values for your environment.

Expand
titleExample

Example: hermod-service.yml

Code Block
apiVersion: v1
items:
- apiVersion: v1
  kind: Service
  metadata:
    labels:
      app: hermod
    name: hermod
    namespace: test
  spec:
    ports:
    - nodePort: 30400
      port: 20400
      protocol: TCP
      targetPort: 20400
    selector:
      app: hermod
    sessionAffinity: None
    type: NodePort
kind: List
metadata: {}
resourceVersion: ""
selfLink: ""

Optional: Create the Hermod

...

database secret YML file

...

Edit the file hermod-secret with the correct values for your environment.

Expand
titleExample

Example: hermod-secret.yml

Code Block
apiVersion: v1
data:
  DB_URI: amRiYzpzcWxzZXJ2ZXI6Ly9uZ2F6LWRldnNxbDAxZC5kYXRhYmFzZS53aW5kb3dzLm5ldDoxNDMzO2RhdGFiYXNlPWhlcm1vZC1kZXY7dXNlcj1oZXJtb2R1c2VyO3Bhc3N3b3JkPWNvZGEhUUFaeHN3MjtlbmNyeXB0PXRydWU7dHJ1c3RTZXJ2ZXJDZXJ0aWZpY2F0ZT1mYWxzZTtob3N0TmFtZUluQ2VydGlmaWNhdGU9Ki5kYXRhYmFzZS53aW5kb3dzLm5ldDtsb2dpblRpbWVvdXQ9MzA7Cg==
kind: Secret
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"v1","data":{"DB_URI":"amRiYzpzcWxzZXJ2ZXI6Ly9uZ2F6LWRldnNxbDAxZC5kYXRhYmFzZS53aW5kb3dzLm5ldDoxNDMzO2RhdGFiYXNlPWhlcm1vZC1kZXY7dXNlcj1oZXJtb2R1c2VyO3Bhc3N3b3JkPWNvZGEhUUFaeHN3MjtlbmNyeXB0PXRydWU7dHJ1c3RTZXJ2ZXJDZXJ0aWZpY2F0ZT1mYWxzZTtob3N0TmFtZUluQ2VydGlmaWNhdGU9Ki5kYXRhYmFzZS53aW5kb3dzLm5ldDtsb2dpblRpbWVvdXQ9MzA7Cg=="},"kind":"Secret","metadata":{"annotations":{},"name":"hermod-secret","namespace":"default"}}
  name: hermod-secret
  namespace: test
type: Opaque

...

Deploy yml files

You can deploy Yml the yml files on Kubernetes by using the following command:
kubectl --kubeconfig <kubernetes-config> apply -f <file_name>.yml

...