search

reactioncommerce / mailchimp-open-commerce-helm-chart

Helm chart for deploying Mailchimp Open Commerce ontop of Kubernetes/Openshift.
Apache License 2.0
3 stars 4 forks source link

Deploying locally on docker-desktop for mac #11

Closed duxbuse closed 3 years ago

duxbuse commented 4 years ago

Howdy team, I was going through the blog post trying to set reaction up locally to test out the helm chart. I am fairly new to kubernetes and totally new to Reaction so if I have made any obvious errors, apologies. Any assistance to get this up and running would be most appreciated. After I get this test working locally I will attempt to load this into GKE.

I have run into a couple of issues so I will raise them all here in one place rather than seperate github issues. If desired I can break it up too. Issues:

  1. ssl and tls, Using the default settings I was getting no interpod connectivity this was due to ssl issues as such I had to disable it all as a first step in the values.yaml.
  2. https://github.com/slingshotlabs/reaction-oss-helm-chart/blob/b3e1b425217bab52b15ae4b5cbca77c4859efc4b/templates/web-deployment.yaml#L46-L49 Here both the internal and external urls are set to the same value. This was causing me issues as the external host url was not accessible from inside the cluster so for my example I changed it to http://test-web:4000/graphql for testing and I was now able to connect.
  3. Once I got web-deployment able to talk to graphql I then got the following error: 
    networkError:
{ ServerParseError: Unexpected token N in JSON at position 0
at JSON.parse (<anonymous>)
at /usr/local/src/app/node_modules/apollo-link-http-common/lib/index.js:35:25
at process._tickCallback (internal/process/next_tick.js:68:7)
name: 'ServerParseError',
response:
Body {
url: 'http://test-web:4000/graphql',
status: 501,
statusText: 'Not Implemented',
headers: [Headers],
ok: false,
body: [PassThrough],
bodyUsed: true,
size: 0,
timeout: 0,
_raw: [Array],
_abort: false,
_bytes: 15 },
statusCode: 501,
bodyText: 'Not Implemented' },
message: 'Network error: Unexpected token N in JSON at position 0',
extraInfo: undefined }

Steps to reproduce

git clone
helm dependency update
helm install test . -f ./myvalues.yaml
helm repo add nginx-stable https://helm.nginx.com/stable
helm repo update
helm install nginx nginx-stable/nginx-ingress

Then i changed my etc/hosts to have 
127.0.0.1 localhost admin.example.shop
127.0.0.1 localhost api.example.shop
127.0.0.1 localhost private.example.shop
127.0.0.1 localhost hydra.example.shop
127.0.0.1 localhost identity.example.shop
127.0.0.1 localhost www.example.shop

myvalues.yaml

##
## Global configuration
global:
  ##
  ## The Stripe secret key from your Stripe account dashboard.
  ## Required if you want Stripe payments to work.
  stripeKey: YOUR_PRIVATE_STRIPE_API_KEY

  ##
  ## Set this if you want to track storefront analytics such as
  ## page views with Segment. You can find this key on your Segment dashboard.
  segmentKey: YOUR_PRIVATE_SEGMENT_API_KEY

  ##
  ## The MongoDB database URL.
  ## Note: This overrides the Mongo subchart values i.e. bring your own
  # mongoUrl:

  ##
  ## The oplog URL for the MongoDB deployment.
  ## Note: This overrides the Mongo subchart values i.e. bring your own
  # mongoOplogUrl:

##
## Admin panel configuration
admin:
  enabled: true
  ssl: false
  host: admin.example.shop
  replicaCount: 2
  image:
    repository: reactioncommerce/admin
    tag: 3.0.0-beta.6
    pullPolicy: IfNotPresent
    # imagePullSecret:
  service:
    annotations: {}
    type: ClusterIP
  ingress:
    enabled: true
    path: ""
    annotations:
      kubernetes.io/ingress.class: nginx
      # nginx.ingress.kubernetes.io/ssl-redirect: "true"
      # nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
      nginx.ingress.kubernetes.io/proxy-buffer-size: "128k"
      nginx.ingress.kubernetes.io/proxy-buffers-number: "4 256k"
      nginx.ingress.kubernetes.io/proxy-busy-buffers-size: "256k"
      nginx.ingress.kubernetes.io/proxy-send-timeout: 3600
      nginx.ingress.kubernetes.io/proxy-read-timeout: 3600
    livenessPath:
    tls:
      enabled: false
      secretName: tls-secret

##
## API configuration
api:
  enabled: true
  host: api.example.shop
  ssl: false
  replicaCount: 2

  ##
  ## An SMTP mail url, e.g. smtp://user:pass@example.com:465, that is
  ## used to send all transactional emails from the email-smtp plugin.
  # mailUrl: smtp://user:pass@example.com:465

  ##
  ## If this is true, on startup the API will auto-initialize a MongoDB
  ## replica set if one isn't found.
  # initReplicaSet: false
  image:
    repository: reactioncommerce/reaction
    tag: 3.7.1
    pullPolicy: IfNotPresent
    # imagePullSecret:
  service:
    annotations: {}
    type: ClusterIP
  ingress:
    enabled: true
    path: ""
    annotations:
      kubernetes.io/ingress.class: nginx
    livenessPath:
    tls:
      enabled: false
      secretName: tls-secret

##
## Identity service configuration
identity:
  enabled: true
  host: identity.example.shop
  ssl: false
  replicaCount: 2
  image:
    repository: reactioncommerce/identity
    tag: 3.0.0
    pullPolicy: IfNotPresent
    # imagePullSecret:
  service:
    annotations: {}
    type: ClusterIP
  ingress:
    enabled: true
    path: ""
    annotations:
      kubernetes.io/ingress.class: nginx
    livenessPath:
    tls:
      enabled: false
      secretName: tls-secret

##
## Example storefront configuration
web:
  enabled: true
  host: www.example.shop
  ssl: false
  replicaCount: 2
  # sessionSecret: CHANGEME
  image:
    repository: reactioncommerce/example-storefront
    tag: 3.0.0
    pullPolicy: IfNotPresent
    # imagePullSecret:
  service:
    annotations: {}
    type: ClusterIP
  ingress:
    enabled: true
    path: ""
    annotations:
      kubernetes.io/ingress.class: nginx
    livenessPath:
    tls:
      enabled: false
      secretName: tls-secret

##
## MongoDB chart configuration
mongodb:
  enabled: true
  usePassword: true
  # existingSecret: name-of-existing-secret
  mongodbRootPassword: reaction
  service:
    annotations:
    type: ClusterIP
    port: 27017
  replicaSet:
    enabled: true
    useHostnames: true
    name: rs0
    replicas:
      secondary: 1
      arbiter: 1

##
## PostgreSQL chart configuration (for Hydra)
postgresql:
  enabled: true
  postgresqlUsername: postgres
  postgresqlPassword: hydra
  postgresqlDatabase: hydra
  # existingSecret: postgres-secret
  # existingSecretKey: postgres-password
  service:
    port: 5432
  persistence:
    enabled: true
    # storageClass: classname
    accessMode: ReadWriteOnce

##
## Hydra chart configuration
hydra:
  enabled: true
  replicaCount: 1
  ssl: false
  image:
    repository: oryd/hydra
    tag: v1.0.8
    pullPolicy: IfNotPresent
    # imagePullSecret:

  ##
  ## Refer to https://www.ory.sh/docs/oryos.9/hydra/advanced#openid-connect
  pairwiseSalt: youReallyNeedToChangeThis

  ##
  ## A key or keys used to encrypt sensitive data using AES-GCM (256 bit) and
  ## validate HMAC signatures. Must be at least 16 characters long. This may be
  ## a single key or a comma-separated list where the first item in the list is
  ## used for signing and encryption and the whole list is used for verifying
  ## signatures and decryption. See https://www.ory.sh/docs/hydra/configuration
  secretsSystem: youReallyNeedToChangeThis
  service:
    annotations: {}
    type: ClusterIP
  frontend:
    host: hydra.example.shop
    ingress:
      enabled: true
      path: ""
      annotations:
        kubernetes.io/ingress.class: nginx
      livenessPath:
      tls:
        enabled: false
        secretName: tls-secret

  admin:
    host: private.example.shop
    ingress:
      enabled: true
      path: ""
      annotations:
        kubernetes.io/ingress.class: nginx
      livenessPath:
      tls:
        enabled: false
        secretName: tls-secret
dcrdev commented 4 years ago

Sometimes the nginx controller does not generate a default cert, you might try generating your own and applying that to the cluster; that potentially solves the ssl/tls issue.

Generate cert:

$ cat << EOF > openssl.conf
[req]
req_extensions = v3_req
[v3_req]
subjectAltName = @alt_names
[alt_names]
DNS.1 = *.example.shop
DNS.2 = *.*.example.shop
EOF

$ openssl req -new -newkey rsa:2048 -sha256 -nodes -out cacert.csr -keyout cacert.key -config openssl.conf
$ openssl x509 -req -sha256 -days 365 -in cacert.csr -signkey cacert.key -out cacert.crt

Apply to the default namespace:

$ kubectl create secret tls tls-secret \
    --key key.pem \
    --cert cert.pem

Your specific error is because you are setting the api url to the storefront itself i.e. http://test-web:4000/graphql , that should actually be http://test-api:3000/graphql .

On the internal vs. external side, yeah that could/should be:

http://{{ template "reactioncommerce.fullname" . }}-api.{{ .Release.Namespace }}.svc:3000

I will get around to updating that soon - for now it works.

dcrdev commented 3 years ago

This is issue has been open over a month with no response, going to close for now.