From c0fab739b7674ee3e0ea62752c20e0dc7f3dcdbb Mon Sep 17 00:00:00 2001 From: Jason Boxman Date: Wed, 11 Sep 2024 22:22:29 -0400 Subject: [PATCH 01/16] Add basic Kubernetes installation documentation - https://seqera.atlassian.net/browse/EDU-301 --- .../version-24.1/enterprise/kubernetes-minimal-install.mdx | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 platform_versioned_docs/version-24.1/enterprise/kubernetes-minimal-install.mdx diff --git a/platform_versioned_docs/version-24.1/enterprise/kubernetes-minimal-install.mdx b/platform_versioned_docs/version-24.1/enterprise/kubernetes-minimal-install.mdx new file mode 100644 index 00000000..8467689a --- /dev/null +++ b/platform_versioned_docs/version-24.1/enterprise/kubernetes-minimal-install.mdx @@ -0,0 +1,7 @@ +--- +title: Install Seqera Platform on Kubernetes +description: Deploy Seqera Platform Enterprise with Kubernetes +date: "11 Sep 2024" +tags: [kubernetes, deployment] +--- + From 968486bd987d54c4447ec1a1213c9fc901247f23 Mon Sep 17 00:00:00 2001 From: Jason Boxman Date: Wed, 11 Sep 2024 23:33:57 -0400 Subject: [PATCH 02/16] Add CLI output --- .../enterprise/kubernetes-minimal-install.mdx | 202 ++++++++++++++++++ 1 file changed, 202 insertions(+) diff --git a/platform_versioned_docs/version-24.1/enterprise/kubernetes-minimal-install.mdx b/platform_versioned_docs/version-24.1/enterprise/kubernetes-minimal-install.mdx index 8467689a..1f83365b 100644 --- a/platform_versioned_docs/version-24.1/enterprise/kubernetes-minimal-install.mdx +++ b/platform_versioned_docs/version-24.1/enterprise/kubernetes-minimal-install.mdx @@ -5,3 +5,205 @@ date: "11 Sep 2024" tags: [kubernetes, deployment] --- +This installation guide describes how to install Seqera Platform on a Kubernetes cluster. + +## Prerequisites + +The following prerequisites are required to deploy Seqera on a Kubernetes cluster. + +- A Kubernetes cluster version 1.30.2 or newer +- The `kubectl` CLI is installed locally +- Access to the cluster with the `cluster-admin` role + +## Create a namespace + +``` +kubectl create namespace seqera-platform +``` + +```js file=./_templates/k8s/redis.aks.yml showLineNumbers +``` + +Output: + +``` +namespace/seqera-platform created +``` + +``` +kubectl config set-context --current --namespace=seqera-platform +``` + +Output: + +``` +Context "default" modified. +``` + +## Configure container registry credentials + +``` +kubectl create secret docker-registry cr.seqera.io \ + --docker-server=cr.seqera.io \ + --docker-username='' \ + --docker-password='' +``` + +``` +secret/cr.seqera.io created +``` + +``` +kubectl get secrets cr.seqera.io +``` + +``` +NAME TYPE DATA AGE +cr.seqera.io kubernetes.io/dockerconfigjson 1 26s +``` + +## Configure Seqera Platform + + +``` +kubectl apply -f configmap.yml +configmap/tower-backend-cfg created +configmap/tower-yml created +``` + +## Deploy a Redis instance + +``` +kubectl apply -f redis.yml +persistentvolumeclaim/redis-data unchanged +statefulset.apps/redis unchanged +service/redis unchanged +``` + +## Deploy a MySQL instance + +``` +kubectl create -f mysql.yml +persistentvolumeclaim/mysql-pvc created +statefulset.apps/mysql created +service/mysql created +``` + +## Deploy Seqera cron deployment + +``` +kubectl apply -f tower-cron.yml +``` + +``` +kubectl rollout status deployment/cron +deployment "cron" successfully rolled out +``` + +## Deploy Seqera frontend and backend deployments + +```bash +kubectl apply -f tower-svc.yml +``` + +``` +deployment.apps/backend configured +deployment.apps/frontend configured +service/backend configured +service/frontend configured +``` + +## Create a new user account + +``` +kubectl port-forward services/frontend 8080:80 +Forwarding from 127.0.0.1:8080 -> 8000 +Forwarding from [::1]:8080 -> 8000 +``` + +Access the Platform UI. Enter your email address. + +``` +kubectl port-forward services/mailcatcher 1080 +``` + +Open the authentication email with the subject _Complete your sign-in to Seqera_ and select **Complete sign-in**. Seqera creates the initial administrator account and ties it to your email address. + +## Next steps + +- Configure OpenID Connect (OIDC) for seamless integration with your identify provider +- Configure ingress for your public cloud provider for load balancing and TLS termination +- Configure access to your organization's email server + +## Parking + +``` +kubectl create namespace seqera-platform +namespace/seqera-platform created + +kubectl config set-context --current --namespace=seqera-platform +Context "docker-desktop" modified. + +kubectl create secret docker-registry cr.seqera.io \ + --docker-server=cr.seqera.io \ + --docker-username='jason.boxman@seqera.io' \ + --docker-password='' +secret/cr.seqera.io created + +kubectl get secrets cr.seqera.io +NAME TYPE DATA AGE +cr.seqera.io kubernetes.io/dockerconfigjson 1 26s + +kubectl apply -f configmap.yml +configmap/tower-backend-cfg created +configmap/tower-yml created + +kubectl create -f mysql.yml +persistentvolumeclaim/mysql-pvc created +statefulset.apps/mysql created +service/mysql-headless created + +# Try this because next step is required +kubectl rollout status deployment/cron +deployment "cron" successfully rolled out + +kubectl port-forward services/frontend 8080:80 +Forwarding from 127.0.0.1:8080 -> 8000 +Forwarding from [::1]:8080 -> 8000 + +kubectl port-forward services/mailcatcher 1080 +``` + +``` +kubectl get all +NAME READY STATUS RESTARTS AGE +pod/backend-69d554df9d-ptsjn 1/1 Running 0 22h +pod/cron-564c846f7c-79pl6 1/1 Running 0 8h +pod/frontend-c768bbf7f-dxj7g 1/1 Running 0 36h +pod/mailcatcher 1/1 Running 0 8h +pod/mysql-0 1/1 Running 0 37h +pod/redis-0 1/1 Running 0 23m + +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE +service/backend ClusterIP 10.96.179.57 8080/TCP 37h +service/frontend ClusterIP 10.103.127.27 80/TCP 37h +service/mailcatcher ClusterIP 10.96.207.80 587/TCP,1080/TCP 8h +service/mysql ClusterIP None 3306/TCP 37h +service/redis ClusterIP 10.111.114.163 6379/TCP 2d5h +service/smtp ClusterIP 10.104.195.72 587/TCP 24h + +NAME READY UP-TO-DATE AVAILABLE AGE +deployment.apps/backend 1/1 1 1 37h +deployment.apps/cron 1/1 1 1 37h +deployment.apps/frontend 1/1 1 1 36h + +NAME DESIRED CURRENT READY AGE +replicaset.apps/backend-69d554df9d 1 1 1 37h +replicaset.apps/cron-564c846f7c 1 1 1 37h +replicaset.apps/frontend-6d88cdb487 0 0 0 36h +replicaset.apps/frontend-c768bbf7f 1 1 1 36h + +NAME READY AGE +statefulset.apps/mysql 1/1 37h +statefulset.apps/redis 1/1 2d5h +``` \ No newline at end of file From 26658fd4a35207d3e8c9a0202158e44544ba7cc9 Mon Sep 17 00:00:00 2001 From: Jason Boxman Date: Thu, 12 Sep 2024 11:50:18 -0400 Subject: [PATCH 03/16] Add variables --- .../enterprise/kubernetes-minimal-install.mdx | 45 +++++++++++++++++-- 1 file changed, 42 insertions(+), 3 deletions(-) diff --git a/platform_versioned_docs/version-24.1/enterprise/kubernetes-minimal-install.mdx b/platform_versioned_docs/version-24.1/enterprise/kubernetes-minimal-install.mdx index 1f83365b..da6a0ee8 100644 --- a/platform_versioned_docs/version-24.1/enterprise/kubernetes-minimal-install.mdx +++ b/platform_versioned_docs/version-24.1/enterprise/kubernetes-minimal-install.mdx @@ -62,8 +62,47 @@ NAME TYPE DATA AGE cr.seqera.io kubernetes.io/dockerconfigjson 1 26s ``` +``` +kubectl run pull-test --restart=Never --image-pull-policy=Always \ + --image cr.seqera.io/private/nf-tower-enterprise/backend:v24.1.4 + --command \ + --overrides='{ "spec": { "imagePullSecrets": [ { "name": "cr.seqera.io" } ] } }' \ + --override-type=strategic -- /bin/true +``` + +``` +pod/pull-test created +``` + +``` +kubectl get pods/pull-test -o=custom-columns=NAME:.metadata.name,STATUS:.status.phase +NAME STATUS +``` + +``` +pull-test Succeeded +``` + ## Configure Seqera Platform +TOWER_ROOT_USERS + +TOWER_SERVER_URL: "http://localhost:8080" +TOWER_CONTACT_EMAIL: "" +TOWER_JWT_SECRET: "" +TOWER_DB_URL: jdbc:mysql://mysql:3306/tower?permitMysqlScheme=true +TOWER_DB_DRIVER: "org.mariadb.jdbc.Driver" +TOWER_DB_USER: "tower" +TOWER_DB_PASSWORD: "tower" +TOWER_DB_DIALECT: "io.seqera.util.MySQL55DialectCollateBin" +TOWER_SMTP_HOST: "" +TOWER_SMTP_USER: "" +TOWER_SMTP_PASSWORD: "" +TOWER_CRYPTO_SECRETKEY: "" +TOWER_LICENSE: "" +TOWER_ENABLE_PLATFORMS: "local-platform" +FLYWAY_LOCATIONS: "classpath:db-schema/mysql" +TOWER_REDIS_URL: "redis://redis:6379" ``` kubectl apply -f configmap.yml @@ -75,9 +114,9 @@ configmap/tower-yml created ``` kubectl apply -f redis.yml -persistentvolumeclaim/redis-data unchanged -statefulset.apps/redis unchanged -service/redis unchanged +persistentvolumeclaim/redis-data created +statefulset.apps/redis created +service/redis created ``` ## Deploy a MySQL instance From 21a019afca6f56f20b0c2541e851c3e61d4ff5fc Mon Sep 17 00:00:00 2001 From: Jason Boxman Date: Thu, 12 Sep 2024 12:51:53 -0400 Subject: [PATCH 04/16] Revise --- .../enterprise/kubernetes-minimal-install.mdx | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/platform_versioned_docs/version-24.1/enterprise/kubernetes-minimal-install.mdx b/platform_versioned_docs/version-24.1/enterprise/kubernetes-minimal-install.mdx index da6a0ee8..a9f07cc4 100644 --- a/platform_versioned_docs/version-24.1/enterprise/kubernetes-minimal-install.mdx +++ b/platform_versioned_docs/version-24.1/enterprise/kubernetes-minimal-install.mdx @@ -63,9 +63,8 @@ cr.seqera.io kubernetes.io/dockerconfigjson 1 26s ``` ``` -kubectl run pull-test --restart=Never --image-pull-policy=Always \ - --image cr.seqera.io/private/nf-tower-enterprise/backend:v24.1.4 - --command \ +kubectl run pull-test --command --restart=Never --image-pull-policy=Always \ + --image cr.seqera.io/private/nf-tower-enterprise/backend:v24.1.4 \ --overrides='{ "spec": { "imagePullSecrets": [ { "name": "cr.seqera.io" } ] } }' \ --override-type=strategic -- /bin/true ``` @@ -85,8 +84,11 @@ pull-test Succeeded ## Configure Seqera Platform +Configure the following environment variables. For more information about Seqera configuration options, see [Configuration overview](./configuration/overview.mdx). + TOWER_ROOT_USERS +``` TOWER_SERVER_URL: "http://localhost:8080" TOWER_CONTACT_EMAIL: "" TOWER_JWT_SECRET: "" @@ -103,6 +105,7 @@ TOWER_LICENSE: "" TOWER_ENABLE_PLATFORMS: "local-platform" FLYWAY_LOCATIONS: "classpath:db-schema/mysql" TOWER_REDIS_URL: "redis://redis:6379" +``` ``` kubectl apply -f configmap.yml @@ -112,6 +115,8 @@ configmap/tower-yml created ## Deploy a Redis instance +Need to confirm provider storage class. + ``` kubectl apply -f redis.yml persistentvolumeclaim/redis-data created From 2ae70468e253f3a244726278162c9618379c588e Mon Sep 17 00:00:00 2001 From: Jason Boxman Date: Fri, 13 Sep 2024 00:07:19 -0400 Subject: [PATCH 05/16] Add Kubernetes installation instructions --- .../_templates/k8s/k8s_min/configmap.yml | 57 ++ .../_templates/k8s/k8s_min/mailcatcher.yml | 32 + .../_templates/k8s/k8s_min/mysql.yml | 73 +++ .../_templates/k8s/k8s_min/redis.yml | 59 ++ .../_templates/k8s/k8s_min/tower-cron.yml | 61 ++ .../_templates/k8s/k8s_min/tower-svc.yml | 116 ++++ .../enterprise/kubernetes-minimal-install.mdx | 583 +++++++++++------- 7 files changed, 772 insertions(+), 209 deletions(-) create mode 100644 platform_versioned_docs/version-24.1/enterprise/_templates/k8s/k8s_min/configmap.yml create mode 100644 platform_versioned_docs/version-24.1/enterprise/_templates/k8s/k8s_min/mailcatcher.yml create mode 100644 platform_versioned_docs/version-24.1/enterprise/_templates/k8s/k8s_min/mysql.yml create mode 100644 platform_versioned_docs/version-24.1/enterprise/_templates/k8s/k8s_min/redis.yml create mode 100644 platform_versioned_docs/version-24.1/enterprise/_templates/k8s/k8s_min/tower-cron.yml create mode 100644 platform_versioned_docs/version-24.1/enterprise/_templates/k8s/k8s_min/tower-svc.yml diff --git a/platform_versioned_docs/version-24.1/enterprise/_templates/k8s/k8s_min/configmap.yml b/platform_versioned_docs/version-24.1/enterprise/_templates/k8s/k8s_min/configmap.yml new file mode 100644 index 00000000..2cf87624 --- /dev/null +++ b/platform_versioned_docs/version-24.1/enterprise/_templates/k8s/k8s_min/configmap.yml @@ -0,0 +1,57 @@ +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: tower-backend-cfg + labels: + app: backend-cfg +data: + TOWER_ENABLE_UNSAFE_MODE: "true" + TOWER_ROOT_USERS: "" + TOWER_SERVER_URL: "http://localhost:8080" + TOWER_CONTACT_EMAIL: "user@example.com" + TOWER_JWT_SECRET: "" + TOWER_DB_URL: jdbc:mysql://mysql:3306/tower?permitMysqlScheme=true + TOWER_DB_DRIVER: "org.mariadb.jdbc.Driver" + TOWER_DB_USER: "tower" + TOWER_DB_PASSWORD: "tower" + TOWER_DB_DIALECT: "io.seqera.util.MySQL55DialectCollateBin" + TOWER_DB_MIN_POOL_SIZE: "2" + TOWER_DB_MAX_POOL_SIZE: "10" + TOWER_DB_MAX_LIFETIME: "180000" + TOWER_SMTP_HOST: "mailcatcher" + TOWER_SMTP_USER: "" + TOWER_SMTP_PASSWORD: "" + TOWER_CRYPTO_SECRETKEY: "" + TOWER_LICENSE: "" + TOWER_ENABLE_PLATFORMS: "local-platform" + FLYWAY_LOCATIONS: "classpath:db-schema/mysql" + TOWER_REDIS_URL: "redis://redis:6379" +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: tower-yml + labels: + app: backend-cfg +data: + tower.yml: | + mail: + smtp: + auth: false + # FIXME `starttls` should be enabled with a production SMTP host + starttls: + enable: false + required: false + ssl: + protocols: "TLSv1.2" + + auth: + mail: + duration: 30m + + # Set a custom application name for the Micronaut environment to deploy multiple instances from the same Enterprise account + # Required for AWS Parameter Store configuration. For more information, see https://docs.seqera.io/platform/latest/enterprise/configuration/aws_parameter_store + micronaut: + application: + name: tower-app diff --git a/platform_versioned_docs/version-24.1/enterprise/_templates/k8s/k8s_min/mailcatcher.yml b/platform_versioned_docs/version-24.1/enterprise/_templates/k8s/k8s_min/mailcatcher.yml new file mode 100644 index 00000000..74a3075c --- /dev/null +++ b/platform_versioned_docs/version-24.1/enterprise/_templates/k8s/k8s_min/mailcatcher.yml @@ -0,0 +1,32 @@ +--- +apiVersion: v1 +kind: Pod +metadata: + name: mailcatcher + labels: + app: mailcatcher +spec: + containers: + - name: mailcatcher + image: sj26/mailcatcher + ports: + - containerPort: 1025 + - containerPort: 1080 +--- +apiVersion: v1 +kind: Service +metadata: + name: mailcatcher +spec: + selector: + app: mailcatcher + ports: + - name: smtp + protocol: TCP + port: 587 + targetPort: 1025 + - name: http + protocol: TCP + port: 1080 + targetPort: 1080 + type: ClusterIP diff --git a/platform_versioned_docs/version-24.1/enterprise/_templates/k8s/k8s_min/mysql.yml b/platform_versioned_docs/version-24.1/enterprise/_templates/k8s/k8s_min/mysql.yml new file mode 100644 index 00000000..0ccef105 --- /dev/null +++ b/platform_versioned_docs/version-24.1/enterprise/_templates/k8s/k8s_min/mysql.yml @@ -0,0 +1,73 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: mysql-pvc +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi + storageClassName: hostpath +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: mysql +spec: + serviceName: mysql + replicas: 1 + selector: + matchLabels: + app: mysql + template: + metadata: + labels: + app: mysql + spec: + containers: + - name: mysql + image: mysql:8.0 + ports: + - containerPort: 3306 + env: + - name: MYSQL_ALLOW_EMPTY_PASSWORD + value: "yes" + - name: MYSQL_USER + value: "tower" + - name: MYSQL_PASSWORD + value: "tower" + - name: MYSQL_DATABASE + value: "tower" + volumeMounts: + - name: mysql-storage + mountPath: /var/lib/mysql + readinessProbe: + exec: + command: + - mysqladmin + - ping + - -h + - localhost + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 20 + failureThreshold: 10 + volumes: + - name: mysql-storage + persistentVolumeClaim: + claimName: mysql-pvc +--- +apiVersion: v1 +kind: Service +metadata: + name: mysql + labels: + app: mysql +spec: + clusterIP: None + ports: + - port: 3306 + selector: + app: mysql diff --git a/platform_versioned_docs/version-24.1/enterprise/_templates/k8s/k8s_min/redis.yml b/platform_versioned_docs/version-24.1/enterprise/_templates/k8s/k8s_min/redis.yml new file mode 100644 index 00000000..1e111479 --- /dev/null +++ b/platform_versioned_docs/version-24.1/enterprise/_templates/k8s/k8s_min/redis.yml @@ -0,0 +1,59 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: redis-data + labels: + app: redis +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi + storageClassName: +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: redis + labels: + app: redis +spec: + selector: + matchLabels: + app: redis + serviceName: redis + template: + metadata: + labels: + app: redis + spec: + containers: + - image: cr.seqera.io/public/redis:6.0 + name: redis + args: + - --appendonly yes + ports: + - containerPort: 6379 + volumeMounts: + - mountPath: "/data" + name: "vol-data" + volumes: + - name: vol-data + persistentVolumeClaim: + claimName: redis-data + restartPolicy: Always +--- +apiVersion: v1 +kind: Service +metadata: + name: redis + labels: + app: redis +spec: + ports: + - port: 6379 + targetPort: 6379 + selector: + app: redis diff --git a/platform_versioned_docs/version-24.1/enterprise/_templates/k8s/k8s_min/tower-cron.yml b/platform_versioned_docs/version-24.1/enterprise/_templates/k8s/k8s_min/tower-cron.yml new file mode 100644 index 00000000..6e154dc5 --- /dev/null +++ b/platform_versioned_docs/version-24.1/enterprise/_templates/k8s/k8s_min/tower-cron.yml @@ -0,0 +1,61 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cron + labels: + app: cron +spec: + selector: + matchLabels: + app: cron + template: + metadata: + labels: + app: cron + spec: + imagePullSecrets: + - name: cr.seqera.io + volumes: + - name: config-volume + configMap: + name: tower-yml + initContainers: + - name: migrate-db + image: cr.seqera.io/private/nf-tower-enterprise/migrate-db:v24.1.3 + command: ["sh", "-c", "/migrate-db.sh"] + envFrom: + - configMapRef: + name: tower-backend-cfg + volumeMounts: + - name: config-volume + mountPath: /tower.yml + subPath: tower.yml + containers: + - name: backend + image: cr.seqera.io/private/nf-tower-enterprise/backend:v24.1.4 + envFrom: + - configMapRef: + name: tower-backend-cfg + volumeMounts: + - name: config-volume + mountPath: /tower.yml + subPath: tower.yml + env: + - name: MICRONAUT_ENVIRONMENTS + value: "prod,redis,cron" + ports: + - containerPort: 8080 + readinessProbe: + httpGet: + path: /health + port: 8080 + initialDelaySeconds: 5 + timeoutSeconds: 3 + livenessProbe: + httpGet: + path: /health + port: 8080 + initialDelaySeconds: 5 + timeoutSeconds: 3 + failureThreshold: 10 diff --git a/platform_versioned_docs/version-24.1/enterprise/_templates/k8s/k8s_min/tower-svc.yml b/platform_versioned_docs/version-24.1/enterprise/_templates/k8s/k8s_min/tower-svc.yml new file mode 100644 index 00000000..e58af7a3 --- /dev/null +++ b/platform_versioned_docs/version-24.1/enterprise/_templates/k8s/k8s_min/tower-svc.yml @@ -0,0 +1,116 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: backend + labels: + app: backend +spec: + selector: + matchLabels: + app: backend + strategy: + rollingUpdate: + maxUnavailable: 0 + maxSurge: 1 + template: + metadata: + labels: + app: backend + spec: + imagePullSecrets: + - name: cr.seqera.io + volumes: + - name: config-volume + configMap: + name: tower-yml + containers: + - name: backend + image: cr.seqera.io/private/nf-tower-enterprise/backend:v24.1.4 + envFrom: + - configMapRef: + name: tower-backend-cfg + env: + - name: MICRONAUT_ENVIRONMENTS + value: "prod,redis,ha" + ports: + - containerPort: 8080 + volumeMounts: + - name: config-volume + mountPath: /tower.yml + subPath: tower.yml + resources: + requests: + cpu: "1" + memory: "1200Mi" + limits: + memory: "4200Mi" + readinessProbe: + httpGet: + path: /health + port: 8080 + initialDelaySeconds: 5 + timeoutSeconds: 3 + livenessProbe: + httpGet: + path: /health + port: 8080 + initialDelaySeconds: 5 + timeoutSeconds: 3 + failureThreshold: 10 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: frontend + labels: + app: frontend +spec: + replicas: 1 + selector: + matchLabels: + app: frontend + template: + metadata: + labels: + app: frontend + spec: + imagePullSecrets: + - name: cr.seqera.io + containers: + - name: frontend + image: cr.seqera.io/private/nf-tower-enterprise/frontend:v24.1.4-unprivileged + env: + - name: NGINX_LISTEN_PORT # If not defined, defaults to 8000. + value: "8000" + ports: + - containerPort: 8000 + restartPolicy: Always +--- +# Services +apiVersion: v1 +kind: Service +metadata: + name: backend + labels: + app: backend +spec: + ports: + - name: http + port: 8080 + targetPort: 8080 + selector: + app: backend +--- +apiVersion: v1 +kind: Service +metadata: + name: frontend +spec: +# type: LoadBalancer + ports: + - port: 80 + targetPort: 8000 + selector: + app: frontend +--- diff --git a/platform_versioned_docs/version-24.1/enterprise/kubernetes-minimal-install.mdx b/platform_versioned_docs/version-24.1/enterprise/kubernetes-minimal-install.mdx index a9f07cc4..b88912a7 100644 --- a/platform_versioned_docs/version-24.1/enterprise/kubernetes-minimal-install.mdx +++ b/platform_versioned_docs/version-24.1/enterprise/kubernetes-minimal-install.mdx @@ -15,163 +15,397 @@ The following prerequisites are required to deploy Seqera on a Kubernetes cluste - The `kubectl` CLI is installed locally - Access to the cluster with the `cluster-admin` role -## Create a namespace +## 1. Create a namespace -``` -kubectl create namespace seqera-platform -``` +Create a namespace to isolate Kubernetes resources used by Seqera Platform from the other resources on your cluster. -```js file=./_templates/k8s/redis.aks.yml showLineNumbers -``` +:::tip +This installation guide assumes the use of `seqera-platform` as the installation namespace. Consider using a different one that better fits your cluster naming convention. +::: -Output: +1. Create a namespace for the Seqera resources: -``` -namespace/seqera-platform created -``` + ``` + kubectl create namespace seqera-platform + ``` -``` -kubectl config set-context --current --namespace=seqera-platform -``` +
+ View command output + ``` + namespace/seqera-platform created + ``` +
-Output: +1. Switch to the namespace: -``` -Context "default" modified. -``` + ``` + kubectl config set-context --current --namespace=seqera-platform + ``` -## Configure container registry credentials +## 2. Configure container registry credentials -``` -kubectl create secret docker-registry cr.seqera.io \ - --docker-server=cr.seqera.io \ - --docker-username='' \ - --docker-password='' -``` +Seqera Enterprise is distributed as a collection of Docker containers available through the Seqera container registry [`cr.seqera.io`](https://cr.seqera.io). Contact [support](https://support.seqera.io) to get your container access credentials. After you've received your credentials, grant your cluster access to the registry: -``` -secret/cr.seqera.io created -``` +1. Retrieve the `name` and `secret` values from the JSON file that you received from Seqera support. -``` -kubectl get secrets cr.seqera.io -``` +1. Create a [secret][kubectl-secret] for the image pull secret: -``` -NAME TYPE DATA AGE -cr.seqera.io kubernetes.io/dockerconfigjson 1 26s -``` + ``` + kubectl create secret docker-registry cr.seqera.io \ + --docker-server=cr.seqera.io \ + --docker-username='' \ + --docker-password='' + ``` -``` -kubectl run pull-test --command --restart=Never --image-pull-policy=Always \ - --image cr.seqera.io/private/nf-tower-enterprise/backend:v24.1.4 \ - --overrides='{ "spec": { "imagePullSecrets": [ { "name": "cr.seqera.io" } ] } }' \ - --override-type=strategic -- /bin/true -``` + The credential `name` contains a dollar `$` character. Wrap the name in single quotes to prevent the Linux shell from interpreting this value as an environment variable. -``` -pod/pull-test created -``` +
+ View command output + ``` + secret/cr.seqera.io created + ``` +
-``` -kubectl get pods/pull-test -o=custom-columns=NAME:.metadata.name,STATUS:.status.phase -NAME STATUS -``` +1. Confirm that the secret exists: -``` -pull-test Succeeded -``` + ``` + kubectl get secrets cr.seqera.io + ``` -## Configure Seqera Platform +
+ View command output + ``` + NAME TYPE DATA AGE + cr.seqera.io kubernetes.io/dockerconfigjson 1 26s + ``` +
+ +1. Confirm that you can pull containers from `cr.seqera.io`: + + 1. Pull a container from the private repository: + + ``` + kubectl run pull-test --command --restart=Never --image-pull-policy=Always \ + --image cr.seqera.io/private/nf-tower-enterprise/backend:v24.1.4 \ + --overrides='{ "spec": { "imagePullSecrets": [ { "name": "cr.seqera.io" } ] } }' \ + --override-type=strategic -- /bin/true + ``` + +
+ View command output + ``` + pod/pull-test created + ``` +
+ + 1. Confirm that the container was pulled: + + ``` + kubectl get pods/pull-test -o=custom-columns=NAME:.metadata.name,STATUS:.status.phase + ``` + +
+ View command output + ``` + NAME STATUS + pull-test Succeeded + ``` +
+ +## 3. Configure Seqera Platform Configure the following environment variables. For more information about Seqera configuration options, see [Configuration overview](./configuration/overview.mdx). -TOWER_ROOT_USERS - -``` -TOWER_SERVER_URL: "http://localhost:8080" -TOWER_CONTACT_EMAIL: "" -TOWER_JWT_SECRET: "" -TOWER_DB_URL: jdbc:mysql://mysql:3306/tower?permitMysqlScheme=true -TOWER_DB_DRIVER: "org.mariadb.jdbc.Driver" -TOWER_DB_USER: "tower" -TOWER_DB_PASSWORD: "tower" -TOWER_DB_DIALECT: "io.seqera.util.MySQL55DialectCollateBin" -TOWER_SMTP_HOST: "" -TOWER_SMTP_USER: "" -TOWER_SMTP_PASSWORD: "" -TOWER_CRYPTO_SECRETKEY: "" -TOWER_LICENSE: "" -TOWER_ENABLE_PLATFORMS: "local-platform" -FLYWAY_LOCATIONS: "classpath:db-schema/mysql" -TOWER_REDIS_URL: "redis://redis:6379" -``` - -``` -kubectl apply -f configmap.yml -configmap/tower-backend-cfg created -configmap/tower-yml created -``` - -## Deploy a Redis instance - -Need to confirm provider storage class. - -``` -kubectl apply -f redis.yml -persistentvolumeclaim/redis-data created -statefulset.apps/redis created -service/redis created -``` - -## Deploy a MySQL instance - -``` -kubectl create -f mysql.yml -persistentvolumeclaim/mysql-pvc created -statefulset.apps/mysql created -service/mysql created -``` - -## Deploy Seqera cron deployment - -``` -kubectl apply -f tower-cron.yml -``` - -``` -kubectl rollout status deployment/cron -deployment "cron" successfully rolled out -``` - -## Deploy Seqera frontend and backend deployments - -```bash -kubectl apply -f tower-svc.yml -``` - -``` -deployment.apps/backend configured -deployment.apps/frontend configured -service/backend configured -service/frontend configured -``` - -## Create a new user account - -``` -kubectl port-forward services/frontend 8080:80 -Forwarding from 127.0.0.1:8080 -> 8000 -Forwarding from [::1]:8080 -> 8000 -``` - -Access the Platform UI. Enter your email address. - -``` -kubectl port-forward services/mailcatcher 1080 -``` - -Open the authentication email with the subject _Complete your sign-in to Seqera_ and select **Complete sign-in**. Seqera creates the initial administrator account and ties it to your email address. +:::tip +The `configmap.yml` manifest includes both the `tower.env` and `tower.yml` files. These files are made available to the other containers through volume mounts. +::: + +1. Create a file named `configmap.yml` with the following Kubernetes manifest: + +
+ Show `configmap.yml` file + ```js file=./_templates/k8s/k8s_min/configmap.yml {10,12-13,22,25-26} showLineNumbers + ``` +
+ +1. Generate two unique secrets with the following command: `openssl rand -base64 36` + +1. Edit the `configmap.yml` file and set the following environment variables: + + - `TOWER_ROOT_USERS`: Specify your email address + - `TOWER_JWT_SECRET`: Specify a unique secret that is at least 35 alphanumeric characters + - `TOWER_CRYPTO_SECRETKEY`: Specify a unique secret. + - `TOWER_LICENSE`: Specify your Seqera license key, if known. Otherwise, leave this empty. + +1. Apply the config map: + + ``` + kubectl apply -f configmap.yml + ``` + +
+ View command output + ``` + configmap/tower-backend-cfg created + configmap/tower-yml created + ``` +
+ +## 4. Deploy a Redis instance + +Seqera Enterprise requires a Redis database for caching purposes. Configure Redis manually by deploying a manifest to your cluster. + +1. Create a file named `redis.yml` with the following Kubernetes manifest: + +
+ Show `redis.yml` file + ```js file=./_templates/k8s/k8s_min/redis.yml {14} showLineNumbers + ``` +
+ +1. Set the `spec.storageClassName` field for the persistent volume claim: + + 1. Obtain the default storage class name that your Kubernetes cluster provides: + + ``` + kubectl get storageclass -o=custom-columns=NAME:.metadata.name,PROVISIONER:.provisioner + ``` + +
+ View command output + ``` + NAME PROVISIONER + hostpath docker.io/hostpath + ``` +
+ + 1. Edit the `redis.yml` file and set `spec.storageClassName` to the name of the default storage class from the output from the previous step. + +1. Apply the manifest: + + ``` + kubectl apply -f redis.yml + ``` + +
+ View command output + ``` + persistentvolumeclaim/redis-data created + statefulset.apps/redis created + service/redis created + ``` +
+ +1. Confirm that Redis is available: + + ``` + kubectl get statefulsets/redis + ``` + +
+ View command output + ``` + NAME READY AGE + redis 1/1 3d5h + ``` +
+ +## 5. Deploy a MySQL instance + +1. Create a file named `mysql.yml` with the following Kubernetes manifest: + +
+ Show `mysql.yml` file + ```js file=./_templates/k8s/k8s_min/mysql.yml {14} showLineNumbers + ``` +
+ +1. Set the `spec.storageClassName` field for the persistent volume claim: + + 1. Obtain the default storage class name that your Kubernetes cluster provides: + + ``` + kubectl get storageclass -o=custom-columns=NAME:.metadata.name,PROVISIONER:.provisioner + ``` + +
+ View command output + ``` + NAME PROVISIONER + hostpath docker.io/hostpath + ``` +
+ + 1. Edit the `mysql.yml` file and set `spec.storageClassName` to the name of the default storage class from the output from the previous step. + +1. Apply the manifest: + + ``` + kubectl create -f mysql.yml + ``` + +
+ View command output + ``` + persistentvolumeclaim/mysql-pvc created + statefulset.apps/mysql created + service/mysql created + ``` +
+ +1. Confirm that MySQL is available: + + ``` + kubectl get statefulsets/redis + ``` + +
+ View command output + ``` + NAME READY AGE + mysql 1/1 2d12h + ``` +
+ + +## 6. Deploy Seqera + +Seqera Platform consists of deployments for a cron service, a backend service, and a frontend service. + +1. Create the manifest files: + - Create a file named `tower-cron.yml` with the following Kubernetes manifest: + +
+ Show `tower-cron.yml` file + ```js file=./_templates/k8s/k8s_min/tower-cron.yml showLineNumbers + ``` +
+ + - Create a file named `tower-svc.yml` with the following Kubernetes manifest: + +
+ Show `tower-svc.yml` file + ```js file=./_templates/k8s/k8s_min/tower-svc.yml showLineNumbers + ``` +
+ +1. Deploy the cron service: + + :::caution + This manifest includes an init container that creates the required database schema the first time it instantiates. This process can take a few minutes to complete and must finish before you instantiate the Seqera backend. Ensure this container is in the `READY` state before proceeding to the next step. + ::: + + 1. Apply the `tower-cron.yml` manifest: + + ``` + kubectl apply -f tower-cron.yml + ``` + +
+ View command output + ``` + deployment.apps/cron configured + ``` +
+ + 1. Confirm that cron service deployed successfully: + + ``` + kubectl rollout status deployment/cron + ``` + +
+ View command output + deployment "cron" successfully rolled out +
+ +1. Deploy the backend and frontend services: + + 1. Apply the `tower-svc.yml` manifest: + + ``` + kubectl apply -f tower-svc.yml + ``` + +
+ View command output + ``` + deployment.apps/backend configured + deployment.apps/frontend configured + service/backend configured + service/frontend configured + ``` +
+ + 1. Confirm that cron service deployed successfully: + + ``` + kubectl get deployments + ``` + +
+ View command output + ``` + NAME READY UP-TO-DATE AVAILABLE AGE + backend 1/1 1 1 2d6h + cron 1/1 1 1 2d6h + frontend 1/1 1 1 2d6h + ``` +
+ +## 7. Create a new user account + +Use the same email address that you specified for the `TOWER_ROOT_USERS` environment variable. + +1. Open a port forward to the frontend to access the Seqera UI: + + ``` + kubectl port-forward services/frontend 8080:80 & + ``` + +
+ View command output + Forwarding from 127.0.0.1:8080 -> 8000 + Forwarding from [::1]:8080 -> 8000 +
+ +1. In a web browser, visit `http://localhost:8080/`. In the **Sign in to Seqera platform** form, enter the email address that you set the `TOWER_ROOT_USERS` environment variable to. + +1. Create a file named `mailcatcher.yml` with the following manifest: + +
+ Show `mailcatcher.yml` file + ```js file=./_templates/k8s/k8s_min/mailcatcher.yml showLineNumbers + ``` +
+ +1. Deploy the MatchCatcher application, so that you can access the email that Seqera sends with your authentication token: + + ``` + kubectl apply -f mailcatcher.yml + ``` + +1. Open a port forward to the MailCatcher application, to access its web UI: + + ``` + kubectl port-forward services/mailcatcher 1080 & + ``` + +
+ View command output + ``` + Forwarding from 127.0.0.1:1080 -> 1080 + Forwarding from [::1]:1080 -> 1080 + ``` +
+ +1. In a web browser, visit `http://localhost:1080/`. + +1. Open the authentication email with the subject _Complete your sign-in to Seqera_ and select **Complete sign-in**. Seqera redirects your browser to the **Launchpad** page. + +1. Optional: To stop the background port forward processes, you can run `jobs` in your shell, and then run `kill -15 ` to stop each process. If you stop the port forward to the frontend, you can no longer access the Seqera UI. We recommend using a cloud provider's load balancers in conjunction with the Kubernetes ingress functionality for persistent access to your installation. + +Your installation of Seqera Platform is complete. ## Next steps @@ -179,75 +413,6 @@ Open the authentication email with the subject _Complete your sign-in to Seqera_ - Configure ingress for your public cloud provider for load balancing and TLS termination - Configure access to your organization's email server -## Parking - -``` -kubectl create namespace seqera-platform -namespace/seqera-platform created - -kubectl config set-context --current --namespace=seqera-platform -Context "docker-desktop" modified. - -kubectl create secret docker-registry cr.seqera.io \ - --docker-server=cr.seqera.io \ - --docker-username='jason.boxman@seqera.io' \ - --docker-password='' -secret/cr.seqera.io created - -kubectl get secrets cr.seqera.io -NAME TYPE DATA AGE -cr.seqera.io kubernetes.io/dockerconfigjson 1 26s - -kubectl apply -f configmap.yml -configmap/tower-backend-cfg created -configmap/tower-yml created - -kubectl create -f mysql.yml -persistentvolumeclaim/mysql-pvc created -statefulset.apps/mysql created -service/mysql-headless created - -# Try this because next step is required -kubectl rollout status deployment/cron -deployment "cron" successfully rolled out - -kubectl port-forward services/frontend 8080:80 -Forwarding from 127.0.0.1:8080 -> 8000 -Forwarding from [::1]:8080 -> 8000 - -kubectl port-forward services/mailcatcher 1080 -``` - -``` -kubectl get all -NAME READY STATUS RESTARTS AGE -pod/backend-69d554df9d-ptsjn 1/1 Running 0 22h -pod/cron-564c846f7c-79pl6 1/1 Running 0 8h -pod/frontend-c768bbf7f-dxj7g 1/1 Running 0 36h -pod/mailcatcher 1/1 Running 0 8h -pod/mysql-0 1/1 Running 0 37h -pod/redis-0 1/1 Running 0 23m - -NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE -service/backend ClusterIP 10.96.179.57 8080/TCP 37h -service/frontend ClusterIP 10.103.127.27 80/TCP 37h -service/mailcatcher ClusterIP 10.96.207.80 587/TCP,1080/TCP 8h -service/mysql ClusterIP None 3306/TCP 37h -service/redis ClusterIP 10.111.114.163 6379/TCP 2d5h -service/smtp ClusterIP 10.104.195.72 587/TCP 24h - -NAME READY UP-TO-DATE AVAILABLE AGE -deployment.apps/backend 1/1 1 1 37h -deployment.apps/cron 1/1 1 1 37h -deployment.apps/frontend 1/1 1 1 36h - -NAME DESIRED CURRENT READY AGE -replicaset.apps/backend-69d554df9d 1 1 1 37h -replicaset.apps/cron-564c846f7c 1 1 1 37h -replicaset.apps/frontend-6d88cdb487 0 0 0 36h -replicaset.apps/frontend-c768bbf7f 1 1 1 36h - -NAME READY AGE -statefulset.apps/mysql 1/1 37h -statefulset.apps/redis 1/1 2d5h -``` \ No newline at end of file + + +[kubectl-secret]: https://kubernetes.io/docs/tasks/configmap-secret/managing-secret-using-kubectl/ From ec6d02294dbba90655075b2e6ccb8fad2cac2616 Mon Sep 17 00:00:00 2001 From: Jason Boxman Date: Mon, 16 Sep 2024 22:14:30 -0400 Subject: [PATCH 06/16] Refactor using partials --- .../_k8s-install-deploy-no-heading.mdx | 71 +++++++ .../enterprise/_partials/_k8s-install-ns.mdx | 26 +++ .../_partials/_k8s-install-registry.mdx | 70 +++++++ .../enterprise/kubernetes-eks-install.mdx | 161 +++++++++++++++ .../enterprise/kubernetes-minimal-install.mdx | 183 ++---------------- .../version-24.1-sidebars.json | 2 + 6 files changed, 345 insertions(+), 168 deletions(-) create mode 100644 platform_versioned_docs/version-24.1/enterprise/_partials/_k8s-install-deploy-no-heading.mdx create mode 100644 platform_versioned_docs/version-24.1/enterprise/_partials/_k8s-install-ns.mdx create mode 100644 platform_versioned_docs/version-24.1/enterprise/_partials/_k8s-install-registry.mdx create mode 100644 platform_versioned_docs/version-24.1/enterprise/kubernetes-eks-install.mdx diff --git a/platform_versioned_docs/version-24.1/enterprise/_partials/_k8s-install-deploy-no-heading.mdx b/platform_versioned_docs/version-24.1/enterprise/_partials/_k8s-install-deploy-no-heading.mdx new file mode 100644 index 00000000..3b7dd5c2 --- /dev/null +++ b/platform_versioned_docs/version-24.1/enterprise/_partials/_k8s-install-deploy-no-heading.mdx @@ -0,0 +1,71 @@ + + + +
    +
  1. +Deploy the cron service: + +:::caution +This manifest includes an init container that creates the required database schema the first time it instantiates. This process can take a few minutes to complete and must finish before you instantiate the Seqera backend. Ensure this container is in the `READY` state before proceeding to the next step. +::: + +1. Apply the `tower-cron.yml` manifest: + + ``` + kubectl apply -f tower-cron.yml + ``` + +
    + View command output + ``` + deployment.apps/cron configured + ``` +
    + +1. Confirm that cron service deployed successfully: + + ``` + kubectl rollout status deployment/cron + ``` + +
    + View command output + deployment "cron" successfully rolled out +
    +
    2. +
  2. +Deploy the backend and frontend services: + +1. Apply the `tower-svc.yml` manifest: + + ``` + kubectl apply -f tower-svc.yml + ``` + +
    + View command output + ``` + deployment.apps/backend configured + deployment.apps/frontend configured + service/backend configured + service/frontend configured + ``` +
    + +1. Confirm that cron service deployed successfully: + + ``` + kubectl get deployments + ``` + +
    + View command output + ``` + NAME READY UP-TO-DATE AVAILABLE AGE + backend 1/1 1 1 2d6h + cron 1/1 1 1 2d6h + frontend 1/1 1 1 2d6h + ``` +
    +
    3. +
diff --git a/platform_versioned_docs/version-24.1/enterprise/_partials/_k8s-install-ns.mdx b/platform_versioned_docs/version-24.1/enterprise/_partials/_k8s-install-ns.mdx new file mode 100644 index 00000000..2e08f65a --- /dev/null +++ b/platform_versioned_docs/version-24.1/enterprise/_partials/_k8s-install-ns.mdx @@ -0,0 +1,26 @@ +## Create a namespace + +Create a namespace to isolate Kubernetes resources used by Seqera Platform from the other resources on your cluster. + +:::tip +This installation guide assumes the use of `seqera-platform` as the installation namespace. Consider using a different one that better fits your cluster naming convention. +::: + +1. Create a namespace for the Seqera resources: + + ``` + kubectl create namespace seqera-platform + ``` + +
+ View command output + ``` + namespace/seqera-platform created + ``` +
+ +1. Switch to the namespace: + + ``` + kubectl config set-context --current --namespace=seqera-platform + ``` diff --git a/platform_versioned_docs/version-24.1/enterprise/_partials/_k8s-install-registry.mdx b/platform_versioned_docs/version-24.1/enterprise/_partials/_k8s-install-registry.mdx new file mode 100644 index 00000000..9a35071a --- /dev/null +++ b/platform_versioned_docs/version-24.1/enterprise/_partials/_k8s-install-registry.mdx @@ -0,0 +1,70 @@ +## Configure container registry credentials + +Seqera Enterprise is distributed as a collection of Docker containers available through the Seqera container registry [`cr.seqera.io`](https://cr.seqera.io). Contact [support](https://support.seqera.io) to get your container access credentials. After you've received your credentials, grant your cluster access to the registry: + +1. Retrieve the `name` and `secret` values from the JSON file that you received from Seqera support. + +1. Create a [secret][kubectl-secret] for the image pull secret: + + ``` + kubectl create secret docker-registry cr.seqera.io \ + --docker-server=cr.seqera.io \ + --docker-username='' \ + --docker-password='' + ``` + + The credential `name` contains a dollar `$` character. Wrap the name in single quotes to prevent the Linux shell from interpreting this value as an environment variable. + +
+ View command output + ``` + secret/cr.seqera.io created + ``` +
+ +1. Confirm that the secret exists: + + ``` + kubectl get secrets cr.seqera.io + ``` + +
+ View command output + ``` + NAME TYPE DATA AGE + cr.seqera.io kubernetes.io/dockerconfigjson 1 26s + ``` +
+ +1. Confirm that you can pull containers from `cr.seqera.io`: + + 1. Pull a container from the private repository: + + ``` + kubectl run pull-test --command --restart=Never --image-pull-policy=Always \ + --image cr.seqera.io/private/nf-tower-enterprise/backend:v24.1.4 \ + --overrides='{ "spec": { "imagePullSecrets": [ { "name": "cr.seqera.io" } ] } }' \ + --override-type=strategic -- /bin/true + ``` + +
+ View command output + ``` + pod/pull-test created + ``` +
+ + 1. Confirm that the container was pulled: + + ``` + kubectl get pods/pull-test -o=custom-columns=NAME:.metadata.name,STATUS:.status.phase + ``` + +
+ View command output + ``` + NAME STATUS + pull-test Succeeded + ``` +
+ diff --git a/platform_versioned_docs/version-24.1/enterprise/kubernetes-eks-install.mdx b/platform_versioned_docs/version-24.1/enterprise/kubernetes-eks-install.mdx new file mode 100644 index 00000000..38f89d29 --- /dev/null +++ b/platform_versioned_docs/version-24.1/enterprise/kubernetes-eks-install.mdx @@ -0,0 +1,161 @@ +--- +title: Install on an Amazon EKS cluster +description: Deploy Seqera Platform Enterprise on a Kubernetes cluster +date: "11 Sep 2024" +tags: [kubernetes, deployment] +--- + +import Tabs from '@theme/Tabs'; +import TabItem from '@theme/TabItem'; + +import CreateNamespace from './_partials/_k8s-install-ns.mdx'; +import ConfigureRegistry from './_partials/_k8s-install-registry.mdx'; +import DeployManifests from './_partials/_k8s-install-deploy-no-heading.mdx'; + +This installation guide describes how to install Seqera Platform on Enterprise on Amazon Web Services (AWS) Elastic Kubernetes Service (EKS). When you complete the steps in this guide you'll have an installation suitable for product use on EKS. + +## Prerequisites + +- **SMTP server**: If you don't have an email server, use [Amazon Simple Email Service](https://aws.amazon.com/ses/). + +- **MySQL database**: An external database, such as one provided by [Amazon Relational Database Service](https://aws.amazon.com/rds/), is highly recommended for production deployments. + +- **SSL certificate**: HTTP must not be used in production environments. An SSL certificate is required for your Seqera instance to handle HTTPS traffic. See [SSL/TLS configuration](../configuration/ssl_tls.mdx#aws-deployments-manage-ssl-certificates-with-amazon-certificate-manager-acm) for more information. + +- **Optional: AWS Parameter Store**: Store sensitive Seqera configuration values as SecureString [AWS Parameter Store](https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html) parameters. See [AWS Parameter Store configuration](../configuration/aws_parameter_store.mdx) for instructions. This is recommended for production environments. + +- **Optional: DNS**: DNS is required to support human-readable domain names and load-balanced traffic. If you don't have access to a pre-existing DNS service, use [Amazon Route 53](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/Welcome.html). + +### Prerequisites for EKS + +If you're installing Seqera Enterprise with Kubernetes, an [Elastic Kubernetes Service (EKS)](https://docs.aws.amazon.com/eks/latest/userguide/getting-started.html) cluster is required. See the [EKS documentation](https://docs.aws.amazon.com/eks/latest/userguide/create-cluster.html) to provision your own cluster. + +- Kubernetes 1.19 or later + +- **Subnet requirements** + + - At least 2 subnets across two different Availability Zones + - Subnets must be tagged for [AWS Load Balancer Controller auto-discovery](https://docs.aws.amazon.com/eks/latest/userguide/network_reqs.html) + - Public subnets must be configured to [auto-assign IPs on launch](https://aws.amazon.com/blogs/containers/upcoming-changes-to-ip-assignment-for-eks-managed-node-groups/) + - Public and private subnets must allow egress traffic to the public internet + +- **RBAC requirements** + + - The cluster must be created by a non-root user + - `aws-auth` must be updated to [allow access to additional IAM users/roles](https://docs.aws.amazon.com/eks/latest/userguide/add-user-role.html) (if needed) + +- **Addons** + + - Install the [cert-manager](https://cert-manager.io/docs/) + - Install the [AWS Load Balancer Controller](https://docs.aws.amazon.com/eks/latest/userguide/aws-load-balancer-controller.html) + +- **Ingress** + + - ALB provisioning via the [AWS Load Balancer Controller](https://docs.aws.amazon.com/eks/latest/userguide/aws-load-balancer-controller.html) + - ALB integration with the [Amazon Certificate Manager](https://aws.amazon.com/certificate-manager/) + +Additionally, the ingress assumes the presence of SSL certificates, DNS resolution, and ALB logging. If you've chosen not to use some or all of these features, you'll need to modify the manifest accordingly before applying it to the cluster. + +## AWS setup + +Set up commonly-used AWS services for Seqera deployment. + +### Fetch Seqera config values from AWS Parameter Store + +From version 23.1, you can retrieve Seqera Enterprise configuration values remotely from the AWS Parameter Store. See [AWS Parameter Store configuration](../configuration/aws_parameter_store.mdx) for instructions. + +### Amazon SES + +Seqera Enterprise supports AWS Simple Email Service (SES) as an alternative to traditional SMTP servers for sending application emails. + +:::caution +If you use AWS SES in sandbox mode, both the _sender_ and the _receiver_ email addresses must be verified via AWS SES. Sandbox is not recommended for production use. See the [AWS docs](https://docs.aws.amazon.com/ses/latest/dg/request-production-access.html) for instructions to move out of the sandbox. +::: + +- See [Obtaining SES SMTP credentials using the SES console](https://docs.aws.amazon.com/ses/latest/dg/smtp-credentials.html#smtp-credentials-console) for instructions to set up SES to send emails from your preferred address. + +- To prevent emails from SES being flagged as spam, see these AWS instructions for setting up an email authentication method: + + - [DKIM for a domain](https://docs.aws.amazon.com/ses/latest/DeveloperGuide/send-email-authentication-dkim-easy-setup-domain.html) + + - [SPF authentication](https://docs.aws.amazon.com/ses/latest/DeveloperGuide/send-email-authentication-spf.html) + +#### Managed Redis services + +Seqera supports managed Redis services such as [Amazon ElastiCache][aws-elasticache]. + +- Use a single-node cluster, as multi-node clusters are not supported +- Use an instance with at least 6GB capacity ([cache.m4.large][aws-cache-instances] or greater) + +### Amazon RDS + +External databases for Seqera Enterprise deployments require: + +- A **MySQL8 Community** DB instance +- At least 2 vCPUs, 8 GB memory, and 30 GB SSD storage +- Manual MySQL user and database schema creation. See [Database configuration](../configuration/overview.mdx#seqera-and-redis-databases) for more details. + +:::caution +Recommended instance class and storage requirements depend on the number of parallel pipelines you expect to run. +::: + + + + +See [Creating an Amazon RDS DB instance](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_CreateDBInstance.html) to guide you through the external database setup for your production deployment. + + + + +To create a DB instance with the AWS CLI, call the [create-db-instance](https://docs.aws.amazon.com/cli/latest/reference/rds/create-db-instance.html) command, replacing `INSTANCE_NAME`, `SECURITY_GROUP`, `DB_USER`, and `DB_PASSWORD` with your unique values: + +```console +aws rds create-db-instance \ + --engine mysql \ + --db-instance-identifier INSTANCE_NAME \ + --allocated-storage 30 \ + --db-instance-class db.m5d.large \ + --vpc-security-group-ids SECURITY_GROUP \ + --db-subnet-group SUBNET_GROUP \ + --master-username DB_USER \ + --master-user-password DB_PASSWORD \ +``` + + + + +After your database is created: + +- Update the inbound rules for the underlying EC2 instance to allow MySQL connections. +- Update your Seqera [configuration](../configuration/overview.mdx#seqera-and-redis-databases) with the database hostname, username, and password. + + + + + +## Deploy Seqera + +Seqera Platform consists of deployments for a cron service, a backend service, and a frontend service. + +1. Create the manifest files: + - Create a file named `tower-cron.yml` with the following Kubernetes manifest: + +
+ Show `tower-cron.yml` file + ```js file=./_templates/k8s/k8s_min/tower-cron.yml showLineNumbers + ``` +
+ + - Create a file named `tower-svc.yml` with the following Kubernetes manifest: + +
+ Show `tower-svc.yml` file + ```js file=./_templates/k8s/k8s_min/tower-svc.yml showLineNumbers + ``` +
+ + + + +[aws-elasticache]: https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/WhatIs.html +[aws-cache-instances]: https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html diff --git a/platform_versioned_docs/version-24.1/enterprise/kubernetes-minimal-install.mdx b/platform_versioned_docs/version-24.1/enterprise/kubernetes-minimal-install.mdx index b88912a7..2e16533b 100644 --- a/platform_versioned_docs/version-24.1/enterprise/kubernetes-minimal-install.mdx +++ b/platform_versioned_docs/version-24.1/enterprise/kubernetes-minimal-install.mdx @@ -1,10 +1,14 @@ --- -title: Install Seqera Platform on Kubernetes -description: Deploy Seqera Platform Enterprise with Kubernetes +title: Install on a Kubernetes cluster +description: Deploy Seqera Platform Enterprise on a Kubernetes cluster date: "11 Sep 2024" tags: [kubernetes, deployment] --- +import CreateNamespace from './_partials/_k8s-install-ns.mdx'; +import ConfigureRegistry from './_partials/_k8s-install-registry.mdx'; +import DeployManifests from './_partials/_k8s-install-deploy-no-heading.mdx'; + This installation guide describes how to install Seqera Platform on a Kubernetes cluster. ## Prerequisites @@ -15,104 +19,10 @@ The following prerequisites are required to deploy Seqera on a Kubernetes cluste - The `kubectl` CLI is installed locally - Access to the cluster with the `cluster-admin` role -## 1. Create a namespace - -Create a namespace to isolate Kubernetes resources used by Seqera Platform from the other resources on your cluster. - -:::tip -This installation guide assumes the use of `seqera-platform` as the installation namespace. Consider using a different one that better fits your cluster naming convention. -::: - -1. Create a namespace for the Seqera resources: - - ``` - kubectl create namespace seqera-platform - ``` - -
- View command output - ``` - namespace/seqera-platform created - ``` -
- -1. Switch to the namespace: - - ``` - kubectl config set-context --current --namespace=seqera-platform - ``` - -## 2. Configure container registry credentials - -Seqera Enterprise is distributed as a collection of Docker containers available through the Seqera container registry [`cr.seqera.io`](https://cr.seqera.io). Contact [support](https://support.seqera.io) to get your container access credentials. After you've received your credentials, grant your cluster access to the registry: - -1. Retrieve the `name` and `secret` values from the JSON file that you received from Seqera support. - -1. Create a [secret][kubectl-secret] for the image pull secret: - - ``` - kubectl create secret docker-registry cr.seqera.io \ - --docker-server=cr.seqera.io \ - --docker-username='' \ - --docker-password='' - ``` - - The credential `name` contains a dollar `$` character. Wrap the name in single quotes to prevent the Linux shell from interpreting this value as an environment variable. + + -
- View command output - ``` - secret/cr.seqera.io created - ``` -
- -1. Confirm that the secret exists: - - ``` - kubectl get secrets cr.seqera.io - ``` - -
- View command output - ``` - NAME TYPE DATA AGE - cr.seqera.io kubernetes.io/dockerconfigjson 1 26s - ``` -
- -1. Confirm that you can pull containers from `cr.seqera.io`: - - 1. Pull a container from the private repository: - - ``` - kubectl run pull-test --command --restart=Never --image-pull-policy=Always \ - --image cr.seqera.io/private/nf-tower-enterprise/backend:v24.1.4 \ - --overrides='{ "spec": { "imagePullSecrets": [ { "name": "cr.seqera.io" } ] } }' \ - --override-type=strategic -- /bin/true - ``` - -
- View command output - ``` - pod/pull-test created - ``` -
- - 1. Confirm that the container was pulled: - - ``` - kubectl get pods/pull-test -o=custom-columns=NAME:.metadata.name,STATUS:.status.phase - ``` - -
- View command output - ``` - NAME STATUS - pull-test Succeeded - ``` -
- -## 3. Configure Seqera Platform +## Configure Seqera Platform Configure the following environment variables. For more information about Seqera configuration options, see [Configuration overview](./configuration/overview.mdx). @@ -124,11 +34,11 @@ The `configmap.yml` manifest includes both the `tower.env` and `tower.yml` files
Show `configmap.yml` file - ```js file=./_templates/k8s/k8s_min/configmap.yml {10,12-13,22,25-26} showLineNumbers + ```js file=./_templates/k8s/k8s_min/configmap.yml {10,13,25-26} showLineNumbers ```
-1. Generate two unique secrets with the following command: `openssl rand -base64 36` +1. Generate two unique secrets with the following command: `openssl rand -base64 32 | tr -d /=+ | cut -c -32` 1. Edit the `configmap.yml` file and set the following environment variables: @@ -151,7 +61,7 @@ The `configmap.yml` manifest includes both the `tower.env` and `tower.yml` files ``` -## 4. Deploy a Redis instance +## Deploy a Redis instance Seqera Enterprise requires a Redis database for caching purposes. Configure Redis manually by deploying a manifest to your cluster. @@ -210,7 +120,7 @@ Seqera Enterprise requires a Redis database for caching purposes. Configure Redi ``` -## 5. Deploy a MySQL instance +## Deploy a MySQL instance 1. Create a file named `mysql.yml` with the following Kubernetes manifest: @@ -267,8 +177,7 @@ Seqera Enterprise requires a Redis database for caching purposes. Configure Redi ``` - -## 6. Deploy Seqera +## Deploy Seqera Seqera Platform consists of deployments for a cron service, a backend service, and a frontend service. @@ -289,69 +198,7 @@ Seqera Platform consists of deployments for a cron service, a backend service, a ``` -1. Deploy the cron service: - - :::caution - This manifest includes an init container that creates the required database schema the first time it instantiates. This process can take a few minutes to complete and must finish before you instantiate the Seqera backend. Ensure this container is in the `READY` state before proceeding to the next step. - ::: - - 1. Apply the `tower-cron.yml` manifest: - - ``` - kubectl apply -f tower-cron.yml - ``` - -
- View command output - ``` - deployment.apps/cron configured - ``` -
- - 1. Confirm that cron service deployed successfully: - - ``` - kubectl rollout status deployment/cron - ``` - -
- View command output - deployment "cron" successfully rolled out -
- -1. Deploy the backend and frontend services: - - 1. Apply the `tower-svc.yml` manifest: - - ``` - kubectl apply -f tower-svc.yml - ``` - -
- View command output - ``` - deployment.apps/backend configured - deployment.apps/frontend configured - service/backend configured - service/frontend configured - ``` -
- - 1. Confirm that cron service deployed successfully: - - ``` - kubectl get deployments - ``` - -
- View command output - ``` - NAME READY UP-TO-DATE AVAILABLE AGE - backend 1/1 1 1 2d6h - cron 1/1 1 1 2d6h - frontend 1/1 1 1 2d6h - ``` -
+ ## 7. Create a new user account diff --git a/platform_versioned_sidebars/version-24.1-sidebars.json b/platform_versioned_sidebars/version-24.1-sidebars.json index 8bf36e60..45c875e9 100644 --- a/platform_versioned_sidebars/version-24.1-sidebars.json +++ b/platform_versioned_sidebars/version-24.1-sidebars.json @@ -167,6 +167,8 @@ "items": [ "enterprise/docker-compose", "enterprise/kubernetes", + "enterprise/kubernetes-minimal-install", + "enterprise/kubernetes-eks-install", "enterprise/testing", "enterprise/upgrade" ] From efd7473a35da322aa245daeee7f51d8fc5cf70f6 Mon Sep 17 00:00:00 2001 From: Jason Boxman Date: Tue, 17 Sep 2024 16:32:30 -0400 Subject: [PATCH 07/16] Reintroduce numbers --- .../enterprise/_partials/_k8s-install-ns.mdx | 2 -- .../enterprise/_partials/_k8s-install-registry.mdx | 2 -- .../enterprise/kubernetes-eks-install.mdx | 5 +++++ .../enterprise/kubernetes-minimal-install.mdx | 13 +++++++++---- 4 files changed, 14 insertions(+), 8 deletions(-) diff --git a/platform_versioned_docs/version-24.1/enterprise/_partials/_k8s-install-ns.mdx b/platform_versioned_docs/version-24.1/enterprise/_partials/_k8s-install-ns.mdx index 2e08f65a..29be044c 100644 --- a/platform_versioned_docs/version-24.1/enterprise/_partials/_k8s-install-ns.mdx +++ b/platform_versioned_docs/version-24.1/enterprise/_partials/_k8s-install-ns.mdx @@ -1,5 +1,3 @@ -## Create a namespace - Create a namespace to isolate Kubernetes resources used by Seqera Platform from the other resources on your cluster. :::tip diff --git a/platform_versioned_docs/version-24.1/enterprise/_partials/_k8s-install-registry.mdx b/platform_versioned_docs/version-24.1/enterprise/_partials/_k8s-install-registry.mdx index 9a35071a..7a4608f3 100644 --- a/platform_versioned_docs/version-24.1/enterprise/_partials/_k8s-install-registry.mdx +++ b/platform_versioned_docs/version-24.1/enterprise/_partials/_k8s-install-registry.mdx @@ -1,5 +1,3 @@ -## Configure container registry credentials - Seqera Enterprise is distributed as a collection of Docker containers available through the Seqera container registry [`cr.seqera.io`](https://cr.seqera.io). Contact [support](https://support.seqera.io) to get your container access credentials. After you've received your credentials, grant your cluster access to the registry: 1. Retrieve the `name` and `secret` values from the JSON file that you received from Seqera support. diff --git a/platform_versioned_docs/version-24.1/enterprise/kubernetes-eks-install.mdx b/platform_versioned_docs/version-24.1/enterprise/kubernetes-eks-install.mdx index 38f89d29..fe4e3ee5 100644 --- a/platform_versioned_docs/version-24.1/enterprise/kubernetes-eks-install.mdx +++ b/platform_versioned_docs/version-24.1/enterprise/kubernetes-eks-install.mdx @@ -129,7 +129,12 @@ After your database is created: - Update the inbound rules for the underlying EC2 instance to allow MySQL connections. - Update your Seqera [configuration](../configuration/overview.mdx#seqera-and-redis-databases) with the database hostname, username, and password. +## 1. Create a namespace + + +## 2. Configure container registry credentials + diff --git a/platform_versioned_docs/version-24.1/enterprise/kubernetes-minimal-install.mdx b/platform_versioned_docs/version-24.1/enterprise/kubernetes-minimal-install.mdx index 2e16533b..efcc4e39 100644 --- a/platform_versioned_docs/version-24.1/enterprise/kubernetes-minimal-install.mdx +++ b/platform_versioned_docs/version-24.1/enterprise/kubernetes-minimal-install.mdx @@ -19,10 +19,15 @@ The following prerequisites are required to deploy Seqera on a Kubernetes cluste - The `kubectl` CLI is installed locally - Access to the cluster with the `cluster-admin` role +## 1. Create a namespace + + +## 2. Configure container registry credentials + -## Configure Seqera Platform +## 3. Configure Seqera Platform Configure the following environment variables. For more information about Seqera configuration options, see [Configuration overview](./configuration/overview.mdx). @@ -61,7 +66,7 @@ The `configmap.yml` manifest includes both the `tower.env` and `tower.yml` files ``` -## Deploy a Redis instance +## 4. Deploy a Redis instance Seqera Enterprise requires a Redis database for caching purposes. Configure Redis manually by deploying a manifest to your cluster. @@ -120,7 +125,7 @@ Seqera Enterprise requires a Redis database for caching purposes. Configure Redi ``` -## Deploy a MySQL instance +## 5. Deploy a MySQL instance 1. Create a file named `mysql.yml` with the following Kubernetes manifest: @@ -177,7 +182,7 @@ Seqera Enterprise requires a Redis database for caching purposes. Configure Redi ``` -## Deploy Seqera +## 6. Deploy Seqera Seqera Platform consists of deployments for a cron service, a backend service, and a frontend service. From 71d17b2479db4d4c1fb3f57dde6bb6ad5f94ba17 Mon Sep 17 00:00:00 2001 From: Jason Boxman Date: Tue, 17 Sep 2024 22:58:25 -0400 Subject: [PATCH 08/16] Revise --- ...no-heading.mdx => _k8s-install-deploy.mdx} | 1 - .../_partials/_k8s-install-registry.mdx | 2 + .../version-24.1/enterprise/index.mdx | 9 ++ .../enterprise/kubernetes-eks-install.mdx | 117 +++++++++++++++++- .../enterprise/kubernetes-minimal-install.mdx | 3 +- 5 files changed, 124 insertions(+), 8 deletions(-) rename platform_versioned_docs/version-24.1/enterprise/_partials/{_k8s-install-deploy-no-heading.mdx => _k8s-install-deploy.mdx} (96%) diff --git a/platform_versioned_docs/version-24.1/enterprise/_partials/_k8s-install-deploy-no-heading.mdx b/platform_versioned_docs/version-24.1/enterprise/_partials/_k8s-install-deploy.mdx similarity index 96% rename from platform_versioned_docs/version-24.1/enterprise/_partials/_k8s-install-deploy-no-heading.mdx rename to platform_versioned_docs/version-24.1/enterprise/_partials/_k8s-install-deploy.mdx index 3b7dd5c2..ccf669ec 100644 --- a/platform_versioned_docs/version-24.1/enterprise/_partials/_k8s-install-deploy-no-heading.mdx +++ b/platform_versioned_docs/version-24.1/enterprise/_partials/_k8s-install-deploy.mdx @@ -1,4 +1,3 @@ -
    diff --git a/platform_versioned_docs/version-24.1/enterprise/_partials/_k8s-install-registry.mdx b/platform_versioned_docs/version-24.1/enterprise/_partials/_k8s-install-registry.mdx index 7a4608f3..d30a8ada 100644 --- a/platform_versioned_docs/version-24.1/enterprise/_partials/_k8s-install-registry.mdx +++ b/platform_versioned_docs/version-24.1/enterprise/_partials/_k8s-install-registry.mdx @@ -66,3 +66,5 @@ Seqera Enterprise is distributed as a collection of Docker containers available ``` + +[kubectl-secret]: https://kubernetes.io/docs/tasks/configmap-secret/managing-secret-using-kubectl/ diff --git a/platform_versioned_docs/version-24.1/enterprise/index.mdx b/platform_versioned_docs/version-24.1/enterprise/index.mdx index f4f61858..86f13d1e 100644 --- a/platform_versioned_docs/version-24.1/enterprise/index.mdx +++ b/platform_versioned_docs/version-24.1/enterprise/index.mdx @@ -60,6 +60,15 @@ Kubernetes is emerging as the technology of choice for deploying applications th ![](./_images/seqera_reference_architecture_aws.png) _Reference architecture diagram of Seqera Platform Enterprise on AWS using Elastic Kubernetes Service (EKS)_ +### High availability + +To configure Seqera Enterprise for high availability, note that: + +- The `backend` service can be run in multiple replicas +- The `frontend` service is replicable, however in most scenarios it is not necessary +- The `cron` service may only have a single instance +- The `groundswell` service may only have a single instance + ## Application container images Seqera Enterprise is distributed as a collection of Docker containers available through the Seqera container registry [`cr.seqera.io`](https://cr.seqera.io). Contact [support](https://support.seqera.io) to get your container access credentials. When you've received your credentials, retrieve the application container images with these steps: diff --git a/platform_versioned_docs/version-24.1/enterprise/kubernetes-eks-install.mdx b/platform_versioned_docs/version-24.1/enterprise/kubernetes-eks-install.mdx index fe4e3ee5..1a1326f2 100644 --- a/platform_versioned_docs/version-24.1/enterprise/kubernetes-eks-install.mdx +++ b/platform_versioned_docs/version-24.1/enterprise/kubernetes-eks-install.mdx @@ -10,7 +10,7 @@ import TabItem from '@theme/TabItem'; import CreateNamespace from './_partials/_k8s-install-ns.mdx'; import ConfigureRegistry from './_partials/_k8s-install-registry.mdx'; -import DeployManifests from './_partials/_k8s-install-deploy-no-heading.mdx'; +import DeployManifests from './_partials/_k8s-install-deploy.mdx'; This installation guide describes how to install Seqera Platform on Enterprise on Amazon Web Services (AWS) Elastic Kubernetes Service (EKS). When you complete the steps in this guide you'll have an installation suitable for product use on EKS. @@ -120,7 +120,6 @@ aws rds create-db-instance \ --master-username DB_USER \ --master-user-password DB_PASSWORD \ ``` - @@ -129,16 +128,58 @@ After your database is created: - Update the inbound rules for the underlying EC2 instance to allow MySQL connections. - Update your Seqera [configuration](../configuration/overview.mdx#seqera-and-redis-databases) with the database hostname, username, and password. -## 1. Create a namespace +## Installation + +### 1. Create a namespace -## 2. Configure container registry credentials +### 2. Configure container registry credentials +## 3. Configure Seqera Platform + +Configure the following environment variables. For more information about Seqera configuration options, see [Configuration overview](./configuration/overview.mdx). + +:::tip +The `configmap.yml` manifest includes both the `tower.env` and `tower.yml` files. These files are made available to the other containers through volume mounts. +::: + +1. Create a file named `configmap.yml` with the following Kubernetes manifest: + +
    + Show `configmap.yml` file + ```js file=./_templates/k8s/configmap.yml showLineNumbers + ``` +
    + +1. Generate two unique secrets with the following command: `openssl rand -base64 32 | tr -d /=+ | cut -c -32` + +1. Edit the `configmap.yml` file and set the following environment variables: + + - `TOWER_ROOT_USERS`: Specify your email address + - `TOWER_JWT_SECRET`: Specify a unique secret that is at least 35 alphanumeric characters + - `TOWER_CRYPTO_SECRETKEY`: Specify a unique secret. + - `TOWER_LICENSE`: Specify your Seqera license key, if known. Otherwise, leave this empty. + - TOWER_REDIS_URL + +1. Apply the config map: + + ``` + kubectl apply -f configmap.yml + ``` + +
    + View command output + ``` + configmap/tower-backend-cfg created + configmap/tower-yml created + ``` +
    + -## Deploy Seqera +### 4. Deploy Seqera Seqera Platform consists of deployments for a cron service, a backend service, and a frontend service. @@ -161,6 +202,72 @@ Seqera Platform consists of deployments for a cron service, a backend service, a +### 5. Seqera ingress + +An ingress is used to make Seqera Enterprise publicly accessible, load-balance traffic, terminate TLS, and offer name-based virtual hosting. The included ingress manifest will create an external IP address and forward HTTP traffic to the Seqera frontend. + +Download and configure the appropriate manifest for your infrastructure: + + - [Amazon EKS](_templates/k8s/ingress.eks.yml) + +To deploy the manifest to your cluster, run the following: + + ```bash + kubectl apply -f ingress.*.yml + ``` + +See [Kubernetes ingress][k8s-ingress] for more information. If you don't need to make Seqera externally accessible, use a service resource to expose a [node port][k8s-node-port] or a [load balancer][k8s-load-balancer] service to make it accessible within your intranet. + +See the cloud provider documentation for configuring an ingress service on each cloud provider: + +- [Amazon][aws-configure-ingress] + +### 6. Check status + +Check that all services are up and running: + +```bash +kubectl get pods +``` + +### 7. Test the application + +See [Test deployment](./testing.mdx). + +### Optional: Configure database console + +Use the [dbconsole.yml](_templates/k8s/dbconsole.yml) manifest to deploy a simple web frontend to the Seqera database. Though not required, this can be useful for administrative purposes. + +1. Deploy the database console: + + ```bash + kubectl apply -f dbconsole.yml + ``` + +1. Enable a port-forward for the database console to your local machine: + + ```bash + kubectl port-forward deployment/dbconsole 8080:8080 + ``` + +1. Access the database console in a web browser at `http://localhost:8080`. + +## Next steps + +- Configure OpenID Connect (OIDC) for seamless integration with your identify provider +- Configure ingress for your public cloud provider for load balancing and TLS termination +- Configure access to your organization's email server +- Configure Data Studios +- Configure pipeline resource optimization +- Configure Wave containers integration + + [aws-elasticache]: https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/WhatIs.html [aws-cache-instances]: https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html +[aws-configure-ingress]: https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/guide/ingress/annotations/ + +[k8s-ingress]: https://kubernetes.io/docs/concepts/services-networking/ingress/ +[k8s-load-balancer]: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer +[k8s-node-port]: https://kubernetes.io/docs/concepts/services-networking/service/#nodeport + diff --git a/platform_versioned_docs/version-24.1/enterprise/kubernetes-minimal-install.mdx b/platform_versioned_docs/version-24.1/enterprise/kubernetes-minimal-install.mdx index efcc4e39..ad6f6f3e 100644 --- a/platform_versioned_docs/version-24.1/enterprise/kubernetes-minimal-install.mdx +++ b/platform_versioned_docs/version-24.1/enterprise/kubernetes-minimal-install.mdx @@ -7,7 +7,7 @@ tags: [kubernetes, deployment] import CreateNamespace from './_partials/_k8s-install-ns.mdx'; import ConfigureRegistry from './_partials/_k8s-install-registry.mdx'; -import DeployManifests from './_partials/_k8s-install-deploy-no-heading.mdx'; +import DeployManifests from './_partials/_k8s-install-deploy.mdx'; This installation guide describes how to install Seqera Platform on a Kubernetes cluster. @@ -267,4 +267,3 @@ Your installation of Seqera Platform is complete. -[kubectl-secret]: https://kubernetes.io/docs/tasks/configmap-secret/managing-secret-using-kubectl/ From cb13e29653ecc54873031a0770d8f59932e3d80c Mon Sep 17 00:00:00 2001 From: Jason Boxman Date: Tue, 17 Sep 2024 22:59:27 -0400 Subject: [PATCH 09/16] Adjust header level --- .../version-24.1/enterprise/kubernetes-eks-install.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/platform_versioned_docs/version-24.1/enterprise/kubernetes-eks-install.mdx b/platform_versioned_docs/version-24.1/enterprise/kubernetes-eks-install.mdx index 1a1326f2..619ba317 100644 --- a/platform_versioned_docs/version-24.1/enterprise/kubernetes-eks-install.mdx +++ b/platform_versioned_docs/version-24.1/enterprise/kubernetes-eks-install.mdx @@ -138,7 +138,7 @@ After your database is created: -## 3. Configure Seqera Platform +### 3. Configure Seqera Platform Configure the following environment variables. For more information about Seqera configuration options, see [Configuration overview](./configuration/overview.mdx). From 534827eb06214b1840e3ed6fa9d72a79f402e28d Mon Sep 17 00:00:00 2001 From: Jason Boxman Date: Tue, 17 Sep 2024 23:03:53 -0400 Subject: [PATCH 10/16] Fix links --- .../version-24.1/enterprise/kubernetes-eks-install.mdx | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/platform_versioned_docs/version-24.1/enterprise/kubernetes-eks-install.mdx b/platform_versioned_docs/version-24.1/enterprise/kubernetes-eks-install.mdx index 619ba317..189e66a0 100644 --- a/platform_versioned_docs/version-24.1/enterprise/kubernetes-eks-install.mdx +++ b/platform_versioned_docs/version-24.1/enterprise/kubernetes-eks-install.mdx @@ -20,9 +20,9 @@ This installation guide describes how to install Seqera Platform on Enterprise o - **MySQL database**: An external database, such as one provided by [Amazon Relational Database Service](https://aws.amazon.com/rds/), is highly recommended for production deployments. -- **SSL certificate**: HTTP must not be used in production environments. An SSL certificate is required for your Seqera instance to handle HTTPS traffic. See [SSL/TLS configuration](../configuration/ssl_tls.mdx#aws-deployments-manage-ssl-certificates-with-amazon-certificate-manager-acm) for more information. +- **SSL certificate**: HTTP must not be used in production environments. An SSL certificate is required for your Seqera instance to handle HTTPS traffic. See [SSL/TLS configuration](./configuration/ssl_tls.mdx#aws-deployments-manage-ssl-certificates-with-amazon-certificate-manager-acm) for more information. -- **Optional: AWS Parameter Store**: Store sensitive Seqera configuration values as SecureString [AWS Parameter Store](https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html) parameters. See [AWS Parameter Store configuration](../configuration/aws_parameter_store.mdx) for instructions. This is recommended for production environments. +- **Optional: AWS Parameter Store**: Store sensitive Seqera configuration values as SecureString [AWS Parameter Store](https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html) parameters. See [AWS Parameter Store configuration](./configuration/aws_parameter_store.mdx) for instructions. This is recommended for production environments. - **Optional: DNS**: DNS is required to support human-readable domain names and load-balanced traffic. If you don't have access to a pre-existing DNS service, use [Amazon Route 53](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/Welcome.html). @@ -62,7 +62,7 @@ Set up commonly-used AWS services for Seqera deployment. ### Fetch Seqera config values from AWS Parameter Store -From version 23.1, you can retrieve Seqera Enterprise configuration values remotely from the AWS Parameter Store. See [AWS Parameter Store configuration](../configuration/aws_parameter_store.mdx) for instructions. +From version 23.1, you can retrieve Seqera Enterprise configuration values remotely from the AWS Parameter Store. See [AWS Parameter Store configuration](./configuration/aws_parameter_store.mdx) for instructions. ### Amazon SES @@ -93,7 +93,7 @@ External databases for Seqera Enterprise deployments require: - A **MySQL8 Community** DB instance - At least 2 vCPUs, 8 GB memory, and 30 GB SSD storage -- Manual MySQL user and database schema creation. See [Database configuration](../configuration/overview.mdx#seqera-and-redis-databases) for more details. +- Manual MySQL user and database schema creation. See [Database configuration](./configuration/overview.mdx#seqera-and-redis-databases) for more details. :::caution Recommended instance class and storage requirements depend on the number of parallel pipelines you expect to run. @@ -126,7 +126,7 @@ aws rds create-db-instance \ After your database is created: - Update the inbound rules for the underlying EC2 instance to allow MySQL connections. -- Update your Seqera [configuration](../configuration/overview.mdx#seqera-and-redis-databases) with the database hostname, username, and password. +- Update your Seqera [configuration](./configuration/overview.mdx#seqera-and-redis-databases) with the database hostname, username, and password. ## Installation From f133eaffefb4e5575798e7c702b40f652127b93c Mon Sep 17 00:00:00 2001 From: Jason Boxman Date: Wed, 18 Sep 2024 18:51:24 -0400 Subject: [PATCH 11/16] Cleanup manifests --- .../enterprise/_templates/k8s/configmap.yml | 57 +++------- .../enterprise/_templates/k8s/ingress.eks.yml | 40 +++---- .../_templates/k8s/k8s_min/configmap.yml | 20 +--- .../enterprise/_templates/k8s/tower-cron.yml | 93 +++++++-------- .../enterprise/_templates/k8s/tower-svc.yml | 107 ++++++++---------- .../enterprise/kubernetes-eks-install.mdx | 14 ++- 6 files changed, 127 insertions(+), 204 deletions(-) diff --git a/platform_versioned_docs/version-24.1/enterprise/_templates/k8s/configmap.yml b/platform_versioned_docs/version-24.1/enterprise/_templates/k8s/configmap.yml index a02c1477..e6424ff2 100644 --- a/platform_versioned_docs/version-24.1/enterprise/_templates/k8s/configmap.yml +++ b/platform_versioned_docs/version-24.1/enterprise/_templates/k8s/configmap.yml @@ -5,34 +5,22 @@ metadata: labels: app: backend-cfg data: - TOWER_SERVER_URL: "https://" - TOWER_CONTACT_EMAIL: "support@tower.nf" - TOWER_JWT_SECRET: "ReplaceThisWithALongSecretString" - TOWER_DB_URL: "jdbc:mysql:///tower" + TOWER_SERVER_URL: "https://" + TOWER_CONTACT_EMAIL: "" + TOWER_DB_URL: jdbc:mysql://:3306/tower?permitMysqlScheme=true TOWER_DB_DRIVER: "org.mariadb.jdbc.Driver" - TOWER_DB_USER: "tower" - TOWER_DB_PASSWORD: "" TOWER_DB_DIALECT: "io.seqera.util.MySQL55DialectCollateBin" - TOWER_DB_MIN_POOL_SIZE: "2" - TOWER_DB_MAX_POOL_SIZE: "10" - TOWER_DB_MAX_LIFETIME: "180000" - TOWER_SMTP_HOST: "" - TOWER_SMTP_USER: "" - TOWER_SMTP_PASSWORD: "" - TOWER_CRYPTO_SECRETKEY: "" - TOWER_LICENSE: "" + TOWER_DB_USER: "" + TOWER_DB_PASSWORD: "" + TOWER_SMTP_HOST: "" + TOWER_SMTP_USER: "" + TOWER_SMTP_PASSWORD: "" + TOWER_JWT_SECRET: "" + TOWER_CRYPTO_SECRETKEY: "" + TOWER_LICENSE: "" TOWER_ENABLE_PLATFORMS: "awsbatch-platform,gls-platform,googlebatch-platform,azbatch-platform,uge-platform,slurm-platform" FLYWAY_LOCATIONS: "classpath:db-schema/mysql" - TOWER_REDIS_URL: "redis://:6379" # For a managed Redis service, specify the IP address or DNS name of the service endpoint. If you use the containerized Redis service, specify "redis" instead of an IP address. - # Data Studios configuration variables - TOWER_OIDC_REGISTRATION_INITIAL_ACCESS_TOKEN: '' # This must match the value of CONNECT_OIDC_CLIENT_REGISTRATION_TOKEN in your proxy.yml file. - TOWER_DATA_STUDIO_CONNECT_URL: 'https://connect.' # - TOWER_DATA_STUDIO_TEMPLATES_JUPYTER_REPOSITORY: 'cr.seqera.io/public/data-studio-jupyter:0.7.0' - TOWER_DATA_STUDIO_TEMPLATES_JUPYTER_ICON: 'jupyter' - TOWER_DATA_STUDIO_TEMPLATES_RSTUDIO_REPOSITORY: 'cr.seqera.io/public/data-studio-rstudio:0.7.0' - TOWER_DATA_STUDIO_TEMPLATES_RSTUDIO_ICON: 'rstudio' - TOWER_DATA_STUDIO_TEMPLATES_VSCODE_REPOSITORY: 'cr.seqera.io/public/data-studio-vscode:0.7.0' - TOWER_DATA_STUDIO_TEMPLATES_VSCODE_ICON: 'vscode' + TOWER_REDIS_URL: "redis://:6379" --- kind: ConfigMap apiVersion: v1 @@ -41,23 +29,4 @@ metadata: labels: app: backend-cfg data: - tower.yml: | - mail: - smtp: - auth: true - # FIXME `starttls` should be enabled with a production SMTP host - starttls: - enable: true - required: true - ssl: - protocols: "TLSv1.2" - - auth: - mail: - duration: 30m - - # Set a custom application name for the Micronaut environment to deploy multiple instances from the same Enterprise account - # Required for AWS Parameter Store configuration. For more information, see https://docs.seqera.io/platform/latest/enterprise/configuration/aws_parameter_store - micronaut: - application: - name: tower-app + tower.yml: |- diff --git a/platform_versioned_docs/version-24.1/enterprise/_templates/k8s/ingress.eks.yml b/platform_versioned_docs/version-24.1/enterprise/_templates/k8s/ingress.eks.yml index f8f2ea35..946533ce 100644 --- a/platform_versioned_docs/version-24.1/enterprise/_templates/k8s/ingress.eks.yml +++ b/platform_versioned_docs/version-24.1/enterprise/_templates/k8s/ingress.eks.yml @@ -20,29 +20,17 @@ spec: - host: http: paths: - - path: /* - pathType: ImplementationSpecific - backend: - service: - name: ssl-redirect - port: - name: use-annotation - - path: /* - pathType: ImplementationSpecific - backend: - service: - name: frontend - port: - number: 80 - -# Uncomment the host section below to enable Data Studios. Replace with the base domain of your Platform installation. See [Data Studios configuration](https://docs.seqera.io/platform/24.1.1/enterprise/data-studios) for more information. -# - host: "*." -# http: -# paths: -# - backend: -# service: -# name: connect-proxy -# port: -# number: 80 -# pathType: ImplementationSpecific -# path: /* \ No newline at end of file + - path: /* + pathType: ImplementationSpecific + backend: + service: + name: ssl-redirect + port: + name: use-annotation + - path: /* + pathType: ImplementationSpecific + backend: + service: + name: frontend + port: + number: 80 diff --git a/platform_versioned_docs/version-24.1/enterprise/_templates/k8s/k8s_min/configmap.yml b/platform_versioned_docs/version-24.1/enterprise/_templates/k8s/k8s_min/configmap.yml index 2cf87624..f95d33f2 100644 --- a/platform_versioned_docs/version-24.1/enterprise/_templates/k8s/k8s_min/configmap.yml +++ b/platform_versioned_docs/version-24.1/enterprise/_templates/k8s/k8s_min/configmap.yml @@ -10,23 +10,20 @@ data: TOWER_ROOT_USERS: "" TOWER_SERVER_URL: "http://localhost:8080" TOWER_CONTACT_EMAIL: "user@example.com" - TOWER_JWT_SECRET: "" + TOWER_REDIS_URL: "redis://redis:6379" TOWER_DB_URL: jdbc:mysql://mysql:3306/tower?permitMysqlScheme=true TOWER_DB_DRIVER: "org.mariadb.jdbc.Driver" TOWER_DB_USER: "tower" TOWER_DB_PASSWORD: "tower" TOWER_DB_DIALECT: "io.seqera.util.MySQL55DialectCollateBin" - TOWER_DB_MIN_POOL_SIZE: "2" - TOWER_DB_MAX_POOL_SIZE: "10" - TOWER_DB_MAX_LIFETIME: "180000" TOWER_SMTP_HOST: "mailcatcher" TOWER_SMTP_USER: "" TOWER_SMTP_PASSWORD: "" + TOWER_JWT_SECRET: "" TOWER_CRYPTO_SECRETKEY: "" TOWER_LICENSE: "" TOWER_ENABLE_PLATFORMS: "local-platform" FLYWAY_LOCATIONS: "classpath:db-schema/mysql" - TOWER_REDIS_URL: "redis://redis:6379" --- kind: ConfigMap apiVersion: v1 @@ -39,19 +36,6 @@ data: mail: smtp: auth: false - # FIXME `starttls` should be enabled with a production SMTP host starttls: enable: false required: false - ssl: - protocols: "TLSv1.2" - - auth: - mail: - duration: 30m - - # Set a custom application name for the Micronaut environment to deploy multiple instances from the same Enterprise account - # Required for AWS Parameter Store configuration. For more information, see https://docs.seqera.io/platform/latest/enterprise/configuration/aws_parameter_store - micronaut: - application: - name: tower-app diff --git a/platform_versioned_docs/version-24.1/enterprise/_templates/k8s/tower-cron.yml b/platform_versioned_docs/version-24.1/enterprise/_templates/k8s/tower-cron.yml index 4b24aaca..188d591b 100644 --- a/platform_versioned_docs/version-24.1/enterprise/_templates/k8s/tower-cron.yml +++ b/platform_versioned_docs/version-24.1/enterprise/_templates/k8s/tower-cron.yml @@ -1,3 +1,4 @@ +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -14,57 +15,47 @@ spec: app: cron spec: imagePullSecrets: - - name: "cr.seqera.io" + - name: "cr.seqera.io" volumes: - - name: config-volume - configMap: - name: tower-yml - # Volume for Data Studios - #- name: cert-volume - # secret: - # secretName: platform-oidc-certs + - name: config-volume + configMap: + name: tower-yml initContainers: - - name: migrate-db - image: cr.seqera.io/private/nf-tower-enterprise/migrate-db:v24.1.3 - command: ["sh", "-c", "/migrate-db.sh"] - envFrom: - - configMapRef: - name: tower-backend-cfg - volumeMounts: - - name: config-volume - mountPath: /tower.yml - subPath: tower.yml - # Volume mount for Data Studios - #- name: cert-volume - # mountPath: /data/certs + - name: migrate-db + image: cr.seqera.io/private/nf-tower-enterprise/migrate-db:v24.1.3 + command: ["sh", "-c", "/migrate-db.sh"] + envFrom: + - configMapRef: + name: tower-backend-cfg + volumeMounts: + - name: config-volume + mountPath: /tower.yml + subPath: tower.yml containers: - - name: backend - image: cr.seqera.io/private/nf-tower-enterprise/backend:v24.1.4 - envFrom: - - configMapRef: - name: tower-backend-cfg - volumeMounts: - - name: config-volume - mountPath: /tower.yml - subPath: tower.yml - env: - - name: MICRONAUT_ENVIRONMENTS - value: "prod,redis,cron" - # TLS certificate for Data Studios - #- name: TOWER_OIDC_PEM_PATH - # value: '/data/certs/oidc.pem' - ports: - - containerPort: 8080 - readinessProbe: - httpGet: - path: /health - port: 8080 - initialDelaySeconds: 5 - timeoutSeconds: 3 - livenessProbe: - httpGet: - path: /health - port: 8080 - initialDelaySeconds: 5 - timeoutSeconds: 3 - failureThreshold: 10 + - name: backend + image: cr.seqera.io/private/nf-tower-enterprise/backend:v24.1.4 + envFrom: + - configMapRef: + name: tower-backend-cfg + volumeMounts: + - name: config-volume + mountPath: /tower.yml + subPath: tower.yml + env: + - name: MICRONAUT_ENVIRONMENTS + value: "prod,redis,cron" + ports: + - containerPort: 8080 + readinessProbe: + httpGet: + path: /health + port: 8080 + initialDelaySeconds: 5 + timeoutSeconds: 3 + livenessProbe: + httpGet: + path: /health + port: 8080 + initialDelaySeconds: 5 + timeoutSeconds: 3 + failureThreshold: 10 diff --git a/platform_versioned_docs/version-24.1/enterprise/_templates/k8s/tower-svc.yml b/platform_versioned_docs/version-24.1/enterprise/_templates/k8s/tower-svc.yml index 1d0e6012..cf83dd92 100644 --- a/platform_versioned_docs/version-24.1/enterprise/_templates/k8s/tower-svc.yml +++ b/platform_versioned_docs/version-24.1/enterprise/_templates/k8s/tower-svc.yml @@ -1,3 +1,4 @@ +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -18,45 +19,45 @@ spec: app: backend spec: imagePullSecrets: - - name: "cr.seqera.io" + - name: "cr.seqera.io" volumes: - - name: config-volume - configMap: - name: tower-yml + - name: config-volume + configMap: + name: tower-yml containers: - - name: backend - image: cr.seqera.io/private/nf-tower-enterprise/backend:v24.1.4 - envFrom: - - configMapRef: - name: tower-backend-cfg - env: - - name: MICRONAUT_ENVIRONMENTS - value: "prod,redis,ha" - ports: - - containerPort: 8080 - volumeMounts: - - name: config-volume - mountPath: /tower.yml - subPath: tower.yml - resources: - requests: - cpu: "1" - memory: "1200Mi" - limits: - memory: "4200Mi" - readinessProbe: - httpGet: - path: /health - port: 8080 - initialDelaySeconds: 5 - timeoutSeconds: 3 - livenessProbe: - httpGet: - path: /health - port: 8080 - initialDelaySeconds: 5 - timeoutSeconds: 3 - failureThreshold: 10 + - name: backend + image: cr.seqera.io/private/nf-tower-enterprise/backend:v24.1.4 + envFrom: + - configMapRef: + name: tower-backend-cfg + env: + - name: MICRONAUT_ENVIRONMENTS + value: "prod,redis,ha" + ports: + - containerPort: 8080 + volumeMounts: + - name: config-volume + mountPath: /tower.yml + subPath: tower.yml + resources: + requests: + cpu: "1" + memory: "1200Mi" + limits: + memory: "4200Mi" + readinessProbe: + httpGet: + path: /health + port: 8080 + initialDelaySeconds: 5 + timeoutSeconds: 3 + livenessProbe: + httpGet: + path: /health + port: 8080 + initialDelaySeconds: 5 + timeoutSeconds: 3 + failureThreshold: 10 --- apiVersion: apps/v1 kind: Deployment @@ -75,15 +76,14 @@ spec: app: frontend spec: imagePullSecrets: - - name: "cr.seqera.io" + - name: "cr.seqera.io" containers: - - name: frontend - image: cr.seqera.io/private/nf-tower-enterprise/frontend:v24.1.4 - ports: - - containerPort: 80 + - name: frontend + image: cr.seqera.io/private/nf-tower-enterprise/frontend:v24.1.4 + ports: + - containerPort: 80 restartPolicy: Always --- -# Services apiVersion: v1 kind: Service metadata: @@ -92,22 +92,9 @@ metadata: app: backend spec: ports: - - name: http - port: 8080 - targetPort: 8080 - selector: - app: backend ---- -apiVersion: v1 -kind: Service -metadata: - name: backend-api -spec: - ports: - - port: 8080 - targetPort: 8080 - protocol: TCP - type: NodePort + - name: http + port: 8080 + targetPort: 8080 selector: app: backend --- @@ -118,7 +105,7 @@ metadata: spec: type: LoadBalancer ports: - - port: 80 + - port: 80 selector: app: "frontend" --- diff --git a/platform_versioned_docs/version-24.1/enterprise/kubernetes-eks-install.mdx b/platform_versioned_docs/version-24.1/enterprise/kubernetes-eks-install.mdx index 189e66a0..fef12fb5 100644 --- a/platform_versioned_docs/version-24.1/enterprise/kubernetes-eks-install.mdx +++ b/platform_versioned_docs/version-24.1/enterprise/kubernetes-eks-install.mdx @@ -188,7 +188,7 @@ Seqera Platform consists of deployments for a cron service, a backend service, a
    Show `tower-cron.yml` file - ```js file=./_templates/k8s/k8s_min/tower-cron.yml showLineNumbers + ```js file=./_templates/k8s/tower-cron.yml showLineNumbers ```
    @@ -196,7 +196,7 @@ Seqera Platform consists of deployments for a cron service, a backend service, a
    Show `tower-svc.yml` file - ```js file=./_templates/k8s/k8s_min/tower-svc.yml showLineNumbers + ```js file=./_templates/k8s/tower-svc.yml showLineNumbers ```
    @@ -206,9 +206,14 @@ Seqera Platform consists of deployments for a cron service, a backend service, a An ingress is used to make Seqera Enterprise publicly accessible, load-balance traffic, terminate TLS, and offer name-based virtual hosting. The included ingress manifest will create an external IP address and forward HTTP traffic to the Seqera frontend. -Download and configure the appropriate manifest for your infrastructure: +Download and configure the appropriate manifest for your infrastructure. - - [Amazon EKS](_templates/k8s/ingress.eks.yml) + +
    +Show `ingress.eks.yml` file +```js file=./_templates/k8s/ingress.eks.yml showLineNumbers +``` +
    To deploy the manifest to your cluster, run the following: @@ -270,4 +275,3 @@ Use the [dbconsole.yml](_templates/k8s/dbconsole.yml) manifest to deploy a simpl [k8s-ingress]: https://kubernetes.io/docs/concepts/services-networking/ingress/ [k8s-load-balancer]: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer [k8s-node-port]: https://kubernetes.io/docs/concepts/services-networking/service/#nodeport - From 17dd5b417bd7483d6773fca792e9b23dfd0ca5af Mon Sep 17 00:00:00 2001 From: Jason Boxman Date: Wed, 18 Sep 2024 23:18:37 -0400 Subject: [PATCH 12/16] Cleanup --- .../enterprise/_templates/k8s/configmap.yml | 4 +- .../enterprise/_templates/k8s/ingress.eks.yml | 10 ++-- .../_templates/k8s/k8s_min/configmap.yml | 2 +- .../enterprise/_templates/k8s/tower-cron.yml | 2 +- .../enterprise/_templates/k8s/tower-svc.yml | 6 +- .../enterprise/kubernetes-eks-install.mdx | 60 ++++++++++--------- 6 files changed, 45 insertions(+), 39 deletions(-) diff --git a/platform_versioned_docs/version-24.1/enterprise/_templates/k8s/configmap.yml b/platform_versioned_docs/version-24.1/enterprise/_templates/k8s/configmap.yml index e6424ff2..ad0022bf 100644 --- a/platform_versioned_docs/version-24.1/enterprise/_templates/k8s/configmap.yml +++ b/platform_versioned_docs/version-24.1/enterprise/_templates/k8s/configmap.yml @@ -7,7 +7,8 @@ metadata: data: TOWER_SERVER_URL: "https://" TOWER_CONTACT_EMAIL: "" - TOWER_DB_URL: jdbc:mysql://:3306/tower?permitMysqlScheme=true + TOWER_REDIS_URL: "redis://:6379" + TOWER_DB_URL: "jdbc:mysql://:3306/tower?permitMysqlScheme=true" TOWER_DB_DRIVER: "org.mariadb.jdbc.Driver" TOWER_DB_DIALECT: "io.seqera.util.MySQL55DialectCollateBin" TOWER_DB_USER: "" @@ -20,7 +21,6 @@ data: TOWER_LICENSE: "" TOWER_ENABLE_PLATFORMS: "awsbatch-platform,gls-platform,googlebatch-platform,azbatch-platform,uge-platform,slurm-platform" FLYWAY_LOCATIONS: "classpath:db-schema/mysql" - TOWER_REDIS_URL: "redis://:6379" --- kind: ConfigMap apiVersion: v1 diff --git a/platform_versioned_docs/version-24.1/enterprise/_templates/k8s/ingress.eks.yml b/platform_versioned_docs/version-24.1/enterprise/_templates/k8s/ingress.eks.yml index 946533ce..3f58a069 100644 --- a/platform_versioned_docs/version-24.1/enterprise/_templates/k8s/ingress.eks.yml +++ b/platform_versioned_docs/version-24.1/enterprise/_templates/k8s/ingress.eks.yml @@ -5,19 +5,19 @@ metadata: annotations: kubernetes.io/ingress.class: alb alb.ingress.kubernetes.io/scheme: internet-facing - alb.ingress.kubernetes.io/certificate-arn: + alb.ingress.kubernetes.io/certificate-arn: alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' - alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}' + alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301" }}' alb.ingress.kubernetes.io/ssl-policy: ELBSecurityPolicy-TLS-1-2-Ext-2018-06 alb.ingress.kubernetes.io/load-balancer-attributes: > idle_timeout.timeout_seconds=301, routing.http2.enabled=false, access_logs.s3.enabled=true, - access_logs.s3.bucket=YOUR-LOGS-S3-BUCKET, - access_logs.s3.prefix=YOUR-LOGS-PREFIX + access_logs.s3.bucket=, + access_logs.s3.prefix= spec: rules: - - host: + - host: http: paths: - path: /* diff --git a/platform_versioned_docs/version-24.1/enterprise/_templates/k8s/k8s_min/configmap.yml b/platform_versioned_docs/version-24.1/enterprise/_templates/k8s/k8s_min/configmap.yml index f95d33f2..97c43b16 100644 --- a/platform_versioned_docs/version-24.1/enterprise/_templates/k8s/k8s_min/configmap.yml +++ b/platform_versioned_docs/version-24.1/enterprise/_templates/k8s/k8s_min/configmap.yml @@ -11,7 +11,7 @@ data: TOWER_SERVER_URL: "http://localhost:8080" TOWER_CONTACT_EMAIL: "user@example.com" TOWER_REDIS_URL: "redis://redis:6379" - TOWER_DB_URL: jdbc:mysql://mysql:3306/tower?permitMysqlScheme=true + TOWER_DB_URL: "jdbc:mysql://mysql:3306/tower?permitMysqlScheme=true" TOWER_DB_DRIVER: "org.mariadb.jdbc.Driver" TOWER_DB_USER: "tower" TOWER_DB_PASSWORD: "tower" diff --git a/platform_versioned_docs/version-24.1/enterprise/_templates/k8s/tower-cron.yml b/platform_versioned_docs/version-24.1/enterprise/_templates/k8s/tower-cron.yml index 188d591b..4870b2bb 100644 --- a/platform_versioned_docs/version-24.1/enterprise/_templates/k8s/tower-cron.yml +++ b/platform_versioned_docs/version-24.1/enterprise/_templates/k8s/tower-cron.yml @@ -15,7 +15,7 @@ spec: app: cron spec: imagePullSecrets: - - name: "cr.seqera.io" + - name: cr.seqera.io volumes: - name: config-volume configMap: diff --git a/platform_versioned_docs/version-24.1/enterprise/_templates/k8s/tower-svc.yml b/platform_versioned_docs/version-24.1/enterprise/_templates/k8s/tower-svc.yml index cf83dd92..4a6fb2cb 100644 --- a/platform_versioned_docs/version-24.1/enterprise/_templates/k8s/tower-svc.yml +++ b/platform_versioned_docs/version-24.1/enterprise/_templates/k8s/tower-svc.yml @@ -19,7 +19,7 @@ spec: app: backend spec: imagePullSecrets: - - name: "cr.seqera.io" + - name: cr.seqera.io volumes: - name: config-volume configMap: @@ -76,7 +76,7 @@ spec: app: frontend spec: imagePullSecrets: - - name: "cr.seqera.io" + - name: cr.seqera.io containers: - name: frontend image: cr.seqera.io/private/nf-tower-enterprise/frontend:v24.1.4 @@ -107,5 +107,5 @@ spec: ports: - port: 80 selector: - app: "frontend" + app: frontend --- diff --git a/platform_versioned_docs/version-24.1/enterprise/kubernetes-eks-install.mdx b/platform_versioned_docs/version-24.1/enterprise/kubernetes-eks-install.mdx index fef12fb5..e52f2ddb 100644 --- a/platform_versioned_docs/version-24.1/enterprise/kubernetes-eks-install.mdx +++ b/platform_versioned_docs/version-24.1/enterprise/kubernetes-eks-install.mdx @@ -80,7 +80,7 @@ If you use AWS SES in sandbox mode, both the _sender_ and the _receiver_ email a - [SPF authentication](https://docs.aws.amazon.com/ses/latest/DeveloperGuide/send-email-authentication-spf.html) -#### Managed Redis services +### Managed Redis services Seqera supports managed Redis services such as [Amazon ElastiCache][aws-elasticache]. @@ -118,7 +118,7 @@ aws rds create-db-instance \ --vpc-security-group-ids SECURITY_GROUP \ --db-subnet-group SUBNET_GROUP \ --master-username DB_USER \ - --master-user-password DB_PASSWORD \ + --master-user-password DB_PASSWORD ``` @@ -158,11 +158,18 @@ The `configmap.yml` manifest includes both the `tower.env` and `tower.yml` files 1. Edit the `configmap.yml` file and set the following environment variables: - - `TOWER_ROOT_USERS`: Specify your email address - - `TOWER_JWT_SECRET`: Specify a unique secret that is at least 35 alphanumeric characters + - `TOWER_CONTACT_EMAIL`: + - `TOWER_SERVER_URL`: + - `TOWER_REDIS_URL`: Specify the host name for your Amazon ElastiCache Redis instance. + - `TOWER_DB_URL`: + - `TOWER_DB_USER`: + - `TOWER_DB_PASSWORD`: + - `TOWER_SMTP_HOST`: + - `TOWER_SMTP_USER`: + - `TOWER_SMTP_PASSWORD`: + - `TOWER_JWT_SECRET`: Specify a unique secret that is at least 35 alphanumeric characters. - `TOWER_CRYPTO_SECRETKEY`: Specify a unique secret. - `TOWER_LICENSE`: Specify your Seqera license key, if known. Otherwise, leave this empty. - - TOWER_REDIS_URL 1. Apply the config map: @@ -178,7 +185,6 @@ The `configmap.yml` manifest includes both the `tower.env` and `tower.yml` files ``` - ### 4. Deploy Seqera Seqera Platform consists of deployments for a cron service, a backend service, and a frontend service. @@ -202,30 +208,27 @@ Seqera Platform consists of deployments for a cron service, a backend service, a -### 5. Seqera ingress +### 5. Configure HTTPS traffic load balancer -An ingress is used to make Seqera Enterprise publicly accessible, load-balance traffic, terminate TLS, and offer name-based virtual hosting. The included ingress manifest will create an external IP address and forward HTTP traffic to the Seqera frontend. +The Kubernetes ingress resource is used to make Seqera Enterprise publicly accessible, load-balance traffic, terminate TLS, and offer name-based virtual hosting. The included ingress manifest will create an external IP address and forward HTTP traffic to the Seqera frontend. -Download and configure the appropriate manifest for your infrastructure. +1. Create a file named `ingress.yml` with the following Kubernetes manifest: +
    + Show `ingress.yml` file + ```js file=./_templates/k8s/ingress.eks.yml showLineNumbers + ``` +
    -
    -Show `ingress.eks.yml` file -```js file=./_templates/k8s/ingress.eks.yml showLineNumbers -``` -
    - -To deploy the manifest to your cluster, run the following: +1. To deploy the manifest to your cluster, run the following: ```bash - kubectl apply -f ingress.*.yml + kubectl apply -f ingress.yml ``` See [Kubernetes ingress][k8s-ingress] for more information. If you don't need to make Seqera externally accessible, use a service resource to expose a [node port][k8s-node-port] or a [load balancer][k8s-load-balancer] service to make it accessible within your intranet. -See the cloud provider documentation for configuring an ingress service on each cloud provider: - -- [Amazon][aws-configure-ingress] +See the [AWS Load Balancer Controller documentation][aws-configure-ingress] for configuring an ingress service. ### 6. Check status @@ -259,19 +262,22 @@ Use the [dbconsole.yml](_templates/k8s/dbconsole.yml) manifest to deploy a simpl ## Next steps -- Configure OpenID Connect (OIDC) for seamless integration with your identify provider -- Configure ingress for your public cloud provider for load balancing and TLS termination -- Configure access to your organization's email server -- Configure Data Studios -- Configure pipeline resource optimization -- Configure Wave containers integration +- Configure [OpenID Connect (OIDC)][authentication] for seamless integration with your identify provider +- Configure [pipeline resource optimization][groundswell] +- Configure [Wave containers integration][wave-containers] +- Configure [Data Studios][data-studios] [aws-elasticache]: https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/WhatIs.html [aws-cache-instances]: https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html -[aws-configure-ingress]: https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/guide/ingress/annotations/ +[aws-configure-ingress]: https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.8/ [k8s-ingress]: https://kubernetes.io/docs/concepts/services-networking/ingress/ [k8s-load-balancer]: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer [k8s-node-port]: https://kubernetes.io/docs/concepts/services-networking/service/#nodeport + +[wave-containers]: ./configuration/wave.mdx +[groundswell]: ./configuration/pipeline_optimization.mdx +[data-studios]: ./data-studios.mdx +[authentication]: ./configuration/authentication.mdx From d2d3159b68e2f0f0ab262dab6de72d6d798c0d30 Mon Sep 17 00:00:00 2001 From: Jason Boxman Date: Fri, 20 Sep 2024 00:28:41 -0400 Subject: [PATCH 13/16] Revise --- .../enterprise/kubernetes-eks-install.mdx | 22 ++++++++++--------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/platform_versioned_docs/version-24.1/enterprise/kubernetes-eks-install.mdx b/platform_versioned_docs/version-24.1/enterprise/kubernetes-eks-install.mdx index e52f2ddb..0885b9a9 100644 --- a/platform_versioned_docs/version-24.1/enterprise/kubernetes-eks-install.mdx +++ b/platform_versioned_docs/version-24.1/enterprise/kubernetes-eks-install.mdx @@ -12,26 +12,22 @@ import CreateNamespace from './_partials/_k8s-install-ns.mdx'; import ConfigureRegistry from './_partials/_k8s-install-registry.mdx'; import DeployManifests from './_partials/_k8s-install-deploy.mdx'; -This installation guide describes how to install Seqera Platform on Enterprise on Amazon Web Services (AWS) Elastic Kubernetes Service (EKS). When you complete the steps in this guide you'll have an installation suitable for product use on EKS. +This installation guide describes how to install Seqera Platform on Enterprise on Amazon Web Services (AWS) [Elastic Kubernetes Service (EKS)](https://docs.aws.amazon.com/eks/latest/userguide/getting-started.html). When you complete the steps in this guide you'll have an installation suitable for product use on EKS. ## Prerequisites +The following prerequisites are required to complete this installation guide: + - **SMTP server**: If you don't have an email server, use [Amazon Simple Email Service](https://aws.amazon.com/ses/). - **MySQL database**: An external database, such as one provided by [Amazon Relational Database Service](https://aws.amazon.com/rds/), is highly recommended for production deployments. - **SSL certificate**: HTTP must not be used in production environments. An SSL certificate is required for your Seqera instance to handle HTTPS traffic. See [SSL/TLS configuration](./configuration/ssl_tls.mdx#aws-deployments-manage-ssl-certificates-with-amazon-certificate-manager-acm) for more information. -- **Optional: AWS Parameter Store**: Store sensitive Seqera configuration values as SecureString [AWS Parameter Store](https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html) parameters. See [AWS Parameter Store configuration](./configuration/aws_parameter_store.mdx) for instructions. This is recommended for production environments. +- **Optional: AWS Parameter Store**: Store sensitive Seqera configuration values as SecureString [AWS Parameter Store](https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html) parameters. See [AWS Parameter Store configuration](./configuration/aws_parameter_store.mdx) for instructions. This is recommended for production environments. - **Optional: DNS**: DNS is required to support human-readable domain names and load-balanced traffic. If you don't have access to a pre-existing DNS service, use [Amazon Route 53](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/Welcome.html). -### Prerequisites for EKS - -If you're installing Seqera Enterprise with Kubernetes, an [Elastic Kubernetes Service (EKS)](https://docs.aws.amazon.com/eks/latest/userguide/getting-started.html) cluster is required. See the [EKS documentation](https://docs.aws.amazon.com/eks/latest/userguide/create-cluster.html) to provision your own cluster. - -- Kubernetes 1.19 or later - - **Subnet requirements** - At least 2 subnets across two different Availability Zones @@ -60,9 +56,9 @@ Additionally, the ingress assumes the presence of SSL certificates, DNS resoluti Set up commonly-used AWS services for Seqera deployment. -### Fetch Seqera config values from AWS Parameter Store +### Provision an EKS cluster -From version 23.1, you can retrieve Seqera Enterprise configuration values remotely from the AWS Parameter Store. See [AWS Parameter Store configuration](./configuration/aws_parameter_store.mdx) for instructions. +See the [EKS documentation](https://docs.aws.amazon.com/eks/latest/userguide/create-cluster.html) to provision your own Kubernetes cluster. Kubernetes version 1.19 or later is required. ### Amazon SES @@ -128,8 +124,14 @@ After your database is created: - Update the inbound rules for the underlying EC2 instance to allow MySQL connections. - Update your Seqera [configuration](./configuration/overview.mdx#seqera-and-redis-databases) with the database hostname, username, and password. +### Fetch Seqera config values from AWS Parameter Store + +From version 23.1, you can optionally retrieve Seqera Enterprise configuration values remotely from the AWS Parameter Store. See [AWS Parameter Store configuration](./configuration/aws_parameter_store.mdx) for instructions. + ## Installation +Complete the following sections to install Seqera Platform Enterprise on your EKS cluster. + ### 1. Create a namespace From 4467ab9d5ff2355aca9946ebd55493b08bcc9824 Mon Sep 17 00:00:00 2001 From: Jason Boxman Date: Fri, 20 Sep 2024 00:45:11 -0400 Subject: [PATCH 14/16] Configuration settings --- .../enterprise/kubernetes-eks-install.mdx | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/platform_versioned_docs/version-24.1/enterprise/kubernetes-eks-install.mdx b/platform_versioned_docs/version-24.1/enterprise/kubernetes-eks-install.mdx index 0885b9a9..93f21445 100644 --- a/platform_versioned_docs/version-24.1/enterprise/kubernetes-eks-install.mdx +++ b/platform_versioned_docs/version-24.1/enterprise/kubernetes-eks-install.mdx @@ -52,7 +52,7 @@ The following prerequisites are required to complete this installation guide: Additionally, the ingress assumes the presence of SSL certificates, DNS resolution, and ALB logging. If you've chosen not to use some or all of these features, you'll need to modify the manifest accordingly before applying it to the cluster. -## AWS setup +## Amazon Web Services (AWS) setup Set up commonly-used AWS services for Seqera deployment. @@ -87,7 +87,7 @@ Seqera supports managed Redis services such as [Amazon ElastiCache][aws-elastica External databases for Seqera Enterprise deployments require: -- A **MySQL8 Community** DB instance +- A MySQL8 Community DB instance - At least 2 vCPUs, 8 GB memory, and 30 GB SSD storage - Manual MySQL user and database schema creation. See [Database configuration](./configuration/overview.mdx#seqera-and-redis-databases) for more details. @@ -160,15 +160,15 @@ The `configmap.yml` manifest includes both the `tower.env` and `tower.yml` files 1. Edit the `configmap.yml` file and set the following environment variables: - - `TOWER_CONTACT_EMAIL`: - - `TOWER_SERVER_URL`: + - `TOWER_CONTACT_EMAIL`: Specify a contact email address for the Seqera administrator. + - `TOWER_SERVER_URL`: Specify your fully qualified host name for Platform Enterprise, such as `https://example.com:8000`. - `TOWER_REDIS_URL`: Specify the host name for your Amazon ElastiCache Redis instance. - - `TOWER_DB_URL`: - - `TOWER_DB_USER`: - - `TOWER_DB_PASSWORD`: - - `TOWER_SMTP_HOST`: - - `TOWER_SMTP_USER`: - - `TOWER_SMTP_PASSWORD`: + - `TOWER_DB_URL`: Specify the Amazon RDS instance URI connection string, such as `jdbc:mysql://:3306/tower?permitMysqlScheme=true`. Replace `` with the RDS instance's host name. + - `TOWER_DB_USER`: Specify the Amazon RDS instance user name. + - `TOWER_DB_PASSWORD`: Specify the Amazon RDS instance password. + - `TOWER_SMTP_HOST`: Specify the mail server host name. + - `TOWER_SMTP_USER`: Specify the mail server user name. + - `TOWER_SMTP_PASSWORD`: Specify the mail server password. - `TOWER_JWT_SECRET`: Specify a unique secret that is at least 35 alphanumeric characters. - `TOWER_CRYPTO_SECRETKEY`: Specify a unique secret. - `TOWER_LICENSE`: Specify your Seqera license key, if known. Otherwise, leave this empty. From 378a8fba7a00ff9f8e59557a21b1ad6b44def7bb Mon Sep 17 00:00:00 2001 From: Jason Boxman Date: Fri, 20 Sep 2024 00:45:48 -0400 Subject: [PATCH 15/16] Fixup --- .../enterprise/kubernetes-eks-install.mdx | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/platform_versioned_docs/version-24.1/enterprise/kubernetes-eks-install.mdx b/platform_versioned_docs/version-24.1/enterprise/kubernetes-eks-install.mdx index 93f21445..759d38ca 100644 --- a/platform_versioned_docs/version-24.1/enterprise/kubernetes-eks-install.mdx +++ b/platform_versioned_docs/version-24.1/enterprise/kubernetes-eks-install.mdx @@ -62,18 +62,18 @@ See the [EKS documentation](https://docs.aws.amazon.com/eks/latest/userguide/cre ### Amazon SES -Seqera Enterprise supports AWS Simple Email Service (SES) as an alternative to traditional SMTP servers for sending application emails. +Seqera Enterprise supports AWS Simple Email Service (SES) as an alternative to traditional SMTP servers for sending application emails. :::caution If you use AWS SES in sandbox mode, both the _sender_ and the _receiver_ email addresses must be verified via AWS SES. Sandbox is not recommended for production use. See the [AWS docs](https://docs.aws.amazon.com/ses/latest/dg/request-production-access.html) for instructions to move out of the sandbox. ::: -- See [Obtaining SES SMTP credentials using the SES console](https://docs.aws.amazon.com/ses/latest/dg/smtp-credentials.html#smtp-credentials-console) for instructions to set up SES to send emails from your preferred address. +- See [Obtaining SES SMTP credentials using the SES console](https://docs.aws.amazon.com/ses/latest/dg/smtp-credentials.html#smtp-credentials-console) for instructions to set up SES to send emails from your preferred address. - To prevent emails from SES being flagged as spam, see these AWS instructions for setting up an email authentication method: - - [DKIM for a domain](https://docs.aws.amazon.com/ses/latest/DeveloperGuide/send-email-authentication-dkim-easy-setup-domain.html) - + - [DKIM for a domain](https://docs.aws.amazon.com/ses/latest/DeveloperGuide/send-email-authentication-dkim-easy-setup-domain.html) + - [SPF authentication](https://docs.aws.amazon.com/ses/latest/DeveloperGuide/send-email-authentication-spf.html) ### Managed Redis services @@ -91,14 +91,14 @@ External databases for Seqera Enterprise deployments require: - At least 2 vCPUs, 8 GB memory, and 30 GB SSD storage - Manual MySQL user and database schema creation. See [Database configuration](./configuration/overview.mdx#seqera-and-redis-databases) for more details. -:::caution -Recommended instance class and storage requirements depend on the number of parallel pipelines you expect to run. +:::caution +Recommended instance class and storage requirements depend on the number of parallel pipelines you expect to run. ::: -See [Creating an Amazon RDS DB instance](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_CreateDBInstance.html) to guide you through the external database setup for your production deployment. +See [Creating an Amazon RDS DB instance](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_CreateDBInstance.html) to guide you through the external database setup for your production deployment. @@ -107,7 +107,7 @@ To create a DB instance with the AWS CLI, call the [create-db-instance](https:// ```console aws rds create-db-instance \ - --engine mysql \ + --engine mysql \ --db-instance-identifier INSTANCE_NAME \ --allocated-storage 30 \ --db-instance-class db.m5d.large \ From dc8d55810c8ba86c78352f1cbc900cdc5760aae3 Mon Sep 17 00:00:00 2001 From: Justine Geffen Date: Tue, 1 Oct 2024 18:29:20 +0200 Subject: [PATCH 16/16] Update platform_versioned_docs/version-24.1/enterprise/kubernetes-minimal-install.mdx Signed-off-by: Justine Geffen --- .../version-24.1/enterprise/kubernetes-minimal-install.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/platform_versioned_docs/version-24.1/enterprise/kubernetes-minimal-install.mdx b/platform_versioned_docs/version-24.1/enterprise/kubernetes-minimal-install.mdx index ad6f6f3e..1774e7df 100644 --- a/platform_versioned_docs/version-24.1/enterprise/kubernetes-minimal-install.mdx +++ b/platform_versioned_docs/version-24.1/enterprise/kubernetes-minimal-install.mdx @@ -16,7 +16,7 @@ This installation guide describes how to install Seqera Platform on a Kubernetes The following prerequisites are required to deploy Seqera on a Kubernetes cluster. - A Kubernetes cluster version 1.30.2 or newer -- The `kubectl` CLI is installed locally +- A local installation of `kubectl` CLI - Access to the cluster with the `cluster-admin` role ## 1. Create a namespace