Kubernetes Deployment
🚧 Under Heavy Development​
OpenLift is currently under heavy development and we have not released any versions yet.
This installation document is a placeholder for future releases. Docker images are not yet published.
Deploy OpenLift on Kubernetes for production-scale container orchestration with high availability, automatic scaling, and robust persistent storage.
Note: OpenLift container images are not yet published. Image references in manifests are commented as placeholders; replace with your own images when available.
Prerequisites​
Required Tools​
- Kubernetes cluster (v1.25+ recommended)
- Helm (v3.8+ required)
- kubectl configured for your cluster
- Persistent Volume support in your cluster
- LoadBalancer or Ingress Controller for external access
Cluster Requirements​
- Minimum Resources: 4 CPU cores, 8GB RAM
- Recommended Resources: 8+ CPU cores, 16GB+ RAM
- Storage: 100GB+ persistent storage for data
- Network: Ingress capability for external access
Quick Start with Helm​
Add OpenLift Helm Repository​
# Add the OpenLift Helm repository
helm repo add openlift https://charts.openlift.dev
helm repo update
Install with Default Configuration​
# Create namespace
kubectl create namespace openlift
# Install OpenLift
helm install openlift openlift/openlift \
--namespace openlift \
--set ingress.enabled=true \
--set ingress.hosts[0].host=openlift.yourdomain.com
Check Deployment Status​
# Check all pods are running
kubectl get pods -n openlift
# Check services
kubectl get services -n openlift
# Check ingress
kubectl get ingress -n openlift
Production Configuration​
Custom Values File​
Create a values-production.yaml file:
# Production values for OpenLift Helm chart
replicaCount: 3
# image:
# repository: <to-be-published>
# tag: "<tag>"
# pullPolicy: IfNotPresent
service:
type: ClusterIP
port: 3000
ingress:
enabled: true
className: "nginx"
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
hosts:
- host: openlift.yourdomain.com
paths:
- path: /
pathType: Prefix
tls:
- secretName: openlift-tls
hosts:
- openlift.yourdomain.com
# Database configuration
mongodb:
enabled: true
architecture: replicaset
replicaCount: 3
auth:
enabled: true
rootPassword: "secure-root-password"
username: "openlift"
password: "secure-app-password"
database: "openlift"
persistence:
enabled: true
size: 20Gi
storageClass: "fast-ssd"
# Redis for caching
redis:
enabled: true
architecture: standalone
auth:
enabled: true
password: "secure-redis-password"
master:
persistence:
enabled: true
size: 8Gi
# MinIO for file storage
minio:
enabled: true
mode: distributed
replicas: 4
persistence:
enabled: true
size: 100Gi
storageClass: "fast-ssd"
defaultBuckets: "openlift"
# Environment variables
env:
NODE_ENV: "production"
JWT_SECRET: "your-super-secure-jwt-secret"
CORS_ORIGIN: "https://openlift.yourdomain.com"
# Resource limits
resources:
limits:
cpu: 2000m
memory: 4Gi
requests:
cpu: 1000m
memory: 2Gi
# Horizontal Pod Autoscaler
autoscaling:
enabled: true
minReplicas: 3
maxReplicas: 10
targetCPUUtilizationPercentage: 80
targetMemoryUtilizationPercentage: 80
# Pod Disruption Budget
podDisruptionBudget:
enabled: true
minAvailable: 2
Deploy with Production Configuration​
helm install openlift openlift/openlift \
--namespace openlift \
--values values-production.yaml \
--wait
Manual Kubernetes Deployment​
Namespace and ConfigMap​
# namespace.yaml
apiVersion: v1
kind: Namespace
metadata:
name: openlift
---
# configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: openlift-config
namespace: openlift
data:
NODE_ENV: "production"
PORT: "3000"
CORS_ORIGIN: "https://openlift.yourdomain.com"
DATABASE_URL: "mongodb://mongodb:27017/openlift"
REDIS_URL: "redis://redis:6379"
MINIO_ENDPOINT: "http://minio:9000"
MINIO_BUCKET_NAME: "openlift"
Secrets Management​
# secrets.yaml
apiVersion: v1
kind: Secret
metadata:
name: openlift-secrets
namespace: openlift
type: Opaque
data:
JWT_SECRET: <base64-encoded-jwt-secret>
DATABASE_PASSWORD: <base64-encoded-db-password>
REDIS_PASSWORD: <base64-encoded-redis-password>
MINIO_ACCESS_KEY: <base64-encoded-minio-access-key>
MINIO_SECRET_KEY: <base64-encoded-minio-secret-key>
Application Deployment​
# deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: openlift-app
namespace: openlift
spec:
replicas: 3
selector:
matchLabels:
app: openlift-app
template:
metadata:
labels:
app: openlift-app
spec:
containers:
- name: openlift
# image: <to-be-published>
ports:
- containerPort: 3000
envFrom:
- configMapRef:
name: openlift-config
- secretRef:
name: openlift-secrets
livenessProbe:
httpGet:
path: /api/health
port: 3000
initialDelaySeconds: 30
periodSeconds: 10
readinessProbe:
httpGet:
path: /api/health
port: 3000
initialDelaySeconds: 5
periodSeconds: 5
resources:
limits:
cpu: 2000m
memory: 4Gi
requests:
cpu: 1000m
memory: 2Gi
Persistent Storage Configuration​
MongoDB StatefulSet​
# mongodb-statefulset.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: mongodb
namespace: openlift
spec:
serviceName: mongodb
replicas: 3
selector:
matchLabels:
app: mongodb
template:
metadata:
labels:
app: mongodb
spec:
containers:
- name: mongodb
# image: <set-your-image>
ports:
- containerPort: 27017
env:
- name: MONGO_INITDB_ROOT_USERNAME
value: "admin"
- name: MONGO_INITDB_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: mongodb-secret
key: root-password
volumeMounts:
- name: mongodb-data
mountPath: /data/db
volumeClaimTemplates:
- metadata:
name: mongodb-data
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: 20Gi
storageClassName: fast-ssd
MinIO for File Storage​
# minio-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: minio
namespace: openlift
spec:
replicas: 1
selector:
matchLabels:
app: minio
template:
metadata:
labels:
app: minio
spec:
containers:
- name: minio
# image: <set-your-image>
args:
- server
- /data
- --console-address
- ":9001"
ports:
- containerPort: 9000
- containerPort: 9001
env:
- name: MINIO_ROOT_USER
valueFrom:
secretKeyRef:
name: minio-secret
key: access-key
- name: MINIO_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: minio-secret
key: secret-key
volumeMounts:
- name: minio-data
mountPath: /data
volumes:
- name: minio-data
persistentVolumeClaim:
claimName: minio-pvc
Service and Ingress Configuration​
Services​
# services.yaml
apiVersion: v1
kind: Service
metadata:
name: openlift-service
namespace: openlift
spec:
selector:
app: openlift-app
ports:
- port: 80
targetPort: 3000
type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
name: mongodb
namespace: openlift
spec:
selector:
app: mongodb
ports:
- port: 27017
targetPort: 27017
clusterIP: None
---
apiVersion: v1
kind: Service
metadata:
name: minio
namespace: openlift
spec:
selector:
app: minio
ports:
- port: 9000
targetPort: 9000
name: api
- port: 9001
targetPort: 9001
name: console
Ingress with TLS​
# ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: openlift-ingress
namespace: openlift
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "100m"
spec:
ingressClassName: nginx
tls:
- hosts:
- openlift.yourdomain.com
secretName: openlift-tls
rules:
- host: openlift.yourdomain.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: openlift-service
port:
number: 80
Monitoring and Observability​
Health Checks​
# health-check-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: health-check
namespace: openlift
data:
health-check.sh: |
#!/bin/bash
curl -f http://localhost:3000/api/health || exit 1
Prometheus Monitoring​
# servicemonitor.yaml
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: openlift-metrics
namespace: openlift
spec:
selector:
matchLabels:
app: openlift-app
endpoints:
- port: http
path: /metrics
interval: 30s
Scaling and Performance​
Horizontal Pod Autoscaler​
# hpa.yaml
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: openlift-hpa
namespace: openlift
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: openlift-app
minReplicas: 3
maxReplicas: 10
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 80
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: 80
Pod Disruption Budget​
# pdb.yaml
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: openlift-pdb
namespace: openlift
spec:
minAvailable: 2
selector:
matchLabels:
app: openlift-app
Backup and Recovery​
Database Backup CronJob​
# backup-cronjob.yaml
apiVersion: batch/v1
kind: CronJob
metadata:
name: mongodb-backup
namespace: openlift
spec:
schedule: "0 2 * * *" # Daily at 2 AM
jobTemplate:
spec:
template:
spec:
containers:
- name: mongodb-backup
# image: <set-your-image>
command:
- /bin/bash
- -c
- |
mongodump --host mongodb:27017 --out /backup/$(date +%Y%m%d_%H%M%S)
find /backup -type d -mtime +7 -exec rm -rf {} +
volumeMounts:
- name: backup-storage
mountPath: /backup
restartPolicy: OnFailure
volumes:
- name: backup-storage
persistentVolumeClaim:
claimName: backup-pvc
Troubleshooting​
Common Issues​
# Check pod status
kubectl get pods -n openlift
# View pod logs
kubectl logs -f deployment/openlift-app -n openlift
# Check resource usage
kubectl top pods -n openlift
# Describe problematic pods
kubectl describe pod <pod-name> -n openlift
# Check ingress status
kubectl get ingress -n openlift
kubectl describe ingress openlift-ingress -n openlift
Database Connection Issues​
# Test MongoDB connection
kubectl exec -it mongodb-0 -n openlift -- mongosh
# Check MongoDB logs
kubectl logs mongodb-0 -n openlift
# Test from application pod
kubectl exec -it <openlift-pod> -n openlift -- curl mongodb:27017
Security Considerations​
- Use Kubernetes Secrets for sensitive data
- Enable RBAC for proper access control
- Use Network Policies to restrict pod-to-pod communication
- Regular security updates for all container images
- TLS encryption for all external traffic
- Pod Security Standards to enforce security policies
For more advanced Kubernetes configurations and enterprise features, consult the Kubernetes documentation and consider using managed Kubernetes services like EKS, GKE, or AKS.