This article describes how to deploy a Hermod image on Kubernetes.
Prerequisites for Hermod deployment
A Kubernetes service subscription where you must create and deploy Hermod
A public DNS name which devices can reach
Matching certificates for the public address
An installed/deployed instance of an SQL server, for example, PostgreSQL, Microsoft SQL Server, Maria DB, or Oracle
Step-by-step instruction
Download the Hermod docker image and file structure
Sign in to Nexus Support portal.
Go to Nexus Smart ID Clients (Personal and Hermod) > Smart ID Messaging and select a Hermod version to download the *.zip file.
Unpack the *.zip file.
Open the extracted folder, for example, 3.x.y.RELEASE.
The folder contains the Hermod installation file and a simple-setup file to set up a default configuration.
Unpack simple-setup.zip.
Place the docker image on a location where the Kubernetes cluster can access and pull the image from.
Create the storage yml file
Edit the file hermod-config with the correct values for your environment. It will be used to store Hermod configuration file.
Example
Example: hermod-config.yml
CODE
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
annotations:
finalizers:
- kubernetes.io/pvc-protection
name: hermod-config
namespace: test
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
storageClassName: default
volumeMode: Filesystem
volumeName: hermod-config
Create the Hermod deployment yml file
Edit the file hermod-deployment with the correct values for your environment.
Important! The actual values must match the specific deployment scenarios. The hermod-depoyment code below is only intended as an example.
Example
Example: hermod-deployment.yml
CODE
apiVersion: v1
items:
- apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
deployment.kubernetes.io/revision: "2"
generation: 3
labels:
app: hermod
name: hermod
namespace: test
spec:
replicas: 1
revisionHistoryLimit: 2
selector:
matchLabels:
app: hermod
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
type: RollingUpdate
template:
metadata:
labels:
app: hermod
configmap-version: "1"
annotations:
prometheus.io/scrape: "true"
prometheus.io/scheme: "http"
prometheus.io/path: "prometheus"
prometheus.io/port: "20400"
name: hermod
spec:
containers:
- args:
image: nexusgocontainerregistry.azurecr.io/nexus-personal/hermod:3.7.0.RELEASE
imagePullPolicy: Always
args:
- --spring.profiles.active=native
- --spring.datasource.url=${DB_URI}
- --spring.datasource.username=${DB_USERNAME}
- --spring.datasource.password=${DB_PASSWORD}
name: hermod
ports:
- containerPort: 20400
protocol: TCP
resources: {}
env:
- name: JAVA_OPTS
value: -Xms256m -Xmx512m -XX:MaxMetaspaceSize=512m -XX:CompressedClassSpaceSize=64m
-Xss256k -Xmn8m -XX:InitialCodeCacheSize=4m -XX:ReservedCodeCacheSize=64m
-XX:MaxDirectMemorySize=64m
- name: DB_URI
valueFrom:
secretKeyRef:
key: DB_URI
name: hermod-secret-test-postgres
- name: DB_USERNAME
valueFrom:
secretKeyRef:
key: DB_USERNAME
name: hermod-secret-test-postgres
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
key: DB_PASSWORD
name: hermod-secret-test-postgres
readinessProbe:
httpGet:
path: /ms
port: 20400
initialDelaySeconds: 20
timeoutSeconds: 5
periodSeconds: 30
securityContext:
privileged: false
runAsNonRoot: true
runAsUser: 1000
terminationMessagePath: /dev/termination-log
volumeMounts:
- name: hermod-config
mountPath: /home/docker/config
volumes:
- name: hermod-config
configMap:
name: hermod
dnsPolicy: ClusterFirst
restartPolicy: Always
securityContext: {}
terminationGracePeriodSeconds: 30
kind: List
metadata: {}
resourceVersion: ""
selfLink: ""
Create the Hermod configuration yml file
Edit the file hermod-configuration with the correct values for your environment.
Important! The actual values must match the specific deployment scenarios such as configure clientId, public URL, TLS/SSL and url, username, password for the specified database. The code below is only intended as an example.
Example
Example: hermod-configuration.yml
CODE
kind: ConfigMap
apiVersion: v1
metadata:
name: hermod
namespace: test
data:
application.yml: |-
logging:
level:
org.springframework.context.annotation.AnnotationConfigApplicationContext: ERROR
org.springframework.boot.SpringApplication: ERROR
org.springframework.cloud.config.client: ERROR
org.springframework.web.reactive.function.client.WebClient: TRACE
com.netflix: INFO
reactor.netty.http.client: TRACE
com.nexusgroup: TRACE
com.relayrides: INFO
org.mongodb.driver: TRACE
com.nexusgroup.plugout.message.server.filters.VersionHttpFilter: ERROR
com.nexusgroup.cod.hermod.service.MessagePlugoutService: ERROR
org.hibernate.stat: DEBUG
#org.apache.http: TRACE
pattern:
console: "%d{yyyy-MM-dd}T%d{HH:mm:ss.SSS}Z ${LOG_LEVEL_PATTERN:- %5p} [%t] %-40.40logger{39} [%mdc] : %m%n${LOG_EXCEPTION_CONVERSION_WORD:%wEx}"
server:
servlet:
context-path: /
error:
include-message: always
include-binding-errors: never
include-stacktrace: never
include-exception: false
springdoc:
override-with-generic-response: false
api-docs:
enabled: false
swagger-ui:
enabled: false
spring:
jpa:
properties:
hibernate:
show-sql: false
format-sql: true
generate-statistics: false
hibernate:
ddl-auto: validate
cloud:
kubernetes:
reload:
enabled: true
management:
info:
env:
enabled: true
endpoints:
web:
exposure:
include: health, info, refresh, prometheus
endpoint:
prometheus:
enabled: true
application:
rest:
client:
keep-a-live-timeout: -1
connection-timeout: 8
hermod:
scheduler:
exec:
threads: 100
rest:
uribase:
hide-exceptions: false
# Hide sensitive/long data in event logs?
events:
hide-sensitive: true
allowed-clients:
# X-Api-Key: aGVybW9kLXRlc3QtY2xpZW50Ojc5YjY1NzUwODc3NzQwOGJhNDA2ZjM1NDNjYTg3ZmFkYjc0MmNmNmM3NjEzNDc0MTg5ZGJlZjI5NWEyNTIzMmM=
- client-id: hermod-test-client
key: 56UGzk8qZm67YDhkzwuEfpYkLMubram8P9KryXGG9PEa76Xnku5Z6B7c8MKAf66X
# Optional username:password to be supplied for basic authentication in callbacks
# callback-basic-auth: username:password
# The callback URL base for this specific client
callback-url: http://hermod:20400
# Message server library settings
message-server-library:
public-url: https://<my-hermod-server>:20400/ms
Create the Hermod service yml file
Edit the file hermod-service with the correct values for your environment.
Example
Example: hermod-service.yml
CODE
apiVersion: v1
items:
- apiVersion: v1
kind: Service
metadata:
labels:
app: hermod
name: hermod
namespace: test
spec:
ports:
- nodePort: 30400
port: 20400
protocol: TCP
targetPort: 20400
selector:
app: hermod
sessionAffinity: None
type: NodePort
kind: List
metadata: {}
resourceVersion: ""
selfLink: ""
Optional: Create the Hermod database secret YML file
Edit the file hermod-secret with the correct values for your environment.
Example
Example: hermod-secret.yml
CODE
apiVersion: v1
data:
DB_URI: amRiYzpzcWxzZXJ2ZXI6Ly9uZ2F6LWRldnNxbDAxZC5kYXRhYmFzZS53aW5kb3dzLm5ldDoxNDMzO2RhdGFiYXNlPWhlcm1vZC1kZXY7dXNlcj1oZXJtb2R1c2VyO3Bhc3N3b3JkPWNvZGEhUUFaeHN3MjtlbmNyeXB0PXRydWU7dHJ1c3RTZXJ2ZXJDZXJ0aWZpY2F0ZT1mYWxzZTtob3N0TmFtZUluQ2VydGlmaWNhdGU9Ki5kYXRhYmFzZS53aW5kb3dzLm5ldDtsb2dpblRpbWVvdXQ9MzA7Cg==
kind: Secret
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"v1","data":{"DB_URI":"amRiYzpzcWxzZXJ2ZXI6Ly9uZ2F6LWRldnNxbDAxZC5kYXRhYmFzZS53aW5kb3dzLm5ldDoxNDMzO2RhdGFiYXNlPWhlcm1vZC1kZXY7dXNlcj1oZXJtb2R1c2VyO3Bhc3N3b3JkPWNvZGEhUUFaeHN3MjtlbmNyeXB0PXRydWU7dHJ1c3RTZXJ2ZXJDZXJ0aWZpY2F0ZT1mYWxzZTtob3N0TmFtZUluQ2VydGlmaWNhdGU9Ki5kYXRhYmFzZS53aW5kb3dzLm5ldDtsb2dpblRpbWVvdXQ9MzA7Cg=="},"kind":"Secret","metadata":{"annotations":{},"name":"hermod-secret","namespace":"default"}}
name: hermod-secret
namespace: test
type: Opaque
Deploy yml files
You can deploy the yml files on Kubernetes by using the following command:
kubectl --kubeconfig <kubernetes-config> apply -f <file_name>.yml