Deploy to Kubernetes
OpenReplay deployment is based on Helm Charts which makes it fully compatible with Kubernetes. We package PostgreSQL and Redis, which are required for OpenReplay. Here's how to do it.
Prerequisites
All we need is Kubernetes v1.18+. OpenReplay requires 2 vCPUs, 8 GB of RAM, 50 GB of storage
to properly run, otherwise OpenReplay backend services won't simply start. These specs are enough for a moderate volume, but if you're expecting high traffic, you should scale from here.
The deployment has been tested on the below platforms:
- Local single-node Kube cluster
- Google Kubernetes Engine (GKE)
- Amazon Elastic Kubernetes Service (EKS)
- Microsoft Azure Kubernetes Service (AKS)
- Scaleway Elements Kubernetes (Kapsule)
Deploy OpenReplay
Connect to your cluster and clone the OpenReplay repository:
git clone https://github.com/openreplay/openreplay.git
Then, open the vars.yaml
file with the command vi openreplay/scripts/helmcharts/vars.yaml
then substitute:
domainName
: this is where OpenReplay will be accessible (i.e. openreplay.mycompany.com)postgresqlPassword
: Postgres password (set it or generate a random one)accessKey
: required for the object storage service (use a randomly generated string)secretKey
: required for the object storage service(use a randomly generated string)jwt_secret
: required for the API (use a randomly generated string)
Ensure you have helm installed then setup OpenReplay:
cd openreplay/scripts/helmchartshelm upgrade --install databases ./databases -n db --create-namespace --wait -f ./vars.yaml --atomichelm upgrade --install openreplay ./openreplay -n app --create-namespace --wait -f ./vars.yaml --atomic
Configure TLS/SSL
OpenReplay deals with sensitive user data and therefore requires HTTPS to run. This is mandatory, otherwise the tracker simply wouldn't start recording. Same thing for the dashboard, without HTTPS you won't be able to replay user sessions.
If your Kubernetes cluster is in the cloud (like EKS, AKS or GKE) then the easiest way to handle SSL is to setup a cloud load balancer and run your cluster behind it. Another option is to generate or use your own SSL certificate and point your subdomain (i.e. openreplay.mycompany.com) to your cluster. More on both options below.
Setup a cloud load balancer (option 1)
On the main benefits of running OpenReplay behind a cloud load balancer is to have the certificate managed by the cloud provider. Below are step-by-step guides on how to create:
- AWS - Elastic Load Balancing
- Google - Cloud Load Balancing
- Azure - Load Balancer
- Digital Ocean - Configure TLS/SSL
Then ensure your cluster provisions a service type LoadBalancer
so the traffic from the cloud load balancer can be directed at OpenReplay backend. Now, go to your DNS service provider and create an A Record
that points to the cluster using its public IP.
Finally, enable the use-forwarded-headers
, by uncommenting the below line under the ingress-nginx
section, in openreplay/scripts/helmcharts/vars.yaml
:
ingress-nginx: &ingress-nginxcontroller:config:use-forwarded-headers: true
You're all set now, OpenReplay should be accessible on your subdomain. You can create an account by visiting the /signup
page (i.e. openreplay.mycompany.com/signup).
Bring/generate your SSL certificate (option 2)
Alternatively to creating a load balancer, you can bring (or generate) your own SSL certificate.
First, go to your DNS service provider and add an
A Record
. Use the domain you previously provided during the installation step and point it to the cluster using its public IP.If you're bringing your own certificate, create an SSL secret using the following command:
kubectl create secret tls openreplay-ssl -n app --key="private_key_file.pem" --cert="certificate.crt"
.
Note: If you don't have a certificate, generate one, that auto-renews, for your subdomain (the one provided during installation) using Let's Encrypt. Simply connect to OpenReplay instance, run
cd openreplay/scripts/helmcharts && bash certmanager.sh
and follow the steps.
- If you wish to enable http to https redirection (recommended), then uncomment the below block, under the
ingress-nginx
section, inopenreplay/scripts/helmcharts/vars.yaml
:
ingress-nginx: &ingress-nginxcontroller:config:ssl-redirect: trueforce-ssl-redirect: true
It's worth mentioning that our ingress-nginx
runs by default on ports 80|443
, but this can be easily changed, if needed, in vars.yaml
:
ingress-nginx: &ingress-nginxcontroller:service:ports:http: 80https: 443
- Finally reinstall OpenReplay NGINX:
cd openreplay/scripts/helmcharts && ./openreplay-cli -I
You're all set now, OpenReplay should be accessible on your subdomain. You can create an account by visiting the /signup
page (i.e. openreplay.mycompany.com/signup).
Troubleshooting
Please let us know on Slack or with a Github Issue if you're having trouble on your platform. We'll be glad to help you get it running.