Templates for deployment of MetaBase, used within Natural Resources Ministries and ready for deployment on OpenShift. MetaBase is an open-source Clojure / JavaScript application with a PostgreSQL relational database for persistent data.
Network Security Policy is in place, for example:
oc -n 599f0a-dev process -f https://raw.githubusercontent.com/BCDevOps/platform-services/master/security/aporeto/docs/sample/quickstart-nsp.yaml NAMESPACE=599f0a-dev | oc -n 599f0a-dev create -f -
Secret exists to allow pull from DockerHub, for example:
oc -n 245e18-tools create secret docker-registry docker-pull-passthru \
--docker-server=docker-remote.artifacts.developer.gov.bc.ca \
--docker-username=default-245e18-xxxxxx \
--docker-password=xxxxxx \
--docker-email=default-245e18-ujotfv@245e18-tools.local
oc -n 245e18-tools secrets link default docker-pull-passthru
oc -n 245e18-tools secrets link builder docker-pull-passthru
For builds:
- Administrator access to an Openshift Project namespace
Once built, this image may be deployed to a separate namespace with the appropriate system:image-puller
role.
For deployments:
- Administrator access to an Openshift Project namespace
- the oc CLI tool, installed on your local workstation
- access to this public GitHub Repo
Once deployed, any visitors to the site will require a modern web browser (e.g. Chrome, Edge, FF, Opera etc.).
- OpenShift Metabase .bc template for Metabase image build
- OpenShift Metabase .dc template for Metabase application deployment
- OpenShift Database .dc template for PostgreSQL Database deployment, acting as the datastore for the Metabase application
Dockerfile, referencing http://downloads.metabase.com/${METABASE_VERSION}/metabase.jar
where ${METABASE_VERSION}
is customizable.
For example:
oc process -n $TOOLS -f ./ci/openshift/metabase.bc.yaml -p METABASE_VERSION=$METABASE_VERSION -o yaml | oc apply -n $TOOLS -f -
Deploy the DB using the correct BI parameter (e.g. an acronym that is prefixed to -metabase
):
> oc -n ${PROJECT} new-app --file=./ci/openshift/postgresql.dc.yaml -p NAME=${BI}-metabase
All DB deployments are based on the out-of-the-box OpenShift Database Image.
Deploy the Application specifying:
- the feedback-specific parameter (i.e.
${BI}-metabase
) - your project namespace that contains the image, and
- your project namespace into which the app will be deployed, and
- a
@gov.bc.ca
email account that will be used with theapps.smtp.gov.bc.ca
SMTP Email Server:
oc -n $PROJECT new-app --file=./ci/openshift/metabase.dc.yaml -p IS_NAMESPACE=${TOOLS} -p NAME=${BI}-metabase -p ADMIN_EMAIL=${ADMIN_EMAIL} -o yaml | oc apply -n ${PROJECT} -f -
Navigate the GUI to configure the initial configuration:
Database type: PostgreSQL
Host: ${BI}-metabase-postgresql
Database name: ${BI}-metabase
Usename: <from secret>
Password: <from secret>
Navigate the Adnin Menu (Admin -> Settings -> General)
Site URL: https://
${BI}-metabase.apps.silver.devops.go.bc.ca
SMTP HOST: apps.smtp.gov.bc.ca
SMTP PORT: 25
SMTP Security: None
From Address:
LDAP HOST: idir.bcgov
LDAP PORT: 389
LDAP SECURITY: None
USER SEARCH BASE: OU=BCGOV,DC=idir,DC=bcgov
USER FILTER: (&(|(sAMAccountName={login})(mail={login})))
As this is a template deployment, it may be easier to set environment variable for the deployment, so using the same PROJECT of 245e18-dev
and a new BI project of test
:
Deployment Steps
On a workstation logged into the OpenShift Console:
export TOOLS=245e18-tools
export PROJECT=245e18-dev
export BI=test
export METABASE_VERSION=v0.39.4
oc process -n $TOOLS -f ./ci/openshift/metabase.bc.yaml -p METABASE_VERSION=$METABASE_VERSION -o yaml | oc apply -n $TOOLS -f -
oc -n ${PROJECT} new-app --file=./ci/openshift/postgresql.dc.yaml -p NAME=${BI}-metabase
--> Deploying template "245e18-dev/nrms-postgresql-dc" for "./ci/openshift/postgresql.dc.yaml" to project 245e18-dev
* With parameters:
* Service Name=test-metabase
* Memory Limit=512Mi
* PostgreSQL Connection Password=FmoBavwEMKkD11oS # generated
* Database Volume Capacity=2Gi
--> Creating resources ...
secret "test-metabase-postgresql" created
persistentvolumeclaim "test-metabase-postgresql" created
deploymentconfig.apps.openshift.io "test-metabase-postgresql" created
service "test-metabase-postgresql" created
--> Success
Application is not exposed. You can expose services to the outside world by executing one or more of the commands below:
'oc expose service/test-metabase-postgresql'
Run 'oc status' to view your app.
export ADMIN_EMAIL=Gary.T.Wong@gov.bc.ca
oc -n $PROJECT new-app --file=./ci/openshift/metabase.dc.yaml -p IS_NAMESPACE=${TOOLS} -p NAME=${BI}-metabase -p ADMIN_EMAIL=${ADMIN_EMAIL} -o yaml | oc apply -n ${PROJECT} -f -
After thirty seconds, you may navigate to the setup page at:
${BI}-metabase.apps.silver.devops.go.bc.ca
When finished, remember to unset the environment variables:
unset TOOLS PROJECT BI METABASE_VERSION ADMIN_EMAIL
- To login into the OpenShift database, start the DB pod terminal (via OpenShift Console or
oc rsh
) and enter:
psql -U ${POSTGRESQL_USER} ${POSTGRESQL_DATABASE}
- To clean-up database depoyments, when using environment variables:
oc -n ${PROJECT} idle ${BI}-metabase-postgresql
oc -n ${PROJECT} delete secret/${BI}-metabase-postgresql svc/${BI}-metabase-postgresql pvc/${BI}-metabase-postgresql dc/${BI}-metabase-postgresql
- To clean-up application depoyments, when using environment variables:
oc -n ${PROJECT} delete secret/${BI}-metabase-secret svc/${BI}-metabase route/${BI}-metabase dc/${BI}-metabase
-
For local environment, run
UID="$(id -u)" GID="$(id -g)" docker-compose up
To clean up local persistent data,
rm -rf postgresql/data/*
To log into local containerized database:
docker-compose exec -u postgres db psql -U ${POSTGRES_USER} -d ${POSTGRES_DB}
- test out LDAP settings
- check for image triggers which force a reploy (image tags.. latest -> v0.19.0)