Skip to content
Snippets Groups Projects
Commit a70cf93d authored by Vojdan Kjorveziroski's avatar Vojdan Kjorveziroski
Browse files

Install instructions update for nmaas chart 1.2.11

parent 46eea592
Branches
Tags
No related merge requests found
Show whitespace changes
Inline Side-by-side
docs/self-hosted-nmaas/install-guide.md
+ 30
37
View file @ a70cf93d
...@@ -7,7 +7,7 @@ To install nmaas into an existing Kubernetes cluster, the following requirements ...@@ -7,7 +7,7 @@ To install nmaas into an existing Kubernetes cluster, the following requirements
- Kubernetes version `>=1.16` - Kubernetes version `>=1.16`
- Helm v3 support in the Kubernetes cluster - Helm v3 support in the Kubernetes cluster
- Existing ingress controller, preferably with a default TLS certificate set (more information available below) - Existing ingress controller, preferably with a default TLS certificate set (more information available below)
- An integration with an external load-balancer or MetalLB for bare-metal deployments, so that IPs can be assigned to `LoadBalancer` services. - An integration with an external load-balancer or MetalLB for bare-metal deployments, so that IPs can be assigned to `LoadBalancer` services
## nmaas Components ## nmaas Components
...@@ -37,7 +37,7 @@ GitLab can be deployed using the [official Helm chart](https://docs.gitlab.com/r ...@@ -37,7 +37,7 @@ GitLab can be deployed using the [official Helm chart](https://docs.gitlab.com/r
!!! success "GitLab Version" !!! success "GitLab Version"
`4.8.2` is the latest version of the GitLab chart that has been tested with the latest version of nmaas. `8.2.0` is the latest version of the GitLab chart that has been tested with the latest version of nmaas.
Bellow is a snippet of the mandatory parameters that must be specified during GitLab's deployment, so that it will be compatible with nmaas. The complete list of supported value parameters is available in the [official GitLab Helm chart Git repository](https://gitlab.com/gitlab-org/charts/gitlab). Bellow is a snippet of the mandatory parameters that must be specified during GitLab's deployment, so that it will be compatible with nmaas. The complete list of supported value parameters is available in the [official GitLab Helm chart Git repository](https://gitlab.com/gitlab-org/charts/gitlab).
...@@ -55,8 +55,6 @@ postgresql: ...@@ -55,8 +55,6 @@ postgresql:
postgresqlUsername: gitlab postgresqlUsername: gitlab
install: true install: true
postgresqlDatabase: gitlabhq_production postgresqlDatabase: gitlabhq_production
image:
tag: 11.9.0
usePasswordFile: false usePasswordFile: false
existingSecret: 'gitlab-postgresql' existingSecret: 'gitlab-postgresql'
master: master:
...@@ -68,10 +66,11 @@ postgresql: ...@@ -68,10 +66,11 @@ postgresql:
postgresql.gitlab/init-revision: "1" postgresql.gitlab/init-revision: "1"
metrics: metrics:
enabled: true enabled: true
## Optionally define additional custom metrics
## ref: https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file
gitlab-runner: gitlab-runner:
install: false install: false
gitlab-shell:
service:
type: LoadBalancer
global: global:
edition: ce edition: ce
hosts: hosts:
...@@ -85,16 +84,13 @@ global: ...@@ -85,16 +84,13 @@ global:
enabled: true enabled: true
secretName: <MY_TLS_SECRET> secretName: <MY_TLS_SECRET>
path: / path: /
annotations: class: "nginx"
kubernetes.io/ingress.class: "nginx"
initialRootPassword: initialRootPassword:
secret: gitlab-root-password secret: gitlab-root-password
key: password key: password
## configuration for external postgresql ## configuration for external PostgreSQL (set postgresql.enabled to false if used)
psql: # psql:
## the secret must be manually created # password:
password: {}
# useSecret: true
# secret: gitlab-db-password # secret: gitlab-db-password
# key: password # key: password
# host: psql-standalone-postgresql # host: psql-standalone-postgresql
...@@ -105,34 +101,31 @@ global: ...@@ -105,34 +101,31 @@ global:
defaultProjectFeatures: defaultProjectFeatures:
builds: false builds: false
time_zone: UTC time_zone: UTC
## use an external smtp server for outgoing email (optional)
smtp: smtp:
enabled: false enabled: false
address: smtp.mailgun.org address: smtp.example.com
port: 2525 port: 587
user_name: "" user_name: "noreply@example.com"
## doc/installation/secrets.md#smtp-password ## doc/installation/secrets.md#smtp-password
password: password:
secret: "" secret: "gitlab-smtp-password"
key: password key: password
# domain: # domain:
authentication: "plain" authentication: "login"
starttls_auto: false starttls_auto: true
openssl_verify_mode: "peer" openssl_verify_mode: "peer" # or none
## doc/installation/deployment.md#outgoing-email ## doc/installation/deployment.md#outgoing-email
## Email persona used in email sent by GitLab ## Email persona used in email sent by GitLab
email: email:
from: '' from: 'noreply@example.com'
display_name: GitLab display_name: GitLab
reply_to: '' reply_to: 'support@example.com'
subject_suffix: ''
smime: smime:
enabled: false enabled: false
secretName: ""
keyName: "tls.key"
certName: "tls.crt"
``` ```
Note that the secrets whose names are specified in `.Values.postgresql.existingSecret` and `.Values.global.initialRootPassword.secret` must be manually created. These secrets contain the postgresql root and user passwords, as well as the initial root password to be used by GitLab, respectively. Below is a snippet that can be reused to create these secrets: Note that the secrets whose names are specified in `.Values.postgresql.existingSecret` (for internal PostgreSQL), `.Values.global.initialRootPassword.secret` , `.Values.global.psql.password.secret` (for external PostgreSQL), and `.Values.global.smtp.password.secret` must be manually created. These secrets contain the PostgreSQL root and user passwords, the initial root password to be used by GitLab, as well as SMTP server credentials. Below is a snippet that can be reused to create such secrets:
```bash ```bash
export NMAAS_NAMESPACE="nmaas-system" export NMAAS_NAMESPACE="nmaas-system"
...@@ -152,7 +145,7 @@ Once all configuration parameters have been specified, GitLab can be installed u ...@@ -152,7 +145,7 @@ Once all configuration parameters have been specified, GitLab can be installed u
```bash ```bash
export NMAAS_NAMESPACE="nmaas-system" export NMAAS_NAMESPACE="nmaas-system"
helm repo add gitlab https://charts.gitlab.io helm repo add gitlab https://charts.gitlab.io
helm install -f gitlab.yaml --namespace $NMAAS_NAMESPACE <RELEASE_NAME> --version 4.8.2 gitlab/gitlab helm install -f gitlab.yaml --namespace $NMAAS_NAMESPACE <RELEASE_NAME> --version 8.2.0 gitlab/gitlab
``` ```
!!! warning "GitLab Deployment Duration" !!! warning "GitLab Deployment Duration"
...@@ -214,7 +207,7 @@ The following manual steps must be performed before deploying nmaas: ...@@ -214,7 +207,7 @@ The following manual steps must be performed before deploying nmaas:
```bash ```bash
export NMAAS_NAMESPACE="nmaas-system" export NMAAS_NAMESPACE="nmaas-system"
kubectl create secret generic -n $NMAAS_NAMESPACE nmaas-gitlab-janitor-token --from-literal=secret=<GITLAB_API_TOKEN> kubectl create secret generic -n $NMAAS_NAMESPACE nmaas-gitlab-api-token --from-literal=secret=<GITLAB_API_TOKEN>
``` ```
Once the required secrets have been created, nmaas can be deployed using the following command (make sure to deploy in the same namespace as GitLab): Once the required secrets have been created, nmaas can be deployed using the following command (make sure to deploy in the same namespace as GitLab):
...@@ -222,7 +215,7 @@ Once the required secrets have been created, nmaas can be deployed using the fol ...@@ -222,7 +215,7 @@ Once the required secrets have been created, nmaas can be deployed using the fol
```bash ```bash
export NMAAS_NAMESPACE="nmaas-system" export NMAAS_NAMESPACE="nmaas-system"
helm repo add nmaas https://artifactory.software.geant.org/artifactory/nmaas-helm helm repo add nmaas https://artifactory.software.geant.org/artifactory/nmaas-helm
helm install -f values.yaml --namespace $NMAAS_NAMESPACE --version 1.0.0 nmaas nmaas/nmaas helm install -f values.yaml --namespace $NMAAS_NAMESPACE --version 1.2.11 nmaas nmaas/nmaas
``` ```
It is recommended to use `nmaas-system` as the namespace where nmaas and all associated components (PostgreSQL, GitLab) will be deployed. It is recommended to use `nmaas-system` as the namespace where nmaas and all associated components (PostgreSQL, GitLab) will be deployed.
... ...
......
docs/self-hosted-nmaas/local-dev-environment/p2_installing-nmaas.md
+ 31
44
View file @ a70cf93d
...@@ -62,8 +62,7 @@ global: ...@@ -62,8 +62,7 @@ global:
enabled: true enabled: true
# secretName: <EXISTING_OR_DUMMY_TLS_SECRET_NAME> # can be left empty, self-signed certificates will be generated # secretName: <EXISTING_OR_DUMMY_TLS_SECRET_NAME> # can be left empty, self-signed certificates will be generated
path: / path: /
annotations: class: "nginx"
kubernetes.io/ingress.class: "public"
initialRootPassword: initialRootPassword:
secret: gitlab-root-password secret: gitlab-root-password
key: password key: password
...@@ -73,46 +72,43 @@ global: ...@@ -73,46 +72,43 @@ global:
time_zone: Europe/Warsaw time_zone: Europe/Warsaw
smtp: smtp:
enabled: false enabled: false
address: smtp.mailgun.org address: smtp.example.com
port: 2525 port: 587
user_name: "" user_name: ""
## doc/installation/secrets.md#smtp-password ## doc/installation/secrets.md#smtp-password
password: password:
secret: "my-smtp-secret" secret: "my-smtp-secret"
key: password key: password
# domain: # domain:
authentication: "plain" authentication: "login"
starttls_auto: false starttls_auto: true
openssl_verify_mode: "peer" openssl_verify_mode: "peer"
## doc/installation/deployment.md#outgoing-email ## doc/installation/deployment.md#outgoing-email
## Email persona used in email sent by GitLab ## Email persona used in email sent by GitLab
email: email:
from: '' from: 'noreply@example.com'
display_name: GitLab display_name: GitLab
reply_to: '' reply_to: 'support@example.com'
subject_suffix: ''
smime: smime:
enabled: false enabled: false
secretName: ""
keyName: "tls.key"
certName: "tls.crt"
``` ```
GitLab requires the deployment of a PostgreSQL instance. The necessary secrets containing the PostgreSQL passwords need to be created, as well as the secret containing the initial root GitLab password: GitLab requires the deployment of a PostgreSQL instance. The necessary secrets containing the PostgreSQL passwords need to be created, as well as the secret containing the initial root GitLab password:
```bash ```bash
kubectl create secret generic -n <NAMESPACE> gitlab-postgresql --from-literal=postgresql-password=<POSTGRESQL_USER_PASSWORD> --from-literal=postgresql-postgres-password=<POSTGRESQL_ROOT_PASSWORD> export NMAAS_NAMESPACE="nmaas-system"
kubectl create secret generic -n <NAMESPACE> gitlab-root-password --from-literal=password=<GITLAB_ROOT_PASSWORD> kubectl create secret generic -n $NMAAS_NAMESPACE gitlab-postgresql --from-literal=postgresql-password=<POSTGRESQL_USER_PASSWORD> --from-literal=postgresql-postgres-password=<POSTGRESQL_ROOT_PASSWORD>
kubectl create secret generic -n $NMAAS_NAMESPACE gitlab-root-password --from-literal=password=<GITLAB_ROOT_PASSWORD>
``` ```
The root GitLab password will be used for login to the GitLab web interface. The root GitLab password will be used for login to the GitLab web interface.
We are ready to add the GitLab Helm repository and install the 4.X version of GitLab: We are ready to add the GitLab Helm repository and install the 8.2.x version of GitLab:
```bash ```bash
helm repo add gitlab https://charts.gitlab.io helm repo add gitlab https://charts.gitlab.io
helm repo update helm repo update
helm install -f gitlab-values.yaml --namespace nmaas-system nmaas-gitlab --version 4.12.13 gitlab/gitlab helm install -f gitlab-values.yaml --namespace nmaas-system nmaas-gitlab --version 8.2.0 gitlab/gitlab
``` ```
Once GitLab has been deployed, it should be possible to navigate to the login page using a web browser. After logging in, users are advised to configure the following settings: Once GitLab has been deployed, it should be possible to navigate to the login page using a web browser. After logging in, users are advised to configure the following settings:
...@@ -135,81 +131,72 @@ The final step is to install nmaas. nmaas uses SSH communication to connect betw ...@@ -135,81 +131,72 @@ The final step is to install nmaas. nmaas uses SSH communication to connect betw
```bash ```bash
#!/bin/bash #!/bin/bash
export NMAAS_NAMESPACE="nmaas-system"
tmpdir=$(mktemp -d) tmpdir=$(mktemp -d)
ssh-keygen -f $tmpdir/key -N "" ssh-keygen -f $tmpdir/key -N ""
# nmaas-helm-key-private should be replaced with {{ .Values.global.helmAccessKeyPrivate }} # nmaas-helm-key-private should be replaced with {{ .Values.global.helmAccessKeyPrivate }}
kubectl create secret generic nmaas-helm-key-private -n <NMAAS_NAMESPACE> --from-file=id_rsa=$tmpdir/key kubectl create secret generic nmaas-helm-key-private -n $NMAAS_NAMESPACE --from-file=id_rsa=$tmpdir/key
# nmaas-helm-key-private should be replaced with {{ .Values.global.helmAccessKeyPublic }} # nmaas-helm-key-private should be replaced with {{ .Values.global.helmAccessKeyPublic }}
kubectl create secret generic nmaas-helm-key-public -n <NMAAS_NAMESPACE> --from-file=helm=$tmpdir/key.pub kubectl create secret generic nmaas-helm-key-public -n $NMAAS_NAMESPACE --from-file=helm=$tmpdir/key.pub
``` ```
A few parameters need to be customized in the values.yaml file, to reflect the environment where nmaas is deployed. A few parameters need to be customized in the values.yaml file, to reflect the environment where nmaas is deployed.
- `global.wildcardCertificateName` – the name of the secret containing the TLS certificate to be used to secure the HTTP communication - `global.wildcardCertificateName` – the name of the secret containing the TLS certificate to be used to secure the HTTP communication
- `global.nmaasDomain` – the hostname where nmaas will be accessible. - `global.nmaasDomain` – the hostname where nmaas will be accessible.
- `global.gitlabApiUrl` - the API endpoint for GitLab
- `global.gitlabApiToken.literal` - the value of the personal access token created previously in GitLab.
- `platform.properties.adminEmail` – the email address which will receive various notifications such as new user sign-up, deployment errors, new application versions... - `platform.properties.adminEmail` – the email address which will receive various notifications such as new user sign-up, deployment errors, new application versions...
- `platform.adminPassword.literal` – the password used to login as the admin user in the nmaas Portal. - `platform.adminPassword.literal` – the password used to login as the admin user in the nmaas Portal.
- `platform.properties.k8s.ingress.certificate.issuerOrWildcardName` – the name of the wilcard certificate to be used for customer deployed applications, or the name of the cert-manager issuer to use if certificates are issued ad-hoc. - `platform.properties.k8s.ingress.certificate.issuerOrWildcardName` – the name of the wilcard certificate to be used for customer deployed applications, or the name of the cert-manager issuer to use if certificates are issued ad-hoc.
- `platform.properties.k8s.ingress.controller.ingressClass` – the ingress class to be used for deployed applications. Should be set to nginx in the case of K3s and public in the case of MicroK8s. - `platform.properties.k8s.ingress.controller.ingressClass` – the ingress class to be used for deployed applications. Should be set to nginx in the case of K3s and public in the case of MicroK8s.
- `platform.properties.k8s.ingress.controller.publicIngressClass` – the ingress class to be used for applications where the users have explicitly selected to enable public access (e.g. without a VPN). Since this is a local deployment, the value of this parameter should equal the value set in `platform.properties.k8s.ingress.controller.ingressClass`. - `platform.properties.k8s.ingress.controller.publicIngressClass` – the ingress class to be used for applications where the users have explicitly selected to enable public access (e.g. without a VPN). Since this is a local deployment, the value of this parameter should equal the value set in `platform.properties.k8s.ingress.controller.ingressClass`.
- `publicServiceDomain`, `externalServiceDomain` – for a local deployment this parameter should be set to the same value as `global.nmaasDomain`. - `publicServiceDomain`, `externalServiceDomain` – for a local deployment this parameter should be set to the same value as `global.nmaasDomain`.
- `janitor.properties.gitlabToken.literal` – the value of the personal access token created in GitLab, previously.
```yaml title="nmaas-values.yaml" ```yaml title="nmaas-values.yaml"
global: global:
acmeIssuer: false acmeIssuer: false
wildcardCertificateName: <EXISTING_OR_DUMMY_TLS_SECRET_NAME>
ingressName: public
nmaasDomain: nmaas.<INGRESS_IP>.nip.io
demoDeployment: true demoDeployment: true
ingressName: nmaas
nmaasDomain: nmaas.<INGRESS_IP>.nip.io
wildcardCertificateName: <EXISTING_OR_DUMMY_TLS_SECRET_NAME>
gitlabApiUrl: 'http://nmaas-gitlab-webservice-default:8181/api/v4'
gitlabApiToken:
literal: <GITLAB_ACCESS_TOKEN>
platform: platform:
image: ingress:
tag: 1.4.4-SNAPSHOT className: nginx
adminPassword: adminPassword:
literal: saamn literal: saamn
apiSecret: apiSecret:
literal: saamn literal: saamn
initscripts: initscripts:
image: enabled: true
tag: 1.4.4
properties: properties:
gitlab: autoNamespaceCreationForDomains: true
host: nmaas-gitlab-webservice-default
sso: sso:
encrpytionSecret: encrpytionSecret:
literal: saamn literal: saamn
adminEmail: noreply@nmaas.local adminEmail: noreply@nmaas.local
appInstanceFailureEmailList: noreply@nmaas.local
k8s: k8s:
ingress: ingress:
certificate: certificate:
issuerOrWildcardName: <EXISTING_OR_DUMMY_TLS_SECRET_NAME> issuerOrWildcardName: <EXISTING_OR_DUMMY_TLS_SECRET_NAME>
controller: controller:
ingressClass: public ingressClass: nmaas
publicIngresClass: public publicIngresClass: nmaas
publicServiceDomain: nmaas.<INGRESS_IP>.nip.io publicServiceDomain: nmaas.<INGRESS_IP>.nip.io
externalServiceDomain: nmaas.<INGRESS_IP>.nip.io externalServiceDomain: nmaas.<INGRESS_IP>.nip.io
portal:
image:
tag: 1.4.4-SNAPSHOT
janitor:
image:
tag: 1.4.4
properties:
gitlabToken:
literal: <GITLAB_ACCESS_TOKEN>
gitlabApiUrl: http://nmaas-gitlab-webservice-default:8181/api/v4
``` ```
Once the values.yaml file has been customized, nmaas can be deployed by executing: Once the values.yaml file has been customized, nmaas can be deployed by executing:
```bash ```bash
helm repo add nmaas https://artifactory.software.geant.org/artifactory/nmaas-helm helm repo add nmaas https://artifactory.software.geant.org/artifactory/nmaas-helm
helm install -f nmaas-values.yaml --namespace nmaas-system nmaas --version 1.1.2 nmaas/nmaas helm install -f nmaas-values.yaml --namespace nmaas-system nmaas --version 1.2.11 nmaas/nmaas
``` ```
nmaas also requires an the stakater autoreloader component, which can simply be installed using the commands below. This component takes care of restarting the affected pods whenever a configuration change is submitted via GitLab. nmaas also requires an the stakater autoreloader component, which can simply be installed using the commands below. This component takes care of restarting the affected pods whenever a configuration change is submitted via GitLab.
... ...
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment