Kubernetes Deployment
Deploy OpenLift on Kubernetes for production-scale container orchestration with high availability, automatic scaling, and robust persistent storage.
Note: OpenLift container images are not yet published. Image references in manifests are commented as placeholders; replace with your own images when available.
Prerequisites
Required Tools
- Kubernetes cluster (v1.25+ recommended)
- Helm (v3.8+ required)
- kubectl configured for your cluster
- Persistent Volume support in your cluster
- LoadBalancer or Ingress Controller for external access
Cluster Requirements
- Minimum Resources: 4 CPU cores, 8GB RAM
- Recommended Resources: 8+ CPU cores, 16GB+ RAM
- Storage: 100GB+ persistent storage for data
- Network: Ingress capability for external access
Quick Start with Helm
Add OpenLift Helm Repository
# Add the OpenLift Helm repository
helm repo add openlift https://charts.openlift.dev
helm repo update
Install with Default Configuration
# Create namespace
kubectl create namespace openlift
# Install OpenLift
helm install openlift openlift/openlift \
--namespace openlift \
--set ingress.enabled=true \
--set ingress.hosts[0].host=openlift.yourdomain.com
Check Deployment Status
# Check all pods are running
kubectl get pods -n openlift
# Check services
kubectl get services -n openlift
# Check ingress
kubectl get ingress -n openlift
Production Configuration
Custom Values File
Create a values-production.yaml file:
# Production values for OpenLift Helm chart
replicaCount: 3
# image:
# repository: <to-be-published>
# tag: "<tag>"
# pullPolicy: IfNotPresent
service:
type: ClusterIP
port: 3000
ingress:
enabled: true
className: "nginx"
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
hosts:
- host: openlift.yourdomain.com
paths:
- path: /
pathType: Prefix
tls:
- secretName: openlift-tls
hosts:
- openlift.yourdomain.com
# Database configuration
mongodb:
enabled: true
architecture: replicaset
replicaCount: 3
auth:
enabled: true
rootPassword: "secure-root-password"
username: "openlift"
password: "secure-app-password"
database: "openlift"
persistence:
enabled: true
size: 20Gi
storageClass: "fast-ssd"
# Redis for caching
redis:
enabled: true
architecture: standalone
auth:
enabled: true
password: "secure-redis-password"
master:
persistence:
enabled: true
size: 8Gi
# MinIO for file storage
minio:
enabled: true
mode: distributed
replicas: 4
persistence:
enabled: true
size: 100Gi
storageClass: "fast-ssd"
defaultBuckets: "openlift"
# Environment variables
env:
NODE_ENV: "production"
JWT_SECRET: "your-super-secure-jwt-secret"
CORS_ORIGIN: "https://openlift.yourdomain.com"
# Resource limits
resources:
limits:
cpu: 2000m
memory: 4Gi
requests:
cpu: 1000m
memory: 2Gi
# Horizontal Pod Autoscaler
autoscaling:
enabled: true
minReplicas: 3
maxReplicas: 10
targetCPUUtilizationPercentage: 80
targetMemoryUtilizationPercentage: 80
# Pod Disruption Budget
podDisruptionBudget:
enabled: true
minAvailable: 2
Deploy with Production Configuration
helm install openlift openlift/openlift \
--namespace openlift \
--values values-production.yaml \
--wait
Manual Kubernetes Deployment
Namespace and ConfigMap
# namespace.yaml
apiVersion: v1
kind: Namespace
metadata:
name: openlift
---
# configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: openlift-config
namespace: openlift
data:
NODE_ENV: "production"
PORT: "3000"
CORS_ORIGIN: "https://openlift.yourdomain.com"
DATABASE_URL: "mongodb://mongodb:27017/openlift"
REDIS_URL: "redis://redis:6379"
MINIO_ENDPOINT: "http://minio:9000"
MINIO_BUCKET_NAME: "openlift"
Secrets Management
# secrets.yaml
apiVersion: v1
kind: Secret
metadata:
name: openlift-secrets
namespace: openlift
type: Opaque
data:
JWT_SECRET: <base64-encoded-jwt-secret>
DATABASE_PASSWORD: <base64-encoded-db-password>
REDIS_PASSWORD: <base64-encoded-redis-password>
MINIO_ACCESS_KEY: <base64-encoded-minio-access-key>
MINIO_SECRET_KEY: <base64-encoded-minio-secret-key>
Application Deployment
# deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: openlift-app
namespace: openlift
spec:
replicas: 3
selector:
matchLabels:
app: openlift-app
template:
metadata:
labels:
app: openlift-app
spec:
containers:
- name: openlift
# image: <to-be-published>
ports:
- containerPort: 3000
envFrom:
- configMapRef:
name: openlift-config
- secretRef:
name: openlift-secrets
livenessProbe:
httpGet:
path: /api/health
port: 3000
initialDelaySeconds: 30
periodSeconds: 10
readinessProbe:
httpGet:
path: /api/health
port: 3000
initialDelaySeconds: 5
periodSeconds: 5
resources:
limits:
cpu: 2000m
memory: 4Gi
requests:
cpu: 1000m
memory: 2Gi
Persistent Storage Configuration
MongoDB StatefulSet
# mongodb-statefulset.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: mongodb
namespace: openlift
spec:
serviceName: mongodb
replicas: 3
selector:
matchLabels:
app: mongodb
template:
metadata:
labels:
app: mongodb
spec:
containers:
- name: mongodb
# image: <set-your-image>
ports:
- containerPort: 27017
env:
- name: MONGO_INITDB_ROOT_USERNAME
value: "admin"
- name: MONGO_INITDB_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: mongodb-secret
key: root-password
volumeMounts:
- name: mongodb-data
mountPath: /data/db
volumeClaimTemplates:
- metadata:
name: mongodb-data
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: 20Gi
storageClassName: fast-ssd
MinIO for File Storage
# minio-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: minio
namespace: openlift
spec:
replicas: 1
selector:
matchLabels:
app: minio
template:
metadata:
labels:
app: minio
spec:
containers:
- name: minio
# image: <set-your-image>
args:
- server
- /data
- --console-address
- ":9001"
ports:
- containerPort: 9000
- containerPort: 9001
env:
- name: MINIO_ROOT_USER
valueFrom:
secretKeyRef:
name: minio-secret
key: access-key
- name: MINIO_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: minio-secret
key: secret-key
volumeMounts:
- name: minio-data
mountPath: /data
volumes:
- name: minio-data
persistentVolumeClaim:
claimName: minio-pvc
Service and Ingress Configuration
Services
# services.yaml
apiVersion: v1
kind: Service
metadata:
name: openlift-service
namespace: openlift
spec:
selector:
app: openlift-app
ports:
- port: 80
targetPort: 3000
type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
name: mongodb
namespace: openlift
spec:
selector:
app: mongodb
ports:
- port: 27017
targetPort: 27017
clusterIP: None
---
apiVersion: v1
kind: Service
metadata:
name: minio
namespace: openlift
spec:
selector:
app: minio
ports:
- port: 9000
targetPort: 9000
name: api
- port: 9001
targetPort: 9001
name: console
Ingress with TLS
# ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: openlift-ingress
namespace: openlift
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "100m"
spec:
ingressClassName: nginx
tls:
- hosts:
- openlift.yourdomain.com
secretName: openlift-tls
rules:
- host: openlift.yourdomain.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: openlift-service
port:
number: 80
Monitoring and Observability
Health Checks
# health-check-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: health-check
namespace: openlift
data:
health-check.sh: |
#!/bin/bash
curl -f http://localhost:3000/api/health || exit 1
Prometheus Monitoring
# servicemonitor.yaml
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: openlift-metrics
namespace: openlift
spec:
selector:
matchLabels:
app: openlift-app
endpoints:
- port: http
path: /metrics
interval: 30s
Scaling and Performance
Horizontal Pod Autoscaler
# hpa.yaml
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: openlift-hpa
namespace: openlift
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: openlift-app
minReplicas: 3
maxReplicas: 10
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 80
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: 80
Pod Disruption Budget
# pdb.yaml
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: openlift-pdb
namespace: openlift
spec:
minAvailable: 2
selector:
matchLabels:
app: openlift-app
Backup and Recovery
Database Backup CronJob
# backup-cronjob.yaml
apiVersion: batch/v1
kind: CronJob
metadata:
name: mongodb-backup
namespace: openlift
spec:
schedule: "0 2 * * *" # Daily at 2 AM
jobTemplate:
spec:
template:
spec:
containers:
- name: mongodb-backup
# image: <set-your-image>
command:
- /bin/bash
- -c
- |
mongodump --host mongodb:27017 --out /backup/$(date +%Y%m%d_%H%M%S)
find /backup -type d -mtime +7 -exec rm -rf {} +
volumeMounts:
- name: backup-storage
mountPath: /backup
restartPolicy: OnFailure
volumes:
- name: backup-storage
persistentVolumeClaim:
claimName: backup-pvc
Troubleshooting
Common Issues
# Check pod status
kubectl get pods -n openlift
# View pod logs
kubectl logs -f deployment/openlift-app -n openlift
# Check resource usage
kubectl top pods -n openlift
# Describe problematic pods
kubectl describe pod <pod-name> -n openlift
# Check ingress status
kubectl get ingress -n openlift
kubectl describe ingress openlift-ingress -n openlift
Database Connection Issues
# Test MongoDB connection
kubectl exec -it mongodb-0 -n openlift -- mongosh
# Check MongoDB logs
kubectl logs mongodb-0 -n openlift
# Test from application pod
kubectl exec -it <openlift-pod> -n openlift -- curl mongodb:27017
Security Considerations
- Use Kubernetes Secrets for sensitive data
- Enable RBAC for proper access control
- Use Network Policies to restrict pod-to-pod communication
- Regular security updates for all container images
- TLS encryption for all external traffic
- Pod Security Standards to enforce security policies
For more advanced Kubernetes configurations and enterprise features, consult the Kubernetes documentation and consider using managed Kubernetes services like EKS, GKE, or AKS.
hidden: true draft: true
Kubernetes
origin/main