Skip to main content
Version: 4.2

Deploy Pulse-IT on Kubernetes

1. Requirements:

1.1 Kubernetes Cluster:

  • Version: 1.31

  • Metrics Server needs to be installed and enabled on the cluster. See the official Metrics Server documentation for installation instructions.

  • NGINX Ingress Controller should be installed on the cluster to manage routing and ingress. Follow the official NGINX Ingress Controller documentation for installation instructions.

1.2 External services:

Note: Database, RabbitMQ, and Redis are not included in the Pulse-IT Helm Chart. You need to deploy these services separately.

  • Postgres 16.x from RDS Database
  • RabbitMQ 3.13.x from Amazon MQ
  • Redis 6.2. from Amazon ElastiCache

1.3 Kubernetes tools

  • kubectl configured to connect with the EKS Cluster
  • Helm

1.4 Dedicated namespace for embrace

Pulse-IT should be deployed on a dedicated namespace named embrace. Use the following command to create the namespace:

kubectl create namespace embrace

1.5 Service Account for emb-app

The emb-app-sa service account must be created in the embrace namespace. Use the following command to create the service account:

kubectl create serviceaccount emb-app-sa -n embrace

1.6 Embrace credentials for DockerHub saved on cluster secret

The Embrace images are kept in a private repository. To retrieve the images, you'll need to store the Embrace repository credentials in a Kubernetes secret. For detailed instructions, please consult the official Kubernetes documentation

kubectl create secret docker-registry emb-registry-cred  --docker-server=https://index.docker.io/v1/  --docker-username=embracecustomer  --docker-password=<password> -n embrace

2. Deploy Pulse-IT with Helm

2.1 Edit values to match with your environment:

  • Create a new file named values.local.yml next to the Pulse-IT Chart
touch values.<my_env>.yaml

Replace <my_env> with an environment name of your choice

  • Copy these minimal configurations into values.local.yaml by Replacing <...> to match with your environment values
# values.<my_env>.yaml
imagePullSecrets:
- name: emb-registry-cred

kubernetesHostType: "kubernetes"

database:
  host: "<database-host-address>"
  port: "5432"
  name: "ait_factory"

redis:
  host: "<redis-host-address>"
  port: "6379"

embApp:
  replicasCount: 1
  serviceAccount:
    create: false
    user: emb-app-sa
    name: emb-app-sa
    annotations: {
    }
  service:
    type: ClusterIP
    serviceAnnotations: {

    }

embDbg:
  debgguerSvc:
    type: ClusterIP
    serviceAnnotations: {

    }

embAppNginx:
  serviceNginx:
    type: ClusterIP
    serviceAnnotations: {

    }

secrets:
  provider: kubernetes

  kubernetes:
    database:
      user: <database-user>
      password: <database-password>

    su:
      username: <pulse-it-super-user-username>
      password: <pulse-it-super-user-password>

    rabbitmq:
      username: <rabbitmq-username-if-any>
      password: <rabbitmq-password-if-any>

    redis:
      username: <redis-username-if-any>
      password: <redis-password-if-any>

ingress:
  enabled: true
  tlsEnabled: false
  className: "nginx"
  annotations: {
  }

conf:
  debug: "false"
  logLevel: "INFO"
  protocol: "http"
  hostName: "<pulse-it-hostname>"
  kubernetesHost: "https://kubernetes.default.svc"
  kubernetesCluster: "<kubernetes-cluster-name>"
  timeZone: "Europe/Paris"
  WebSocketTimeout: "60"
  NodeMaxDayLogs: "6"
  ChannelLayerCapacity: "10000"
  ChannelLayerHttpRequestCapacity: "5000"
  ChannelLayerWebSocketSendCapacity: "10000"
  PlannedWorkflowProcessorsCount: "4"
  WorkflowEventsProcessorsCount: "4"
  sslEnabled: "False"

storage:
  enabled: false

2.2 Deploy Pulse-IT using Helm

helm install <my-release> \
    oci://registry-1.docker.io/embracemedia/pulse_it_chart \
    --version 4.2.2306 \
    --values=values.local.yaml \
    -n embrace

<my-release> can be replaced by "pulse-it" as release name for example.

Replace 4.2.2306 by latest stable Pulse-IT release.

2.3 Verify installation:

After running helm install, Pulse-IT components should be created on the Kubernetes cluster. These components can be listed using this command:

kubectl get pods -n embrace

Output:

NAME                                     READY   STATUS    RESTARTS      AGE
pod/emb-app-79666d6bdc-xjt9q             2/2     Running   0             25h
pod/emb-celery-beat-7776d9844-8jnd9      1/1     Running   0             25h
pod/emb-celery-worker-5c56574788-bzn6z   1/1     Running   0             25h
pod/emb-dbg-7b697c686f-v2s6g             1/1     Running   0             25h
...

2.4 Access Pulse-IT on your browser

Access Pulse-IT using hostname you've specified in the value.local.yaml file.

!! It may take a few minutes for Pulse-IT to become accessible due to DNS updates.

3. Worker Nodes

3.1 Deploy Worker Node's requirements Charts

3.1.1 Edit values to match with your environment:

  • Create a new file named values.local.yml next to the Worker Node Chart
touch values.<my_env>.yaml

Replace <my_env> with an environment name of your choice

  • Copy these minimal configurations to created file by replacing <...> to match with your environment values
# values.<my_env>.yaml
conf:
  debug: True
  logLevel: DEBUG
  timeZone: Europe/Paris

rabbitmq:
  host: "<rabbitmq-adrress>"
  port: "5672"
  useSSL: true

secrets:
  provider: kubernetes

3.1.2 Deploy Worker Nodes requirements using Helm

helm install <my-release> \
    oci://registry-1.docker.io/embracemedia/pulse_it_worker_chart \
    --version 4.2.801 \
    --values=values.local.yaml \
    -n embrace

<my-release> can be replaced by "pulse-it-worker" as release name for example.

Replace 4.2.801 by latest stable Pulse-IT worker release.

3.2 Create Worker Node from Pulse-IT

  • Access the Pulse-IT interface and navigate to the "Monitor" menu, then select "Nodes".
  • Click on the "+" button
  • Modify the value of the "Number of nodes" field to specify the desired quantity of nodes to be created.
  • If desired, you can add a "Display name prefix".
  • Initiate the creation of nodes by clicking on the validation button labeled "New nodes".

4.Upgrade Pulse-IT

4.1 Activate maintenance mode:

  • Open the Pulse-IT interface and go to the "Monitor" menu, then choose "Nodes".
  • Click on the Pulse-IT Node in the diagram.
  • In the right panel, locate the "Maintenance" field and click on the "Deactivate" button.
  • In the modal that appears, click on "Stop all workflows and activate".

4.2 Upgrade Pulse-IT

4.2.1. Retrieve last values.local.yaml

If you can't see the old file, create a new one by consulting section 2.2

4.2.2 Upgrade Pulse-IT using Helm upgrade

helm upgrade  <my-release> \
    oci://registry-1.docker.io/embracemedia/pulse_it_chart \
    --version 4.2.2306 \
    --values=values.local.yaml \
    -n embrace

< my-release > can be replaced by "pulse-it" as release name for example.

Replace 4.2.2306 by latest stable Pulse-IT release.

4.3 Upgrade Worker Nodes

4.3.1 Delete old Worker Nodes

  • Open the Pulse-IT interface and go to the "Monitor" menu, then choose "Nodes".
  • Select all nodes and click on the "trash" button

4.3.2 Create new nodes

Refer to section 3.2

4.4 Deactivate maintenance mode

  • Open the Pulse-IT interface and go to the "Monitor" menu, then choose "Nodes".
  • Click on the Pulse-IT Node in the diagram.
  • In the right panel, locate the "Maintenance" field and click on the "Activated" button.

5. Enable SSL

5.1 Create a Kubernetes secret for SSL certificates

To enable SSL, you need a TLS certificate and private key file.

Run the following command to create a secret containing your certificate and private key:

kubectl create secret tls my-ingress-cert --namespace embrace \
    --key=certs/emb-localhost.key \
    --cert=certs/emb-localhost.crt

Ensure that the TLS certificate matches the hostname defined in conf.hostname in the values.local.yaml file.

5.2 Update the ingress values

Modify your values.<my_env>.yaml file to enable ingress and provide the name of your TLS secret. Update the ingress section with the following:

ingress:
  enabled: true
  tlsEnabled: true
  tlsSecretName: 'my-ingress-cert'

5.3 Deploy or update Pulse-IT

Once the ingress configuration is updated, redeploy or upgrade Pulse-IT using the following command:

helm upgrade <my-release> \
    oci://registry-1.docker.io/embracemedia/pulse_it_chart \
    --version 4.2.2306 \
    --values=values.local.yaml \
    -n embrace

Replace <my-release> with the desired release name such as pulse-it and 4.2.2306 with the latest stable version of the chart.

6. Mount shared storage

6.1 Create Persistent Volume (PV), Storage class and Persistent Volume Claim (PVC)

First, create a Persistent Volume (PV), Storage Class and Persistent Volume Clain (PVC) corresponding to your storages.

6.2 Enable shared storage in the Helm values file

Edit your values.<my_env>.yaml file to enable shared storage and specify your PVC references. Update the storage section as follows:

storage:
  enabled: true

  shared_storages:
    - volumeName: 'data'
      claimName: local-pvc
      containerMountPath: /mnt/data

6.3 Redeploy or update Pulse-IT

Once the storage configuration is updated, redeploy or upgrade Pulse-IT using the following command:

helm upgrade <my-release> \
    oci://registry-1.docker.io/embracemedia/pulse_it_chart \
    --version 4.2.2306 \
    --values=values.local.yaml \
    -n embrace

Replace <my-release> with the desired release name such as pulse-it and 4.2.2306 with the latest stable version.

7. Troubleshooting

5.1 Pod's state is ImagePullBackOff:

1- Verify whether any secret containing Embrace credentials have been created within the embrace namespace.

Command:

kubectl get secret -n embrace

Output:

NAME                TYPE                             DATA   AGE
emb-registry-cred   kubernetes.io/dockerconfigjson   1      3s

2- Ensure that the provided repository credentials are correct.

  • Delete existing secret
kubectl delete secret emb-registry-cred -n embrace
  • Recreate secret: Refer to section 1.5 to recreate secret
  • Deploy Pulse-IT using helm (see section 2.2)

5.2 Pulse-IT interface is not accessible

5.2.1 Review the applications logs.

Inspect the logs of every Pulse-IT component to identify errors.

- Review emb-app logs
kubectl logs -n embrace -l component=emb-app
- Review celery beat logs
kubectl logs -n embrace -l component=emb-celery-beat
- Review celery worker logs
kubectl logs -n embrace -l component=emb-celery-worker

5.3 Pulse-IT workers state icon is red

Inspect the logs of Pulse-IT worker container

kubectl logs -n embrace <pulse-it-worker-name> -c workflow-player

6. Utils commands:

Get logs for pulse-it app pods

kubectl logs -n embrace -l component=emb-app

Get logs for celery worker pods

kubectl logs -n embrace -l component=emb-celery-worker

Restart to apply LDAP/Active Directory configuration

kubectl rollout restart deployment emb-app emb-celery-worker -n embrace

Manually scale emb-app deployment

kubectl scale deployment emb-app --replicas=2 -n embrace

--replicas=2 can be replaced by desired number of replicas