Deployment

All Kaa services, including KPC, are distributed as Docker images. You can run these images using software containerization and orchestration tools, such as Docker, Docker Swarm, Docker Compose, Kubernetes, etc. Kubernetes is the recommended system for managing Kaa-based clusters.

Runtime dependencies

KPC has the following runtime dependencies:

  • NATS for inter-service communication.

Regardless of the deployment method, always make sure that you have dependency services up and running prior to starting up KPC.

The below instructions where KPC sources its configuration data from a local file.

Environment variables

The table below summarizes the variables supported by the KPC Docker image and provides default values along with descriptions.

Variable name Default value Description
APP_CONFIG_PATH /srv/kpc/service-config.yml Path to the service configuration YAML file inside container. In case of running in Kubernetes, consider using K8s Volumes for externalization.
NATS_URLS “nats://nats:4222” NATS connection URLs. May include connection credentials, e.g. “nats://derek:pass@localhost:4222”.
KAA_LICENSE_CERT_PATH /run/license/license.p12 Path to the Kaa platform license certificate file in PKCS #12 format.
KAA_LICENSE_CERT_PASSWORD   License certificate password. Required.

Kubernetes

To run KPC on Kubernetes:

  1. Install Kubernetes.
  2. Set up NATS as a Kubernetes service or a standalone server.
  3. Prepare Kubernetes deployment descriptor.
  4. (Optional) Configure volumes and secrets.
  5. Prepare a config map, or a separate configuration file and save it into a file available to pods under APP_CONFIG_PATH.
  6. Start up the pod: 
    kubectl create -f <deployment descriptor filename>
  7. Check that pods are running: 
    kubectl get pods

Deployment descriptor

Provided below is a sample deployment descriptor file that pulls the KPC version 1.0.0 Docker image from the official KaaIoT repository and runs one service replica (pod) with 100 MB RAM limit. Default environment variables are used in most cases, except the configuration source is file-based. With this deployment descriptor, the configuration file is expected to be located at ~/kpc-config/service-config.yml of the host machine. See spec.template.spec.volumes.hostPath below and the default APP_CONFIG_PATH above.

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: kpc
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: kpc
        tier: backend
    spec:
      containers:
      - name: kpc
        image: hub.kaaiot.net/kaaiot/kpc/kpc:1.0.0
        terminationMessagePolicy: FallbackToLogsOnError
        imagePullPolicy: Always
        resources:
          requests:
            memory: 25Mi
          limits:
            memory: 100Mi
        env:
        - name: KAA_LICENSE_CERT_PASSWORD
          valueFrom:
            secretKeyRef:
              name: license.cert.pass
              key: password
        ports:
        - name: mqtt
          containerPort: 1883
        - name: mqtt-tls
          containerPort: 8883
        - name: metrics
          containerPort: 8080
        volumeMounts:
        - name: license-volume
          mountPath: /run/license
        - name: kpc-conf-volume
          mountPath: /srv/kpc
      imagePullSecrets:
      - name: kaaid
      volumes:
        - name: kpc-conf-volume
          hostPath: ~/kpc-config
          defaultMode: 444
        - name: license-volume
          secret:
            secretName: license.cert

Below are some notable parameters of the deployment descriptor:

  • spec.replicas defines the number of service instance replicas.
  • spec.template.spec.containers.image defines the Docker image to be used, while spec.template.spec.containers.imagePullPolicy defines the image update policy.
  • spec.template.spec.imagePullSecrets specifies the image pull secret for the official KaaIoT docker registry. To define this secret, use your KaaID credentials: 
    $ export HISTCONTROL=ignorespace  # Prevent saving your credentials in the shell history
$  KAAID_USER=<your KaaID username>; kubectl create secret docker-registry kaaid --docker-server=hub.kaaiot.net --docker-username=$KAAID_USER --docker-email=$KAAID_USER --docker-password=<your KaaID password>
  • spec.template.spec.volumes.name.license-volume specifies the volume to contain the license certificate file. We recommend that this volume is created from a Kubernetes secret.
  • spec.template.spec.containers.name.kpc.env.name.KAA_LICENSE_CERT_PASSWORD defines the license certificate password environment variable, which is also recommended to be set from a Kubernetes secret.
  • spec.template.metadata.labels.app defines the application label to map Kubernetes deployment to the service.
  • spec.template.spec.containers.resources defines resources available to each replica. See how Kubernetes manages compute resources for containers.
  • spec.template.spec.containers.env defines the environment variables that Kubernetes passes to the service replica.
  • spec.template.spec.containers.ports defines the exposed ports. See Connecting applications with services.

Service descriptor

To expose the deployment outside the Kubernetes network, create a service descriptor. Below is a sample service descriptor that exposes KPC’s 1/KP interface running over MQTT with and without TLS to the Kubernetes host network interface at ports 30720 and 30721.

apiVersion: v1
kind: Service
metadata:
  name: kpc
  labels:
    app: kpc
    tier: backend
spec:
  type: "LoadBalancer"
  ports:
  - name: mqtt
    port: 1883
    targetPort: mqtt
    nodePort: 30720
  - name: mqtt-tls
    port: 8883
    targetPort: mqtt-tls
    nodePort: 30721
  selector:
    app: kpc
    tier: backend

The following parameters are worth noting:

  • spec.type defines the service type.
  • spec.ports.port, spec.ports.targetPort, and spec.ports.nodePort parameters define the mapping between the Kubernetes service and deployment ports.
  • spec.selector.app maps the service to the deployment. It matches spec.metadata.labels.app in the deployment descriptor above.

Volumes and secrets

The above deployment descriptor mounts a host machine directory for the service to load its configuration file from. However, such simple configuration may not be convenient in multi-node deployments and you might want to create other types of volumes. Besides, if you want to pass sensible pieces of information to the service using the environment variables, such as logins and passwords for dependency services, we recommend using Kubernetes Secrets. To learn more about these subjects, refer to Kubernetes documentation:

Docker

To run KPC in Docker:

  1. Install Docker.
  2. Set up NATS as a Docker container or a standalone server.
  3. Prepare a configuration file and save into a file available to the container under APP_CONFIG_PATH.
  4. Run Docker container. For example, use the following command to run the KPC version 1.0.0 image: 
    $ docker run \
 -v <host_path_to_config_directory>:/srv/kpc \
 hub.kaaiot.net/kaaiot/kpc/kpc:1.0.0