@shuzmm @AlexHofbeck @dimitrie
Below is an example of the steps you can take to install Speckle on Azure Kubernetes. These are all from the command line and using the portal. For a production build its best to create yaml pipelines which will use the az cli and/or terraform
Pre-requisties
I’ve used powershell for the work
Install the CLI, which will also install kubectl
az aks install-cli
Install Azure Kubernetes
az aks create -n aks-name -g <resource group name> --node-count 3 --network-plugin azure --generate-ssh-keys --enable-managed-identity --kubernetes-version 1.25.6 --os-sku Ubuntu
switch context to the new cluster
az aks get-credentials -n <aks cluster name> -g <resource group name> --overwrite
Install Ingres-nginx load balancer
helm repo update
helm install ingress-nginx ingress-nginx/ingress-nginx --create-namespace --namespace ingress-nginx --set controller.service.annotations."service\.beta\.kubernetes\.io/azure-load-balancer-health-probe-request-path"=/healthz
Once complete check that the ingress-nginx service is up and running
kubectl get service -n ingress-nginx
Create Speckle namespace and install the priority classes
kubectl create namespace speckle
Install Priority Classes
Speckle relies on 3 priority classes Low, Medium, and High. Save each of these as yaml files
Low Priority Class File:
apiVersion: scheduling.k8s.io/v1
kind: PriorityClass
metadata:
name: low-priority
value: -100
globalDefault: false
description: "Low priority (-100) - Non-critical microservices"
Medium Priority Class File
apiVersion: scheduling.k8s.io/v1
kind: PriorityClass
metadata:
name: medium-priority
value: 50
globalDefault: true
description: "Medium priority (50) - dev/test services"
High Priority Class File
apiVersion: scheduling.k8s.io/v1
kind: PriorityClass
metadata:
name: high-priority
value: 100
globalDefault: false
description: "High priority (100) for business-critical services"
run the following for each of the Low, Medium and High files to create the priorities
kubectl create --context "aks-name" --namespace speckle --filename .\MediumPriorityClass.yaml
Install Redis
example
az redis create --location <region> --name <redis cache name> --resource-group <resource group> --sku Basic --vm-size c0
Or install Azure Redis Cache from the azure portal
retrieve the primary or secondary access key
Install Postgres
install postgres single or flexible server and enable access to azure services
Create the Kubernetes secret for Speckle
kubectl create secret generic server-vars --context "<aks name>" --namespace speckle --from-literal=redis_url="rediss://:<redis access key> %3D@<redis hostname>.redis.cache.windows.net:6380/0" --from-literal=postgres_url="postgresql://postgres-username%40<pg-host-name>.postgres.database.azure.com:<postgres-username-pw>@<pg-host-name>.postgres.database.azure.com:<port number>/speckle?sslmode=require" --from-literal=s3_secret_key="S3 key" --from-literal=session_secret="s3 secret" --from-literal=email_password="smtp password"
The postgres connection string needs to be in URI format. Please see the following link
Note the gotcha @ only needs to be escaped with %40 in the username not the host
postgresql://user%40host:password@host:port/database?sslmode=require
S3 Compatible Storage using Minio
Azure storage services do not support Amazon S3 storage API hence you will need to install minio to provide that S3 API interface. There are various paths you can take here we’ve opted for Minio on K8s and this is still work in progress and I will update this post once complete
Create DNS and install certificate
The approach will depend on your environment that is requesting a DNS and your certificate provider. Once you have your certificate you need to assign it to a k8s secret that will be used by the ingress
kubectl create secret tls <tls secret name> --key .\<key file>.key --cert .\<certificate file>.crt -n ingress-nginx
kubectl create secret tls <tls secret name> --key .\<key file>.key --cert .\<certificate file>.crt -n speckle
Speckle install
Download the helm values yaml file
https://raw.githubusercontent.com/specklesystems/helm/main/charts/speckle-server/values.yaml
Modify the namespace used for speckle, domain and whether your using the cert-manager and if you are using postgress the database certificate
helm upgrade <speckle server name> speckle/speckle-server --values values.yaml --namespace speckle --install
Check the service is up and running
kubens speckle
kubectl get all
Deploy the ingress into the Speckle Namespace
kubectl edit ingress <speckle server name> -n speckle
change the host and hosts value to your DNS
Also the secretName of your certificate
The external facing IP address of your ingress-nginx loadbalancer
spec:
ingressClassName: nginx
rules:
- host: <DNS hostname>
http:
paths:
- backend:
service:
name: speckle-frontend
port:
number: 8080
path: /
pathType: Prefix
- backend:
service:
name: speckle-server
port:
number: 3000
path: /(graphql|explorer|(auth/.*)|(objects/.*)|(preview/.*)|(api/.*)|(static/.*))
pathType: Exact
tls:
- hosts:
- <DNS hostname>
secretName: <Secret holding the certificate>
status:
loadBalancer:
ingress:
- ip: <External facing IP address>
If all is well you should be able to browse to your DNS hostname. hope the above helps. I noticed this is a personal message, others might find the above useful and I can place this elsewhere