Page History

This article provides a tutorial on deploying, running and scaling Joget on Azure Kubernetes Service (AKS). AKS is a managed Kubernetes service offered by Azure.

Info
If you are not familiar with Kubernetes, refer to Joget on Kubernetes for a quick introduction.

Table of Contents

Deploy Joget on Azure Kubernetes Service

...

From the Azure portal, go to the Kubernetes services then Create a Kubernetes cluster.

In the Basics page, choose the Subscription, Resource Group and input the Kubernetes cluster name. Adjust the other configuration settings as desired, or leave as default.

...

Create persistent storage using PersistentVolume and PersistentVolumeClaim

Code Block
kubectl apply -f https://k8s.io/examples/application/mysql/

...

mysql-pv.yaml

Deploy the MySQL image

Code Block
kubectl apply -f https://k8s.io/examples/application/mysql/

...

mysql-deployment.yaml

Inspect the deployment

Code Block
kubectl describe deployment mysql

...


kubectl get pods -l app=mysql

...


kubectl describe pvc mysql-pv-claim

You need to modify the original yaml files for production usage (eg. using different version of MySQL image and setting up secret instead of plain password in the yaml).

...

If you are running a multiple node Kubernetes cluster, you will need to allocate shared persistent storage with read write access by multiple nodes. In Azure, you need to can set up Azure NFS volume to be used in the Azure Kubernetes cluster. Refer to the official documentation here for detailed info and steps.

...

You can also read more on other options for storage in Azure Kubernetes here.

Create an Azure Ubuntu VM at the same Virtual Network as the AKS cluster.

Setup NFS server into the VM.

From the link, you can use this script to set up the NFS server (edit the variables as necessary especially the AKS_SUBNET).

...

Code Block

language	yml

apiVersion: v1
kind: PersistentVolume
metadata:
  name: aks-nfs
  labels:
    type: nfs
spec:
  capacity:
    storage: 1Gi
  accessModes:
    - ReadWriteMany
  nfs:
    server: NFS_INTERNAL_IP
    path: NFS_EXPORT_FILE_PATH
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: aks-nfs
spec:
  accessModes:
    - ReadWriteMany
  storageClassName: ""
  resources:
    requests:
      storage: 1Gi
  selector:
    matchLabels:
      type: nfs

Replace the values for NFS_INTERNAL_IP, NFS_NAME and NFS_EXPORT_FILE_PATH with the actual settings from your NFS Server.

Code Block
kubectl apply -f azurenfsstorage.yaml

Image Modified

4.Deploy Joget DX

With the prerequisite database and persistent storage available, you can now deploy Joget. You can apply the example joget-dx7-tomcat9-aks.yaml file to deploy.

...

**Before going further with these steps, make sure that you have set up DNS to the public IP of the ingress that has been generated by AKS earlier.

Code Block
kubectl apply -f https://

...

github.com/cert-manager/cert-manager/releases/download/v1.10.0/cert-manager.yaml

Configure Let’s Encrypt issuer

Example stagingissuer.yaml file;

Code Block

language	yml

apiVersion: cert-manager.io/v1

...


kind: ClusterIssuer

...


  metadata:

...


    name: letsencrypt-staging

...


  spec:

...


    acme:

...


      # The ACME server URL

...


      server: https://acme-staging-v02.api.letsencrypt.org/directory

...


      # Email address used for ACME registration

...


      email: [update email here]

...


      # Name of a secret used to store the ACME account private key

...


      privateKeySecretRef:

...


        name: letsencrypt-staging

...


      # Enable the HTTP-01 challenge provider

...


      solvers:

...


      - http01:

...


          ingress:

...


            class:  nginx

Code Block
kubectl apply -f stagingissuer.yaml

You can check on the status of the issuer resource after you have deployed it

Code Block
kubectl describe issuer letsencrypt-staging

Deploy/Update the Ingress with TLS configuration

As we have previously deploy the Ingress without TLS configuration, we can update the Ingress yaml file to include the TLS configuration.

Example Ingress yaml with TLS;

Code Block

language	yml

apiVersion: networking.k8s.io/v1

...


kind: Ingress

...


metadata:

...


  name: joget-dx7-tomcat9-ingress

...


  annotations:

...


    nginx.ingress.kubernetes.io/affinity: cookie

...


    nginx.ingress.kubernetes.io/ssl-redirect: "true"

...


    cert-manager.io/cluster-issuer: "letsencrypt-staging"

...


spec:

...


  ingressClassName: nginx

...


  tls:

...


  - hosts:

...


    - exampledomain.com

...


    secretName : aks-jogetworkflow

...


  rules:

...


    - host: exampledomain.com

...


      http:

...


        paths:

...


          - path: /jw

...


            pathType: Prefix

...


            backend:

...


              service:

...


                name: joget-dx7-tomcat9

...


                port:

...


                  number: 9080

This staging procedure is to ensure that the certificate is generated correctly before we setup the Issuer with Let’s Encrypt production.

Code Block
kubectl get certificate

Code Block

language	powershell

[ ~/jogetaks ]$ kubectl get certificate

...


NAME                READY   SECRET

...

              AGE
aks-jogetworkflow

...

 True    aks-jogetworkflow   30s

Code Block
kubectl describe certificate aks-jogetworkflow

If the certificate is generated correctly then we can set up the production Issuer.

Example productionissuer.yaml file;

Code Block

language	yml

apiVersion: cert-manager.io/v1

...


kind:

...

 ClusterIssuer
metadata:

...


  name: letsencrypt-prod

...


spec:

...


  acme:

...


    # The ACME server URL

...


    server: https://acme-v02.api.letsencrypt.org/directory

...


    # Email address used for ACME registration

...


    email: [update email here]

...


    # Name of a secret used to store the ACME account private key

...


    privateKeySecretRef:

...


      name: letsencrypt-prod

...


    # Enable the HTTP-01 challenge provider

...


    solvers:

...


    - http01:

...


        ingress:

...


          class:  nginx

Update the ingress yaml file with the production annotation.

Code Block

language	yml

apiVersion: networking.k8s.io/v1

...


kind: Ingress

...


metadata:

...


  name: joget-dx7-tomcat9-ingress

...


  annotations:

...


    nginx.ingress.kubernetes.io/affinity: cookie

...


    nginx.ingress.kubernetes.io/ssl-redirect: "true"

...


    cert-manager.io/issuer: "letsencrypt-prod"

...


spec:

...


  ingressClassName: nginx

...


  tls:

...


  - hosts:

...


    - exampledomain.com

...


    secretName : aks-jogetworkflow

...


  rules:

...


    - host: exampledomain.com

...


    - http:

...


        paths:

...


          - path: /jw

...


            pathType: Prefix

...


            backend:

...


              service:

...


                name: joget-dx7-tomcat9

...


                port:

...


                  number: 9080

After applying the updated ingress yaml, you need to delete the previous secret so that the new certificate can be generated for the production.

Code Block
kubectl delete secret aks-jogetworkflow

Then run back the describe command to check on the cert status

Code Block
kubectl describe certificate aks-jogetworkflow

After the new certificate has been issued, you can then access the Joget domain with https to ensure that everything is working properly.

...

Space shortcuts

Page tree

Versions Compared

Old Version 1

New Version 2

Key

Deploy Joget on Azure Kubernetes Service

4.Deploy Joget DX