Deploy the Workflow - UI
After a workflow is approved by all the users, you can execute the application in the workflow using the workflow RUN button that allows users to start the application job and monitor them.
Execute the Application on Azure Kubernetes Service
Prerequisites
- Compute Clusters: A compute cluster is a set of nodes that run containerized applications. Compute clusters are used to run CCM workflows. Refer to Section: Configure the AKS Compute Cluster in Fortanix CCM for steps to configure a compute cluster in Fortanix CCM and access the cluster.
- Job specification: A Kubernetes job spec is a YAML file. A skeleton is provided as input to Fortanix CCM with user parameters. This is then updated by Fortanix CCM with relevant environment variables. Please see the example for expected inputs.
Refer to Section: Configure Workflow for steps to configure the Kubernetes job specification.
Create an AKS Cluster
To set up an AKS Cluster, refer to the article how to set up an AKS cluster as worker nodes in Fortanix CCM. The article shows you how to:
- Create a cluster
- Configure Fortanix Node Agent
- Use the cluster to deploy applications manually
Obtain the Kubectl Config File
A kubectl
YAML file is used to configure the compute cluster. This file stores the following:
- The client certificates, token, and cluster CA certificate. This is the only authentication mechanism for AKS. We do not yet support username/password or other authentication options.
- The server address.
- Metadata like cluster name and user name.
The following are the usual steps for Azure Kubernetes Service to obtain a kubectl
config file. For more information refer to official documentation from Microsoft.
- Log in on the command line.
az login
- Get a list of all the available subscriptions.
az account list
- Select a subscription.
az account set --subscription subscription-id
- Get the AKS credentials.
az aks get-credentials --name (cluster-name) --resource-group (cluster-resource-group)
~/.kube/config
folder.
Configure the AKS Compute Cluster in Fortanix CCM
In order to start applications using the RUN button, you must configure the AKS credentials in Fortanix CCM.
To configure the AKS cluster in Fortanix CCM:
- Click the Infrastructure tab in the Fortanix CCM left panel and select the Compute Clusters tab.
- In the Compute Clusters page, click ADD COMPUTE CLUSTER to configure a new compute cluster.
Figure 1: Create compute cluster
- In the “Add Cluster” form, enter the following details:
- Name: The AKS cluster name.
- Type: The runtime environment, that is, Kubernetes.
- Kubernetes Configuration: The YAML file obtained in Section Obtain the Kubectl File that has the AKS configuration details.
Figure 2: Configure the compute cluster
- Click ADD CLUSTER to save the cluster configuration. The cluster is successfully configured.
Figure 3: Cluster configured
Configure Workflow
To run a workflow application, you need to configure the workflow by following the steps below:
- Click the Workflows tab and on the Workflows page, select the Approved workflows tab.
- In the list of approved workflows, select a workflow that has a single application since Fortanix CCM 3.5 supports only single job deployments.
Figure 4: Select approved workflow
- In the detailed view of the selected workflow, you will notice a RUN button in the disabled state. The RUN button will be disabled if you have not configured the job specification. To enable the RUN button, configure the Kubernetes job specification using the Configuration
icon next to the RUN button.
Figure 5: Configure job spec
- In the RUN WORKFLOW window, enter the following details:
- Deployment Type: The workflow deployment type, that is, Kubernetes (Single Job). Currently, Fortanix CCM supports only a single job deployment.
- Namespace: The Kubernetes namespace
- Cluster: The cluster that you configured in Fortanix CCM. Currently, Fortanix CCM supports only the AKS cluster as the runtime environment for deploying the workflow.
- Deployment Type: The deployment type for the application, that is, Kubernetes.
- Job Specification: The Kubernetes job specification YAML file that is required by the cluster and the application to run the application job.
apiVersion: batch/v1
kind: Job
metadata:
name: job-name
spec:
backoffLimit: 0
template:
spec:
containers:
- name: containername
resources:
limits:
kubernetes.azure.com/sgx_epc_mem_in_MiB: 1
imagePullSecrets:
- name: dockerhub
restartPolicy: NeverFigure 6: Configure job spec
Figure 7: Configure job spec
- Configure secret in Kubernetes.
- This is a subset of: https://kubernetes.io/docs/concepts/configuration/secret/
- For any information, please refer to the official documentation above.
To configure the secret: - If you are using a docker hub, generate a token as in this example.
- If you are using ECR - get a token using the CLI.
- Using the docker server, for the docker hub, it is the URL used in this example.
- Click CONFIGURE to configure the Kubernetes job specification.
- If the job spec is configured successfully, you will see the
RUN
button enabled.Figure 8: Run enabled
Run the Workflow Application
To run the Workflow application,
- Configure the image pull secret.
- Click the RUN button in the detailed view of an approved workflow that you enabled in the previous section.
Figure 9: Run the application
- In the RUN WORKFLOW modal window, the Cluster, Job Type, and Job Spec that you configured in the previous section will be selected.
- Click RUN to run the workflow.
Figure 10: Run workflow
- You will notice the Running indication at the bottom of the workflow.
- At any point, if there is a need to stop the execution, click STOP. This will re-enable the RUN button.
- If the application is executed successfully, you will see the status of the execution under the Execution Log. Click the View detail link to view the log details.
Figure 11: Running workflow
- The EXECUTION LOG modal window shows the detailed logs of the run. You can also download the log using the DOWNLOAD link.
Figure 12: Log details
Comments
Please sign in to leave a comment.