Page Comparison

...

In this main installation example, it is assumed that the following optional resources have been added while preparing for the installation (see Kubernetes Cluster Add-ons - AWSOCI):

ingress-nginx-controller
cert-manager

...

Here we are going to use an ACME issuer type that is configured to match the Kubernetes cluster that was set up previously in the Preparations - AWSOCI chapter:

Code Block

language	yaml

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: example-issuer
spec:
  acme:
    # The ACME server URL
    server: https://acme-v02.api.letsencrypt.org/directory
    # Email address used for ACME registration
    email: <your email address of choice>
    # Name of a secret used to store the ACME account private key
    privateKeySecretRef:
      name: example-issuer-account-key
    solvers:
    # example: cross-account zonedns01:
management for example.com     # this solver useswebhook:
ambient credentials (i.e. inferred from the environment or EC2 Metadata Service)  groupName: acme.d-n.be
 # to assume a role in a different account   solverName: oci
- selector:         dnsZones:   config:
       - "example-cluster.stratus.digitalroute.net"       dns01:
        route53:
          hostedZoneID: Z076760737OMHF392P9P7
          region: eu-west-1

A few things that should be noted:

...

ociProfileSecretName: oci-profile

A few things that should be noted:

Set email to your email address of choice.
The item in the dnsZones list is the eks_domain_zone_name that can be found in the terraform output in the https://infozone.atlassian.net/wiki/spaces/UEPE4D/pages/161841526/Set+Up+Kubernetes+Cluster+-+AWS#Setup-Additional-Infrastructure-Resources-on-AWS section. The hostedZoneID is the eks_domain_zone_id that can be found in the terraform output in the https://infozone.atlassian.net/wiki/spaces/UEPE4D/pages/161841526/Set+Up+Kubernetes+Cluster+-+AWS#Setup-Additional-Infrastructure-Resources-on-AWS section. oci-profile is the credential to access Oracle Cloud Infrastructure API. If you choose another name for the secret than oci-profile, ensure you modify the value of ociProfileSecretName in the ClusterIssuer.

Create a yaml file named oci-profile.yaml. The secret oci-profile should look like this:

Code Block

apiVersion: v1
kind: Secret
metadata:
  name: oci-profile
type: Opaque
stringData:
  tenancy: "your tenancy ocid"
  user: "your user ocid"
  region: "your region"
  fingerprint: "your key fingerprint"
  privateKey: |
    -----BEGIN RSA PRIVATE KEY-----
    ...KEY DATA HERE...
    -----END RSA PRIVATE KEY-----
  privateKeyPassphrase: "private keys passphrase or empty string if none"

To install secret oci-profile to cert-manager namespace:

Code Block
kubectl apply -f oci-profile.yaml -n cert-manager

Assuming that the issuer spec above has been saved into a file called example-issuer.yaml, it can be created like this:

...

Value	Comment
`aws.acm_certificate`	This value should be set to match the `certificate_arn` listed in the terraform output produced in the https://infozone.atlassian.net/wiki/spaces/UEPE4D/pages/161841526211091598/Set+Up+Kubernetes+Cluster+-+AWS#SetupOCI#Setup-Additional-Infrastructure-Resources-on-AWS section.
`aws.ingress.serviceName`	This is the name of the Kubernetes `Service` that was created adding the https://infozone.atlassian.net/wiki/spaces/UEPE4D/pages/161448777211091624/Kubernetes+Cluster+Add-ons+-+AWS#IngressOCI#Ingress-NGINX-Controller.
`global.domain`	This value should be set to match the `eks_domain_zone_name` listed in the terraform output produced in the https://infozone.atlassian.net/wiki/spaces/UEPE4D/pages/161841526211091598/Set+Up+Kubernetes+Cluster+-+AWS#SetupOCI#Setup-Additional-Infrastructure-Resources-on-AWS section.
`global.imagePullSecrets`	This is referencing an image pull secret containing the credentials required in order to pull container images from the Digital Route AWS ECR registry. If you are hosting the container images in your own container registry, depending on how that is configured, another image pull secret is probably needed. See https://infozone.atlassian.net/wiki/spaces/UEPE4D/pages/161481567/Common+Usage+Engine+Private+Edition+Preparations#Container-Images for additional information.
`licenseKey`	The license key that can be found in the `licenseKey` file that you have previously received (see the https://infozone.atlassian.net/wiki/spaces/UEPE4D/pages/161481605/General+Pre-requisites#License section).
`log.format`	If you need to use dedicated log collection and monitoring tools like Fluent-bit, Elasticsearch, Kibana or AWS CloudWatch for Usage Engine Private Edition, make sure the log format is configured to `json`. See https://infozone.atlassian.net/wiki/x/Q4BDD for additional information.
`platform.tls.*`	These values are set to use the example issuer created at the beginning of this chapter. This should only be seen as an example and the values should be adjusted according to the real world situation.
`platform.tls.certManager.public.issuer.domain`	Should be set to match the `eks_domain_zone_name` listed in the terraform output produced in the https://infozone.atlassian.net/wiki/spaces/UEPE4D/pages/161841526211091598/Set+Up+Kubernetes+Cluster+-+AWS#SetupOCI#Setup-Additional-Infrastructure-Resources-on-AWS section.
`platform.db.type`	Set to match the RDS PostgreSQL service that was created in the https://infozone.atlassian.net/wiki/spaces/UEPE4D/pages/161841526211091598/Set+Up+Kubernetes+Cluster+-+AWS#SetupOCI#Setup-Additional-Infrastructure-Resources-on-AWS section. If another database service is being used, the value must be adjusted accordingly.
`postgres.adminUsername`	Value is taken from the `db_user` listed in the terraform output produced in the https://infozone.atlassian.net/wiki/spaces/UEPE4D/pages/161841526211091598/Set+Up+Kubernetes+Cluster+-+AWS#SetupOCI#Setup-Additional-Infrastructure-Resources-on-AWS section.
`postgres.host`	Value is taken from the first part of the `db_endpoint` listed in the terraform output produced in the https://infozone.atlassian.net/wiki/spaces/UEPE4D/pages/161841526211091598/Set+Up+Kubernetes+Cluster+-+AWS#SetupOCI#Setup-Additional-Infrastructure-Resources-on-AWS section.
`postgres.port`	Value is taken from the second part of the `db_endpoint` listed in the terraform output produced in the https://infozone.atlassian.net/wiki/spaces/UEPE4D/pages/161841526211091598/Set+Up+Kubernetes+Cluster+-+AWS#SetupOCI#Setup-Additional-Infrastructure-Resources-on-AWS section.

...

If you have chosen to prepare for persistent file storage, by installing the efs-csi-controller resource in the Kubernetes Cluster Add-ons - AWSOCI chapter, there are two different ways of configuring your Usage Engine Private Edition installation to use it.

...

In this example, my-pvc is an arbitrary persistent volume claim that you have created beforehand.

Insert excerpt

	UEPE4D:Common Installation ConfigurationsUEPE4D:
	Common Installation Configurations
name	common-installation-configurations
nopanel	true

Versions Compared

Old Version 1

New Version 2

Key