Hello All,
Just wanted to post a quick deployment here written for Azure Kubernetes Service to solicit feedback and hopefully help others who are also exploring Ignition on k8s. Our deployment is designed for an autoscaling node pool across 3 zones in US Central, for 3 Ignition instances that are responsible for data acquisition, enterprise functions, and MQTT relay. We utilize PersistentVolumes by seeding them as adapted from the example that Kevin Collins posted, but do not explicitly declare the volumes and instead let AKS provision them using a premium storage class. Our cluster is private (not exposed to the public internet), so we accomplish tie back to premise using the Azure Internal Load Balancer with private IP space in the same vNet. That vNet is peered back to a central hub vNet which has a gateway built back to premise.
Ideally here we'd want to take this a step further for the passwords using Azure Key Vault / CSI Driver, and we will also want to attach an additional volume for the enterprise instance which will collect and retain backups for all gateways across the org. I hope to follow this post up with those implementations soon.
Please take a look. Critical feedback welcome and appreciated!
Here's one of the three deployments, for enterprise. The other two are similar with some naming conventions changed.
apiVersion: apps/v1
kind: Deployment
metadata:
name: ignition-enterprise
namespace: ignition-enterprise
spec:
selector:
matchLabels:
app: ignition-enterprise-application
strategy:
type: Recreate
template:
metadata:
labels:
app: ignition-enterprise-application
spec:
initContainers:
- name: seed-volume
image: inductiveautomation/ignition:8.1.17
resources:
limits:
memory: "256Mi"
cpu: "1000m"
command:
- sh
- -c
- >
if [ ! -f /data/.ignition-seed-complete ]; then
touch /data/.ignition-seed-complete ;
cp -dpR /usr/local/bin/ignition/data/* /data/ ;
fi
volumeMounts:
- mountPath: /data
name: ignition-pv-enterprise-volume
containers:
- name: ignition
image: inductiveautomation/ignition:8.1.17
resources:
limits:
memory: "4096Mi"
cpu: "1000m"
args:
- -m
- "4096"
- -n
- "Ignition-Enterprise"
env:
- name: ACCEPT_IGNITION_EULA
value: "Y"
- name: TZ
value: “America/Chicago”
- name: IGNITION_EDITION
value: standard
ports:
- name: ignition-http
containerPort: 8088
- name: ignition-https
containerPort: 8043
volumeMounts:
- mountPath: /usr/local/bin/ignition/data
name: ignition-pv-enterprise-volume
readinessProbe:
exec:
command:
- health-check.sh
- -t
- "3"
initialDelaySeconds: 60
periodSeconds: 10
failureThreshold: 10
timeoutSeconds: 3
volumes:
- name: ignition-pv-enterprise-volume
persistentVolumeClaim:
claimName: ignition-pv-enterprise-claim
PersistentVolume claim
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: ignition-pv-enterprise-claim
namespace: ignition-enterprise
spec:
accessModes:
- ReadWriteOnce
storageClassName: managed-csi-premium
resources:
requests:
storage: 10Gi
and the Azure Internal Load Balancer
apiVersion: v1
kind: Service
metadata:
name: ignition-enterprise-loadbalancer
namespace: ignition-enterprise
annotations:
service.beta.kubernetes.io/azure-load-balancer-internal: "true"
spec:
type: LoadBalancer
loadBalancerIP: X.X.X.251 #*Redacted*
ports:
- name: http
port: 80
targetPort: 8088
name: https
port: 443
targetPort: 8043
selector:
app: ignition-enterprise-application
