Setup Yeedu Control Plane
1. Credentials Setup
Create two files for to store below mentioned credentials:
-
Cloud Credentials:
- Create
cloud_credentials.json. - Paste JSON credentials (GCP, AWS, or Azure) in the specified format.
- Create
-
Registry Credentials:
- Create
docker_registry_credentials.json. - Paste JSON credentials for your container registry.
- Create
Credential Formats for Each Cloud Provider
- Google Cloud Platfom
- Microsoft Azure
- Amazon Web Services
{
"type": "service_account",
"project_id": "<project_id>",
"private_key_id": "<private_key_id>",
"private_key": "<private_key>",
"client_email": "<client_email>",
"client_id": "<client_id>",
"auth_uri": "<auth_uri>",
"token_uri": "<token_uri>",
"auth_provider_x509_cert_url": "<auth_provider_x509_cert_url>",
"client_x509_cert_url": "<client_x509_cert_url>"
}
{
"CLIENT_ID": "<client_id>",
"TENANT_ID": "<tenant_id>",
"CLIENT_SECRET": "<client_secret>",
"SUBSCRIPTION_ID": "<subscription_id>",
"STORAGE_ACCOUNT_NAME": "<storage_account_name>",
"CONTAINER_NAME": "<container_account>"
}
{
"AWS_ACCESS_KEY_ID": "<access_key>",
"AWS_SECRET_ACCESS_KEY": "<secret_key>",
"AWS_DEFAULT_REGION": "<region>",
"AWS_PROFILE": "yeedu"
}
note
Replace all placeholder values (e.g., <project_id>, <access_key>) with your actual credentials. Keep these files safe and secure, as they contain sensitive information.
2. Download Yeedu Control Plane Files
To initiate your Yeedu Control Plane Setup, download the essential code from the Core-Services-Formation repository.
-
Open a terminal or command prompt.
-
Run the following command to clone the repository:
git clone link-to-git-repo -
Change the working directory to Core-Services-Formation:
cd Core-Services-Formation
3. Configure Yeedu Control Plane Properties
After downloading the essential files, customize your Yeedu environment by adjusting key configuration settings. Update the following property files to reflect your specific infrastructure and cloud provider details.
3.1. Configuration Files
-
yeedu-connection.properties:
- This file connects Yeedu to essential services like Postgres, RabbitMQ, and Redis. Update connection parameters based on your service configurations, including database hostnames, usernames, and passwords.
-
yeedu-system-config.properties:
- This file manages cloud-based services such as Object Storage and Container Registry. Align settings with your chosen cloud provider (AWS, GCP, Azure) and configurations for seamless integration.
note
Uncomment and provide input values for the properties specified in the files. Detailed explanations for each parameter are available in the respective property files.
3.2. Variables Reference
3.2.1. yeedu-connection.properties
Metadata DB
| Variable | Description | Default Value | Required |
|---|---|---|---|
| YEEDU_DEPLOY_LOCAL_POSTGRES | Enable local Postgres deployment | true | Yes |
| YEEDU_PG_DB | Name of the Postgres database | yeedu | Yes |
| YEEDU_PG_USER | Username for Postgres connection | postgres | Yes |
| YEEDU_PG_PASSWORD | Password for Postgres user | postgres | Yes |
| YEEDU_PG_HOSTNAME | Hostname or IP address of the Postgres server | Endpoint Url of the service | Yes |
| YEEDU_PG_PORT | Port number for the Postgres server | 5432 | No |
| YEEDU_PG_SSL_ENABLED | Enable SSL encryption for Postgres connection | false | No |
Messaging Service
| Variable | Description | Default Value | Required |
|---|---|---|---|
| YEEDU_DEPLOY_LOCAL_RABBITMQ | Enable local RabbitMQ deployment | true | Yes |
| YEEDU_MQ_USER | Username for RabbitMQ connection | guest | Yes |
| YEEDU_MQ_PASSWORD | Password for RabbitMQ user | guest | Yes |
| YEEDU_MQ_PORT | Port number for RabbitMQ | 5672 | No |
| YEEDU_MQ_UI_PORT | Port number for RabbitMQ management UI | 15672 | No |
| YEEDU_MQ_UI_HOSTNAME | Hostname for RabbitMQ management UI | Endpoint Url of the service | Yes |
| YEEDU_MQ_HOSTNAME | Hostname or IP address of the RabbitMQ server | Endpoint Url of the service | Yes |
| YEEDU_MQ_VH | Virtual host for RabbitMQ | "/" | No |
| YEEDU_MQ_SSL_ENABLED | Enable SSL encryption for RabbitMQ connection | false | No |
Redis Cache
| Variable | Description | Default Value | Required |
|---|---|---|---|
| YEEDU_DEPLOY_LOCAL_REDIS | Enable local Redis deployment | true | Yes |
| YEEDU_REDIS_PASSWORD | Password for Redis | admin | No |
| YEEDU_REDIS_PORT | Port number for Redis | 6379 | No |
| YEEDU_REDIS_HOSTNAME | Hostname or IP address of the Redis server | Endpoint Url of the service | Yes |
| YEEDU_REDIS_SSL_ENABLED | Enable SSL encryption for Redis connection | false | No |
LDAP Service
| Variable | Description | Default Value | Required |
|---|---|---|---|
| YEEDU_DEPLOY_LOCAL_LDAP | Enable local LDAP deployment | true | Yes |
| YEEDU_AUTH_LDAP_ORGANISATION | LDAP organization name | yeedu | Yes |
| YEEDU_AUTH_LDAP_DOMAIN | LDAP domain | yeedu.com | Yes |
| YEEDU_AUTH_LDAP_ADMIN_PASSWORD | Password for LDAP administrator | Ndbk5Lgb | Yes |
| YEEDU_AUTH_LDAP_HOSTNAME | Hostname or IP address of the LDAP server | Endpoint Url of the service | Yes |
| YEEDU_AUTH_LDAP_PORT | Port number for LDAP server | 389 | No |
| YEEDU_AUTH_LDAP_BASE_DN | Base DN for LDAP | dc=yeedu,dc=com | Yes |
| YEEDU_AUTH_LDAP_BIND_DN | Bind DN for LDAP | cn=admin,dc=yeedu,dc=com | Yes |
| YEEDU_AUTH_LDAP_BIND_PASSWORD | Password for LDAP bind user | Ndbk5Lgb | Yes |
| YEEDU_AUTH_LDAP_SSL_ENABLED | Enable SSL encryption for LDAP connection | false | No |
REST-API
| Variable | Description | Default Value | Required |
|---|---|---|---|
| YEEDU_RESTAPI_PORT | Port number for REST API server | 8080 | No |
| YEEDU_RESTAPI_HOSTNAME | Hostname or IP address of REST API server | Endpoint Url of the service | Yes |
| YEEDU_SECRET_KEY | Secret key for authentication and encryption | yeedu | No |
| YEEDU_RESTAPI_LOG_LEVEL | Log level for REST API server (e.g., INFO, DEBUG) | INFO | No |
| YEEDU_RESTAPI_SSL_ENABLED | Enable SSL encryption for REST API connection | false | No |
| YEEDU_RESTAPI_RELICA_COUNT | Number of replicas/instances for REST API server | 1 | No |
History Server
| Variable | Description | Default Value | Required |
|---|---|---|---|
| YEEDU_HISTORY_SERVER_WEB_PORT | Port number for History Server web interface | 10000 | No |
| YEEDU_HISTORY_SERVER_WEB_HOSTNAME | Hostname for History Server web interface | historyserver.yeedu | No |
Monitor
| Variable | Description | Default Value | Required |
|---|---|---|---|
| YEEDU_GRAFANA_HOSTNAME | Hostname or IP address of Grafana server | Endpoint Url of the service | Yes |
| YEEDU_GRAFANA_PORT | Port number for Grafana | 3000 | No |
| YEEDU_GRAFANA_USERNAME | Username for Grafana login | YSU0000 | No |
| YEEDU_GRAFANA_PASSWORD | Password for Grafana login | YSU0000 | No |
| YEEDU_GRAFANA_LDAP_USER_GROUP_CN | LDAP user group Common Name (CN) for Grafana | cn=yeedu-user,ou=groups,dc=yeedu,dc=com | No |
| YEEDU_GRAFANA_LDAP_USER_BASE_DN | LDAP user base DN for Grafana | ou=users,dc=yeedu,dc=com | No |
| YEEDU_GRAFANA_LDAP_GROUP_SEARCH_BASE_DN | LDAP group search base for Grafana | ou=groups,dc=yeedu,dc=com | No |
InfluxDB
| Variable | Description | Default Value | Required |
|---|---|---|---|
| YEEDU_INFLUXDB_HOSTNAME | Hostname or IP address of InfluxDB server | Endpoint Url of the service | Yes |
| YEEDU_INFLUXDB_PORT | Port number for InfluxDB | 8086 | No |
| YEEDU_INFLUXDB_DB | Name of the InfluxDB database | influx | No |
| YEEDU_INFLUXDB_USERNAME | Username for InfluxDB login | admin | No |
| YEEDU_INFLUXDB_PASSWORD | Password for InfluxDB login | admin | No |
3.2.2. yeedu-system-config.properties
Deployment Parameters
| Variable | Description | Default Value | Required |
|---|---|---|---|
| YEEDU_DEPLOYMENT_MODE | Deployment mode | docker | Yes |
System Object Storage Configuration
| Variable | Description | Default Value | Required |
|---|---|---|---|
| YEEDU_SYSTEM_CLOUD_PROVIDER | Cloud provider for object storage | - | Yes |
| YEEDU_SYSTEM_PROJECT_ID | Project ID for object storage | - | Yes |
| YEEDU_SYSTEM_OBJECT_STORAGE | Object storage bucket or container name | - | Yes |
| YEEDU_SYSTEM_CLOUD_CREDENTIALS_FILE_PATH | File path to cloud provider credentials (JSON) | - | Yes |
| YEEDU_SYSTEM_OBJECT_STORAGE_ENCRYPTION_ENABLED | Enable object storage encryption | - | Yes |
| YEEDU_SYSTEM_SPARK_EVENTS_RETENTION_DAYS | Retention period for spark events | 90 | Yes |
System Container Registry Configuration
| Variable | Description | Default Value | Required |
|---|---|---|---|
| YEEDU_SYSTEM_DOCKER_REGISTRY_PROVIDER | Docker registry provider | - | Yes |
| YEEDU_SYSTEM_DOCKER_REGISTRY_URL | Docker registry URL | - | Yes |
| YEEDU_SYSTEM_DOCKER_REGISTRY_CREDENTIALS_FILE_PATH | File path to Docker registry credentials (JSON) | - | Yes |
Kubernetes Parameters
| Variable | Description | Default Value | Required |
|---|---|---|---|
| YEEDU_SYSTEM_KUBERNETES_NAMESPACE | Namespace for Kubernetes | yeedu | No |
| YEEDU_SYSTEM_KUBERNETES_STATIC_IP | Static IP address for NGINX in Kubernetes | 10.128.15.238 | No |
note
"Required" indicates whether the variable is required for Yeedu setup
4. Deploy Yeedu Services on Kubernetes
4.1. Provide execute permissions
After updating properties, go to the Yeedu Control Plane folder. Find yeedu-core-services.sh script. Grant execute permissions:
chmod +x yeedu-core-services.sh
4.2. Authenticate to Kubernetes Cluster
Authenticate to the Kubernetes Cluster using the respective Cloud CLI and kubectl commands provided below.
- Google Kubernetes Engine
- Azure Kubernetes Service
- Elastic Kubernetes Service
gcloud auth activate-service-account --key-file=PATH_TO_YOUR_SERVICE_ACCOUNT_JSON
gcloud config set project YOUR_PROJECT_ID
gcloud container clusters get-credentials CLUSTER_NAME --region=CLUSTER_REGION
az login --service-principal --username CLIENT_ID --password CLIENT_SECRET --tenant TENANT_ID
az aks get-credentials --resource-group RESOURCE_GROUP_NAME --name CLUSTER_NAME
aws configure
aws eks --region REGION update-kubeconfig --name CLUSTER_NAME
Validate successful cluster authentication by running the command below:
kubectl config get-contexts
4.3. Update SSL Certificates
In the Core-Services-Formation directory, find the ssl folder. Update yeedu.crt and yeedu.key with the correct SSL certificate and SSL key. These files are used by the Yeedu Ingress Controller in Kubernetes.
4.4. Setup Ingress in Provided Namespace
Run the following commands to setup Nginx Ingress Controller:
export YEEDU_SYSTEM_KUBERNETES_NAMESPACE=yeedu-test
export YEEDU_SYSTEM_KUBERNETES_STATIC_IP=10.4.6.202
export YEEDU_SYSTEM_DOCKER_REGISTRY_URL=yeedu.azurecr.io
export YEEDU_MQ_UI_PORT=15672
export YEEDU_MQ_PORT=5672
export YEEDU_REDIS_PORT=6379
export YEEDU_AUTH_LDAP_PORT=389
export YEEDU_MQ_UI_HOSTNAME=rabbitmq3-qa-aks.yeedu.io
export YEEDU_MQ_HOSTNAME=rabbitmq3-ui-qa-aks.yeedu.io
export YEEDU_REDIS_HOSTNAME=redis-qa-aks.yeedu.io
export YEEDU_AUTH_LDAP_HOSTNAME=ldap-qa-aks.yeedu.io
export YEEDU_RESTAPI_PORT=8080
export YEEDU_HISTORY_SERVER_WEB_PORT=10000
export YEEDU_GRAFANA_PORT=3000
export YEEDU_INFLUXDB_PORT=8086
export YEEDU_RESTAPI_HOSTNAME=restapi-qa-aks.yeedu.io
export YEEDU_HISTORY_SERVER_WEB_HOSTNAME=history-server-qa-aks.yeedu.io
export YEEDU_GRAFANA_HOSTNAME=grafana-qa-aks.yeedu.io
export YEEDU_INFLUXDB_HOSTNAME=influxdb-qa-aks.yeedu.io
kubectl create secret tls yeedu-certs \
--cert=yeedu.crt \
--key=yeedu.key \
--namespace $YEEDU_SYSTEM_KUBERNETES_NAMESPACE
helmfile --log-level=info -f ./kubernetes/helmfile-ingress.yml sync
After the ingress is created, obtain the IP address:
kubectl get ingress -n $YEEDU_SYSTEM_KUBERNETES_NAMESPACE
4.5. Create DNS Entries
Create DNS entries for the Ingress record in the respective cloud environment. Ensure entries are created for all configured hostnames in the Ingress. Execute the following command:
- Google Cloud
- Microsoft Azure
- Amazon Web Services
gcloud dns record-sets transaction start --zone=YOUR_DNS_ZONE_NAME
gcloud dns record-sets transaction add <ip> --name=<dns> --ttl=300 --type=A --zone=YOUR_DNS_ZONE_NAME
gcloud dns record-sets transaction execute --zone=YOUR_DNS_ZONE_NAME
az network dns record-set a add-record --resource-group RESOURCE_GROUP_NAME --zone-name YOUR_DNS_ZONE_NAME --record-set-name <dns> --ipv4-address <ip>
aws route53 change-resource-record-sets --hosted-zone-id YOUR_HOSTED_ZONE_ID --change-batch '{
"Changes": [{
"Action": "UPSERT",
"ResourceRecordSet": {
"Name": "<dns>",
"Type": "A",
"TTL": 300,
"ResourceRecords": [{ "Value": "<ip>" }]
}
}]
}'
4.6. Deploy Yeedu Control Plane on Kubernetes
Execute the Yeedu Control Plane setup script yeedu-core-services.sh. Run ./yeedu-core-services.sh --help for more information. This script installs kubectl, Helm, Helmfile CLI, psql, rabbitmqadmin, and Redis CLI's on the machine, adapting to the machine's architecture and OS and setup up Yeedu Control Plane on Kubernetes.
Run the following command to start the Yeedu Control Plane on Kubernetes:
- Start the services
./yeedu-core-services.sh start
- Stop the services
./yeedu-core-services.sh stop
- Restart the services
./yeedu-core-services.sh restart
- Clean the services and delete data
./yeedu-core-services.sh clean
After executing these commands, the script generates necessary secrets, configmaps, deployments, pods, and services to run Yeedu Services on Kubernetes. Access the Yeedu RestAPI at the configured YEEDU_RESTAPI_HOSTNAME URL with HTTPS TLS termination provided by the ingress.
Below is the output when we run the Yeedu Control Plane setup script
📝 Log file is available at: /home/sc2302/.yeedu/deployment/logs/deploy_2024-01-21-15-12-24.log
██╗░░░██╗███████╗███████╗██████╗░██╗░░░██╗░░░██╗░█████╗░
╚██╗░██╔╝██╔════╝██╔════╝██╔══██╗██║░░░██║░░░██║██╔══██╗
░╚████╔╝░█████╗░░█████╗░░██║░░██║██║░░░██║░░░██║██║░░██║
░░╚██╔╝░░██╔══╝░░██╔══╝░░██║░░██║██║░░░██║░░░██║██║░░██║
░░░██║░░░███████╗███████╗██████╔╝╚██████╔╝██╗██║╚█████╔╝
░░░╚═╝░░░╚══════╝╚══════╝╚═════╝░░╚═════╝░╚═╝╚═╝░╚════╝░
🚀 This script is used to setup Yeedu core services. With this, we will be deploying the following Yeedu services:
* yeedu-init - Initializes confs and Cloud-Formation-Engine
* yeedu-metadata-db - PostgreSQL container which stores metadata of Yeedu
* yeedu-restful-api - RestAPI which will act as an interface
* yeedu-rabbitmq3 - RabbitMQ to stream messages in queues
* yeedu-reactors-cosi - Reactors to start and stop workflow jobs
* yeedu-reactors-monitor - Monitor workflows
* yeedu-spark-history-server - Spark History Server
* yeedu-spark-history-server-web - Nginx on history server
* yeedu-redis - Redis Cache for Auth service
* yeedu-ldap - LDAP used for authorization
* yeedu-reactors-logs-collector - Container to sync reactor logs with bucket
* yeedu-telegraf - Container to export machine metrics
* yeedu-influxdb - InfluxDB to store all machine metrics
* yeedu-grafana - Dashboards created for every machine on metrics
🚀 Setting up prerequisites...
🐳 Docker version:
Docker version 20.10.17, build 100c701
🐳 docker-compose version:
docker-compose version 1.29.2, build 5becea4c
⌨️ Kubectl Version:
Client Version: v1.27.3
⎈ Helm Version:
v3.9.3+g414ff28
🌀 Helmfile Version:
v0.142.0
✨ envsubst version:
envsubst (GNU gettext-runtime) 0.21
🌈 jq version:
jq-1.6
🐘 psql version:
psql (PostgreSQL) 16.1 (Ubuntu 16.1-1.pgdg22.04+1)
💾 redis cli version:
redis-cli 6.0.16
🐇 rabbitmq server version:
3.9.13-1ubuntu0.22.04.2
✔️ Prerequisites setup completed.
🚀 Setting up Yeedu Variables
🔧 Creating .env file...
✔️ Successfully created .env file.
🌐 Sourcing .env file and yeedu-env.sh script...
✔️ Successfully sourced .env file and yeedu-env.sh script.
📝 Saving Yeedu environment variables in .env file...
✔️ Successfully saved Yeedu environment variables in .env file.
⚙️ Configuring deployment mode-specific settings...
🐳 Copying .env file to ./docker/...
✔️ Successfully configured Docker deployment mode.
✔️ Successfully set the docker-compose path.
🔍 Checking for config file "./.env"...
✔️ Config file ".env" exists.
🚀 Running on deployment mode: aks
✅ YEEDU_ENABLE_GRAFANA_MONTORING is set to true.
✅ YEEDU_RUN_INIT_SERVICE is set to true.
✅ YEEDU_DEPLOY_LOCAL_RABBITMQ is set to true.
✅ YEEDU_DEPLOY_LOCAL_REDIS is set to true.
✅ YEEDU_DEPLOY_LOCAL_LDAP is set to true.
🔧 Performing operation ./yeedu-core-services.sh in environment dev
🚀 Performing operation start on services yeedu-rabbitmq3 yeedu-metadata-db yeedu-redis yeedu-ldap and yeedu-restful-api yeedu-api-gateway yeedu-reactors-cosi yeedu-reactors-monitor yeedu-spark-history-server yeedu-spark-history-server-web yeedu-reactors-logs-collector yeedu-vault yeedu-ui yeedu-telegraf yeedu-influxdb yeedu-grafana yeedu-init