Usage Engine Private Edition Installation - AWS (4.2)
Having completed the preparations, it is now time to install Usage Engine Private Edition.
Main Installation Example
In this main installation example, it is assumed that the following optional resources have been added while preparing for the installation (see https://infozone.atlassian.net/wiki/spaces/UEPE4D/pages/233278464):
ingress-nginx-controller
cert-manager
Example Certificate
Since cert-manager is being used to provide TLS to the Usage Engine Private Edition installation in this example, you need to create an issuer in order to generate the required certificate.
Here we are going to use an ACME issuer type that is configured to match the Kubernetes cluster that was set up previously in the https://infozone.atlassian.net/wiki/spaces/UEPE4D/pages/233278424 chapter:
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: example-issuer
spec:
acme:
# The ACME server URL
server: https://acme-v02.api.letsencrypt.org/directory
# Email address used for ACME registration
# You must replace this email address with your own.
# Let's Encrypt will use this to contact you about expiring
# certificates, and issues related to your account.
email: <your valid email address>
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: example-issuer-account-key
solvers:
# example: cross-account zone management for example.com
# this solver uses ambient credentials (i.e. inferred from the environment or EC2 Metadata Service)
# to assume a role in a different account
- selector:
dnsZones:
- "example-cluster.stratus.digitalroute.net"
dns01:
route53:
hostedZoneID: Z076760737OMHF392P9P7
region: eu-west-1A few things that should be noted:
Set
emailto your email address of choice.The item in the
dnsZoneslist is theeks_domain_zone_namethat can be found in the terraform output in the https://infozone.atlassian.net/wiki/spaces/UEPE4D/pages/233278438#Setup-Additional-Infrastructure-Resources-on-AWS section.The
hostedZoneIDis theeks_domain_zone_idthat can be found in the terraform output in the https://infozone.atlassian.net/wiki/spaces/UEPE4D/pages/233278438#Setup-Additional-Infrastructure-Resources-on-AWS section.
Assuming that the issuer spec above has been saved into a file called example-issuer.yaml, it can be created like this:
kubectl apply -f example-issuer.yamlInstall Helm Chart
Although the number of helm value combinations to set is virtually endless, some values should more or less always be set.
So let’s start by creating a file called uepe-values.yaml, and in that file, specify a minimal set of values that will serve as a good starting point:
Example below assumes you have configured Postgres admin password through secret. If you have not done so please refer to https://infozone.atlassian.net/wiki/spaces/UEPE4D/pages/233278496/Usage+Engine+Private+Edition+Preparations+-+AWS+4.2#Bootstrapping-System-Credentials-%5BinlineExtension%5D for guidance.
aws:
acm_certificate: arn:aws:acm:eu-west-1:058264429588:certificate/526ed179-afa7-4778-b1b8-bfbcb95e4534
access_cidr_blocks:
- 0.0.0.0/0
ingress:
serviceName: ingress-nginx-controller
environment: aws
global:
domain: example-cluster.stratus.digitalroute.net
imagePullSecrets:
- name: ecr-cred
licenseKey: <insert-your-license-key-string-here>
log:
format: json
platform:
db:
type: postgresql
tls:
cert:
public: certManager
certManager:
public:
issuer:
domain: example-cluster.stratus.digitalroute.net
kind: ClusterIssuer
name: example-issuer
enabled: true
postgres:
adminUsername: dbadmin
host: example-cluster-db.c70g0ggo8m66.eu-west-1.rds.amazonaws.com
port: 5432Here follows information on how you can determine the values to set in your particular installation:
Value | Comment |
|---|---|
| This value should be set to match the |
| This is the name of the Kubernetes |
| This value should be set to match the |
| This is referencing an image pull secret containing the credentials required in order to pull container images from the Digital Route AWS ECR registry. If you are hosting the container images in your own container registry, depending on how that is configured, another image pull secret is probably needed. See https://infozone.atlassian.net/wiki/spaces/UEPE4D/pages/161481567/Common+Usage+Engine+Private+Edition+Preparations#Container-Images for additional information. |
| The license key that can be found in the |
| If you need to use dedicated log collection and monitoring tools like Fluent-bit, Elasticsearch, Kibana or AWS CloudWatch for Usage Engine Private Edition, make sure the log format is configured to |
| These values are set to use the example issuer created at the beginning of this chapter. This should only be seen as an example and the values should be adjusted according to the real world situation. |
| Should be set to match the |
| Set to match the RDS PostgreSQL service that was created in the https://infozone.atlassian.net/wiki/spaces/UEPE4D/pages/233278438#Setup-Additional-Infrastructure-Resources-on-AWS section. If another database service is being used, the value must be adjusted accordingly. |
| Value is taken from the |
| Value is taken from the first part of the |
| Value is taken from the second part of the |
General documentation of the values above is provided in the values.yaml file in the usage-engine-private-editionhelm chart.
In this example, the following assumptions have been made:
PostgreSQL is used as the system database.
It is assumed that you have previously bootstrapped the
postgresqlPasswordsecret key with a value equal to thedb_passwordconfigured in theterraform.tfvarsfile. For instructions on how to do this, please refer to the https://infozone.atlassian.net/wiki/spaces/UEPE4D/pages/233278496/Usage+Engine+Private+Edition+Preparations+-+AWS+4.2#Bootstrapping-System-Credentials-%5BinlineExtension%5D section.The system database is automatically created during installation.
jdbcPasswordandmzownerPasswordare randomly generated.postgresqlPassword/oraclePassword/saphanaPasswordis not randomly generated and therefore must be created as secret as described in point 3.If you are using the database tool
uepe-sys-db-tool.jarto create the system database manually, ensure that the credentials mentioned in point 5 and 6 are included in the secret. For more details, refer to the https://infozone.atlassian.net/wiki/spaces/UEPE4D/pages/233278496/Usage+Engine+Private+Edition+Preparations+-+AWS+4.2#Bootstrapping-System-Credentials-%5BinlineExtension%5D section.
The command below can be used to install Usage Engine Private Edition:
helm install uepe digitalroute/usage-engine-private-edition --version <version> -f uepe-values.yaml -n uepeWhere <version> is the version of Usage Engine Private Edition to install. For example 4.0.0.
Check that all pods are running and that all pod containers become ready (this may take a little while):
kubectl get pods -w
NAME READY STATUS RESTARTS AGE
aws-load-balancer-controller-8657757b7f-7dqgs 1/1 Running 0 7d13h
aws-load-balancer-controller-8657757b7f-h2b2m 1/1 Running 0 7d13h
desktop-online-7c54755c99-hd5zw 1/1 Running 0 60s
efs-csi-controller-77c44b5fc7-6cjqt 3/3 Running 0 7d13h
efs-csi-controller-77c44b5fc7-qjqx8 3/3 Running 0 7d13h
efs-csi-node-5tcmt 3/3 Running 0 7d13h
efs-csi-node-c9kfm 3/3 Running 0 7d13h
efs-csi-node-zbwzc 3/3 Running 0 7d13h
external-dns-78d56d8b74-r257g 1/1 Running 0 7d13h
ingress-nginx-controller-7c5cb6456-2gjmj 1/1 Running 0 5h37m
platform-0 1/1 Running 0 60s
uepe-operator-controller-manager-86b758f558-2t94r 2/2 Running 0 60s
uepe-operator-controller-manager-86b758f558-c92s7 2/2 Running 0 60sTo get the Desktop Online web user interface hostname:
kubectl get ingress -n uepeThe output shows FQDN hostname, IP address and port to access desktop online web user interface.
NAMESPACE NAME CLASS HOSTS ADDRESS PORTS AGE
uepe ingress-alb alb desktop-online.example-cluster.stratus.digitalroute.net,ingress.example-cluster.stratus.digitalroute.net k8s-uepe-ingressa-bc9e668f78-186509862.eu-west-1.elb.amazonaws.com 80 14dThe Desktop Online user interface should now be accessible at:
https://desktop-online.example-cluster.stratus.digitalroute.net/
Note that it may take a little while before the DNS record gets registered.
Other Common Installation Configurations
Here follows a few common installation configurations for the Usage Engine Private Edition helm chart.
They should be seen as variations to the main installation example outlined above.
Persistent File Storage
If you have chosen to prepare for persistent file storage, by installing the efs-csi-controller resource in the https://infozone.atlassian.net/wiki/spaces/UEPE4D/pages/233278464 chapter, there are two different ways of configuring your Usage Engine Private Edition installation to use it.
Use Bundled AWS Specific PVC
Specifically for AWS, the Usage Engine Private Edition helm chart contains a bundled persistent volume claim. This persistent volume claim is using the aws-efs storage class. To enable it, simply set the following helm values:
persistence:
enabled: true
bundledClaim:
storageRequest: "10Gi"Where the persistence.bundledClaim.storageRequest value is used to control the size of the requested storage (default is 1Gi).
Use a command like this to inspect the persistent volume claim that gets created as a result of setting the above helm values:
kubectl get persistentvolumeclaims mz-bundled-pvc -o yamlReference Arbitrary PVC
Usage Engine Private Edition can be configured to reference an arbitrary persistent volume claim by setting the following helm values:
persistence:
enabled: true
existingClaim: my-pvcIn this example, my-pvc is an arbitrary persistent volume claim that you have created beforehand.