Kubernetes Cluster Deployment Guide
Note
K8s cluster version is only available for WeDa privatization Enterprise Edition and above
1. Resource Preparation
1.1 Deployment Requirements
Note
K8s cluster operation and maintenance capabilities are required. K8s underlying operation and maintenance are not covered by warranty
Hardware Requirements:
- Kubernetes version v1.22.0 or above
- Cluster must have at least 3 nodes with 8-core vCPU and 16GB memory for WeDa deployment
- Recommended: 3 machines with 8C16G for deploying platform services (multi-replica, high availability, rolling update support)
- 1 machine with 4C8G for deploying CI/CD Service
Software Requirements:
- Cluster needs kubectl and helm command-line tools installed
- Ingress-Controller needs to be installed
- Storage middleware required: MySQL and Object Storage
- MySQL database requires version 8.x
- Object storage must be compatible with standard S3 protocol
- If unable to provide, please refer to Middleware Deployment Guide
- wget and unzip software packages
1.2 Network Access
The following addresses need to be accessible:
weda-private.tencentcloudcr.com:443(Image registry access)https://license.tcloudbasegateway.com(Certificate activation/get latest version)https://weda-private.tencentcloudcr.com(Image pull)https://tcr-9r3x9jec-1302110647.cos.ap-guangzhou.myqcloud.com(Image pull)
2. Get Deployment Package and Configure
2.1 Download Deployment Script
Select the download command according to server architecture:
x86_64 Architecture:
mkdir -p k8s_weda && cd k8s_weda
wget -L -O wedaCli https://software-1302110647.cos.ap-guangzhou.myqcloud.com/rc/k8s/x86_64/lastest/wedaCli && chmod +x wedaCli
aarch64 Architecture:
mkdir -p k8s_weda && cd k8s_weda
wget -L -O wedaCli https://software-1302110647.cos.ap-guangzhou.myqcloud.com/rc/k8s/arm64/lastest/wedaCli && chmod +x wedaCli
After download, execute initialization command in k8s_weda directory:
./wedaCli init
2.2 Configuration File Description
Edit config.yml file to generate Helm values.yaml. Configuration field descriptions:
| Field | Description |
|---|---|
weda.ns | Namespace for deploying WeDa cluster in K8s [Execute kubectl create ns weda-software to create, see section 2.1] |
weda.ingressClass | Get ingressClass name in K8s cluster, use kubectl get ingressClass to obtain |
weda.nodeSelector | Node selector for weda baas service pod, needs to be set on K8s node in advance, if not set, will automatically select appropriate node based on resources |
weda.replicaCount | Number of replicas for weda baas service, default: 1 |
weda.disableRollingUpdate | Whether to disable rolling update, false for rolling update (default), true to disable [downtime update], generally used when resources are tight |
weda.domain | Domain name for WeDa service, no need to include http or https protocol |
weda.domainProtocol | Protocol name: http or https |
weda.tlsSecretName | Optional: Need to create tls secret with certificate and key first, only fill in when using https to access WeDa service and mounting tls certificate to ingress, see section 3.3.2 |
weda.license | WeDa license certificate |
middleware.mysql.host | Hostname, domain or IP address of self-built MySQL database |
middleware.mysql.port | Port number of self-built MySQL database |
middleware.mysql.username | Username of self-built MySQL database |
middleware.mysql.password | Password of self-built MySQL database |
middleware.mysql.dbname | Database name for storing design-time data, recommended: lowcode, create statement: CREATE DATABASE `lowcode` DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci |
middleware.mysql.dbRuntimeName | Database name for storing runtime data, recommended: lcruntime, create statement: CREATE DATABASE `lcruntime` DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci |
middleware.s3.endpoint | Connection IP or domain of self-built S3 object storage service, no need to include http or https protocol |
middleware.s3.port | Port number of self-built S3 object storage service |
middleware.s3.scheme | Protocol of self-built S3 object storage service, fill in http or https protocol |
middleware.s3.accessKey | Access key of self-built S3 object storage service |
middleware.s3.secretKey | Secret key of self-built S3 object storage service |
middleware.s3.insecureSkipVerify | Whether to skip certificate verification of self-built S3 object storage service, default is false |
middleware.s3.defaultBucket | Bucket name in self-built S3 object storage service, ensure bucket access permission is set to public read and private write |
middleware.s3.cloudStorageBucket | Bucket name in self-built S3 object storage service, access permission is private read and private write |
middleware.s3.ciSource | Bucket name in self-built S3 object storage service, access permission is private read and private write |
middleware.s3.region | Region of self-built S3 |
middleware.s3.pathStyle | Whether self-built S3 supports pathStyle: yes, fill in true, no, fill in false |
middleware.build.enabled | Enable external CI/CD build service (need to deploy CI/CD service first) |
middleware.build.wedaInternalHost | If no DNS, need to configure hosts, format: "weda_web_ip weda_domain", example: "6.55.46.15 software.test.com" |
middleware.build.gitness.host | Gitness access address |
middleware.build.gitness.proxy | WeDa access domain, this domain needs to be accessible on current machine, if no DNS resolution, need to configure internal network resolution Host |
middleware.internalBuild.enabled | Enable built-in CI/CD service, if both middleware.build.enabled and middleware.internalBuild.enabled are true, only built-in CI/CD service will be automatically deployed and used; [See built-in CI/CD deployment service description] |
middleware.internalBuild.hostPath | Data storage directory for CI/CD service created on node; [See built-in CI/CD deployment service description] |
middleware.internalBuild.nodeSelector | Node label value, node selector for CI/CD service pod, needs to be set on K8s node in advance, if not set, will automatically select appropriate node based on resources; [See built-in CI/CD deployment service description] |
Note
The three buckets (defaultBucket, cloudStorageBucket, ciSource) cannot have the same name. For specific configuration, refer to: Custom S3 Object Storage Bucket Configuration Guide
3. Install WeDa Service
3.1 Installation and Deployment
Execute installation command:
./wedaCli install
3.2 Verify Deployment
Run the following command to verify if Pods are running normally:
kubectl -n weda-software get po
Expected output example:
NAME READY STATUS RESTARTS AGE
allin-one-design-b8f855787-58zsj 1/1 Running 0 44m
allin-one-runtime-66cf7b5658-pjw8c 1/1 Running 0 43m
gateway-7c7c786495-vprl6 1/1 Running 0 48m
idaasserver-b6bf65cfc-5dvvg 1/1 Running 0 48m
lcap-service-55dcb9fd-vcpxw 1/1 Running 0 48m
lowcode-5d45ffd9cc-zckxd 1/1 Running 1 48m
proxy-7bf84f8c48-bszw7 1/1 Running 0 48m
weda-plugin-adaptor-dd67659b5-4vcn8 1/1 Running 0 48m
3.3 Access WeDa Web UI
3.3.1 Expose WeDa Service
WeDa cluster version uses Ingress to expose services for external access. The external access IP varies depending on the Ingress Controller exposure method:
NodePort Method:
- Can directly use the external IP (cluster external accessible IP) of each node to access WeDa
- Requires external LB (Load Balancer)
LoadBalancer Method:
- Check the EXTERNAL-IP of Ingress Controller load balancer
- Bind EXTERNAL-IP with external IP to access WeDa
Example:
# Check Ingress Controller service
kubectl -n ingress-nginx get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx-controller LoadBalancer 10.0.134.188 192.168.2.40 80:30252/TCP,443:31414/TCP 52d
# Note: ingress-nginx is the namespace where Ingress Controller is located
# Check Ingress configuration
kubectl get ing -n <namespace where WeDa is deployed>
# Example output:
NAME CLASS HOSTS ADDRESS PORTS AGE
proxy nginx weda-test-cloud.com 192.168.2.40 80 6d20h
DNS Configuration:
Map the cluster external accessible IP with the configured domain (weda.domain):
- Configure through DNS resolution
- For test environment, configure local hosts file for resolution
Access Address:
- Login address:
http://<weda.domain>/dev - Default username/password:
admin/Weda@123456
Note
weda.domain is the domain set in section 2.2
3.3.2 Configure HTTPS TLS Certificate (Optional)
Supports configuring TLS on Ingress to access WeDa service via HTTPS.
Operation Steps:
Get TLS Certificate Files
Create TLS Secret
# "NAME" is the name when creating Secret, for example: weda-tls
# --cert specifies certificate file path
# --key specifies certificate private key file path
kubectl create secret tls NAME --cert=path/to/cert/file --key=path/to/key/file -n weda-software
- Configure config.yml File
Fill in the created Secret name into config.yml file:
# For example: NAME is weda-tls
tlsSecretName: weda-tls
- Execute Installation or Update Command
Refer to section 3.4 for installation or update operations
3.4 Update Service
Operation Steps:
- Switch to the directory where WeDa was last deployed
- Modify
config.yamlfile as needed (skip if no modification needed) - Delete the previous
wedaClifile - Download deployment script to deployment directory
- Execute update command:
./wedaCli install
3.5 Renew Service
Operation Steps:
- Get new License
- Switch to the directory where WeDa was last deployed
- Replace
licensevalue inconfig.yaml - Backup environment file:
mv env env-bak
- Execute renewal command:
./wedaCli install
3.6 Uninstall Service
Note
Need to use Helm to uninstall service
Operation Steps:
- Query service:
helm list -n weda-software # -n followed by namespace
- Uninstall service:
helm delete wedabaas -n weda-software # delete followed by service name