The preparations described below are required to install Usage Engine using Helm charts and Docker images. Read through the steps below and follow each step before installing.

Fetching and Configuring Helm Charts

You will download the Helm chart with the instructions below:

• Helm chart: usage-engine-private-edition

When you are required to enter the <chart version>, refer to /wiki/spaces/DRXXE/pages/6194875 for the Helm Chart version required

[hide] Line Brake [/hide]

1. Add the helm repository

   $ helm repo add usage-engine-private-edition 'https://digitalroute-public.github.io/usage-engine-private-edition'
   $ helm repo update

   
   [hide] Line Brake [/hide]

2. Check if the charts are available:

   $ helm search repo -l usage-engine-private-edition/usage-engine-private-edition --version <chart version>
    
   Example:
   $ helm search repo -l usage-engine-private-edition/usage-engine-private-edition --version 2.0.0
   
   #The output:
   		NAME                        						CHART VERSION             	APP VERSION DESCRIPTION                    
    
   usage-engine-private-edition/usage-engine-private-edition    	2.0.0    			The Usage Engine Private Edition helm chart                  

   
   [hide] Line Brake [/hide]

3. Create a directory dedicated for the installation and download the platform Helm chart.

   $ mkdir <your directory>
   $ cd <your directory>
   
   $ helm fetch usage-engine-private-edition/usage-engine-private-edition --version <chart version> --untar
   

   
   [hide] Line Brake [/hide]

4. Make sure the Helm chart is defined for on-premise (Private cloud) by viewing the file: usage-engine-private-edition / values.yaml

   $ cat usage-engine-private-edition/values.yaml | grep environment:
   
   # Only on-premise and aws supported for now
   environment: on-premise

   
   [hide] Line Brake [/hide]

5. If required, modify the Helm chart for the needed level of Access Control for Kubernetes Resources

   Access Control for Kubernetes Resources

   relies on Role Based Access Control (RBAC) when specifying the level of access needed for the kubernetes resources involved in any given installation. 

   Essentially, to make sure that the service account used has the right level of access in order for to function properly.
   Some features do require cluster wide access to certain resources (typically resources that are not namespaced). This is realized by the use of ClusterRoles. If ClusterRoles are not permitted in the given kubernetes cluster for one reason or another, those features will have to be switched off.

   The following helm values can be used to switch off features relying on ClusterRoles, see the Helm chart for further details:

   - mzonline.ecd.nodeHostSelectionEnabled
   - mzOperator.rbacAuthProxy.enabled

Create kubernetes docker pull secret

All the usage-engine-private-edition container images are kept in a private repository (AWS ECR).

In order to pull the container images in the Kubernetes cluster you will need to create a secret for use with Digitalroute AWS ECR. You will need to have the access keys provided by Digitalroute in order to create the secret.

1. Export AWS keys

   $ export AWS_ACCESS_KEY_ID=<access key provided by Digitalroute>
   $ export AWS_SECRET_ACCESS_KEY=<secret access key provided by Digitalroute>
   $ export AWS_REGION=eu-west-1

2. Create Secret
   

   $ kubectl create secret docker-registry <name of the secret> \
       --docker-server=https://462803626708.dkr.ecr.eu-west-1.amazonaws.com  \
       --docker-username=AWS \
       --docker-password=$(aws ecr get-login-password --region eu-west-1) \
       -n <namespace>

   
   Example.
   Create secret named ecr-cred in default namespace.
   
   

   $ kubectl create secret docker-registry ecr-cred \
       --docker-server=https://462803626708.dkr.ecr.eu-west-1.amazonaws.com  \
       --docker-username=AWS \
       --docker-password=$(aws ecr get-login-password --region eu-west-1) \
       -n default
   
   //Verify that the secret is created.
   $ kubectl get secret ecr-cred -n default