Deploying on Red Hat OpenShift Service on AWS (ROSA) - UM-Battery-Control-Group/UMBCL-InfluxDB GitHub Wiki

Prepare Your Environment

  • Set up ROSA: Ensure you have a ROSA cluster set up and ready to use. If you haven't already done so, follow the ROSA documentation to create a cluster.
  • Access to OpenShift CLI: Ensure you have the OpenShift CLI (oc) installed on your local machine to interact with your ROSA cluster.
  • Login: Using CLI: oc login --token=your_token --server=your_url
  • Get Project: Using CLI: oc project battery-control-lab-data

Deploy InfluxDB on ROSA

  • Setup Docker Hub account with OC: Use the CLI: oc create secret docker-registry my-docker-registry --docker-server=docker.io --docker-username=your-username --docker-password=your-password --docker-email=your-email
  • Create InfluxDB Deployment and Service: Write YAML manifests for deploying InfluxDB. You'll need a Deployment to run InfluxDB and a Service to expose it internally within your ROSA cluster. Check the yaml files in deployment/kubernetes folder.
  • Expose InfluxDB externally: Create an OpenShift Route or use an Ingress to expose the InfluxDB Service. Ensure secure access via HTTPS.

Create an OpenShift Route

  • Identify the Service Name: Ensure you have a Service set up for InfluxDB that targets the pods running InfluxDB on the correct port (usually 8086).
  • Expose the Route: You can expose a Route using the OpenShift CLI (oc) or through the OpenShift web console. Using CLI: oc expose svc/influxdb --port=8086 --name=influxdb-external.
  • Retrieve the Exposed URL: After the route is created, you need to retrieve the publicly accessible URL. Using CLI: oc get route influxdb-route-name. This command will display the URL under the HOST/PORT column.

Update the INFLUXDB_URL in Application

Once InfluxDB is exposed, and you have the external URL, you need to update the INFLUXDB_URL environment variable in your application to point to this new URL. This used in both env file and yaml files for the app.

Verify Connectivity

After updating the INFLUXDB_URL, redeploy application if necessary and verify that it can successfully connect to InfluxDB using the new external URL. A test operation is needed, such as writing a small amount of data to the database, to ensure everything is working as expected.

Security Considerations

Exposing databases externally comes with security risks. Ensure the proper authentication and authorization mechanisms are in place. Utilize InfluxDB’s built-in security features, like tokens for authentication and HTTPS for encryption, to protect the data. Additionally, consider network policies or firewalls to restrict access to known clients or networks.