Deploy for Production
INFO
This page covers deployment related information for MicroPowerManager. An installation of MicroPowerManager can be customised using environment variables which is explained in detail here.
The MicroPowerManager is distributed as pre-compile Docker images via DockerHub.
Choose a deployment scenario
For running a self-hosted version of MicroPowerManager multiple options exists. We "officially" support two deployment options for MicroPowerManager
- Cloud-hosted Kubernetes with dedicated databases.
- Monolithic Docker Compose on stand-alone server with Compose-managed databases.
which are further explained in the sections below.
Kubernetes (base setup)
This section describes the deployment scenario of a cloud-hosted Kubernetes cluster with dedicated databases.
As an example we provide manifests for Google Cloud Platform (GCP) with Google Kubernetes Engine (GKE). Other cloud providers might require adjustments to the manifest files.
Create the GCP infrastructure using Terraform (a ready-to-use Terraform module can be found in
terraform/gcp_kubernetes/
folder.)Create a
kustomize.yaml
and configure your DNS namesyamlapiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: micropowermanager resources: - namespace.yaml - ../../base/gcp_gke/ patches: - patch: |- apiVersion: networking.gke.io/v1 kind: ManagedCertificate metadata: name: mpm-managed-cert spec: domains: - api.demo.micropowermanager.io # [!code highlight] - demo.micropowermanager.io # [!code highlight] replacements: - source: kind: ManagedCertificate name: mpm-managed-cert fieldPath: spec.domains.0 targets: - select: kind: Ingress name: mpm-ingress fieldPaths: - spec.rules.0.host - source: kind: ManagedCertificate name: mpm-managed-cert fieldPath: spec.domains.1 targets: - select: kind: Ingress name: mpm-ingress fieldPaths: - spec.rules.1.host
The
kustomize.yaml
is meant as a starting point and might require further adjustment. A good reference is the working samplekustomize.yaml
Kubernetes manifest file that is used to run the MPM Demo Version. It can be found in thek8s
directory of this repository.(Optional, but recommended) Pin the version of MicroPowerManager Docker images used in the deployment
yamlapiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: micropowermanager resources: - namespace.yaml - ../../base/gcp_gke/ [...] images: - name: enaccess/micropowermanager-backend:latest newTag: 0.0.20 - name: enaccess/micropowermanager-frontend:latest newTag: 0.0.20 [...]
(Optional) Create a static IP address in GCP and populate the
kubernetes.io/ingress.global-static-ip-name
annotation inIngress
by using a Kustomizepatch
yamlapiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: micropowermanager resources: - namespace.yaml - ../../base/gcp_gke/ [...] patches: [...] - patch: |- apiVersion: networking.k8s.io/v1 # [!code ++] kind: Ingress # [!code ++] metadata: name: mpm-ingress annotations: kubernetes.io/ingress.regional-static-ip-name: loadbalancer-global-address [...]
(Optional) Adjust
ConfigMap
entries by using a Kustomizepatch
Create a
secrets.yaml
by copyingsecrets.yaml.example
and populating the values.NOTE
If you choose to run MicroPowerManager in a non-default namespace make sure the Kubernetes
Secret
gets deployed into the same namespace.Run
kubectl -k overlays/gcp_gke
Run
kubectl -f apply secrets.yaml
Retrieve the loadbalancer IP address using
shkubectl describe ingress mpm-ingress
Create DNS records for the backend and frontend URLs. It might take a while for the newly created DNS records to propagate.
Proceed to the Next Steps section
Kubernetes (advanced setup with IPSec tunnels to external systems)
Some payment provider require the establishment of a VPN Tunnel between MicroPowerManager and the corporate network.
As prerequisite for a VPN Tunnel we need to add an Internal Ingress to the Kubernetes setup.
Finish the Kubernets (base setup) from above
Deploy an internal IP address reservation by setting
create_internal_loadbalancer_address = true
in TerraformAdapt
kustomize.yaml
to add theinternal_ingress
component and configure the reserved IP addressyamlapiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: micropowermanager resources: - namespace.yaml - ../../base/gcp_gke/ components: - ../../components/internal_ingress [...] patches: [...] - patch: |- apiVersion: networking.k8s.io/v1 # [!code ++] kind: Ingress # [!code ++] metadata: # [!code ++] name: mpm-ingress-internal # [!code ++] annotations: # [!code ++] kubernetes.io/ingress.regional-static-ip-name: internal-loadbalancer-address # [!code ++]
Deploy a VPN IPSec Gateway
- Using Terraform deploy the module
terraform/gcp_external_ipsec_gateway/
- Using
ssh
configure the IPSec Gateway to installhaproxy
andstrongswan
. - Configure according to provider request.
Stand-alone server using Docker Compose
INFO
If you choose to run MicroPowerManager on a stand-alone server, additional configuration steps are required. These include installing a web server like Nginx, managing TLS certificates with Let's Encrypt, and handling general Linux server maintenance such as system updates, security patches, and performance monitoring.
There are plenty of great resources available online that cover these topics in detail.
A working "all-in one" environment running with production containers fetched from DockerHub can be achieved by running:
shdocker compose -f docker-compose-dockerhub.yml up
This exposes
- Port
8443
,8000
: The backend of MicroPowerManager - Port
8001
: The frontend of MicroPowerManager
- Port
Configure WebServer, networking, TLS, certificates and DNS.
Proceed to the Next Steps section
Next Steps
After the installation an empty instance of MicroPowerManager should be accessible at
This instance is fully functional just yet. For example, you cannot log in, as further configuration is required.
Please proceed to Configuration for Production