All docs This doc
Skip to end of metadata
Go to start of metadata


Setting up a basic pipeline for WSO2 Identity Server on Kubernetes is quick and simple.

Before you begin to develop your pipeline, set up the following prerequisites in a running Kubernetes cluster.

Prerequisites

  • Install and set up Helm (Supported version 2.14.3)

  • Install  Nginx Ingress Controller Git release nginx-0.22.0

Deploy the CI/CD pipeline

  1. Download the values.yaml file and replace the  following placeholders with relevant values 
    • <REGISTRY_USERNAME> - Docker organization name.
    • <REGISTRY_PASSWORD> - Docker password.
    • <REGISTRY_EMAIL> - Email address of Docker organization.
    • <EMAIL> - Email address notifications should be sent to in case of failure.
    • <GITHUB_USERNAME> - GitHub username
    • <GITHUB_PASSWORD> - GitHub password or token
  2. Add the WSO2 helm repository.

    $ helm repo add wso2 https://helm.wso2.com
    $ helm repo update
  3. Install the pipeline Helm chart by pointing to the updated values-is-pattern-1.yaml file.

    $ helm install --name <RELEASE_NAME> wso2/kubernetes-pipeline --version 1.0.0 -f values-is-pattern-1.yaml --namespace <NAMESPACE>
    Warning: The installation may take up to 10 minutes.
    In following steps, example.com refers to the default domain name. If the default host has been overridden, change the domain name accordingly.
  4. Obtain the external IP (`EXTERNAL-IP`) of the Ingress resources by listing down the Kubernetes Ingresses.

    $ kubectl get ing -n <NAMESPACE>
    NAME  HOSTS   ADDRESS PORTSAGE
    <RELEASE_NAME>-grafanagrafana.example.com<EXTERNAL_IP>8020m
    <RELEASE_NAME>-kibana kibana.example.com<EXTERNAL_IP>8020m
    <RELEASE_NAME>-spinnaker-deckspinnaker.example.com<EXTERNAL_IP>80, 443 20m
    <RELEASE_NAME>-spinnaker-gate gate.spinnaker.example.com<EXTERNAL_IP>80, 443 20m
    jenkins-ingress jenkins.example.com<EXTERNAL_IP>80, 443 20m
  5. Add the above hosts as an entry in /etc/hosts as follows and save the file

    <EXTERNAL_IP>  grafana.example.com kibana.example.com spinnaker.example.com jenkins.example.com
  6. Navigate to the following URLs on any web browser:

What’s next:

Prerequisites:

  1. Create and upload an SSL certificate to AWS, which is required to initiate the SSL handshake for HTTPS. Please see AWS Load Balancing documentation for further details.

  2. Create a key pair for the desired region, which is required to SSH to instances. (Skip this step if you want to use an existing key pair) See Amazon EC2 Key Pairs document for further details.

  3. Create an IAM role and attach policy created in Step4.
  4. A first-time AWS user should have a policy created to set permissions when creating a  pipeline. 

    To create a policy follow the below steps.

    1. Go to IAM service console in AWS. 
    2. Click on Policies and then click on Create policy.
    3. When page load switch to JSON tab
    4. Copy-paste the below JSON code.
    5. Click on review policy button



JSON CODE BLOCK
"Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "iam:CreateServiceLinkedRole",
            "Resource": "*",
            "Condition": {
                "StringLike": {
                    "iam:AWSServiceName": [
                        "rds.amazonaws.com",
                        "rds.application-autoscaling.amazonaws.com"
                    ]
                }
            }
        },
        {
            "Effect": "Allow",
            "Action": "iam:CreateServiceLinkedRole",
            "Resource": "*",
            "Condition": {
                "StringEquals": {
                    "iam:AWSServiceName": [
                        "autoscaling.amazonaws.com",
                        "ec2scheduled.amazonaws.com",
                        "elasticloadbalancing.amazonaws.com",
                        "spot.amazonaws.com",
                        "spotfleet.amazonaws.com",
                        "transitgateway.amazonaws.com"
                    ]
                }
            }
        },
        {
            "Effect": "Allow",
            "Action": [
                "ec2:AuthorizeSecurityGroupIngress",
                "ec2:DescribeAddresses",
                "ec2:DescribeInstances",
                "rds:*",
                "elasticfilesystem:CreateFileSystem",
                "ec2:CreateKeyPair",
                "ec2:DescribeInstanceAttribute",
                "logs:DescribeLogStreams",
                "s3:Get*",
                "sns:ListTopics",
                "s3:CreateBucket",
                "autoscaling:*",
                "s3:List*",
                "ec2:DescribePlacementGroups",
                "ec2:DescribeInternetGateways",
                "sns:Publish",
                "ec2:DescribeNetworkInterfaces",
                "ec2:DescribeAvailabilityZones",
                "ec2:CreateSecurityGroup",
                "logs:GetLogEvents",
                "ec2:DescribeAccountAttributes",
                "ec2:DescribeKeyPairs",
                "ec2:DescribeRouteTables",
                "ec2:ImportKeyPair",
                "iam:ListRoles",
                "cloudformation:*",
                "ec2:DescribeClassicLinkInstances",
                "elasticloadbalancing:*",
                "sns:ListSubscriptions",
                "ec2:DescribeSecurityGroups",
                "ec2:DescribeVpcClassicLink",
                "cloudformation:DescribeStacks",
                "ec2:DescribeImages",
                "s3:PutObject",
                "ec2:DescribeVpcs",
                "ec2:*",
                "ec2:DescribeSubnets"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "elasticfilesystem:ModifyMountTargetSecurityGroups",
                "elasticfilesystem:DescribeMountTargets",
                "elasticfilesystem:Restore",
                "elasticfilesystem:CreateTags",
                "elasticfilesystem:DeleteTags",
                "elasticfilesystem:DescribeTags",
                "elasticfilesystem:CreateMountTarget",
                "elasticfilesystem:Backup",
                "elasticfilesystem:DeleteMountTarget",
                "elasticfilesystem:DescribeFileSystems",
                "elasticfilesystem:DeleteFileSystem",
                "elasticfilesystem:DescribeMountTargetSecurityGroups",
                "elasticfilesystem:UpdateFileSystem"
            ],
            "Resource": "arn:aws:elasticfilesystem:*:*:file-system/*"
        }
    ]
}


Installation:

  1. Login to AWS Console. 

  2. Navigate to AWS Cloudformation page. Click on "Create Stack"

  3. Use the Amazon S3 URL[ https://aws-cicd-jenkins-templates.s3.amazonaws.com/wso2is-5.8.0-quickStart.yaml] on  "Create stack" page. 

  4.  Click the “Next” button. 

  5. Specify the stack details. Leave values filled by default. Give an appropriate name for the stack and fill in the required values under the ‘Parameter’ Heading

    • Cluster Configuration: Mandatory to fill all the fields here. Add the IAM role name created in prerequisites section[3] for IAM Role field.

    • Database Configuration: Enter the database username and password. This will be used to create the login for RDS instance

    • WSO2 Subscription Credentials: You may skip this if you do not have a valid WSO2 subscription or if you do not require wum updates.

    • SSL Certificate Name: Add the SSL Certificate name created in the prerequisites section[1].

    • Key Pair Name: Add the key pair created in the prerequisites section[2].

    • Jenkins console login Password: Enter a password to login to the Jenkins console

    • Email:  Better to include email to  receive notifications on pipeline

    Once you have filled in the required fields, click “Next” and proceed with ‘Configure stack options’ options. Once you have completed, click the “Next” button, review your stack information thoroughly and Edit if needed, and click “Create stack”.

  6. It might take a few minutes (~8 minutes) to create the stack. Once the status of the stack changes to CREATE_COMPLETE, click the "Output" tab to get the JenkinsConsoleURL.

  7. Log in to the JenkinsConsoleURL with the password you provided in Step 02 under Jenkins console login Password . The default username is admin

    After you have logged in, click on the job wso2is-5.8.0. Click “Run” on the pop-up window to start the pipeline for configured product and its current version.

  8. You can view the pipeline progress under the pipeline tab in the view.  Each step will be displayed with relevant logs. 

    Approve and select “OK” on the “Approve Staging” stage pop-up to deploy the product into the staging environment. Once the deployment to staging is completed Approve and select “OK” on the “Approve Production” stage pop-up to deploy the product into the production environment.

    Once the deployment to environments is complete, you will be able to see three stacks, namely ‘dev’, ‘staging’ and ‘prod’ on your AWS Cloudformation console. Click on the "Outputs" tab of each stack to get the Management Console URL of each environment.


What’s next:

  • No labels