This is the Experimental version (Latest). It is under active development and may change. For the most reliable documentation, use the version selector in the top-right to switch to Stable, or click here to go to the Stable version's homepage.
Opstella Clear Session Utility Installation
Last updated:
🟢 Management 🟦 Non-Production Workload 🟥 Production Workload
Opstella Clear Session Utility is a Service in Opstella that facilitate Single Sign-On operations.
Prerequisites
Section titled “Prerequisites”- 🛡️TLS Certificate for Opstella Clear Session Utility
- Opstella Clear Session Utility will be exposed through Web with HTTPS.
Preparation
Section titled “Preparation”Kubernetes Cluster Preparation
Section titled “Kubernetes Cluster Preparation”🟢 Management Kubernetes Cluster
Section titled “🟢 Management Kubernetes Cluster”-
Connect to
🟢 ManagementKubernetes Cluster ; i.e w/ Kubeconfig FileEnsure you have defined and loaded your Global Shell Variables as described in Shell Variables.
Terminal window source $BASE_WORKING_DIR/shell-values/kubernetes/management_cluster.vars.sh -
Prepare
🟢 ManagementKubernetes Cluster InformationEnsure
K8S_INGRESSCLASS_NAME,K8S_INGRESS_TLS_CERTIFICATE_SECRET_NAME,BASE_DOMAIN,OPSTELLA_UI_DOMAINare defined as per the Shell Variables guide.
🟦 Non-Production Workload Kubernetes Cluster
Section titled “🟦 Non-Production Workload Kubernetes Cluster”-
Connect to
🟦 Non-Production WorkloadKubernetes Cluster ; i.e w/ Kubeconfig FileEnsure you have defined and loaded your Global Shell Variables as described in Shell Variables.
Terminal window source $BASE_WORKING_DIR/shell-values/kubernetes/nonprod_cluster.vars.sh -
Prepare
🟦 Non-Production WorkloadKubernetes Cluster InformationEnsure
K8S_INGRESSCLASS_NAME,K8S_INGRESS_TLS_CERTIFICATE_SECRET_NAME,BASE_DOMAIN,ARGOCD_DOMAIN,HEADLAMP_DOMAINare defined as per the Shell Variables guide.
🟥 Production Workload Kubernetes Cluster
Section titled “🟥 Production Workload Kubernetes Cluster”-
Connect to
🟥 Production WorkloadKubernetes Cluster ; i.e w/ Kubeconfig FileEnsure you have defined and loaded your Global Shell Variables as described in Shell Variables.
Terminal window source $BASE_WORKING_DIR/shell-values/kubernetes/prod_cluster.vars.sh -
Prepare
🟥 Production WorkloadKubernetes Cluster InformationEnsure
K8S_INGRESSCLASS_NAME,K8S_INGRESS_TLS_CERTIFICATE_SECRET_NAME,BASE_DOMAIN,ARGOCD_DOMAIN,HEADLAMP_DOMAINare defined as per the Shell Variables guide.
Opstella Platform Clear Session Utility Preparation
Section titled “Opstella Platform Clear Session Utility Preparation”-
Prepare Helm Values Configurations for Common Configurations
-
image.repository,image.tag: Set your Opstella Platform Container Image Location, Version(Ensure
OPSTELLA_REGISTRYis loaded from variables)(Ensure
OPSTELLA_REGISTRYis loaded from variables)(Ensure
OPSTELLA_CLEAR_SESSION_VERSION,OPSTELLA_UI_DOMAIN, andOPSTELLA_CLEAR_SESSION_ALLOWED_ORIGINSare loaded from variables)
-
-
Prepare Helm Values Configurations for
🟢 ManagementKuberenetes ClusterEnsure
K8S_INGRESS_TLS_CERTIFICATE_SECRET_NAME,K8S_INGRESSCLASS_NAME,GITLAB_DOMAIN,HARBOR_DOMAIN,SONARQUBE_DOMAIN,DEFECTDOJO_DOMAIN,VAULT_DOMAIN,OPSTELLA_UI_DOMAINare defined as per the Shell Variables guide.2.1 Prepare Domains on
🟢 ManagementKubernetes ClusterOPSTELLA_CLEAR_SESSION_DOMAIN: Set your Domain for Opstella Platform Clear Session
(Ensure
OPSTELLA_CLEAR_SESSION_DOMAINis loaded from variables)2.3 Create Helm Values Configurations
Terminal window cat <<EOF > $BASE_WORKING_DIR/helm-values/opstella-clear-session-devsecops-full-values.yamlimage:repository: ${OPSTELLA_CLEAR_SESSION_IMAGE_REPOSITORY}tag: ${OPSTELLA_CLEAR_SESSION_IMAGE_TAG}pullPolicy: AlwaysnameOverride: opstella-clear-sessionfullnameOverride: opstella-clear-sessionimagePullSecrets:- name: registry-secretserviceAccount:name:ingress:enabled: trueclassName: ${K8S_INGRESSCLASS_NAME}annotations:nginx.ingress.kubernetes.io/rewrite-target: /\$2hosts:- host: ${OPSTELLA_CLEAR_SESSION_DOMAIN}paths:- path: /pathType: ImplementationSpecific- host: ${OPSTELLA_UI_DOMAIN}paths:- path: /clear-session(/|$)(.*)pathType: ImplementationSpecific- host: ${GITLAB_DOMAIN}paths:- path: /clear-session(/|$)(.*)pathType: ImplementationSpecific- host: ${HARBOR_DOMAIN}paths:- path: /clear-session(/|$)(.*)pathType: ImplementationSpecific- host: ${SONARQUBE_DOMAIN}paths:- path: /clear-session(/|$)(.*)pathType: ImplementationSpecific- host: ${VAULT_DOMAIN}paths:- path: /clear-session(/|$)(.*)pathType: ImplementationSpecific- host: ${DEFECTDOJO_DOMAIN}paths:- path: /clear-session(/|$)(.*)pathType: ImplementationSpecifictls:- secretName: ${K8S_INGRESS_TLS_CERTIFICATE_SECRET_NAME}hosts:- ${OPSTELLA_CLEAR_SESSION_DOMAIN}- ${OPSTELLA_UI_DOMAIN}- ${GITLAB_DOMAIN}- ${HARBOR_DOMAIN}- ${SONARQUBE_DOMAIN}- ${VAULT_DOMAIN}- ${DEFECTDOJO_DOMAIN}containerPorts: 8000env:- name: URL_ORIGINvalue: '[${OPSTELLA_CLEAR_SESSION_ALLOWED_ORIGINS}]'podSecurityContext:fsGroup: 1000securityContext:seccompProfile:type: RuntimeDefaultcapabilities:drop: ["ALL"]runAsNonRoot: trueprivileged: falseallowPrivilegeEscalation: falserunAsGroup: 1000runAsUser: 1000EOF -
Prepare Helm Values Configurations for
🟢 ManagementKuberenetes ClusterEnsure
K8S_INGRESS_TLS_CERTIFICATE_SECRET_NAME,K8S_INGRESSCLASS_NAME,GRAFANA_DASHBOARD_DOMAINare defined as per the Shell Variables guide.3.3 Create Helm Values Configurations
Terminal window cat <<EOF > $BASE_WORKING_DIR/helm-values/opstella-clear-session-observability-full-values.yamlimage:repository: ${OPSTELLA_REGISTRY}tag: ${OPSTELLA_CLEAR_SESSION_VERSION}pullPolicy: AlwaysnameOverride: opstella-clear-sessionfullnameOverride: opstella-clear-sessionimagePullSecrets:- name: registry-secretserviceAccount:name:ingress:enabled: trueclassName: ${K8S_INGRESSCLASS_NAME}annotations:nginx.ingress.kubernetes.io/rewrite-target: /\$2hosts:- host: ${GRAFANA_DASHBOARD_DOMAIN}paths:- path: /clear-session(/|$)(.*)pathType: ImplementationSpecifictls:- secretName: ${K8S_INGRESS_TLS_CERTIFICATE_SECRET_NAME}hosts:- ${GRAFANA_DASHBOARD_DOMAIN}containerPorts: 8000env:- name: URL_ORIGINvalue: '[${OPSTELLA_CLEAR_SESSION_ALLOWED_ORIGINS}]'podSecurityContext:fsGroup: 1000securityContext:seccompProfile:type: RuntimeDefaultcapabilities:drop: ["ALL"]runAsNonRoot: trueprivileged: falseallowPrivilegeEscalation: falserunAsGroup: 1000runAsUser: 1000EOF -
Prepare Helm Values Configurations for
🟦 Non-Production WorkloadKuberenetes ClusterEnsure
K8S_INGRESS_TLS_CERTIFICATE_SECRET_NAME,K8S_INGRESSCLASS_NAME,ARGOCD_DOMAIN,HEADLAMP_DOMAINare defined as per the Shell Variables guide.4.3 Create Helm Values Configurations
Terminal window cat <<EOF > $BASE_WORKING_DIR/helm-values/opstella-clear-session-nonprod-full-values.yamlimage:repository: ${OPSTELLA_REGISTRY}tag: ${OPSTELLA_CLEAR_SESSION_VERSION}pullPolicy: AlwaysnameOverride: opstella-clear-sessionfullnameOverride: opstella-clear-sessionimagePullSecrets:- name: registry-secretserviceAccount:name:ingress:enabled: trueclassName: ${K8S_INGRESSCLASS_NAME}annotations:nginx.ingress.kubernetes.io/rewrite-target: /\$2hosts:- host: ${ARGOCD_DOMAIN}paths:- path: /clear-session(/|$)(.*)pathType: ImplementationSpecific- host: ${HEADLAMP_DOMAIN}paths:- path: /clear-session(/|$)(.*)pathType: ImplementationSpecifictls:- secretName: ${K8S_INGRESS_TLS_CERTIFICATE_SECRET_NAME}hosts:- ${ARGOCD_DOMAIN}- ${HEADLAMP_DOMAIN}containerPorts: 8000env:- name: URL_ORIGINvalue: '[${OPSTELLA_CLEAR_SESSION_ALLOWED_ORIGINS}]'podSecurityContext:fsGroup: 1000securityContext:seccompProfile:type: RuntimeDefaultcapabilities:drop: ["ALL"]runAsNonRoot: trueprivileged: falseallowPrivilegeEscalation: falserunAsGroup: 1000runAsUser: 1000EOF -
Prepare Helm Values Configurations for
🟥 Production WorkloadKuberenetes ClusterEnsure
K8S_INGRESS_TLS_CERTIFICATE_SECRET_NAME,K8S_INGRESSCLASS_NAME,ARGOCD_DOMAIN,HEADLAMP_DOMAINare defined as per the Shell Variables guide.5.3 Create Helm Values Configurations
Terminal window cat <<EOF > $BASE_WORKING_DIR/helm-values/opstella-clear-session-prod-full-values.yamlimage:repository: ${OPSTELLA_REGISTRY}tag: ${OPSTELLA_CLEAR_SESSION_VERSION}pullPolicy: AlwaysnameOverride: opstella-clear-sessionfullnameOverride: opstella-clear-sessionimagePullSecrets:- name: registry-secretserviceAccount:name:ingress:enabled: trueclassName: ${K8S_INGRESSCLASS_NAME}annotations:nginx.ingress.kubernetes.io/rewrite-target: /\$2hosts:- host: ${ARGOCD_DOMAIN}paths:- path: /clear-session(/|$)(.*)pathType: ImplementationSpecific- host: ${HEADLAMP_DOMAIN}paths:- path: /clear-session(/|$)(.*)pathType: ImplementationSpecifictls:- secretName: ${K8S_INGRESS_TLS_CERTIFICATE_SECRET_NAME}hosts:- ${ARGOCD_DOMAIN}- ${HEADLAMP_DOMAIN}containerPorts: 8000env:- name: URL_ORIGINvalue: '[${OPSTELLA_CLEAR_SESSION_ALLOWED_ORIGINS}]'podSecurityContext:fsGroup: 1000securityContext:seccompProfile:type: RuntimeDefaultcapabilities:drop: ["ALL"]runAsNonRoot: trueprivileged: falseallowPrivilegeEscalation: falserunAsGroup: 1000runAsUser: 1000EOF
Installation
Section titled “Installation”-
Install Opstella Clear Session for
🟢 ManagementKuberenetes Cluster1.1 Connect to
🟢 ManagementKubernetes Cluster ; i.e w/ Kubeconfig FileEnsure you have defined and loaded your Global Shell Variables as described in Shell Variables.
Terminal window source $BASE_WORKING_DIR/shell-values/kubernetes/management_cluster.vars.sh1.2 Install Using local
opstella-platformHelm ChartTerminal window helm upgrade --install clear-session \oci://asia-southeast1-docker.pkg.dev/opstella-dev/opstella-charts/generic-deployment \--version 0.3.15 \--namespace opstella-system \-f $BASE_WORKING_DIR/helm-values/opstella-clear-session-devsecops-full-values.yaml -
Install Opstella Clear Session for
🟦 Non-Production WorkloadKuberenetes Cluster2.1 Connect to
🟦 Non-Production WorkloadKubernetes Cluster ; i.e w/ Kubeconfig FileEnsure you have defined and loaded your Global Shell Variables as described in Shell Variables.
Terminal window source $BASE_WORKING_DIR/shell-values/kubernetes/nonprod_cluster.vars.sh2.2 Install Using local
opstella-platformHelm ChartTerminal window helm upgrade --install clear-session \oci://asia-southeast1-docker.pkg.dev/opstella-dev/opstella-charts/generic-deployment \--version 0.3.15 \--namespace opstella-system \-f $BASE_WORKING_DIR/helm-values/opstella-clear-session-nonprod-full-values.yaml -
Install Opstella Clear Session for
🟥 Production WorkloadKuberenetes Cluster3.1 Connect to
🟥 Production WorkloadKubernetes Cluster ; i.e w/ Kubeconfig FileEnsure you have defined and loaded your Global Shell Variables as described in Shell Variables.
Terminal window source $BASE_WORKING_DIR/shell-values/kubernetes/prod_cluster.vars.sh3.2 Install Using local
opstella-platformHelm ChartTerminal window helm upgrade --install clear-session \oci://asia-southeast1-docker.pkg.dev/opstella-dev/opstella-charts/generic-deployment \--version 0.3.15 \--namespace opstella-system \-f $BASE_WORKING_DIR/helm-values/opstella-clear-session-prod-full-values.yaml
Post-Installation
Section titled “Post-Installation”Opstella Clear Session Testing
Section titled “Opstella Clear Session Testing”-
Get Pod Status - Opstella Clear Session
Terminal window kubectl get pods -n opstella-systemOpstella Clear Session should be
RunningNAME READY STATUS RESTARTS AGE... (deducted)opstella-clear-session-XXXXXXX-YYYYY 1/1 Running 0 XdXh
Finished?
Use the below navigation to proceed