#BE-4705 Docker to K8s Migration Documentation#802
#BE-4705 Docker to K8s Migration Documentation#802burakberkkeskin wants to merge 42 commits intodevelopfrom
Conversation
✅ Deploy Preview for reverent-galileo-8ef035 ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
burakberkkeskin
changed the title
docs/self-hosted-appcircle/install-server/helm-chart/configuration/docker-k8s-migration.md
Outdated
Show resolved
Hide resolved
docs/self-hosted-appcircle/install-server/helm-chart/configuration/docker-k8s-migration.md
Outdated
Show resolved
Hide resolved
| ``` | ||
|
|
||
| - **User Secrets:** | ||
| Decode and print the `user-secret.yaml` file and save it on the bastion host: |
There was a problem hiding this comment.
| Decode and print the `user-secret.yaml` file and save it on the bastion host: | |
| Decode and print the `user-secret` file and save it on the bastion host: |
| - **Check the MinIO data size:** | ||
|
|
||
| ```bash | ||
| echo "$APPCIRCLE_DISK_USAGE" | grep "snsd_data" |
There was a problem hiding this comment.
| echo "$APPCIRCLE_DISK_USAGE" | grep "snsd_data" | |
| echo "$APPCIRCLE_DISK_USAGE" | grep "spacetech_snsd_data" |
| - **Check the MongoDB data size:** | ||
|
|
||
| ```bash | ||
| echo "$APPCIRCLE_DISK_USAGE" | grep "mongo_data" |
There was a problem hiding this comment.
| echo "$APPCIRCLE_DISK_USAGE" | grep "mongo_data" | |
| echo "$APPCIRCLE_DISK_USAGE" | grep "spacetech_mongo_data" |
|
|
||
| - **Check the Vault data size:** | ||
| ```bash | ||
| echo "$APPCIRCLE_DISK_USAGE" | grep "vault_data" |
There was a problem hiding this comment.
| echo "$APPCIRCLE_DISK_USAGE" | grep "vault_data" | |
| echo "$APPCIRCLE_DISK_USAGE" | grep "spacetech_vault_data" |
| - **Shift DNS to the New Cluster:** | ||
| Update the DNS records to point to the new Appcircle Kubernetes cluster. | ||
|
|
||
| - **Redis Subdomain Change:** |
There was a problem hiding this comment.
This step is optional. If user changes redis to kvs that he/she needs to update runner appsettings.json with the changed URL and restart runners.
If not, then no need runner maintenance.
|
|
||
| After reviewing the key considerations, follow the [Appcircle Server Kubernetes Installation Guide](https://docs.appcircle.io/self-hosted-appcircle/install-server/helm-chart/installation/kubernetes) for detailed Appcircle server Helm chart deployment instructions. | ||
|
|
||
| #### 2. Key Considerations |
There was a problem hiding this comment.
Add "DNS section" that user should keep existing domains for the migration.
|
|
||
| ## Overview | ||
|
|
||
| This guide provides a step-by-step walkthrough for migrating your self-hosted **Appcircle** instance from a standalone Docker environment to a Kubernetes cluster. It assumes that you already have: |
There was a problem hiding this comment.
- Add general caution about user should change any configuration while migration (for instance, SMTP etc.) it's unsupported
If user needs change: first it should migrate successfully then make configuration change using the relevant configuration documentation page.
|
|
||
| - Refer to the [Storage Configuration](https://docs.appcircle.io/self-hosted-appcircle/install-server/helm-chart/configuration/storage-configuration) page for detailed instructions. | ||
|
|
||
| - **Prepare `values.yaml` for Migration:** |
There was a problem hiding this comment.
Add disclaimer text that all customized global.yaml settings should be mapped by user to values.yaml by looking at the Kubernetes configuration pages.
|
|
||
| **Helm version `3.11.0`** or later is **required**. | ||
|
|
||
| ### 6. Bastion Host |
There was a problem hiding this comment.
"4. Kubectl" and "5. Helm v3" should be subtitles of the "6. Bastion Host" section.
|
|
||
| The bastion host should meet the following requirements to facilitate the migration from the standalone Appcircle server to the Kubernetes Appcircle server: | ||
|
|
||
| - **SSH Access**: The bastion host must have SSH access to the standalone Appcircle server. |
There was a problem hiding this comment.
Title revision: "Standalone Appcircle server access" instead of "SSH access"
| ``` | ||
|
|
||
| #### 3. Check the Data Size on the Standalone Appcircle Server | ||
|
|
There was a problem hiding this comment.
Add <SpacetechExampleInfo/> into this section since we can jump here from Bastion requirements.
| - **Check the MinIO data size:** | ||
|
|
||
| ```bash | ||
| echo "$APPCIRCLE_DISK_USAGE" | grep "spacetech_snsd_data" |
There was a problem hiding this comment.
| echo "$APPCIRCLE_DISK_USAGE" | grep "spacetech_snsd_data" | |
| echo "$APPCIRCLE_DISK_USAGE" | grep "spacetech_minio_snsd_data" |
| - **Check the MongoDB data size:** | ||
|
|
||
| ```bash | ||
| echo "$APPCIRCLE_DISK_USAGE" | grep "spacetech_mongo_data" |
There was a problem hiding this comment.
| echo "$APPCIRCLE_DISK_USAGE" | grep "spacetech_mongo_data" | |
| echo "$APPCIRCLE_DISK_USAGE" | grep "spacetech_mongo_data1" |
| kubectl create namespace appcircle | ||
| ``` | ||
|
|
||
| ### 4. Create Container Registry Secret |
There was a problem hiding this comment.
This section should be moved after "Create Kubernetes Secrets".
|
|
||
| #### 5. Update the Standalone Appcircle Server to the Latest Version | ||
|
|
||
| Before migrating to Kubernetes Appcircle server, please [update the standalone Appcircle server](https://docs.appcircle.io/self-hosted-appcircle/install-server/linux-package/update) to the latest version. |
There was a problem hiding this comment.
Migration is supported for 3.23.2 or later Appcircle servers.
If that's OK, then user should select a helm chart latest version that's compatible with his/her standalone server.
We should have link to chart/app version history.
|
|
||
| **Please adjust these values** according to your environment requirements and **save your file**. | ||
|
|
||
| In the example values below, we used `spacetech` as an **example organization name**. You should **replace it** with your actual organization name or any other value you prefer. |
There was a problem hiding this comment.
We should add a "danger" box that tells user not to change any setting in global yaml and use them as-is.
| 6. For the organization ID, filter the `userinfo` request. | ||
| 7. In the response, check for `currentOrganizationId`. | ||
|
|
||
| <Screenshot url='https://cdn.appcircle.io/docs/assets/BE-4705-organization-page.png' /> |
There was a problem hiding this comment.
Remove UI steps with the command below for "organization ıd"
cat generated-secret.yaml | grep -i organization
Organization will be got from UI but fewer steps.
There was a problem hiding this comment.
Organization name might be optional but we're not sure now. Testing...
We decided not to remove organization name for now. It's SS is up-to-date.
- Blur team members in the SS.
| - **No new DNS record is required**. | ||
| - **Appcircle runners do not need to be updated**. | ||
|
|
||
| #### **Additional Updates** |
There was a problem hiding this comment.
Before additional updates section, we should mention about SSL configuration.
There was a problem hiding this comment.
SSL configuration page should have notice that warns user about the last might not be rootCA in all cases. For example Lets Encrypt case.
| ### 2. SSL Certificate | ||
|
|
||
| If the **standalone Appcircle server** is already using **HTTPS**, you **should provide an SSL certificate** for the Appcircle server Kubernetes deployment. | ||
|
|
There was a problem hiding this comment.
- Add "tip" box that tells user that he/she can re-use the standalone server certificates for K8s and can get them from standalone server configuration file. (i.e.,
global.yaml)
| - **Standalone Appcircle server access**: The bastion host should have SSH access to the standalone Appcircle server. | ||
| - **Kubernetes Access**: The bastion host should be able to access the Kubernetes cluster API with `kubectl` for deploying Appcircle server. | ||
|
|
||
| - **Tools**: The tools below are required for the migration: |
There was a problem hiding this comment.
- Since we moved these requirements to upper sections, we should remove duplicate here.
|
|
||
| #### **Keycloak Updates** | ||
|
|
||
| Ensure the `organizationName` and `initialOrganizationId` in the `values.yaml` file match those in the standalone Appcircle server. |
There was a problem hiding this comment.
-
organization nameshould be got from UI before we stop Nginx. For this reason, this section (or requirement) should be moved under "standalone appcircle server steps" before step 6.
|
|
||
| - **Create a namespace:** | ||
|
|
||
| For the Appcircle server deployment. In this documentation, we will use `appcircle` as the example namespace. |
There was a problem hiding this comment.
- We should move this section to "installation" steps before step 4
| To make sure that the stateful apps are ready for migration, you can run the command below and wait for `The databases are ready for migration steps.` output. | ||
|
|
||
| ```bash | ||
| kubectl wait --for=condition=Ready pod -l 'app.kubernetes.io/name=auth-postgresql' --timeout=300s && \ |
There was a problem hiding this comment.
- We should add "namespace" to the commands here
| n # Create a new remote | ||
| name> ac-standalone # Provide a descriptive name for the remote | ||
| Storage> 4 # Select "Amazon S3 Compliant Storage Provider" (4) | ||
| provider> 7 # Select "Minio Object Storage" (7) |
There was a problem hiding this comment.
- Use "Minio" instead of "MinIO" for the tool naming
| n # Create a new remote | ||
| name> ac-k8s # Provide a descriptive name for the remote | ||
| Storage> 4 # Select "Amazon S3 Compliant Storage Provider" (4) | ||
| provider> 7 # Select "Minio Object Storage" (7) |
There was a problem hiding this comment.
- Use "Minio" instead of "MinIO" for the tool naming
| Storage> 4 # Select "Amazon S3 Compliant Storage Provider" (4) | ||
| provider> 7 # Select "Minio Object Storage" (7) | ||
| env_auth> "false" # Set environment authentication to "false" | ||
| access_key_id> <access_key> # Enter the standalone Appcircle server's access key |
There was a problem hiding this comment.
- This section has "standalone" words in the comments that must be replaced with "K8s" side
| 2. **Change directory to appcircle-server:** | ||
|
|
||
| ```bash | ||
| cd appcircle-server |
There was a problem hiding this comment.
- It will be better to use "appcircle-k8s-migration" folder here
| 7. **Open shell in the vault container:** | ||
|
|
||
| ```bash | ||
| kubectl exec -it appcircle-server-vault-0 -- bash |
There was a problem hiding this comment.
- we need to add namespace to this command
| Delete the `replicas: 0` setting under `auth-keycloak`. | ||
|
|
||
| - **Remove MongoDB Resource Preset:** | ||
| Delete the `resourcesPreset` setting under `mongodb` if you don't need it. |
There was a problem hiding this comment.
- Add info about possible values that can be used as
resourcesPresetfor different needs
| ```bash | ||
| kubectl rollout restart deployment -n appcircle | ||
| ``` | ||
|
|
There was a problem hiding this comment.
- Add below command to refresh vault which prevents vault connection refused cases
kubectl delete pod appcircle-server-vault-0 -n appcircle
3 participants
No description provided.