Deploy for Production
INFO
This page covers deployment related information for MicroPowerManager. An installation of MicroPowerManager can be customised using environment variables which is explained in detail here.
The MicroPowerManager is distributed as pre-compile Docker images via DockerHub.
Choose a deployment scenario
For running a self-hosted version of MicroPowerManager multiple options exists. We "officially" support two deployment options for MicroPowerManager
- Cloud-hosted Kubernetes with dedicated databases.
- Monolithic Docker Compose on stand-alone server with Compose-managed databases.
which are further explained in the sections below.
Kubernetes (base setup)
This section describes the deployment scenario of a cloud-hosted Kubernetes cluster with dedicated databases.
As an example we provide manifests for Google Cloud Platform (GCP) with Google Kubernetes Engine (GKE). Other cloud providers might require adjustments to the manifest files.
Create the GCP infrastructure using Terraform (a ready-to-use Terraform module can be found in
terraform/gcp_kubernetes/folder.)Create a
kustomize.yamland configure your DNS namesyamlapiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: micropowermanager resources: - namespace.yaml - ../../base/gcp_gke/ patches: - patch: |- apiVersion: networking.gke.io/v1 kind: ManagedCertificate metadata: name: mpm-managed-cert spec: domains: - api.demo.micropowermanager.io # [!code highlight] - demo.micropowermanager.io # [!code highlight] replacements: - source: kind: ManagedCertificate name: mpm-managed-cert fieldPath: spec.domains.0 targets: - select: kind: Ingress name: mpm-ingress fieldPaths: - spec.rules.0.host - source: kind: ManagedCertificate name: mpm-managed-cert fieldPath: spec.domains.1 targets: - select: kind: Ingress name: mpm-ingress fieldPaths: - spec.rules.1.hostThe
kustomize.yamlis meant as a starting point and might require further adjustment. A good reference is the working samplekustomize.yamlKubernetes manifest file that is used to run the MPM Demo Version. It can be found in thek8sdirectory of this repository.(Optional, but recommended) Pin the version of MicroPowerManager Docker images used in the deployment
yamlapiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: micropowermanager resources: - namespace.yaml - ../../base/gcp_gke/ [...] images: - name: enaccess/micropowermanager-backend:latest newTag: 0.0.20 - name: enaccess/micropowermanager-frontend:latest newTag: 0.0.20 [...](Optional) Create a static IP address in GCP and populate the
kubernetes.io/ingress.global-static-ip-nameannotation inIngressby using a KustomizepatchyamlapiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: micropowermanager resources: - namespace.yaml - ../../base/gcp_gke/ [...] patches: [...] - patch: |- apiVersion: networking.k8s.io/v1 # [!code ++] kind: Ingress # [!code ++] metadata: name: mpm-ingress annotations: kubernetes.io/ingress.regional-static-ip-name: loadbalancer-global-address [...](Optional) Adjust
ConfigMapentries by using a KustomizepatchCreate a
secrets.yamlby copyingsecrets.yaml.exampleand populating the values.NOTE
If you choose to run MicroPowerManager in a non-default namespace make sure the Kubernetes
Secretgets deployed into the same namespace.Run
kubectl -k overlays/gcp_gkeRun
kubectl -f apply secrets.yamlRetrieve the loadbalancer IP address using
shkubectl describe ingress mpm-ingressCreate DNS records for the backend and frontend URLs. It might take a while for the newly created DNS records to propagate.
Proceed to the Next Steps section
Kubernetes (advanced setup with IPSec tunnels to external systems)
Some payment provider require the establishment of a VPN Tunnel between MicroPowerManager and the corporate network.
As prerequisite for a VPN Tunnel we need to add an Internal Ingress to the Kubernetes setup.
Finish the Kubernets (base setup) from above
Deploy an internal IP address reservation by setting
create_internal_loadbalancer_address = truein TerraformAdapt
kustomize.yamlto add theinternal_ingresscomponent and configure the reserved IP addressyamlapiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: micropowermanager resources: - namespace.yaml - ../../base/gcp_gke/ components: - ../../components/internal_ingress [...] patches: [...] - patch: |- apiVersion: networking.k8s.io/v1 # [!code ++] kind: Ingress # [!code ++] metadata: # [!code ++] name: mpm-ingress-internal # [!code ++] annotations: # [!code ++] kubernetes.io/ingress.regional-static-ip-name: internal-loadbalancer-address # [!code ++]
Deploy a VPN IPSec Gateway
- Using Terraform deploy the module
terraform/gcp_external_ipsec_gateway/ - Using
sshconfigure the IPSec Gateway to installhaproxyandstrongswan. - Configure according to provider request.
Stand-alone server using Docker Compose
INFO
If you choose to run MicroPowerManager on a stand-alone server, additional configuration steps are required. These include installing a web server like Nginx, managing TLS certificates with Let's Encrypt, and handling general Linux server maintenance such as system updates, security patches, and performance monitoring.
There are plenty of great resources available online that cover these topics in detail.
A working "all-in one" environment running with production containers fetched from DockerHub can be achieved by running:
shdocker compose -f docker-compose-dockerhub.yml upThis exposes
- Port
8443,8000: The backend of MicroPowerManager - Port
8001: The frontend of MicroPowerManager
- Port
Configure WebServer, networking, TLS, certificates and DNS.
Proceed to the Next Steps section
Next Steps
After the installation an empty instance of MicroPowerManager should be accessible at
This instance is fully functional just yet. For example, you cannot log in, as further configuration is required.
Please proceed to Configuration for Production