Hyland's cloud-native and low-code Nuxeo Platform is a rapid deployment tool for application development and enterprise modernization in the cloud.
The Nuxeo Kubernetes application for Google Cloud Marketplace relies on the Nuxeo Helm chart, please make sure you read its documentation to start with.
Basically, a Kubernetes Deployment manages all Nuxeo Pods in this application. Each Pod runs a single instance of Nuxeo.
All Pods are behind a Service object. By default, Nuxeo is exposed using a ClusterIP Service on port 80. Optionally, you can expose the service externally by using an Ingress resource. Then, the Nuxeo interface is exposed on ports 80 and 443 . The TLS certificates are stored in the nuxeo-tls Secret resource.
Get up and running with a few clicks! Install this Nuxeo app to a Google Kubernetes Engine cluster using Google Cloud Marketplace. Follow the on-screen instructions.
You can use Google Cloud Shell or a local workstation to follow the steps below.
You'll need the following tools in your development environment. If you are
using Cloud Shell, gcloud, kubectl, Docker, and Git are installed in your
environment by default.
Configure gcloud as a Docker credential helper:
gcloud auth configure-dockerCreate a new cluster from the command line:
export CLUSTER=nuxeo-cluster
export ZONE=us-east1
gcloud container clusters create "$CLUSTER" --zone "$ZONE"Configure kubectl to connect to the new cluster:
gcloud container clusters get-credentials "$CLUSTER" --zone "$ZONE"Clone this repository:
git clone https://github.com/nuxeo/nuxeo-gcp-marketplace.gitAn Application resource is a collection of individual Kubernetes components, such as Services, Deployments, and so on, that you can manage as a group.
To set up your cluster to understand Application resources, run the following command:
kubectl apply -f "https://raw.githubusercontent.com/GoogleCloudPlatform/marketplace-k8s-app-tools/master/crd/app-crd.yaml"You need to run this command once.
The Application resource is defined by the Kubernetes SIG-apps community. The source code can be found on github.com/kubernetes-sigs/application.
Navigate to the nuxeo-mp directory:
cd deployer/chart/nuxeo-mpChoose the namespace and instance name for the application.
export NAMESPACE=mynamespace
export APP_INSTANCE=mynuxeoConfigure the container image registry:
export REGISTRY=marketplace.gcr.io/hyland/nuxeoSet up the image tag:
It is advised to use stable image reference which you can find on Marketplace Artifact Registry. Example:
export TAG="1.0"If needed, expose the Service externally and configure Ingress:
export PUBLIC_SERVICE_AND_INGRESS_ENABLED=true[!WARNING] Warning about GKE Ingress
When using the built-in Ingress controller provided by Google Kubernetes Engine, GKE Ingress, the X-Forwarded-Port request header is not set. Thus, you need to configure it as a custom request header.
Alternately, you can:
- Use another Ingress controller such as NGINX Ingress Controller.
- Configure Cloud DNS for GKE, in which case you need to set the
virtualHostparameter of thenuxeosubchart to the DNS hostname, see Install the Helm chart.
Note
You can skip this step if you have not set up external access.
-
If you already have a certificate that you want to use, copy your certificate and key pair to the
/tmp/tls.crt, and/tmp/tls.keyfiles, then skip to the next step.To create a new certificate, run the following command:
openssl req -x509 -nodes -days 365 -newkey rsa:2048 \ -keyout /tmp/tls.key \ -out /tmp/tls.crt \ -subj "/CN=nuxeo/O=hyland" -
Set
TLS_CERTIFICATE_KEYandTLS_CERTIFICATE_CRTvariables:export TLS_CERTIFICATE_KEY="$(cat /tmp/tls.key | base64)" export TLS_CERTIFICATE_CRT="$(cat /tmp/tls.crt | base64)"
Run the command below to create a new namespace:
kubectl create namespace "$NAMESPACE"Update the chart dependencies to fetch the nuxeo subchart locally.
helm dependency update .Use helm install to install the application in the target namespace.
helm install "$APP_INSTANCE" . \
--namespace "$NAMESPACE" \
--set nuxeo.image.repository="$REGISTRY" \
--set nuxeo.image.tag="$TAG" \
--set nuxeo.ingress.enabled="$PUBLIC_SERVICE_AND_INGRESS_ENABLED" \
--set tls.base64EncodedPrivateKey="$TLS_CERTIFICATE_KEY" \
--set tls.base64EncodedCertificate="$TLS_CERTIFICATE_CRT"You can have a look at the complete list of properties of the nuxeo subchart.
Note
Parameters of the nuxeo subchart must be prefixed with nuxeo. when installing the nuxeo-mp parent chart.
To get the GCP Console URL for your app, run the following command:
echo "https://console.cloud.google.com/kubernetes/application/$ZONE/$CLUSTER/$NAMESPACE/$APP_INSTANCE"To view the app, open the URL in your browser.
If the Nuxeo service is exposed externally, get the external IP of your Nuxeo server using the following command:
SERVICE_IP=$(kubectl get ingress -l "app.kubernetes.io/instance=$APP_INSTANCE" \
--namespace "$NAMESPACE" \
--output jsonpath='{.items[].status.loadBalancer.ingress[0].ip}')
echo "https://$SERVICE_IP/"The command shows the URL of your Nuxeo site.
It is also possible to connect to Nuxeo without exposing it to public access, knowing its Service name:
SERVICE_NAME=$(kubectl get service -l "app.kubernetes.io/instance=$APP_INSTANCE" \
--namespace "$NAMESPACE" \
--output custom-columns=":metadata.name" \
--no-headers)To do this, you can connect from a container inside the Kubernetes cluster using the following hostname: $SERVICE_NAME.$NAMESPACE.svc.cluster.local.
You can also use port forwarding by running the following command:
kubectl port-forward svc/$SERVICE_NAME 8080:80 \
--namespace "$NAMESPACE"Then, access the Nuxeo server with http://localhost:8080/.
Run the following command:
kubectl logs -f -l "app.kubernetes.io/instance=$APP_INSTANCE" \
--namespace "$NAMESPACE" \
--prefix --tail -1See the Architecture section of the Nuxeo Helm chart documentation.
See the Nuxeo documentation about Backup and Restore.
We recommend backing up your data before starting the upgrade.
Note that during the upgrade, your Nuxeo site will be unavailable.
Set your environment variables to match the installation properties:
export NAMESPACE=mynamespace
export APP_INSTANCE=mynuxeo
export REGISTRY=marketplace.gcr.io/hyland/nuxeoSet the new image version in an environment variable:
export TAG="1.1"Upgrade the Helm release with the reference to the new image:
helm upgrade "$APP_INSTANCE" . \
--namespace "$NAMESPACE" \
--set nuxeo.image.repository="$REGISTRY" \
--set nuxeo.image.tag="$TAG"Monitor the process with the following command:
kubectl get pods -l "app.kubernetes.io/instance=$APP_INSTANCE" \
--output go-template='Status={{.status.phase}} Image={{(index .spec.containers 0).image}}' \
--watchThe Pod is terminated, and recreated with a new image for the nuxeo
container. After the upgrade is complete, the final state of the Pod is
Running, and marked as 1/1 in the READY column.
-
In the GCP Console, open Kubernetes Applications.
-
From the list of applications, click $APP_INSTANCE.
-
On the Application Details page, click Delete.
Set your environment variables to match the installation properties:
export NAMESPACE=mynamespace
export APP_INSTANCE=mynuxeoNOTE: We recommend using a
kubectlversion that is the same as the version of your cluster. Using the same versions ofkubectland the cluster helps avoid unforeseen issues.
To delete the resources, delete the installed Application:
k delete application "$APP_INSTANCE" \
--namespace "$NAMESPACE"Optionally, if you don't need the deployed application or the GKE cluster, delete the cluster using this command:
gcloud container clusters delete "$CLUSTER" --zone "$ZONE"You are connected with glcoud to a test GKE cluster in a given project, that can be retrieved this way:
export GCP_PROJECT=$(gcloud config get-value project | tr ':' '/')There is an Artifact Registry in this GCP project, for instance:
us-docker.pkg.dev/$GCP_PROJECT/nuxeoA Nuxeo image has been pushed to this registry, for instance:
us-docker.pkg.dev/$GCP_PROJECT/nuxeo/nuxeo:1.0.0You've read the Tool Prerequisites documentation.
First, you need to update the chart dependencies to fetch the nuxeo subchart locally.
helm dependency update deployer/chart/nuxeo-mp/Configure the registry and tag of the deployer and tester images:
export REGISTRY=us-docker.pkg.dev/$GCP_PROJECT/nuxeo
export TAG="1.0.0"Build and push the deployer and tester images, then run the tests:
docker build --build-arg REGISTRY=$REGISTRY --build-arg TAG=$TAG --tag $REGISTRY/deployer:$TAG deployer \
&& docker push $REGISTRY/deployer:$TAG \
&& docker build --tag $REGISTRY/tester:$TAG tester \
&& docker push $REGISTRY/tester:$TAG \
&& mpdev verify --deployer=$REGISTRY/deployer:$TAGYou can have a look at the Verification system documentation and the Dev container references.
Create a test namespace.
kubectl create namespace test-namespaceDelete the previous test application.
kubectl delete application test-deployment \
--namespace=test-namespace \
--ignore-not-found=trueWait for the test-deployment-nuxeo Ingress object to be actually deleted, it can take a while.
You can also delete the deployer Job instead of the whole Application:
kubectl delete job test-deployment-deployer \
--namespace=test-namespace \
--ignore-not-found=trueBuild the deployer image and install the application in the test namespace.
docker build --build-arg REGISTRY=$REGISTRY --build-arg TAG=$TAG --tag $REGISTRY/deployer:$TAG deployer \
&& docker push $REGISTRY/deployer:$TAG \
&& mpdev install --deployer=$REGISTRY/deployer:$TAG --parameters='{"name": "test-deployment", "namespace": "test-namespace"}'You can have a look at the Helm deployer documentation.
View license information for the software contained in the Nuxeo container image.
As with all container images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained).
As with any pre-built image, it is the user's responsibility to ensure compliance with all relevant licenses for the software included in the image.