Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Having completed the preparations, it is now time to install Usage Engine Private Edition.

Main Installation Example

In this main installation example, it is assumed that the following optional resources have been added while preparing for the installation (see Kubernetes Cluster Add-ons - OCI):

  • ingress-nginx-controller

  • cert-manager

Example Certificate

Since cert-manager is being used to provide TLS to the Usage Engine Private Edition installation in this example, you need to create an issuer in order to generate the required certificate.

Here we are going to use an ACME issuer type that is configured to match the Kubernetes cluster that was set up previously in the Preparations - OCI chapter:

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: example-issuer
spec:
  acme:
    # The ACME server URL
    server: https://acme-v02.api.letsencrypt.org/directory
    # Email address used for ACME registration
    email: <your email address of choice>
    # Name of a secret used to store the ACME account private key
    privateKeySecretRef:
      name: example-issuer-account-key
    solvers:
      - dns01:
          webhook:
            groupName: acme.d-n.be
            solverName: oci
            config:
              ociProfileSecretName: oci-profile

A few things that should be noted:

  • Set email to your email address of choice.

  • The oci-profile is the credential to access Oracle Cloud Infrastructure API. If you choose another name for the secret than oci-profile, ensure you modify the value of ociProfileSecretName in the ClusterIssuer.

Create a yaml file named oci-profile.yaml. The secret oci-profile should look like this:

apiVersion: v1
kind: Secret
metadata:
  name: oci-profile
type: Opaque
stringData:
  tenancy: "your tenancy ocid"
  user: "your user ocid"
  region: "your region"
  fingerprint: "your key fingerprint"
  privateKey: |
    -----BEGIN RSA PRIVATE KEY-----
    ...KEY DATA HERE...
    -----END RSA PRIVATE KEY-----
  privateKeyPassphrase: "private keys passphrase or empty string if none"
 

Create the secret prior to ClusterIssuer creation. To install secret oci-profile to cert-manager namespace:

kubectl apply -f oci-profile.yaml -n cert-manager

Assuming that the issuer spec above has been saved into a file called example-issuer.yaml, it can be created like this:

kubectl apply -f example-issuer.yaml

Install Helm Chart

Although the number of helm value combinations to set is virtually endless, some values should more or less always be set.

So let’s start by creating a file called uepe-values.yaml, and in that file, specify a minimal set of values that will serve as a good starting point:

aws:
  acm_certificate: arn:aws:acm:eu-west-1:058264429588:certificate/526ed179-afa7-4778-b1b8-bfbcb95e4534
  access_cidr_blocks:
  - 0.0.0.0/0  
  ingress:
    serviceName: ingress-nginx-controller
environment: aws
global:
  domain: example-cluster.stratus.digitalroute.net
  imagePullSecrets:
  - name: ecr-cred  
licenseKey: VGhpcyBpcyBhIGZha2UgVXNhZ2UgRW5naW5lIFByaXZhdGUgRWRpdGlvbiBsaWNlbnNlIGtleSE=
log:
  format: json
platform:
  db:
    type: postgresql
  tls:
    cert:
      public: certManager
    certManager:
      public:
        issuer:
          domain: example-cluster.stratus.digitalroute.net
          kind: ClusterIssuer
          name: example-issuer
    enabled: true    
postgres:
  adminUsername: dbadmin
  host: example-cluster-db.c70g0ggo8m66.eu-west-1.rds.amazonaws.com
  port: 5432

Here follows information on how you can determine the values to set in your particular installation:

Value

Comment

aws.acm_certificate

This value should be set to match the certificate_arn listed in the terraform output produced in the https://infozone.atlassian.net/wiki/spaces/UEPE4D/pages/211091598/Set+Up+Kubernetes+Cluster+-+OCI#Setup-Additional-Infrastructure-Resources-on-AWS section.

aws.ingress.serviceName

This is the name of the Kubernetes Service that was created adding the https://infozone.atlassian.net/wiki/spaces/UEPE4D/pages/211091624/Kubernetes+Cluster+Add-ons+-+OCI#Ingress-NGINX-Controller.

global.domain

This value should be set to match the eks_domain_zone_name listed in the terraform output produced in the https://infozone.atlassian.net/wiki/spaces/UEPE4D/pages/211091598/Set+Up+Kubernetes+Cluster+-+OCI#Setup-Additional-Infrastructure-Resources-on-AWS section.

global.imagePullSecrets

This is referencing an image pull secret containing the credentials required in order to pull container images from the Digital Route AWS ECR registry. If you are hosting the container images in your own container registry, depending on how that is configured, another image pull secret is probably needed. See https://infozone.atlassian.net/wiki/spaces/UEPE4D/pages/161481567/Common+Usage+Engine+Private+Edition+Preparations#Container-Images for additional information.

licenseKey

The license key that can be found in the licenseKey file that you have previously received (see the https://infozone.atlassian.net/wiki/spaces/UEPE4D/pages/161481605/General+Pre-requisites#License section). 

log.format

If you need to use dedicated log collection and monitoring tools like Fluent-bit, Elasticsearch, Kibana or AWS CloudWatch for Usage Engine Private Edition, make sure the log format is configured to json. See https://infozone.atlassian.net/wiki/x/Q4BDD for additional information.

platform.tls.*

These values are set to use the example issuer created at the beginning of this chapter. This should only be seen as an example and the values should be adjusted according to the real world situation.

platform.tls.certManager.public.issuer.domain

Should be set to match the eks_domain_zone_name listed in the terraform output produced in the https://infozone.atlassian.net/wiki/spaces/UEPE4D/pages/211091598/Set+Up+Kubernetes+Cluster+-+OCI#Setup-Additional-Infrastructure-Resources-on-AWS section.

platform.db.type

Set to match the RDS PostgreSQL service that was created in the https://infozone.atlassian.net/wiki/spaces/UEPE4D/pages/211091598/Set+Up+Kubernetes+Cluster+-+OCI#Setup-Additional-Infrastructure-Resources-on-AWS section. If another database service is being used, the value must be adjusted accordingly.

postgres.adminUsername

Value is taken from the db_user listed in the terraform output produced in the https://infozone.atlassian.net/wiki/spaces/UEPE4D/pages/211091598/Set+Up+Kubernetes+Cluster+-+OCI#Setup-Additional-Infrastructure-Resources-on-AWS section.

postgres.host

Value is taken from the first part of the db_endpoint listed in the terraform output produced in the https://infozone.atlassian.net/wiki/spaces/UEPE4D/pages/211091598/Set+Up+Kubernetes+Cluster+-+OCI#Setup-Additional-Infrastructure-Resources-on-AWS section.

postgres.port

Value is taken from the second part of the db_endpoint listed in the terraform output produced in the https://infozone.atlassian.net/wiki/spaces/UEPE4D/pages/211091598/Set+Up+Kubernetes+Cluster+-+OCI#Setup-Additional-Infrastructure-Resources-on-AWS section.

General documentation of the values above is provided in the values.yaml file in the usage-engine-private-editionhelm chart.

In this example, the system database is to be automatically created at install time. For this to happen, you need to provide the database administrator credentials. Hence, the postgres.adminUsername value is set to the default RDS PostgreSQL administrator username. Since setting passwords through helm values is a great security risk, it is assumed that you have previously boostrapped the postgresqlPassword secret key with a value equal to super_SeCrEt_db_pAsSwOrD_457! (see the https://infozone.atlassian.net/wiki/spaces/UEPE4D/pages/161481567/General+Usage+Engine+Private+Edition+Preparations#Bootstrapping-System-Credentials-%5BinlineExtension%5D section for an explanation on how to do this).

The command below can be used to install Usage Engine Private Edition:

helm install uepe digitalroute/usage-engine-private-edition --version <version> -f uepe-values.yaml -n uepe

Where <version> is the version of Usage Engine Private Edition to install. For example 4.0.0.

Check that all pods are running and that all pod containers become ready (this may take a little while):

kubectl get pods -w                  
NAME                                                READY   STATUS    RESTARTS   AGE
aws-load-balancer-controller-8657757b7f-7dqgs       1/1     Running   0          7d13h
aws-load-balancer-controller-8657757b7f-h2b2m       1/1     Running   0          7d13h
desktop-online-7c54755c99-hd5zw                     1/1     Running   0          60s
efs-csi-controller-77c44b5fc7-6cjqt                 3/3     Running   0          7d13h
efs-csi-controller-77c44b5fc7-qjqx8                 3/3     Running   0          7d13h
efs-csi-node-5tcmt                                  3/3     Running   0          7d13h
efs-csi-node-c9kfm                                  3/3     Running   0          7d13h
efs-csi-node-zbwzc                                  3/3     Running   0          7d13h
external-dns-78d56d8b74-r257g                       1/1     Running   0          7d13h
ingress-nginx-controller-7c5cb6456-2gjmj            1/1     Running   0          5h37m
platform-0                                          1/1     Running   0          60s
uepe-operator-controller-manager-86b758f558-2t94r   2/2     Running   0          60s
uepe-operator-controller-manager-86b758f558-c92s7   2/2     Running   0          60s

To get the Desktop Online web user interface hostname:

kubectl get ingress -n uepe

The output shows FQDN hostname, IP address and port to access desktop online web user interface.

NAMESPACE   NAME          CLASS   HOSTS                                                                                                      ADDRESS                                                              PORTS   AGE
uepe        ingress-alb   alb     desktop-online.example-cluster.stratus.digitalroute.net,ingress.example-cluster.stratus.digitalroute.net   k8s-uepe-ingressa-bc9e668f78-186509862.eu-west-1.elb.amazonaws.com   80      14d

The Desktop Online user interface should now be accessible at:
https://desktop-online.example-cluster.stratus.digitalroute.net/
Note that it may take a little while before the DNS record gets registered.

The Usage Engine Private Edition installation is now complete.

Other Common Installation Configurations

Here follows a few common installation configurations for the Usage Engine Private Edition helm chart.

They should be seen as variations to the main installation example outlined above.

Persistent File Storage

If you have chosen to prepare for persistent file storage, by installing the efs-csi-controller resource in the Kubernetes Cluster Add-ons - OCI chapter, there are two different ways of configuring your Usage Engine Private Edition installation to use it.

Use Bundled AWS Specific PVC

Specifically for AWS, the Usage Engine Private Edition helm chart contains a bundled persistent volume claim. This persistent volume claim is using the aws-efs storage class. To enable it, simply set the following helm values:

persistence:
  enabled: true
  bundledClaim:
    storageRequest: "10Gi"

Where the persistence.bundledClaim.storageRequest value is used to control the size of the requested storage (default is 1Gi).

Use a command like this to inspect the persistent volume claim that gets created as a result of setting the above helm values:

kubectl get persistentvolumeclaims mz-bundled-pvc -o yaml

Reference Arbitrary PVC

Usage Engine Private Edition can be configured to reference an arbitrary persistent volume claim by setting the following helm values:

persistence:
  enabled: true
  existingClaim: my-pvc

In this example, my-pvc is an arbitrary persistent volume claim that you have created beforehand.

Error rendering macro 'excerpt-include' : No link could be created for 'Common Installation Configurations'.

  • No labels