Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

This article describes how to deploy a Hermod image on Kubernetes.

Prerequisites for Hermod deployment

  • A Kubernetes service subscription where you must create and deploy Hermod

  • A public DNS name which devices can reach

  • Matching certificates for the public address

  • An installed/deployed instance of an SQL server, for example, PostgreSQL, Microsoft SQL Server, Maria DB, or Oracle

Step-by-step instruction

Download the Hermod docker image and file structure

  1. Sign in to Nexus Support portal.

  2. Go to Nexus Smart ID Clients (Personal and Hermod) > Smart ID Messaging  and select a Hermod version to download the *.zip file. 

  3. Unpack the *.zip file.

  4. Open the extracted folder, for example, 3.x.y.RELEASE
    The folder contains the Hermod installation file and a simple-setup file to set up a default configuration. 

  5. Unpack simple-setup.zip

  6. Place the docker image on a location where the Kubernetes cluster can access and pull the image from.

Create the storage YML file

Edit the file hermod-config with the correct values for your environment. It will be used to store Hermod configuration file.

 Example

Example: hermod-config.yml

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  annotations:
  finalizers:
  - kubernetes.io/pvc-protection
  name: hermod-config
  namespace: test
spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 1Gi
  storageClassName: default
  volumeMode: Filesystem
  volumeName: hermod-config

Create the Hermod deployment yml file

Edit the file hermod-deployment with the correct values for your environment.

Important! The actual values must match the specific deployment scenarios. The hermod-depoyment code below is only intended as an example. 

 Example

Example: hermod-deployment.yml

apiVersion: v1
items:
- apiVersion: apps/v1
  kind: Deployment
  metadata:
    annotations:
      deployment.kubernetes.io/revision: "2"
    generation: 3
    labels:
      app: hermod
    name: hermod
    namespace: test
  spec:
    replicas: 1
    revisionHistoryLimit: 2
    selector:
      matchLabels:
        app: hermod
    strategy:
      rollingUpdate:
        maxSurge: 1
        maxUnavailable: 0
      type: RollingUpdate
    template:
      metadata:
        labels:
          app: hermod
          configmap-version: "1"
        annotations:
          prometheus.io/scrape: "true"
          prometheus.io/scheme: "http"
          prometheus.io/path: "prometheus"
          prometheus.io/port: "20400"
        name: hermod
      spec:
        containers:
        - args: 
          image: nexusgocontainerregistry.azurecr.io/nexus-personal/hermod:3.7.0.RELEASE
          imagePullPolicy: Always
          args:
          - --spring.profiles.active=native
          - --spring.datasource.url=${DB_URI}
          - --spring.datasource.username=${DB_USERNAME}
          - --spring.datasource.password=${DB_PASSWORD}
          name: hermod
          ports:
          - containerPort: 20400
            protocol: TCP
          resources: {}
          env:
          - name: JAVA_OPTS
            value: -Xms256m -Xmx512m -XX:MaxMetaspaceSize=512m -XX:CompressedClassSpaceSize=64m
              -Xss256k -Xmn8m -XX:InitialCodeCacheSize=4m -XX:ReservedCodeCacheSize=64m
              -XX:MaxDirectMemorySize=64m
          - name: DB_URI
            valueFrom:
              secretKeyRef:
                key: DB_URI
                name: hermod-secret-test-postgres
          - name: DB_USERNAME
            valueFrom:
              secretKeyRef:
                key: DB_USERNAME
                name: hermod-secret-test-postgres
          - name: DB_PASSWORD
            valueFrom:
              secretKeyRef:
                key: DB_PASSWORD
                name: hermod-secret-test-postgres
          readinessProbe:
            httpGet:
              path: /ms
              port: 20400
            initialDelaySeconds: 20
            timeoutSeconds: 5
            periodSeconds: 30
          securityContext:
            privileged: false         
            runAsNonRoot: true
            runAsUser: 1000
          terminationMessagePath: /dev/termination-log
          volumeMounts:
            - name: hermod-config
              mountPath: /home/docker/config
        volumes:
        - name: hermod-config
          configMap:
            name: hermod
        dnsPolicy: ClusterFirst
        restartPolicy: Always
        securityContext: {}
        terminationGracePeriodSeconds: 30
kind: List
metadata: {}
resourceVersion: ""
selfLink: ""

Create the Hermod configuration yml file

Edit the file hermod-configuration with the correct values for your environment.

Important!  The actual values must match the specific deployment scenarios such as configure clientId, public URL, TLS/SSL and url, username, password for the specified database. The code below is only intended as an example. 

 Example

Example: hermod-configuration.yml

kind: ConfigMap
apiVersion: v1
metadata:
  name: hermod
  namespace: test
data:
  application.yml: |-

    logging:
      level:
        org.springframework.context.annotation.AnnotationConfigApplicationContext: ERROR
        org.springframework.boot.SpringApplication: ERROR
        org.springframework.cloud.config.client: ERROR
        org.springframework.web.reactive.function.client.WebClient: TRACE
        com.netflix: INFO
        reactor.netty.http.client: TRACE
        com.nexusgroup: TRACE
        com.relayrides: INFO
        org.mongodb.driver: TRACE
        com.nexusgroup.plugout.message.server.filters.VersionHttpFilter: ERROR
        com.nexusgroup.cod.hermod.service.MessagePlugoutService: ERROR
        org.hibernate.stat: DEBUG
        #org.apache.http: TRACE
      pattern:
        console: "%d{yyyy-MM-dd}T%d{HH:mm:ss.SSS}Z ${LOG_LEVEL_PATTERN:- %5p} [%t] %-40.40logger{39} [%mdc] : %m%n${LOG_EXCEPTION_CONVERSION_WORD:%wEx}"
    
    server:
      servlet:
        context-path: /
      error:
        include-message: always
        include-binding-errors: never
        include-stacktrace: never
        include-exception: false

    springdoc:
      override-with-generic-response: false
      api-docs:
        enabled: false
      swagger-ui:
        enabled: false

    spring:
    
      jpa:
        properties:
          hibernate:
            show-sql: false
            format-sql: true
            generate-statistics: false
        hibernate:
          ddl-auto: validate
      cloud:
        kubernetes:
          reload:
            enabled: true
    management:
      info:
        env:
          enabled: true
      endpoints:
        web:
          exposure:
            include: health, info, refresh, prometheus
      endpoint:
        prometheus:
          enabled: true

    application:

      rest:
        client:
          keep-a-live-timeout: -1
          connection-timeout: 8

      hermod:
    
        scheduler:
          exec:
            threads: 100

        rest:
          uribase:
          hide-exceptions: false

        # Hide sensitive/long data in event logs?
        events:
          hide-sensitive: true
    
        allowed-clients:
          # X-Api-Key: aGVybW9kLXRlc3QtY2xpZW50Ojc5YjY1NzUwODc3NzQwOGJhNDA2ZjM1NDNjYTg3ZmFkYjc0MmNmNmM3NjEzNDc0MTg5ZGJlZjI5NWEyNTIzMmM=
          - client-id: hermod-test-client
            key: 56UGzk8qZm67YDhkzwuEfpYkLMubram8P9KryXGG9PEa76Xnku5Z6B7c8MKAf66X
            # Optional username:password to be supplied for basic authentication in callbacks
            # callback-basic-auth: username:password
            # The callback URL base for this specific client
            callback-url: http://hermod:20400
    
    
        # Message server library settings
        message-server-library:
    
          
           public-url: https://<my-hermod-server>:20400/ms

Create the Hermod service yml file

Edit the file hermod-service with the correct values for your environment.

 Example

Example: hermod-service.yml

apiVersion: v1
items:
- apiVersion: v1
  kind: Service
  metadata:
    labels:
      app: hermod
    name: hermod
    namespace: test
  spec:
    ports:
    - nodePort: 30400
      port: 20400
      protocol: TCP
      targetPort: 20400
    selector:
      app: hermod
    sessionAffinity: None
    type: NodePort
kind: List
metadata: {}
resourceVersion: ""
selfLink: ""

Optional: Create the Hermod database secret YML file

Edit the file hermod-secret with the correct values for your environment.

 Example

Example: hermod-secret.yml

apiVersion: v1
data:
  DB_URI: amRiYzpzcWxzZXJ2ZXI6Ly9uZ2F6LWRldnNxbDAxZC5kYXRhYmFzZS53aW5kb3dzLm5ldDoxNDMzO2RhdGFiYXNlPWhlcm1vZC1kZXY7dXNlcj1oZXJtb2R1c2VyO3Bhc3N3b3JkPWNvZGEhUUFaeHN3MjtlbmNyeXB0PXRydWU7dHJ1c3RTZXJ2ZXJDZXJ0aWZpY2F0ZT1mYWxzZTtob3N0TmFtZUluQ2VydGlmaWNhdGU9Ki5kYXRhYmFzZS53aW5kb3dzLm5ldDtsb2dpblRpbWVvdXQ9MzA7Cg==
kind: Secret
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"v1","data":{"DB_URI":"amRiYzpzcWxzZXJ2ZXI6Ly9uZ2F6LWRldnNxbDAxZC5kYXRhYmFzZS53aW5kb3dzLm5ldDoxNDMzO2RhdGFiYXNlPWhlcm1vZC1kZXY7dXNlcj1oZXJtb2R1c2VyO3Bhc3N3b3JkPWNvZGEhUUFaeHN3MjtlbmNyeXB0PXRydWU7dHJ1c3RTZXJ2ZXJDZXJ0aWZpY2F0ZT1mYWxzZTtob3N0TmFtZUluQ2VydGlmaWNhdGU9Ki5kYXRhYmFzZS53aW5kb3dzLm5ldDtsb2dpblRpbWVvdXQ9MzA7Cg=="},"kind":"Secret","metadata":{"annotations":{},"name":"hermod-secret","namespace":"default"}}
  name: hermod-secret
  namespace: test
type: Opaque

Deploy yml files

You can deploy the yml files on Kubernetes by using the following command:
kubectl --kubeconfig <kubernetes-config> apply -f <file_name>.yml

  • No labels