Opstella Kubernetes Integration Installation

🟢 Management

Opstella Kubernetes Integration (ok8s-integration) is a Service for Opstella to perform Licensing System and Usages Collection.

Application Dependencies

📦PostgreSQL-based Datastore ; Deploy external/dedicated instance of Database

Preparation

Kubernetes Cluster Preparation

Connect to 🟢 Management Kubernetes Cluster ; i.e w/ Kubeconfig File

Ensure you have defined and loaded your Global Shell Variables as described in Shell Variables.
Terminal window
```
source $HOME/opstella-installation/shell-values/kubernetes/management_cluster.vars.sh
```
Terminal window
```
export KUBECONFIG="$HOME/opstella-installation/kubeconfigs/management_cluster.yaml"
```
Prepare 🟢 Management Kubernetes Cluster Information

Ensure K8S_INTERNAL_DOMAIN, K8S_INGRESSCLASS_NAME, K8S_STORAGECLASS_NAME are defined as per the Shell Variables guide.

Opstella Kubernetes Integration Datastore Preparation

Create PostgreSQL Initial Admin Credentials with Kubernetes Secret
- Username: postgres (Default Admin of PostgreSQL)
- Password: CHANGEME ; NOTE: Only Allowed Special Characters are !-_=+?@
```
export OK8S_INTGR_POSTGRES_SUPERUSER_PASSWORD="CHANGEME"
export OK8S_INTGR_POSTGRES_USER_PASSWORD="CHANGEME"
```

Provision PostgreSQL for Opstella Kubernetes Integration Datastore

The following manifest defines the entire PostgreSQL system using CloudNativePG, including credentials and the cluster.

cat <<EOF > $HOME/opstella-installation/kubernetes-manifests/ok8s-integration-postgres.yaml
---
# Postgres Superuser (root) Credentials
apiVersion: v1
kind: Secret
type: kubernetes.io/basic-auth
metadata:
  name: ok8s-integration-postgres-superuser
  namespace: opstella-system
stringData:
  username: postgres
  password: "${OK8S_INTGR_POSTGRES_SUPERUSER_PASSWORD}"
---
# ok8s-integration Application User Credentials
apiVersion: v1
kind: Secret
type: kubernetes.io/basic-auth
metadata:
  name: ok8s-integration-postgres-user
  namespace: opstella-system
stringData:
  username: ok8s_intergration_user
  password: "${OK8S_INTGR_POSTGRES_USER_PASSWORD}"
---
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
  name: ok8s-integration-postgres
  namespace: opstella-system
  labels:
    app.kubernetes.io/name: ok8s-integration-postgres
    app.kubernetes.io/part-of: opstella-platform
spec:
  instances: 1

  # Image configuration (Postgres 15)
  imageName: ghcr.io/cloudnative-pg/postgresql:15

  # Storage Configuration
  storage:
    size: 2Gi
    storageClass: "${K8S_STORAGECLASS_NAME}"

  walStorage:
    size: 1Gi
    storageClass: "${K8S_STORAGECLASS_NAME}"

  # Bootstrap Configuration
  bootstrap:
    initdb:
      database: ok8s_intergration
      owner: ok8s_intergration_user
      # Secret containing password for the Application User
      secret:
        name: ok8s-integration-postgres-user

  # Superuser credentials (root/postgres)
  superuserSecret:
    name: ok8s-integration-postgres-superuser

  # Monitoring (disabled for now)
  monitoring:
    enablePodMonitor: false

  # Resources
  resources:
    requests:
      memory: "128Mi"
      cpu: "100m"
    limits:
      memory: "512Mi"
      cpu: "500m"

EOF

Apply the configuration:

kubectl apply -f ok8s-integration-postgres.yaml

💡 Should return secret/ok8s-integration-postgres-superuser, secret/ok8s-integration-postgres-user, and cluster.postgresql.cnpg.io/ok8s-integration-postgres created messages.

Opstella Kubernetes Integration Preparation

Prepare Helm Values Configurations.
- image.repository, image.tag : Set your Opstella Kubernetes Integration Container Image Location, Version
  - Online Installation
  - Air-gapped / Local Registry
  export OPSTELLA_REGISTRY="asia-southeast1-docker.pkg.dev/opstella/platform/core-license"
  Ensure HARBOR_DOMAIN is defined as per the Shell Variables guide.
  export OPSTELLA_REGISTRY="${HARBOR_DOMAIN}/opstella-platform/core-license"
```
export OPSTELLA_OK8S_VERSION="vX.Y.Z"
```
- Datastore for Opstella Kubernetes Integration Information
  
  (DO NOT CHANGE, unless you understand what it is.)
```
export OK8S_INTGR_DATASTORE_HOST="ok8s-integration-postgres-rw.opstella-system.svc"
export OK8S_INTGR_DATASTORE_PORT="5432"
export OK8S_INTGR_DATASTORE_DB_NAME="ok8s_intergration"
export OK8S_INTGR_DATASTORE_USERNAME="ok8s_intergration_user"
export OK8S_INTGR_DATASTORE_PASSWORD="${OK8S_INTGR_POSTGRES_USER_PASSWORD}"
```
- Opstella Core Kubernetes Namespace
  
  (DO NOT CHANGE, unless you understand what it is.)
```
export OK8S_INTGR_OPSTELLA_SYSTEM_NAMESPACE="opstella-system"
```

Create Helm Values Configuration.

cat <<EOF > $HOME/opstella-installation/helm-values/ok8s-integration-full-values.yaml
image:
  repository: ${OPSTELLA_REGISTRY}
  tag: ${OPSTELLA_OK8S_VERSION}
  pullPolicy: Always

resources: {}

imagePullSecrets:
  - registry-secret

podAnnotations:
  dapr.io/enabled: "true"
  dapr.io/app-id: "core-license"
  dapr.io/app-port: "3000"
  dapr.io/enable-api-logging: "true"
  dapr.io/config: "config"
  dapr.io/sidecar-seccomp-profile-type: "RuntimeDefault"

containerPort: 3000

vars:
  INVOKE_URL: http://localhost:3500/v1.0/invoke/opstella-core.${OK8S_INTGR_OPSTELLA_SYSTEM_NAMESPACE}/method
  DB_HOST: "${OK8S_INTGR_DATASTORE_HOST}"
  DB_PORT: "${OK8S_INTGR_DATASTORE_PORT}"
  DB_NAME: "${OK8S_INTGR_DATASTORE_DB_NAME}"
  DB_USERNAME: "${OK8S_INTGR_DATASTORE_USERNAME}"
  DB_PASSWORD: "${OK8S_INTGR_DATASTORE_PASSWORD}"

## ReadinessProbe
probe:
  enabled: true
  path: "/"
  settings:
    initialDelaySeconds: 10
    periodSeconds: 60
    successThreshold: 1
    timeoutSeconds: 3
    failureThreshold: 3

# Before you use a liveness probe: https://srcco.de/posts/kubernetes-liveness-probes-are-dangerous.html
livenessProbe:
  enabled: true
  path: "/healthcheck"
  settings:
    initialDelaySeconds: 30
    periodSeconds: 60
    successThreshold: 1
    timeoutSeconds: 3
    failureThreshold: 3

volumes:
  - name: ok8s-integration-info
    existingSecret: ok8s-integration-info
    path: /app/config

podSecurityContext:
  fsGroup: 1000

securityContext:
  seccompProfile:
    type: RuntimeDefault
  capabilities:
    drop: ["ALL"]
  runAsNonRoot: true
  privileged: false
  allowPrivilegeEscalation: false
  runAsGroup: 1000
  runAsUser: 1000

EOF

Install Dapr Components CRDs

Create Cron Bindings

kubectl apply --namespace opstella-system -f - <<EOF
apiVersion: dapr.io/v1alpha1
kind: Component
spec:
  type: bindings.cron
  version: v1
  metadata:
    - name: schedule
      value: "5 * * * *"
    - name: route
      value: "/api/collect-data"
    - name: method
      value: POST
scopes:
  - core-license
metadata:
  name: cronjob-collect-data
EOF

Installation

Install Opstella Kubernetes Integration.

Install Helm Release using onechart Helm Chart with specific Helm Chart Version --version 0.73.0

helm upgrade --install ok8s-integration \
  oci://ghcr.io/gimlet-io/onechart --version 0.73.0 \
  --namespace opstella-system \
  -f $HOME/opstella-installation/helm-values/ok8s-integration-full-values.yaml

Post-Installation

Opstella Kubernetes Integration Testing

Get Pod Status - Opstella Kubernetes Integration and its Datastore Service

kubectl get pods -n opstella-system

Opstella Kubernetes Integration and its Datastore Service should be Running

NAME                                READY   STATUS    RESTARTS   AGE
... (deducted)
ok8s-integration-XXXXXXX-YYYYY      1/1     Running   0          XdXh
ok8s-integration-postgres-1         1/1     Running   0          XdXh

Finished?

Use the below navigation to proceed

Previous
Opstella Workers Next
Installation