Open in app

Sign in

Write

Sign in

Azure K8S and Sentry (Part 2)

Gino Busok Jr
3 min readMar 29, 2019

Guys this is part 2. You need to do part 1 first before proceeding! Once you are done with that then read on.

So this is the continuation of deploying Sentry into Azure K8S. In part 1, we configured all of Sentry’s dependencies, namely Redis, Postgres and Memcached. For this part, we will now attempt to fully run Sentry into Kubernetes. So let’s start!

Generate secret key

kubectl run sentry-worker --image=sentry:9.0-onbuild --rm -i --tty \
--env="SENTRY_MEMCACHED_HOST=service-sentry-memcached" \
--env="SENTRY_REDIS_HOST=service-sentry-redis" \
--env="SENTRY_POSTGRES_HOST=service-sentry-pg" \
-- generate-secret-key

If you have the key, let’s store it to a K8S secret. Create and apply this yml file

apiVersion: v1
kind: Secret
metadata:
  name: sentry-secret
type: Opaque
data:
  sentry_secret_key: secret_key_in_Base64

Yes you need to first transform the key to Base64. You can use good old bash for this

echo 'your super secret key with' | base64

Upgrade the database

When you have your secret key, it is time to set-up the database. Just run this command

kubectl run sentry-worker --image=sentry:9.0-onbuild --rm -i --tty \
--env="SENTRY_MEMCACHED_HOST=staging-sentry-memcached" \
--env="SENTRY_REDIS_HOST=staging-service-sentry-redis" \
--env="SENTRY_POSTGRES_HOST=staging-service-sentry-pg" \
--env="SENTRY_SECRET_KEY=$(kubectl get secret sentry-secret -o=jsonpath="{.data['sentry_secret_key']}" | base64 --decode)" \
-- upgrade

This will retrieve your secret key from K8S secret then decode it.

kubectl get secret sentry-secret -o=jsonpath="{.data['sentry_secret_key']}" | base64 —-decode

All tables will be created here as well as the initial user. It is very important that you create the first user or the whole setup will fail. Also don’t forget the password!

Sentry!

And finally the moment we all have been waiting for. Deploying Sentry! Like what I said in Part 1, we need 3 services for our setup to work: web, cron and worker. The only difference for these 3 is the startup command. Everything else are the same. So here is the yml file for the web

apiVersion: apps/v1
kind: Deployment
metadata:
  name: sentry-web
spec:
  selector:
    matchLabels:
      app: sentry-web
replicas: 1
template:
  metadata:
    labels:
      app: sentry-web
spec:
  containers:
    - name: sentry-web
      image: sentry:9.0-onbuild
      env:
        - name: SENTRY_MEMCACHED_HOST
          value: service-sentry-memcached
        - name: SENTRY_REDIS_HOST
          value: service-sentry-redis
        - name: SENTRY_POSTGRES_HOST
          value: service-sentry-pg
        - name: SENTRY_SERVER_EMAIL
          value: your-gmail-account@gmail.com
        - name: SENTRY_EMAIL_HOST
          value: smtp.gmail.com
        - name: SENTRY_EMAIL_PORT
          value: '587'
        - name: SENTRY_EMAIL_USE_TLS
          value: 'true'
        - name: SENTRY_EMAIL_USER
          value: 'hello@sentry.com'
        - name: SENTRY_EMAIL_PASSWORD
          value: YourGmailPassword
        - name: SENTRY_SECRET_KEY
          valueFrom:
            secretKeyRef:
              name: sentry-secret
              key: sentry_secret_key
      resources:
        limits:
          memory: "500Mi"
          cpu: "0.5"
        requests:
          memory: "400Mi"
      ports:
        - name: http
          containerPort: 9000
      volumeMounts:
        - mountPath: "/var/lib/sentry/files"
          name: staging-sentry-files
  volumes:
    - name: staging-sentry-files
      persistentVolumeClaim:
        claimName: sentry-files-disk

For cron and worker, set [“/entrypoint.sh”] for template.spec.command and [“run”, “cron”] and [“run”, “worker”], respectively for template.spec.args. Remove spec.containers.port since these are just background tasks.

And lastly, we need to create a service so we can access Sentry Web.

kind: Service
apiVersion: v1
metadata:
  name: service-sentry-web
  annotations:
    service.beta.kubernetes.io/azure-load-balancer-internal: "true"
spec:
  type: LoadBalancer
  selector:
    app: staging-sentry-web
  ports:
    - protocol: TCP
      port: 80
      targetPort: 9000

Note that the value for metada.annotations is specific for azure only. This will assign a private IP address for the service which is accessible in the cluster’s virtual network. Once you create this service, congratulations! You successfully deployed Sentry into Azure Kubernetes.

The last thing you need to do is to expose this service into the internet. I highly suggest to use an nginx server hosted in the same private network as your k8s cluster. Access your sentry link and you should be able to see the login page.

Login using the username and password of the initial user you created. And you are done. Congratulations! Get a beer or two. You deserve it.

Kubernetes
Docker
DevOps
Azure
Sentry

--

--

Gino Busok Jr

Written by Gino Busok Jr

15 Followers

Your average programmer

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams