This is the Experimental version (Latest). It is under active development and may change. For the most reliable documentation, use the version selector in the top-right to switch to Stable, or click here to go to the Stable version's homepage.

Opstella Installation Overview

อัพเดทล่าสุด: 2 มี.ค. 2569

เนื้อหานี้ยังไม่มีในภาษาของคุณ

Opstella will be on 🟢 Management Kubernetes Cluster.

Certain Services will be installed across Kuberenetes Clusters

🟢 Management Kubernetes Cluster
🟦 Non-Production Workload Kubernetes Cluster
🟥 Production Workload Kubernetes Cluster

Application Dependencies

📦PostgreSQL SQL Database
📦Redis Pub/Sub Service and In-Memory Cache
📦Dapr Microservices Backing Service

Prerequisites

🔑 Google Service Account Key (JSON)
- Download the JSON key file provided by Opstella Support.
- This key will be used to authenticate with Google Artifact Registry.
🔑Pull Credentials from Registry (Harbor, For Air-Gapped Environment).
- See on Create Robot Account for Opstella Services Deployment

Summary

Opstella compose of multiple services which can be summarise by the following

No.	Tool	Description	Kubernetes Namespace	Kubernetes Cluster
1.	PostgreSQL	Database Service	`opstella-system`	`🟢 Management`
2.	Redis	Pub/Sub Service and In-Memory Cache	`opstella-system`	`🟢 Management`
3.	Dapr	Opstella Platform Microservices Backing Service	`dapr-system`	`🟢 Management`
4.	Dapr Configuration	Configuration for Opstella Platform	`opstella-system`	`🟢 Management`
5.	Opstella UI	Frontend Service	`opstella-system`	`🟢 Management`
6.	Opstella Core	Backend Service	`opstella-system`	`🟢 Management`
7.	Opstella Clear Session	Microservice - Clear User Session with Single Sign-On Process	`opstella-system`	`🟢 Management` `🟢 Management` `🟦 Non-Production Workload` `🟥 Production Workload`
8.	Opstella Worker-GitLab	Microservice - GitLab Management	`opstella-system`	`🟢 Management`
9.	Opstella Worker-Grafana	Microservice - Grafana Management	`opstella-system`	`🟢 Management`
10.	Opstella Worker-Harbor	Microservice - Harbor Management	`opstella-system`	`🟢 Management`
11.	Opstella Worker-Kubernetes	Microservice - Kubernetes Management	`opstella-system`	`🟢 Management`
12.	Opstella Worker-Keycloak	Microservice - Keycloak Management	`opstella-system`	`🟢 Management`
13.	Opstella Worker-Sonarqube	Microservice - Sonarqube Management	`opstella-system`	`🟢 Management`
14.	Opstella Worker-Vault	Microservice - Vault Management	`opstella-system`	`🟢 Management`
15.	Opstella Worker-ArgoCD	Microservice - ArgoCD Management	`opstella-system`	`🟢 Management`
16.	Opstella Worker-DefectDojo	Microservice - DefectDojo Management	`opstella-system`	`🟢 Management`
17.	Opstella Worker-Headlamp	Microservice - Headlamp Management	`opstella-system`	`🟢 Management`
18.	New Opstella Kubernetes Integration (ok8s-integration)	Opstella Kubernetes Integration System	`opstella-system`	`🟢 Management`

Preparation

Create Namespace across Kubernetes Clusters

🟢 Management Kubernetes Cluster

Connect to 🟢 Management Kubernetes Cluster ; i.e w/ Kubeconfig File

Set Kubeconfig File

Ensure you have defined and loaded your Global Shell Variables as described in Shell Variables.
Terminal window
```
source $HOME/opstella-installation/shell-values/kubernetes/management_cluster.vars.sh
```
Create Kubernetes Namespace dapr-system

2.1 Create Kubernetes Namespace
Terminal window
```
kubectl create namespace dapr-system
```
2.2 Add Label for dapr-system namespace for PSA Exception

AS OF SEP 2024: Dapr is not yet fully compliant to PSA restricted profile, and require to make an exception
Terminal window
```
kubectl label namespace/dapr-system pod-security.kubernetes.io/enforce=baseline
kubectl label namespace/dapr-system pod-security.kubernetes.io/enforce-version=latest
```
Create Kubernetes Namespace opstella-system
Terminal window
```
kubectl create namespace opstella-system
```

Create Kubernetes Namespace opstella-shared-runner

4.1 Create Kubernetes Namespace

kubectl create namespace opstella-shared-runner

4.2 Add Label for opstella-shared-runner namespace for PSA Exception

kubectl label namespace/opstella-shared-runner pod-security.kubernetes.io/enforce=privileged
kubectl label namespace/opstella-shared-runner pod-security.kubernetes.io/enforce-version=latest

Create Kubernetes Secret for TLS Certificate in Namespace opstella-system, before you proceed (if you not have it done).

🟢 Management Kubernetes Cluster

Connect to 🟢 Management Kubernetes Cluster ; i.e w/ Kubeconfig File

Ensure you have defined and loaded your Global Shell Variables as described in Shell Variables.
Terminal window
```
source $HOME/opstella-installation/shell-values/kubernetes/management_cluster.vars.sh
```
Create Kubernetes Namespace opstella-system
Terminal window
```
kubectl create namespace opstella-system
```

🟦 Non-Production Workload Kubernetes Cluster

Connect to 🟦 Non-Production Workload Kubernetes Cluster ; i.e w/ Kubeconfig File

Ensure you have defined and loaded your Global Shell Variables as described in Shell Variables.
Terminal window
```
source $HOME/opstella-installation/shell-values/kubernetes/nonprod_cluster.vars.sh
```
Create Kubernetes Namespace opstella-system
Terminal window
```
kubectl create namespace opstella-system
```

🟥 Production Workload Kubernetes Cluster

Connect to 🟥 Production Workload Kubernetes Cluster ; i.e w/ Kubeconfig File

Ensure you have defined and loaded your Global Shell Variables as described in Shell Variables.
Terminal window
```
source $HOME/opstella-installation/shell-values/kubernetes/prod_cluster.vars.sh
```
Create Kubernetes Namespace opstella-system
Terminal window
```
kubectl create namespace opstella-system
```

Finished?

Use the below navigation to proceed

ก่อนหน้า
Grafana Tempo Installation ถัดไป
PostgreSQL Installation