Kubernetes
This section describes deploying the Citeck platform in a Kubernetes environment: managing pod and container resources, configuring the Helm chart, and generating encryption keys.
Pod and Container Resource Management
Below are the minimum MEM/CPU resource requirements for stable operation of microservices in combination with Java XMX/XMS parameters. This configuration was load tested with 1000 concurrent users for 1 hour.
Scenario composition and load distribution:
system login and viewing the main page with loading menu, dashboard, user information (20%);
viewing the contracts journal (30%);
navigating to the contract view page with loading all widgets: contract information, actions, tasks, comments, relationships, version history, etc. (30%);
viewing the active tasks journal (30%);
creating documents (20%);
starting processes for documents (10%);
executing process tasks (50%).
During the load test, 2,043,398 requests were generated, of which 1 request (0.00%) ended with errors or exceeded the execution time limit.
Average response time - 6.88 milliseconds.
Median - 6 milliseconds.
90% of all requests were processed in less than 16 milliseconds.
95% of all requests were processed in less than 25 milliseconds.
99% of all requests were processed in less than 47 milliseconds.
Ecos Registry
EcosRegistryApp:
environments:
javaOpts: "-Xmx256m -Xms256m"
resources: |
limits:
cpu: 1
memory: 1Gi
requests:
cpu: 300m
memory: 1Gi
Ecos Model
EcosModelApp:
environments:
javaOpts: "-Xmx256m -Xms256m"
resources: |
limits:
cpu: 2
memory: 1Gi
requests:
cpu: 2
memory: 1Gi
Ecos Gateway
EcosGatewayApp:
environments:
javaOpts: "-Xmx256m -Xms256m"
resources: |
limits:
cpu: 2
memory: 1Gi
requests:
cpu: 2
memory: 1Gi
Ecos Apps
EcosAppsApp:
environments:
javaOpts: "-Xmx256m -Xms256m"
resources: |
limits:
cpu: 1
memory: 1Gi
requests:
cpu: 100m
memory: 1Gi
Ecos Process
EcosProcessApp:
environments:
javaOpts: "-Xmx2G -Xms2G"
resources: |
limits:
cpu: 1
memory: 3548Mi
requests:
cpu: 1
memory: 3548Mi
Ecos Uiserv
EcosUiservApp:
environments:
javaOpts: "-Xmx256m -Xms256m"
resources: |
limits:
cpu: 1
memory: 1Gi
requests:
cpu: 1
memory: 1Gi
Ecos History
EcosHistoryApp:
environments:
javaOpts: "-Xmx256m -Xms256m"
resources: |
limits:
cpu: 1
memory: 1Gi
requests:
cpu: 100m
memory: 1Gi
Ecos Integrations
EcosIntegrationsApp:
environments:
javaOpts: "-Xmx256m -Xms256m"
resources: |
limits:
cpu: 1
memory: 1Gi
requests:
cpu: 100m
memory: 1Gi
Ecos Notifications
EcosNotificationsApp:
environments:
javaOpts: "-Xmx256m -Xms256m"
resources: |
limits:
cpu: 1
memory: 1Gi
requests:
cpu: 100m
memory: 1Gi
Ecos Transformations
EcosTransformationsApp:
environments:
javaOpts: "-Xmx256m -Xms256m"
resources: |
limits:
cpu: 1
memory: 1Gi
requests:
cpu: 100m
memory: 1Gi
Ecos Ecom
EcosEcomApp:
environments:
javaOpts: "-Xmx256m -Xms256m"
resources: |
limits:
cpu: 1
memory: 1Gi
requests:
cpu: 100m
memory: 1Gi
Ecos Service Desk
EcosServiceDeskApp:
environments:
javaOpts: "-Xmx256m -Xms256m"
resources: |
limits:
cpu: 1
memory: 1Gi
requests:
cpu: 100m
memory: 1Gi
Ecos Edi
EcosEdiApp:
environments:
javaOpts: "-Xmx256m -Xms256m"
resources: |
limits:
cpu: 1
memory: 1Gi
requests:
cpu: 100m
memory: 1Gi
Ecos Content
EcosContentApp:
environments:
javaOpts: "-Xmx256m -Xms256m"
resources: |
limits:
cpu: 1
memory: 1Gi
requests:
cpu: 100m
memory: 1Gi
Ecos Proxy
EcosProxyApp:
resources: |
limits:
cpu: 1
memory: 512Mi
requests:
cpu: 300m
memory: 256Mi
Microservices PostgreSQL
EcosMicroservicesPostgresqlApp:
resources: |
limits:
cpu: 2
memory: 2Gi
requests:
cpu: 2
memory: 2Gi
MongoDB
MongoDBApp:
resources: |
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 300m
memory: 512Mi
Zookeeper
ZookeeperApp:
resources: |
limits:
cpu: 1
memory: 1Gi
requests:
cpu: 500m
memory: 1Gi
RabbitMQ
RabbitmqApp:
resources: |
limits:
cpu: 1
memory: 1Gi
requests:m
cpu: 500
memory: 1Gi
Ecos Identity
EcosIdentityApp:
resources: |
limits:
cpu: 1
memory: 1Gi
requests:
cpu: 300m
memory: 1Gi
OnlyOffice
OnlyofficeApp:
resources: |
limits:
cpu: 2
memory: 2Gi
requests:
cpu: 100m
memory: 2Gi
Helm Chart Configuration Parameters
Note
Available only in the Enterprise version.
This section describes the Helm chart parameters used for fine-tuning the deployment of the Citeck platform in a Kubernetes cluster. The parameters allow you to manage resources, replicas, environment variables, and other microservice characteristics.
Parameter description is provided in the Helm chart example.
General Description
Note
<mSRV> is replaced with the microservice name, e.g., EcosApp, RabbitmqApp, etc.
General Parameters
.Values.FQDN: Platform domain name.Values.TenantID: Unique tenant identifier.Values.clusterDomain: Kubernetes cluster domain
Microservice Management
.Values.<mSRV>.enabled: Enable/disable microservices.Values.<mSRV>.clearData: Clear data on container startup.Values.<mSRV>.type: Ingress type.Values.<mSRV>.apiVersion: Ingress API version.Values.<mSRV>.secretName: TLS certificate to use.Values.<mSRV>.albIngress.enabled: Use ALB ingress controller
Containers and Images
.Values.<mSRV>.image.registry: Image registry.Values.<mSRV>.image.repository: Image repository.Values.<mSRV>.image.tag: Image tag.Values.<mSRV>.image.pullSecrets: Secrets for registry access.Values.<mSRV>.initContainers.image.*: Init-container settings
Vault and Secrets
.Values.<mSRV>.vault.enabled: Enable Vault.Values.<mSRV>.vault.*: Environment variables and passwords for services (MongoDB, PostgreSQL, Keycloak, etc.)
Environment Variables
.Values.<mSRV>.environments.username/password: Administrator username/password.Values.<mSRV>.environments.javaOpts: Java startup options for microservices.Values.<mSRV>.environments.*: Specific variables (Solr, Alfresco, Flowable, etc.)
Storage and PVCs
.Values.<mSRV>.persistence.enabled: Enable persistent storage.Values.<mSRV>.persistence.size: PVC size.Values.<mSRV>.persistence.storageClass: PVC StorageClass.Values.<mSRV>.persistence.accessModes: PVC access mode.Values.<mSRV>.persistence.existingClaim: Use an existing PVC.Values.<mSRV>.persistence.backup*: PVC parameters for backups
Metrics and Monitoring
.Values.<mSRV>.metrics.enabled: Enable metrics export.Values.<mSRV>.metrics.config: jmx-exporter configuration.Values.<mSRV>.metrics.serviceMonitor.*: ServiceMonitor settings.Values.<mSRV>.metrics.service.ports.*: Metrics ports.Values.<mSRV>.metrics.containerSecurityContext.*: Container security context.Values.<mSRV>.metrics.startupProbe.*: Startup Probe.Values.<mSRV>.metrics.readinessProbe.*: Readiness Probe.Values.<mSRV>.metrics.livenessProbe.*: Liveness Probe
Resources and Limits
.Values.<mSRV>.resources: CPU and memory for microservices.Values.<mSRV>.tolerations: Tolerations for Pods
Other
.Values.<mSRV>.webapp.properties.webUrl: URL for Spring applications.Values.<mSRV>.x509.certs: Certificates (unclear purpose)
Generating a unique encryption key
When deploying a new server, it is necessary to generate a unique encryption key each time.
Use the following code to generate an AES key:
fun main() {
val keyGen = KeyGenerator.getInstance("AES")
keyGen.init(128) // AES key size 128
val secretKey = keyGen.generateKey()
val base64Key = Base64.getEncoder().encodeToString(secretKey.encoded)
println("Base64 Key: $base64Key")
}
Make sure the default key is replaced with the new one. If this is not done, the system will issue a warning in the logs.