Versions Compared

Version Old Version 1 New Version 2
Changes made by

Jenni Wallin

Jenni Wallin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

In this main installation example, it is assumed that the following optional resources have been added while preparing for the installation (see Kubernetes Cluster Add-ons - OCI (4.23)):

  • ingress-nginx-controller

  • cert-manager

...

In this example, we are going to use an ACME issuer type that is configured to match the Kubernetes cluster that was set up previously in the Preparations - OCI (4.23) chapter:

Code Block
languageyaml
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: example-issuer
spec:
  acme:
    # The ACME server URL
    server: https://acme-v02.api.letsencrypt.org/directory
    # Email address used for ACME registration
    # You must replace this email address with your own.
    # Let's Encrypt will use this to contact you about expiring
    # certificates, and issues related to your account.
    email: <your valid email address>
    # Name of a secret used to store the ACME account private key
    privateKeySecretRef:
      name: example-issuer-account-key
    solvers:
      - dns01:
          webhook:
            groupName: acme.d-n.be
            solverName: oci
            config:
              ociProfileSecretName: oci-profile

...

Info

In the example below, it is assumed that you have configured the Postgres admin password through a secret. If you have not done so, see https://infozone.atlassian.net/wiki/spaces/UEPE4D/pages/211091666303826032/Usage+Engine+Private+Edition+Preparations+-+OCI+4.2#Bootstrapping3#Bootstrapping-System-Credentials-%5BinlineExtension%5D for guidance.

...

Value

Comment

oci.certificates.enabled

This value indicates if you to use OCI SSL certificate or Kubernetes secret for Load Balancer SSL termination. The default value is false if it is not set, which means that the SSL certificate is obtained from the Kubernetes secret internally.

Set it to true if you want to use OCI SSL certificate.

oci.certificates.id

This value should be set to match the ocid of certificate created in previous section, Import-into-OCI-Certificates-Service. This value is not in used if oci.certificates.enabled is false.

oci.backendNSG

This value is taken from the backend_nsg listed in the terraform output produced in the Set Up Kubernetes Cluster - OCI | Create-Basic-Cluster-and-additional-infrastructure section.

oci.healthcheck.desktoponline.port

This is the desktop-online backend set health check port, 9001.

oci.healthcheck.ingressnginx.port

This is the ingress nginx backend set health check port, 443.

global.ingressController.serviceName

This is the name of the Kubernetes Service that was created adding the Kubernetes Add-ons | ingress-nginx-controller.

global.domain

This value is taken from the cluster_dns_zone_name listed in the terraform output produced in the Set Up Kubernetes Cluster - OCI | Create-Basic-Cluster-and-additional-infrastructure section.

global.imagePullSecrets

This is referencing an image pull secret containing the credentials required in order to pull container images from the DigitalRoute AWS ECR registry. If you are hosting the container images in your own container registry, another image pull secret might be needed, depending on how it is configured. See General Usage Engine Private Edition Preparations (4.23) for additional information.

licenseKey

This is the license key that can be found in the licenseKey file that you have previously received, see https://infozone.atlassian.net/wiki/spaces/UEPE4D/pages/161481605/General+Pre-requisites#License section. 

log.format

If you need to use dedicated log collection and monitoring tools like Fluent-bit, Elasticsearch, Kibana or AWS CloudWatch for Usage Engine Private Edition, ensure that the log format is configured to json. See Configure Log Collection, Target, and Visualization - OCI for additional information.

platform.tls.*

These values are set to use the example issuer created at the beginning of this page. This should only be seen as an example and the values should be adjusted according to the real world scenario.

postgres.adminUsername

This value is taken from the db_admin_user listed in the terraform output produced in the Set Up Kubernetes Cluster - OCI | Create-Basic-Cluster-and-additional-infrastructure section.

postgres.host

This value is taken from the db_endpoint listed in the terraform output produced in the Set Up Kubernetes Cluster - OCI | Create-Basic-Cluster-and-additional-infrastructure section.

postgres.port

This value is taken from the db_port listed in the terraform output produced in the Set Up Kubernetes Cluster - OCI | Create-Basic-Cluster-and-additional-infrastructure section.

persistence.existingClaim

The persistent volume claim name created in previous section OCI-Add-ons | oci-file-service-storage | Static Provisioning.

Ignore if persistence.enabled is false

...

Note

In the example presented below, the following assumptions have been made:

...

You should now be able to access the Desktop Online user interface at:
https://desktop-online.example-cluster.stratus.oci.digitalroute.net/
It may take a little while before the DNS record gets registered.

Insert excerpt
UEPE4D:Installation MiscUEPE4D:
Installation Misc
nameConnect from legacy swing desktop
nopaneltrue
The Usage Engine Private Edition installation is now complete.

...

In this example, my-pvc is an arbitrary persistent volume claim that you have created before hand.

Insert excerpt
UEPE4D:General Installation Configurations (4.2)UEPE4D:
General Installation Configurations (4.2)
namecommon-installation-configurations
nopaneltrue