Minikube - Get HCL Connections in the Smallest Possible Setup

Beck et al. @RNUG Minikube - get HCL Connections in the smallest possible setup

Munich, December 2020 – Martin Schmidt Beck et al. Current Positioning Delivery models / Revenue streams A professional, experienced consultancy and Digital Projects based on T&M or fixed service fees Transformation service provider with a continuous Managed services based on monthly service fees start-up mentality. Subscription based services Provisions from software license sales & cloud Enable Digital Work commissions. Human-centric transformation Form Data to Results Services are delivered from our virtual teams from Germany, Romania & Brazil Data-driven Employees become transformation Our Business Practices corporate digital citizens Big Data becomes Enable Digital Work work. business value Creating the conditions for digital work, providing platforms, together. promoting sustainable use. Change Leadership, accompanying, organizational development. Form Data to Results Support data-driven decisions, AI-based analytics in the area of IT data and unstructured content AI driven solutions; social media analytics. Shape a Flexible IT Shape a flexible IT We help corporate IT organizations transform their own IT into Flexible & agile infrastructure & operations flexible, adaptive and robust IT services based on modern hybrid cloud environments. Save corporate IT departments from becoming obsolete 3 © Beck et al. 2020 4 Offering HCL Connections HCL of chain supply HCL Connections Connections HCL al.‘s complete the cover 2020 We Beck et et Beck © Beck et al. et al. © Beck Locations Munich (DE), Cluj (RO), Florianópolis (BR)

Employees Total 103; DE 51 – RO 35 – BR 17 (Headcounts)

Certified Technicians 75% of all employees

Shareholder Since spring 2020 Beck et al. together with binary, direktgruppe and infoWAN have been forming a new Digital Champion for D/A/CH.

Revenue DE 2018: € 9 Mio 2019: € 12 Mio

Revenue Share 45% recurring revenue, 45% projects, 10% licenses/ provisions

Equity (DE/Group) € 1.2 Mio/ 1.5 Mio (as of 1.1.2018)

Relevant customer Automotive (Dräxlmaier, TRATON, Continental, Magna, Infineon,) segments Travel & Transport (Lufthansa Group, Amadeus) „Hidden champions“ (KWS SAAT SE, pfm medical, Viridium, …) Public clients (BMVG, German Forces, EU agencies) Facts & Technology Microsoft, AWS, HCL, OKTA, Nexthink, CloudHealth, Splunk, Beezy, Figures partnerships MangoApps, Coyo, …

5 © Beck et al. 2020 Beck et al. Subsidiaries

Beck et al. Romania, Cluj-Napoca, Transylvania „Silicon Valley of Eastern Europe“ Set-up 2006; currently 35 employees (headcount). Second largest university city in Romania Very stable team with a strong management team

Beck et al. Brazil: Florianópolis ”Silicon Island of Latin America” Set-up 2008; currently 17 employees (headcount). Young, stable team with strong technical background

Beck et al. Switzerland: Urdorf, Zürich area

representation only, no operational office 6

Our team of experienced certified experts is a trusted partner for all cloud initiatives and scenarios. Our focus is to hand over individual cloud solutions that will best solve our customers actual business challenges.

References AWS Competency Program Fritz Dräxlmaier GmbH & Co. KG • Microsoft Workloads on AWS KWS SAAT SE • DevOps Competency (coming soon) European Food Safety Authority (EFSA) AXINOM GmbH AWS Advanced Consulting Partner ARDEX GmbH • AWS customer since 2008 Infoscreen GmbH • AWS Advanced Partner since 2013 • Founded in 1999 • Offices in Germany, Romania, Switzerland and Brazil • 100+ employees

Service Delivery Program • Certified Amazon EC2 for Windows Server

Partner 7 • FSx for Windows File Server 8

. 2020 Some of our technology partners technology our of Some © Beck et al. et al. © Beck

Related customers. 9

10.12.2020 on RNUG online forum 2020

Martin Schmidt 10 Martin Schmidt

Senior IT Architect IBM / HCL Connections since 2007

Experience in • Deployment, Migration, Operation and Customization • Kubernetes EKS and AWS, Container

Focusing on • enhancing with own containers • make the most out of customizer

More and more

• DevOps, Automation 11

• • • • •

We at will look We Minikube Minikube

Full Redundant Connections Infrastructure 13

Proof of Concept Infrastructure – Minimum requirements 14 15 ) 8096 (MB 16384 32768 65536 RAM 2 4 8 16 CPU AWS Instance Sizes Instance AWS large xlarge 2xlarge 4xlarge 7168 75 75 75 75 75 100 75 1536 3072 768 0 0 0 100 50 75 128 50 0 0 Min RAM Min 100 75 150 64 75 50 100 75 0 75 75 2,34 0,1 0,05 0,1 0,05 0,05 0,2 0,05 0,1 0,5 0,1 0 0 0 0,1 0,01 0,05 0,1 0,01 0 0 Min CPU Min 0,05 0,05 0,1 0,02 0,05 0,05 0,2 0,1 0 0,1 0,05 75 75 75 75 75 100 75 1536 3072 768 512 1024 400 100 50 75 128 50 600 300 RequestsSum Requests RAM Requests 100 75 150 64 75 50 100 75 75 75 75 0,1 0,01 0,05 0,1 0,01 0,02 0,01 Requests CPU Requests 0,05 0,05 0,1 0,02 0,05 0,05 0,2 0,1 0,05 0,1 0,05 0,1 0,05 0,1 0,05 0,05 0,2 0,05 0,1 0,5 0,1 0,5 1 0,5 23232 3096 100 1024 512 100 0 0 Requried RAM Requried 1024 400 500 512 400 200 1024 500 0 500 400 1024 400 1024 400 1500 1024 400 2048 4096 1024 0 0 0 19,6 Source: Source: https://help.hcltechsw.com/connections/v65/admin/install/cp_install_sizing_for_production.html 2 0,5 1 0,1 0,5 0 0 Required CPU Required 0,5 0,5 0,5 0,5 0,5 0,5 0,5 1 0 1 0,5 1 0,5 1 0,5 0,5 0,5 0,5 2 2 1 0 0 0 3096 100 1024 512 100 4096 400 LimitsSum Limits RAM Limits 1024 400 500 512 400 200 1024 500 500 500 400 1024 400 1024 400 1500 1024 400 2048 4096 1024 2048 4096 8192 0,5 0,5 2 2 1 2 3 3 2 0,5 1 0,1 0,5 2 0,5 0,5 1 0,5 1 0,5 1 0,5 1 0,5 0,5 0,5 Limits CPU Limits 0,5 0,5 0,5 0,5 0,5 0 1 1 1 1 0 0 0 1 1 1 1 1 0 1 1 1 0 1 1 1 1 1 1 1 1 Count 1 1 1 1 1 graphql controller service client suggestions - - client - - - - service - service - relation scoring idmapping migrate - - - - watcher web - sentinel server - - - service

ingress proxy - services - - data master client -

- - - sanity solr zookeeper redis redis sanity kibana logstash mongo es es filebeat retrieval userprefs es people people people mw orient people indexingservice itm mail middleware cnx community haproxy analysisservice appregistry appregistry Container

© Beck et al. 2020 et al. © Beck Sizing your your Sizing machine 16 , Podman V, KVM, Parallels, V, KVM, Parallels, - Source: https://minikube.sigs.k8s.io/docs/start/ , Hyper Hyperkit minikube minikube start , or VMWare VirtualBox Internet connection Container or virtual such as: Docker, machine manager, 20GB of free disk space 2 CPUs or more 2GB of free memory

© Beck et al. 2020 et al. © Beck => For HCL Connections Component Pack we will wePack => For HCL will with use: t3a.xlarge Connections Component HDD 50GB • • • • • What you’ll need (Minimum Requirement) All All is Dockeryou need (or similarly container orcompatible) is a a Virtual Machine environment, and Kubernetes single command away: minikube is minikube is focusing on makinglocal Kubernetes, it easy to learn and develop for Kubernetes.

minikube start start minikube Minikube Run minikube for Connections on CentOS7 Source: https://becketalservices.github.io/beas-cnx-cloud/minikube/chapter1.html

# prepare CentOS 7 sudo yum -y install epel-release sudo yum -y update sudo yum -y install socat vim nano zip unzip bind-utils git git clone https://github.com/becketalservices/beas-cnx-cloud.git # helm curl -L -O "https://get.helm.sh/helm-v2.17.0-linux-amd64.tar.gz" tar -zxvf helm* sudo mv $HOME/linux-amd64/helm /usr/bin/helm helm version --client # docker sudo bash $HOME/beas-cnx-cloud/Azure/scripts/install_docker.sh sudo usermod -a -G docker $USER # User must logoff / login to see effect! sudo docker version # minikube curl -Lo minikube https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64 chmod +x minikube sudo mv minikube /usr/bin/ sudo minikube start --vm-driver=none --kubernetes-version v1.17.6 sudo systemctl enable kubelet.service sudo minikube addons enable dashboard # make minikube available for current user sudo cp -r /root/.kube $HOME sudo cp -r /root/.minikube $HOME sudo chown -R $USER $HOME/.kube $HOME/.minikube sed -i "s@/root@$HOME@" .kube/config sed -i "s@/root@$HOME@" .minikube/machines/minikube/config.json alias kubectl="minikube kubectl –-" echo 'alias kubectl="minikube kubectl --"' >> ~/.bashrc minikube status

kubectl get nodes 17

© Beck et al. 2020 18 - cloud/minikube/chapter2.html - \ cnx - subj "/CN=control - NodePort = /tls.crt tmp /tls.crt tmp out / - service.type becketalservices.github.io/beas cert / set -- -- tls.key / \ tmp Source: Source: https:// config.yaml / secret =standard - tls.key - / dr =true = rbac tmp keyout - is available again key / -- k option necessary. - rsa:2048 tlsSecretName kubernetes secret /C=XX" - set cloud/Azure/helm/ dr persistence.enabled - -- newkey persistence.storageClass - cnx Kubenetes tls set - trust/source/anchors/ - -- set -- /ca beas registry f - days 365 DockerRegistry pki - - / plane.minikube.internal:31456 =31456 =10G - /O= etc create secret docker account tiller apply - nodes - -- No trust the certificate. -- restart docker trust - configuration for helm for configuration x509 helm and and helm create docker registry ca - /tls.crt / service - should -- kubectl tmp rbac kubectl persistence.size service.nodePort req / v https://control - update systemctl cp init set set

-- --

© Beck et al. 2020 et al. © Beck # 6. Check that you can access your Registry via curl # 6. Check that you can # !! curl curl # 5. Deploy Docker Registry helm install stable/ sleep 60 # just to wait until docker and sleep 60 # just to wait inside # 4. Store the certificate minikube # 3. Restart Docker daemon to pick up this trust # 3. Restart Docker daemon sudo # 2. Trust your new certificate # 2. Trust your new certificate sudo sudo openssl plane.minikube.internal helm docker registry ## Create your a self signed certificate # 1. Create minikube side tiller component helm and deploy server # Initialize ## Configure Helm ## Configure # Create Initialize Initialize 19 cloud/minikube/chapter3.html - cnx - becketalservices.github.io/beas Source: Source: https:// ' d)" - " " " > run only 1 replica per pod > run only - plane.minikube.internal:31456 =false - admin_password =' =10 ="$(hostname admin_user ic_front_door =0 =65 =" ic_internal =" =standard =" =control ="$HOSTNAME" =0 =small # small =small # small connnections

nodeAffinityRequired EOF ic_front_door master_ip set to false. with just one node or no taint nodes, # for test environments ic_admin_user ic_admin_password ic_internal # Component Pack GlobalDomainName useSolr # Docker Registry ECRRegistry # ES settings useStandaloneES # Storage settings (minikube uses 'standard' by default) (minikube uses # Storage settings storageclass CNXNS= CNXSize cat > ~/installsettings.sh < ~/installsettings.sh version # used connections installversion installsubversion # Write our environment settings our environment # Write © Beck et al. 2020 et al. © Beck

Prepare Prepare configuration file installsettings.sh Install Component Install Component services Pack 20 cloud/minikube/chapter3.html - cnx - becketalservices.github.io/beas \ q) - Source: Source: https:// nfs - storage - p dummy - }/connections/sanity /support persistent - u dummy - } \ ECRRegistry hybridcloud , you can use the generated / namespace $CNXNS q) efs - -- volumes - ECRRegistry ${ dr configuration file: - Files cloud/common/scripts/write_cp_config.sh cloud/Azure/helm/connections - f $(docker images ${ - - $(docker images install_cp.yaml cnx cnx Config - - create namespace $CNXNS create namespace rmi rmi microservices_connections f ~/ - beas i

~/ - install_cp.yaml

# to force the deletion of the sanity images run # to force the deletion docker # remove local docker images # remove local docker docker ./setupImages.sh popd ## Upload Docker images to registry ## Upload Docker images pushd helm upgrade connections ## To create all volumes on ## To create all volumes # ## Create namespace kubectl ## Write bash beas unzip ComponentPack*.zip configuration ## Load overall . ~/installsettings.sh ## Download and extract CP and ## Download © Beck et al. 2020 et al. © Beck

Create Create configuration basic Install Component Install Component services Pack 21 *) *) *) cloud/minikube/chapter4.html - env - cnx - orientme / namespace $CNXNS namespace namespace $CNXNS namespace $CNXNS namespace elasticsearch namespace $CNXNS -- /infrastructure*) -- / /bootstrap*) /connections -- -- configuration file, each pod is started only pod is each started configuration file, namespace $CNXNS namespace helmbuilds -- / becketalservices.github.io/beas helmbuilds helmbuilds helmbuilds helmbuilds / / / / install_cp.yaml install_cp.yaml install_cp.yaml Source: Source: https:// install_cp.yaml hybridcloud install_cp.yaml f ~/ / - f ~/ install_cp.yaml - f ~/ hybridcloud hybridcloud i hybridcloud hybridcloud - : 1“ in the 1“ : f ~/ f / / - / i / - - i f ~/ - i env - - - i - replicaCount helmchart $ helmchart helmchart $ helmchart env $ helmchart - microservices_connections microservices_connections microservices_connections microservices_connections microservices_connections orientme elasticsearch =$(ls =$(ls =$(ls =$(ls =$(ls =$(ls helm upgrade upgrade helm Plus]) [Activities IngressController, … (Customizer, helm upgrade Me OrientInstalling helmchart Installing ElasticsearchInstalling helmchart helmchart $ helm upgrade infrastructure helmchart connections helm upgrade the Component Installing infrastructurePack helm upgrade bootstrap $ helm upgrade the Component connectionsInstallingPack’s Bootstrapping the Kubernetes clusterBootstrapping helmchart

© Beck et al. 2020 et al. © Beck once to saveresources. => You will see that due to the setting of „ setting due to the see that will => You 6. 5. 4. 3. 2. 1. Deploy Component Component Deploy Cluster to Pack 22 out out - server.key /private/ nginx / pki / etc / url keyout - proxy_pass as rsa:2048 rsa:2048 1 newkey - functionality on minikube on minikube server days 365 365 days nginx - /private Customizer nodes nginx - for / nginx LoadBalancer nginx plane.minikube.internal:30301 nginx.conf nginx - pki / / x509 httpd_can_network_connect - P etc start start enable - /server.crt nginx / req p / - etc allow forwarding allow y install y install nginx - / http://control pki / vim setsebool mkdir openssl yum yum systemctl systemctl / Services on Minikube can not listen MinikubeServices on (80)http can not (443) without and port https listen on port configuration opening Install Simplest solution: Minikube has Minikube has no

SELinux Use add here the required configuration according to to according configuration the required add here https://help.hcltechsw.com/connections/v65/admin/install/cp_config_customizer_setup_nginx.html enable https section https enable

etc © Beck et al. 2020 et al. © Beck   sudo  sudo sudo / sudo sudo # sudo sudo • • • Reverse Reverse Proxy 23 help.hcltechsw.com/connections/v65/admin/install/cp_config_intro.html see: Configuring Pack the Component https:// No difference to the normalNo difference integration

• Integration Integration Connections with WebSphere on 24 rem_replica.json " / node cluster: settings?pretty elasticsearch " cloud/ - collection/_ cnx - - me - indices?v beas for more Indexes repository. commands.txt git esget.sh "_cat/ ./esput.sh "orient See Remove replica Remove replica from index to make “green” it on a 1 List All List All ./ Tool elastic searchto extract the certificates from the component pack configuration ./getcerts.sh

© Beck et al. 2020 et al. © Beck • • • • The tools can be found in in the To see and manage the Elasticsearch Elasticsearch indices To see and commandfrom manage the some line easily, command line tools are provided Elasticsearch Elasticsearch management command from line 25 dashboard:/proxy - dashboard/services/http:kubernetes - proxy -- kubectl ://localhost:8001/api/v1/namespaces/kubernetes

minikube http Kubernetes Kubernetes Dashboard 26 cloud/ - cnx - help.hcltechsw.com/connections/v65/admin/install/t_inst_config_addons.html Configuring additionalConfiguring applications HCLConnections https:// Documentation HCL Component Pack on managed Kubernetes:Pack on managedHCL Documentation Component https://becketalservices.github.io/beas

@beck_et_al

[email protected]