A repository to help with deployment of the OpenUTM toolset in your cloud.
This example is based on DigitalOcean cloud, it uses the kustomize tool and kubectl so you can use it with your cloud with it.
To ensure a smooth deployment process, follow these three steps:
-
📄 Understand the Architecture
Familiarize yourself with the system's architecture by reviewing the .env file documentation. This will give you a clear picture of how the components interact. -
🔑 Deploy and Connect
Once the.envfiles are created, deploy the systems. Since Flight Passport acts as the authentication bridge between the backend and frontend, you'll need to update the environment files with the correct variables after deployment. Reapply these updated variables as detailed in Step 3. -
🔗 Link Components
Check out the environment files documentation to properly link Spotlight and Blender via Passport. This step ensures seamless integration between all components.
💬 Need Help?
If you run into any issues, feel free to reach out to us on Discord. We're here to help!
- Installed and configured
doctl, link - Created Kubernetes Cluster, link
- Created Load Balancer, link
- You can connect to your Cluster, link
- Your domain sub zone points to DigitalOcean DNS, link
NOTE: We will assume your sub-domain is test.example.com, and contact email is test@example.com - these need to be customized
- Create A and CNAME records for your domain on the DigitalOcean NS
# SETUP env variables
export DOMAIN_NAME="test.example.com"
export ACME_CONTACT_EMAIL="test@example.com"
export LOAD_BALANCER_IP=$(doctl compute load-balancer list --format IP --no-header)
# SETUP A and CNAME
doctl compute domain records list $DOMAIN_NAME
doctl compute domain delete $DOMAIN_NAME -f
doctl compute domain create $DOMAIN_NAME
doctl compute domain records create $DOMAIN_NAME \
--record-type "A" --record-name "$DOMAIN_NAME." \
--record-data "$LOAD_BALANCER_IP" \
--record-ttl "30"
doctl compute domain records create $DOMAIN_NAME \
--record-type "CNAME" --record-name "*" \
--record-data "$DOMAIN_NAME." \
--record-ttl "30"
doctl compute domain records list $DOMAIN_NAME- Install
ingress-nginx
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update ingress-nginx
helm search repo ingress-nginx
helm install ingress-nginx ingress-nginx/ingress-nginx \
--namespace ingress-nginx \
--create-namespace- Install
cert-manager
helm repo add jetstack https://charts.jetstack.io
helm repo update jetstack
helm search repo jetstack
helm install cert-manager jetstack/cert-manager \
--namespace cert-manager \
--create-namespace \
--set installCRDs=true- Edit your
.envfiles fromenv.examplesfolder, and place them in this structure:
└── kustomize
├── blender
│ └── .env.blender
├── passport
│ └── .env.passport
└── spotlight
└── .env.spotlight- Generate the OIDC key and deploy your applications
openssl genrsa -out kustomize/passport/oidc.key 4096
kubectl apply -k kustomize/- Create personal access token with full access to modify
domain, link, and create kubernetes secret from it
export DO_API_TOKEN=__YOUR TOKEN HERE__
kubectl create secret generic "digitalocean-dns" \
--from-literal=access-token="$DO_API_TOKEN" --namespace=openutm- Edit
generate-from-templates.shand customize the following env variables
export DOMAIN_NAME="test.example.com"
export ACME_CONTACT_EMAIL="test@example.com"- Run the file to generate customized yaml files from templates
./generate-from-templates.sh- Create
Issuer
kubectl apply -f issuer.yaml- Create root and wildcard
Certificate
kubectl apply -f certificate-root.yaml
kubectl apply -f certificate-wcard.yaml- Create
Ingress
kubectl apply -f ingress.yamlIt will take some time for all components to settle and acquire certificates. After that, your apps should be accessible under the following domains with trusted certificates:
https://blender.$DOMAIN_NAMEhttps://spotlight.$DOMAIN_NAMEhttps://passport.$DOMAIN_NAME
The first step is to configure Flight Passport and once Flight Passport is up and running you will have to update the variables for Blender and Spotlight and re-deploy. Use the constructing environment files to login to Passport and generate variables for Spotlight and Blender. Once these are setup, they need to be reapplied to the cluster.