Opstella Kubernetes Integration Installation

🟢 Management

Opstella Kubernetes Integration (ok8s-integration) is a Service for Opstella to perform Licensing System and Usages Collection.

Application Dependencies

• 📦PostgreSQL-based Datastore ; Deploy external/dedicated instance of Database

Preparation

Kubernetes Cluster Preparation

1. Connect to 🟢 Management Kubernetes Cluster ; i.e w/ Kubeconfig File

   Ensure you have defined and loaded your Global Shell Variables as described in Shell Variables.

   source $HOME/opstella-installation/shell-values/kubernetes/management_cluster.vars.sh

   export KUBECONFIG="$HOME/opstella-installation/kubeconfigs/management_cluster.yaml"

2. Prepare 🟢 Management Kubernetes Cluster Information

   Ensure K8S_INTERNAL_DOMAIN, K8S_INGRESSCLASS_NAME, K8S_STORAGECLASS_NAME are defined as per the Shell Variables guide.

---

Opstella Kubernetes Integration Datastore Preparation

1. Create PostgreSQL Initial Admin Credentials with Kubernetes Secret

   • Username: postgres (Default Admin of PostgreSQL)
   • Password: CHANGEME ; NOTE: Only Allowed Special Characters are !-_=+?@

   export OK8S_INTGR_POSTGRES_SUPERUSER_PASSWORD="CHANGEME"
   export OK8S_INTGR_POSTGRES_USER_PASSWORD="CHANGEME"

2. Provision PostgreSQL for Opstella Kubernetes Integration Datastore

   The following manifest defines the entire PostgreSQL system using CloudNativePG, including credentials and the cluster.

   cat <<EOF > $HOME/opstella-installation/kubernetes-manifests/ok8s-integration-postgres.yaml
   ---
   # Postgres Superuser (root) Credentials
   apiVersion: v1
   kind: Secret
   type: kubernetes.io/basic-auth
   metadata:
     name: ok8s-integration-postgres-superuser
     namespace: opstella-system
   stringData:
     username: postgres
     password: "${OK8S_INTGR_POSTGRES_SUPERUSER_PASSWORD}"
   ---
   # ok8s-integration Application User Credentials
   apiVersion: v1
   kind: Secret
   type: kubernetes.io/basic-auth
   metadata:
     name: ok8s-integration-postgres-user
     namespace: opstella-system
   stringData:
     username: ok8s_intergration_user
     password: "${OK8S_INTGR_POSTGRES_USER_PASSWORD}"
   ---
   apiVersion: postgresql.cnpg.io/v1
   kind: Cluster
   metadata:
     name: ok8s-integration-postgres
     namespace: opstella-system
     labels:
       app.kubernetes.io/name: ok8s-integration-postgres
       app.kubernetes.io/part-of: opstella-platform
   spec:
     instances: 1
   
     # Image configuration (Postgres 15)
     imageName: ghcr.io/cloudnative-pg/postgresql:15
   
     # Storage Configuration
     storage:
       size: 2Gi
       storageClass: "${K8S_STORAGECLASS_NAME}"
   
     walStorage:
       size: 1Gi
       storageClass: "${K8S_STORAGECLASS_NAME}"
   
     # Bootstrap Configuration
     bootstrap:
       initdb:
         database: ok8s_intergration
         owner: ok8s_intergration_user
         # Secret containing password for the Application User
         secret:
           name: ok8s-integration-postgres-user
   
     # Superuser credentials (root/postgres)
     superuserSecret:
       name: ok8s-integration-postgres-superuser
   
     # Monitoring (disabled for now)
     monitoring:
       enablePodMonitor: false
   
     # Resources
     resources:
       requests:
         memory: "128Mi"
         cpu: "100m"
       limits:
         memory: "512Mi"
         cpu: "500m"
   
   EOF

   Apply the configuration:

   kubectl apply -f ok8s-integration-postgres.yaml

   💡 Should return secret/ok8s-integration-postgres-superuser, secret/ok8s-integration-postgres-user, and cluster.postgresql.cnpg.io/ok8s-integration-postgres created messages.

---

Opstella Kubernetes Integration Preparation

1. Prepare Helm Values Configurations.

   • image.repository, image.tag : Set your Opstella Kubernetes Integration Container Image Location, Version

     Online Installation

     export OPSTELLA_REGISTRY="asia-southeast1-docker.pkg.dev/opstella/platform/core-license"

     Air-gapped / Local Registry

     Note

     Ensure HARBOR_DOMAIN is defined as per the Shell Variables guide.

     export OPSTELLA_REGISTRY="${HARBOR_DOMAIN}/opstella-platform/core-license"

     export OPSTELLA_OK8S_VERSION="vX.Y.Z"

   • Datastore for Opstella Kubernetes Integration Information

     (DO NOT CHANGE, unless you understand what it is.)

     export OK8S_INTGR_DATASTORE_HOST="ok8s-integration-postgres-rw.opstella-system.svc"
     export OK8S_INTGR_DATASTORE_PORT="5432"
     export OK8S_INTGR_DATASTORE_DB_NAME="ok8s_intergration"
     export OK8S_INTGR_DATASTORE_USERNAME="ok8s_intergration_user"
     export OK8S_INTGR_DATASTORE_PASSWORD="${OK8S_INTGR_POSTGRES_USER_PASSWORD}"

   • Opstella Core Kubernetes Namespace

     (DO NOT CHANGE, unless you understand what it is.)

     export OK8S_INTGR_OPSTELLA_SYSTEM_NAMESPACE="opstella-system"

2. Create Helm Values Configuration.

   cat <<EOF > $HOME/opstella-installation/helm-values/ok8s-integration-full-values.yaml
   image:
     repository: ${OPSTELLA_REGISTRY}
     tag: ${OPSTELLA_OK8S_VERSION}
     pullPolicy: Always
   
   resources: {}
   
   imagePullSecrets:
     - registry-secret
   
   podAnnotations:
     dapr.io/enabled: "true"
     dapr.io/app-id: "core-license"
     dapr.io/app-port: "3000"
     dapr.io/enable-api-logging: "true"
     dapr.io/config: "config"
     dapr.io/sidecar-seccomp-profile-type: "RuntimeDefault"
   
   containerPort: 3000
   
   vars:
     INVOKE_URL: http://localhost:3500/v1.0/invoke/opstella-core.${OK8S_INTGR_OPSTELLA_SYSTEM_NAMESPACE}/method
     DB_HOST: "${OK8S_INTGR_DATASTORE_HOST}"
     DB_PORT: "${OK8S_INTGR_DATASTORE_PORT}"
     DB_NAME: "${OK8S_INTGR_DATASTORE_DB_NAME}"
     DB_USERNAME: "${OK8S_INTGR_DATASTORE_USERNAME}"
     DB_PASSWORD: "${OK8S_INTGR_DATASTORE_PASSWORD}"
   
   ## ReadinessProbe
   probe:
     enabled: true
     path: "/"
     settings:
       initialDelaySeconds: 10
       periodSeconds: 60
       successThreshold: 1
       timeoutSeconds: 3
       failureThreshold: 3
   
   # Before you use a liveness probe: https://srcco.de/posts/kubernetes-liveness-probes-are-dangerous.html
   livenessProbe:
     enabled: true
     path: "/healthcheck"
     settings:
       initialDelaySeconds: 30
       periodSeconds: 60
       successThreshold: 1
       timeoutSeconds: 3
       failureThreshold: 3
   
   volumes:
     - name: ok8s-integration-info
       existingSecret: ok8s-integration-info
       path: /app/config
   
   podSecurityContext:
     fsGroup: 1000
   
   securityContext:
     seccompProfile:
       type: RuntimeDefault
     capabilities:
       drop: ["ALL"]
     runAsNonRoot: true
     privileged: false
     allowPrivilegeEscalation: false
     runAsGroup: 1000
     runAsUser: 1000
   
   EOF

Install Dapr Components CRDs

1. Create Cron Bindings

   kubectl apply --namespace opstella-system -f - <<EOF
   apiVersion: dapr.io/v1alpha1
   kind: Component
   spec:
     type: bindings.cron
     version: v1
     metadata:
       - name: schedule
         value: "5 * * * *"
       - name: route
         value: "/api/collect-data"
       - name: method
         value: POST
   scopes:
     - core-license
   metadata:
     name: cronjob-collect-data
   EOF

Installation

1. Install Opstella Kubernetes Integration.

   Install Helm Release using onechart Helm Chart with specific Helm Chart Version --version 0.73.0

   helm upgrade --install ok8s-integration \
     oci://ghcr.io/gimlet-io/onechart --version 0.73.0 \
     --namespace opstella-system \
     -f $HOME/opstella-installation/helm-values/ok8s-integration-full-values.yaml

Post-Installation

Opstella Kubernetes Integration Testing

1. Get Pod Status - Opstella Kubernetes Integration and its Datastore Service

   kubectl get pods -n opstella-system

   Opstella Kubernetes Integration and its Datastore Service should be Running

   NAME                                READY   STATUS    RESTARTS   AGE
   ... (deducted)
   ok8s-integration-XXXXXXX-YYYYY      1/1     Running   0          XdXh
   ok8s-integration-postgres-1         1/1     Running   0          XdXh