This section presents how to quickly run the WorkflowGen container with a minimal architecture on Kubernetes.
There are known limitations when using Hyper-V isolation with the WorkflowGen container in WorkflowGen versions 7.19.x and earlier. It's recommended to use process isolation exclusively. This limitation no longer applies as of WorkflowGen version 7.20.0.
At the end of this section, you'll have this cluster configuration:
Every container in the cluster will have access to the configuration and secrets inside their namespaces. Several Azure services will be deployed by Azure Kubernetes Service. This doesn't require any manual steps other than interacting with Kubernetes itself. The load balancer that the service will create will dispatch the requests between the WorkflowGen server replicas.
As well, note that you should not create any other resources in Azure besides the cluster and its nodes. All required resources for the containers will be created by Kubernetes automatically. AKS is a fully-managed platform.
Add a PersistentVolumeClaim for shared storage
Now, you need to add a claim that represent the WorkflowGen data volume that will be used by your deployment. To do this, apply the following YAML to your cluster:
Then, apply it to the cluster using the following command:
kubectl apply -c .\wfgdata-pvc.yml
Add your WorkflowGen license file to the cluster
Kubernetes enables you to manage secrets and configurations as files inside the cluster and inject them into pods. In this case, you'll add your license file as a secret and later inject it to the WorkflowGen pod. To add your license to the cluster, execute the following command:
As mentioned earlier, there is a mechanism in Kubernetes that allows you to manage your containers' configurations. Here, you'll create one for WorkflowGen and another for the database:
The WFGEN_APP_SETTING_ApplicationUrl value will be changed to the load balancer's IP address after creating the WorkflowGen services. Therefore, it doesn't matter for now what is put in there because it will be changed later in this example.
Don't forget to apply this configuration:
kubectl apply -f .\config.yml
Add secrets for the services
Kubernetes also manages secrets for you. They are securely stored and only given to the containers as files.
Replace <YOUR_WFG_LIC_KEY_BASE64> with the value generated in the previous step for the WorkflowGen license key, and replace <YOUR_NEW_GUID_BASE64> with the value generated in the previous step for the new GUID.
Don't forget to apply this:
kubectl apply -f secrets.yml
Deploy the containers
You're now ready to deploy the services. You'll create two Deployment objects and one ReplicaSet object. The deployment will create ReplicaSets for all the services with different configurations. Those deployments can later be configured to automatically scale with the pods' usage. The ReplicaSet will provide the necessary services to the database container in order to run properly and avoid data losses. Don't forget that there should only be one instance of each WorkflowGen Windows Service running at all time. This container pattern is called a Singleton.
Database
This configuration will deploy the StatefulSet database along with a headless service. This object will also create a persistent volume claim based on the template provided in the declaration.
apiVersion:apps/v1kind:Deploymentmetadata:name:wfgen-webappsspec:replicas:3strategy:type:Recreateselector:matchLabels:app.kubernetes.io/name:workflowgenapp.kubernetes.io/component:webappstemplate:metadata:labels:app.kubernetes.io/name:workflowgenapp.kubernetes.io/component:webappsspec:nodeSelector:kubernetes.io/os:windowscontainers: - name:wfgenimage:advantys/workflowgen:7.18.3-win-ltsc2019imagePullPolicy:Alwaysresources:requests:memory:"2Gi"cpu:"1"limits:memory:"2Gi"cpu:"1"ports: - name:httpcontainerPort:80protocol:TCPenvFrom: - configMapRef:name:wfgen-configenv: - name:WFGEN_START_SERVICEvalue:webappslivenessProbe:periodSeconds:30timeoutSeconds:5initialDelaySeconds:60exec:command: - powershell - C:\healthcheck.ps1livenessProbe:timeoutSeconds:5initialDelaySeconds:60exec:command: - powershell - -Command - if (Test-Path "C:\iislog\W3SVC\*log") { return 0 } else { return 1 }volumeMounts: - mountPath:C:\wfgen\dataname:wfgdata - mountPath:C:\wfgen\licensesreadOnly:truename:licenses - mountPath:C:\secretsreadOnly:truename:secretsvolumes: - name:wfgdatapersistentVolumeClaim:claimName:wfgdata-pvc - name:licensessecret:secretName:wfgen-license-secretitems:# The following must match the name of the license item in # the license secret, e.g. the name of the license file - key:WorkflowGen.licpath:WorkflowGen.lic - name:secretssecret:secretName:wfgen-sec
Apply this replication controller:
kubectl apply -f wfgen-webapps.yml
Windows Services deployment
apiVersion:apps/v1kind:Deploymentmetadata:name:wfgen-winservicesspec:replicas:1# Singleton patternstrategy:type:Recreateselector:matchLabels:app.kubernetes.io/name:workflowgenapp.kubernetes.io/component:winservicestemplate:metadata:labels:app.kubernetes.io/name:workflowgenapp.kubernetes.io/component:winservicesspec:nodeSelector:kubernetes.io/os:windowscontainers: - name:wfgen-dir-syncimage:advantys/workflowgen:7.18.3-win-ltsc2019resources:requests:memory:"1Gi"cpu:"500m"limits:memory:"1Gi"cpu:"750m"envFrom: - configMapRef:name:wfgen-configenv: - name:WFGEN_START_SERVICEvalue:dir_synclivenessProbe:periodSeconds:30timeoutSeconds:5initialDelaySeconds:60exec:command: - powershell - C:\healthcheck.ps1volumeMounts: - mountPath:C:\wfgen\dataname:wfgdata - mountPath:C:\wfgen\licensesreadOnly:truename:licenses - mountPath:C:\secretsreadOnly:truename:secrets - name:wfgen-engineimage:advantys/workflowgen:7.18.3-win-ltsc2019resources:requests:memory:"1Gi"cpu:"500m"limits:memory:"1Gi"cpu:"750m"envFrom: - configMapRef:name:wfgen-configenv: - name:WFGEN_START_SERVICEvalue:enginelivenessProbe:periodSeconds:30timeoutSeconds:5initialDelaySeconds:60exec:command: - powershell - C:\healthcheck.ps1volumeMounts: - mountPath:C:\wfgen\dataname:wfgdata - mountPath:C:\wfgen\licensesreadOnly:truename:licenses - mountPath:C:\secretsreadOnly:truename:secretsvolumes: - name:wfgdatapersistentVolumeClaim:claimName:wfgdata-pvc - name:licensessecret:secretName:fgen-license-secretitems:# The following must match the name of the license item in # the license secret, e.g. the name of the license file - key:WorkflowGen.licpath:WorkflowGen.lic - name:secretssecret:secretName:wfgen-sec
Apply the Windows Services:
kubectl apply -f wfgen-win-services.yml
Add a load balancer
Now, you need to add a public-facing load balancer in order to dispatch requests to your pods. To do this, execute the following command:
Replace <EXTERNAL_IP> with the value of EXTERNAL-IP that you have.
Apply it:
kubectl apply -f wfgen-config.yml
Then, restart all of the pods in the WorkflowGen deployment to apply the changes to them. You have to do this for the Windows services as well. To do this, execute the following commands:
kubctl scale deployment wfgen-webapps --replicas 0 -n wfgen-service
kubctl scale deployment wfgen-winservices --replicas 0 -n wfgen-service
# Wait until the scaling is done and then scale up
kubctl scale deployment wfgen-webapps --replicas 3 -n wfgen-service
kubctl scale deployment wfgen-winservices --replicas 1 -n wfgen-service
You should now have a working WorkflowGen with a load balancer and a database.
Kubernetes with AKS using Helm
Helm is a package manager–like tool for Kubernetes. It manages the sharing, deployment, updates and rollbacks of software developed for Kubernetes. Based on values provided, Helm generates definition files for the cluster with the template engine from the Go programming language. For each release, WorkflowGen now produces a chart that you can use with your cluster. To have the latest bug fixes and features from the chart, make sure to always pick the chart released with the latest update of WorkflowGen.
Architecture overview
At the end of this section, you'll have this cluster configuration:
Every container in the cluster will have access to the configuration and secrets inside their namespaces. Several Azure services will be deployed by Azure Kubernetes Service. This doesn't require any manual steps other than interacting with Kubernetes itself. The load balancer that the service will create will dispatch the requests between the WorkflowGen server replicas.
You must have installed the Helm command line tool. See the Installing Helm section on the Helm website for instructions on how to install it. Only Helm versions 3.0 and later are supported.
As well, note that you should not create any other resources in Azure besides the cluster and its nodes. All required resources for the containers will be created by Kubernetes automatically. AKS is a fully-managed platform.
Create the symmetric encryption key
This value should be generated by you. A simple GUID will suffice since it has sufficient entropy not to be guessed:
Kubernetes enables you to manage secrets and configurations as files inside the cluster and inject them into pods. In this case, you'll add your license file as a secret and later inject it to the WorkflowGen pod. To add your license to the cluster, execute the following command:
In order to generate the templates tailored to your configuration expectations, you have to provide some values to the helm command when you install or update a release. You can specify those values using the command line interface or with a file. In the case of a new installation, it will be easier with a file. Here are the values that you will need:
Helm will generate Kubernetes deployment files for you and install them on the cluster.
Update the application URL
This configuration will create a load balancer in front of the WorkflowGen containers. You will need to wait for it to get a public IP address. Execute the following command periodically until you get the load balancer's public IP:
kubectl get services wfgen-service
Once the value of EXTERNAL-IP is provisioned, copy it and modify the WorkflowGen configuration to change the WFGEN_APP_SETTING_ApplicationUrl value. To do this, you first need to get the name of the ConfigMap associated with the WorkflowGen deployment. The following command will give you all the ConfigMap objects in the default namespace:
kubectl get configmap
Copy the WorkflowGen ConfigMap name and replace <WFG_CONFIG_MAP> with the value in the following command:
kubectl edit configmap "<WFGEN_CONFIG_MAP>"
This will bring up an editor so you can replace the WFGEN_APP_SETTING_ApplicationUrl value with the correct IP address from the load balancer service. Save the file and exit the editor. To apply the changes made to the ConfigMap object, restart all of the pods in the WorkflowGen deployment. You have to do this for the Windows services as well. Get the name of the deployments with the following command:
kubectl get deployment
Replace <WEB_APPS_DEPLOYMENT_NAME> and <WIN_SERVICES_DEPLOYMENT_NAME> in the following script with the correct deployment names to restart all containers:
kubctl scale deployment "<WEB_APPS_DEPLOYMENT_NAME>" --replicas 0 -n wfgen-service
kubctl scale deployment "<WIN_SERVICES_DEPLOYMENT NAME>" --replicas 0 -n wfgen-service
# Wait until the scaling is done and then scale up
kubctl scale deployment "<WEB_APPS_DEPLOYMENT_NAME>" --replicas 3 -n wfgen-service
kubctl scale deployment "<WIN_SERVICES_DEPLOYMENT NAME>" --replicas 1 -n wfgen-service
You should now have a working WorkflowGen with a load balancer and a database.