Add first Kubernetes example based on Bonita 10.0 / 2024.1

Author: JeremJR

README.md

@@ -0,0 +1,134 @@
+# Install Minikube
+
+```
+curl -LO https://storage.googleapis.com/minikube/releases/v1.33.1/minikube-linux-amd64
+sudo install minikube-linux-amd64 /usr/local/bin/minikube && rm minikube-linux-amd64
+```
+
+```
+minikube version
+minikube version: v1.33.1
+commit: 5883c09216182566a63dff4c326a6fc9ed2982ff
+```
+
+```
+minikube start --kubernetes-version 1.28.4
+```
+
+# Create test namespace
+
+```
+kubectl create ns bonita
+```
+
+# Deploy PostgreSQL
+
+```
+kubectl -n bonita create configmap db-scripts --from-file=db_scripts/
+kubectl -n bonita apply -f postgresql.yaml
+```
+
+Test connection
+
+```
+kubectl -n bonita run psql-client --image postgres:15.7 --rm --tty -i --command -- /bin/bash
+```
+
+```
+export PGPASSWORD=testpassword
+psql -h postgres-db -p 5432 -U postgres postgres
+postgres=# show max_connections;
+ max_connections 
+-----------------
+ 100
+(1 ligne)
+
+postgres=# \list
+                                  List of databases
+   Name    |   Owner    | Encoding |  Collate   |   Ctype    |   Access privileges   
+-----------+------------+----------+------------+------------+-----------------------
+ bizdata   | bizuser    | UTF8     | en_US.utf8 | en_US.utf8 | 
+ bonita    | bonitauser | UTF8     | en_US.utf8 | en_US.utf8 | 
+ postgres  | postgres   | UTF8     | en_US.utf8 | en_US.utf8 | 
+ template0 | postgres   | UTF8     | en_US.utf8 | en_US.utf8 | =c/postgres          +
+           |            |          |            |            | postgres=CTc/postgres
+ template1 | postgres   | UTF8     | en_US.utf8 | en_US.utf8 | =c/postgres          +
+           |            |          |            |            | postgres=CTc/postgres
+(5 rows)
+```
+
+
+# Deploy Bonita
+
+Add Docker registry credentials
+```
+DOCKER_SEVER=bonitasoft.jfrog.io
+DOCKER_USERNAME=...
+DOCKER_TOKEN=...
+kubectl create secret docker-registry imagepullsecret --docker-server="${DOCKER_SEVER}" --docker-username="${DOCKER_USERNAME}" --docker-password="${DOCKER_TOKEN}" -n bonita
+```
+
+Request a Bonita license compatible with Kubernetes into the [Customer service center](https://csc.bonitacloud.bonitasoft.com/apps/CustomerServices)
+
+Add this bonita license
+```
+cp BonitaSubscription-10.0-Test-20240312-20240908.lic bonita-license.lic
+kubectl -n bonita create configmap bonita-license --from-file=bonita-license.lic
+```
+
+```
+kubectl -n bonita create configmap bonita-scripts --from-file=bonita_scripts/
+```
+
+```
+kubectl -n bonita apply -f bonita_secrets.yaml
+kubectl -n bonita apply -f bonita_cm.yaml
+kubectl -n bonita create serviceaccount bonitaserviceaccount
+kubectl -n bonita apply -f bonita_rbac.yaml
+kubectl -n bonita apply -f bonita_deployment.yaml
+kubectl -n bonita apply -f bonita_service.yaml
+```
+
+Test connection
+```
+kubectl -n bonita port-forward service/bonita-test 8080:8080
+```
+
+Open http://127.0.0.1:8080 in your browser and use admin / myAdminSecret credentials.
+
+# Scale up Bonita
+
+Once bonita finished its startup
+```
+kubectl -n bonita logs --selector app.kubernetes.io/instance=bonita-test | grep "Server startup in" | jq .message
+"Server startup in [20896] milliseconds"
+```
+
+```
+kubectl -n bonita get deployment
+NAME          READY   UP-TO-DATE   AVAILABLE   AGE
+bonita-test   1/1     1            1           11m
+```
+
+You can scale up
+```
+kubectl -n bonita scale --current-replicas=1 --replicas=2 deployment/bonita-test
+```
+
+```
+kubectl -n bonita get deployment
+NAME          READY   UP-TO-DATE   AVAILABLE   AGE
+bonita-test   2/2     2            2           16m
+```
+
+In case of success you will have this kind of message
+```
+kubectl -n bonita logs --selector app.kubernetes.io/instance=bonita-test | grep Members | jq .message
+"[10.244.0.9]:5701 [bonita-test] [5.3.5] \n\nMembers {size:2, ver:2} [\n\tMember [10.244.0.9]:5701 - e633ecf6-a670-448b-bd69-f1fdab39299a this\n\tMember [10.244.0.10]:5701 - 90903a8a-c5d9-49f7-9021-e81e958e995a\n]\n"
+```
+
+# Clean test
+
+```
+kubectl delete ns bonita
+```

UNLICENSE

@@ -0,0 +1,24 @@
+This is free and unencumbered software released into the public domain.
+
+Anyone is free to copy, modify, publish, use, compile, sell, or
+distribute this software, either in source code form or as a compiled
+binary, for any purpose, commercial or non-commercial, and by any
+means.
+
+In jurisdictions that recognize copyright laws, the author or authors
+of this software dedicate any and all copyright interest in the
+software to the public domain. We make this dedication for the benefit
+of the public at large and to the detriment of our heirs and
+successors. We intend this dedication to be an overt act of
+relinquishment in perpetuity of all present and future rights to this
+software under copyright law.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
+OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
+ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+OTHER DEALINGS IN THE SOFTWARE.
+
+For more information, please refer to <https://unlicense.org>

bonita_cm.yaml

@@ -0,0 +1,36 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: bonita-test
+data:
+  BDM_DS_CONNECTION_POOL_INITIAL_SIZE: "1"
+  BDM_DS_CONNECTION_POOL_MAX_IDLE: "10"
+  BDM_DS_CONNECTION_POOL_MAX_TOTAL: "20"
+  BDM_DS_CONNECTION_POOL_MIN_IDLE: "1"
+  BIZ_DB_NAME: bizdata
+  BIZ_DB_USER: bizuser
+  BONITA_DS_CONNECTION_POOL_INITIAL_SIZE: "2"
+  BONITA_DS_CONNECTION_POOL_MAX_IDLE: "20"
+  BONITA_DS_CONNECTION_POOL_MAX_TOTAL: "50"
+  BONITA_DS_CONNECTION_POOL_MIN_IDLE: "2"
+  BONITA_PLATFORM_PERSISTENCE_USE_SECOND_LEVEL_CACHE: "false"
+  # 1 hour in seconds
+  BONITA_RUNTIME_CLUSTER_HTTP_SESSION_TIMEOUT: "3600"
+  # 1 hour in milliseconds
+  BONITA_RUNTIME_SESSION_DURATION: "3600000"
+  BONITA_SERVER_LOGGING_FILE: /opt/custom-init.d/log4j2-appenders.xml,/opt/bonita/conf/logs/log4j2-loggers.xml
+  CLUSTER_MODE: "true"
+  DB_HOST: postgres-db
+  DB_NAME: bonita
+  DB_PORT: "5432"
+  DB_USER: bonitauser
+  DB_VENDOR: postgres
+  HTTP_API: "false"
+  HTTP_MAX_THREADS: "20"
+  JAVA_OPTS: -Djava.awt.headless=true -XX:+UseContainerSupport -XX:InitialRAMPercentage=60
+    -XX:MaxRAMPercentage=60 -XX:MinRAMPercentage=60 -XX:+HeapDumpOnOutOfMemoryError
+    -XX:+UseG1GC -Dbonita.client.home=/opt/bonita_lic
+  KUBERNETES_NAME: bonita-test
+  KUBERNETES_NAMESPACE: bonita
+  REMOTE_IP_VALVE_ENABLED: "true"
+  TZ: Europe/Paris

bonita_deployment.yaml

@@ -0,0 +1,109 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: bonita-test
+spec:
+  progressDeadlineSeconds: 600
+  replicas: 1
+  revisionHistoryLimit: 10
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: bonita-test
+      app.kubernetes.io/name: bonita
+  strategy:
+    rollingUpdate:
+      maxSurge: 25%
+      maxUnavailable: 25%
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/instance: bonita-test
+        app.kubernetes.io/name: bonita
+    spec:
+      serviceAccountName: bonitaserviceaccount
+      hostname: bonita
+      containers:
+      - envFrom:
+        - secretRef:
+            name: bonita-test-creds
+        - configMapRef:
+            name: bonita-test
+        image: bonitasoft.jfrog.io/docker/bonita-subscription:10.0.0
+        imagePullPolicy: IfNotPresent
+        livenessProbe:
+          failureThreshold: 10
+          httpGet:
+            httpHeaders:
+            - name: Authorization
+              value: Basic bW9uaXRvcmluZzpteU1vbml0b3JpbmdTZWNyZXQ=
+            - name: User-Agent
+              value: BonitaHealthCheck/1.0
+            path: /bonita/healthz
+            port: 8080
+            scheme: HTTP
+          periodSeconds: 15
+          successThreshold: 1
+          timeoutSeconds: 5
+        name: bonita
+        ports:
+        - containerPort: 5701
+          name: hazelcast
+          protocol: TCP
+        - containerPort: 8080
+          name: bonita
+          protocol: TCP
+        resources:
+          limits:
+            cpu: 2
+            memory: 2000Mi
+          requests:
+            cpu: 2
+            memory: 2000Mi
+        securityContext:
+          runAsGroup: 1000
+          runAsUser: 1000
+        startupProbe:
+          failureThreshold: 20
+          httpGet:
+            httpHeaders:
+            - name: Authorization
+              value: Basic bW9uaXRvcmluZzpteU1vbml0b3JpbmdTZWNyZXQ=
+            - name: User-Agent
+              value: BonitaHealthCheck/1.0
+            path: /bonita/healthz
+            port: 8080
+            scheme: HTTP
+          initialDelaySeconds: 120
+          periodSeconds: 15
+          successThreshold: 1
+          timeoutSeconds: 5
+        volumeMounts:
+        - name: bonita-scripts
+          mountPath: /opt/custom-init.d
+        - name: bonita-lic
+          mountPath: /opt/bonita_lic
+      dnsPolicy: ClusterFirst
+      imagePullSecrets:
+      - name: imagepullsecret
+      restartPolicy: Always
+      schedulerName: default-scheduler
+      securityContext: {}
+      terminationGracePeriodSeconds: 30
+      volumes:
+      - name: bonita-scripts
+        configMap:
+          name: bonita-scripts
+          items:
+              - key: bonita_setup.sh
+                path: bonita_setup.sh
+              - key: log4j2-appenders.xml
+                path: log4j2-appenders.xml
+              - key: bonita-platform-sp-cluster-custom.properties
+                path: bonita-platform-sp-cluster-custom.properties
+      - name: bonita-lic
+        configMap:
+          name: bonita-license
+          items:
+            - key: bonita-license.lic
+              path: bonita-license.lic

bonita_rbac.yaml

@@ -0,0 +1,25 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: hazelcast-role
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - endpoints
+  verbs:
+  - get
+  - list
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: hazelcast-role-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: hazelcast-role
+subjects:
+  - kind: ServiceAccount
+    name: bonitaserviceaccount
+    namespace: bonita

bonita_scripts/bonita-platform-sp-cluster-custom.properties

@@ -0,0 +1,17 @@
+bonita.cluster.group.name={{KUBERNETES_NAME}}
+
+bonita.platform.cluster.hazelcast.multicast.enabled=false
+bonita.platform.cluster.hazelcast.tcpip.enabled=false
+bonita.platform.cluster.hazelcast.aws.enabled=false
+bonita.platform.cluster.hazelcast.kubernetes.enabled=true
+
+bonita.platform.cluster.hazelcast.kubernetes.namespace={{KUBERNETES_NAMESPACE}}
+bonita.platform.cluster.hazelcast.kubernetes.serviceName={{KUBERNETES_NAME}}
+bonita.platform.cluster.hazelcast.kubernetes.resolveNotReadyAddresses=false
+bonita.platform.cluster.hazelcast.diagnostics.enabled=false
+bonita.platform.cluster.hazelcast.diagnostics.metric.level=info
+bonita.platform.cluster.hazelcast.partitionGroup.enabled=true
+bonita.platform.cluster.hazelcast.partitionGroup.groupType=ZONE_AWARE
+
+## Monitor locks on cluster
+org.bonitasoft.engine.monitoring.metrics.cluster.locks.enable=true

bonita_scripts/bonita_setup.sh

@@ -0,0 +1,25 @@
+#!/bin/sh
+
+set -euxo pipefail
+
+BONITA_DIR="/opt/bonita"
+
+# Use setup tool to configure Bonita Tomcat bundle
+
+cd ${BONITA_DIR}/setup
+./setup.sh pull
+
+# configure logging
+cp /opt/custom-init.d/log4j2-appenders.xml ${BONITA_DIR}/conf/logs/log4j2-appenders.xml
+
+# configure cluster
+if [[ "${CLUSTER_MODE}" == "true" ]]; then
+sed -e 's/{{KUBERNETES_NAME}}/'"${KUBERNETES_NAME}"'/g' \
+    -e 's/{{KUBERNETES_NAMESPACE}}/'"${KUBERNETES_NAMESPACE}"'/g' \
+    /opt/custom-init.d/bonita-platform-sp-cluster-custom.properties \
+    > ${BONITA_DIR}/setup/platform_conf/current/platform_engine/bonita-platform-sp-cluster-custom.properties
+fi
+
+cd ${BONITA_DIR}/setup
+./setup.sh configure
+./setup.sh push