Private Kubernetes Cluster using Helm
This document is aimed at helping the user to deploy OpenIAM in a private Kubernetes Cluster. You should use this type of deployment when you are deploying to a platform other than AWS, Azure or Google Cloud.
Setting up the environment
Make sure to point your
kubectlconfig to the correct cluster.
See the following guide for more information on how to do that.Set the private-specific variables in
terraform.tfvars.
| Variable Name | Required | Default Value | Description |
|---|---|---|---|
| database.root.password | Y | The root username to the database. | |
| database.helm.port | Y | The database port. Set this only if you are managing your own database. | |
| N | Set this, if you are using OpenIAM's MariaDB/Postgres helm templates. | ||
| database.helm.host | Y | The database port. Set this only if you are managing your own database. | |
| N | Set this, if you are using OpenIAM's MariaDB/Postgres helm templates. | ||
| database.helm.replicas | Y | Number of replicas of MariaDB or Postgres database to use. | |
| elasticsearch.helm.esJavaOpts | Y | -Xmx1536m -Xms1536m | ES Java arguments. |
| elasticsearch.helm.replicas | Y | 1 | Number of Elasticsearch replicas. |
| elasticsearch.helm.storageSize | N | 30Gi | The amount of storage allocated to the Elasticsearch PVC. |
| kibana.helm.replicas | Y | 1 | Number of Kibana replicas. |
| kibana.helm.enabled | Y | true | If set to 'false', Kibana will not deploy. |
| metricbeat.helm.replicas | Y | 1 | Number of MetricBeat replicas. |
| metricbeat.helm.enabled | Y | true | If set to false, Metricbeat will not deploy. |
| filebeat.helm.replicas | Y | 1 | Number of FileBeat replicas. |
| filebeat.helm.enabled | Y | true | If set to false, FileBeat will not deploy. |
| gremlin.helm.replicas | Y | 1 | Number of JanusGraph replicas. |
| gremlin.helm.zookeeperReplicas | Y | 1 | Number of ZooKeeper replicas. |
| gremlin.helm.hbase.replicas | Y | 1 | Number of HBase replicas. |
Using a non-NFS and non-longhorn block storage system
Ensure that in your private Kubernetes cluster, you have a block storage system installed, such as longhorn. If you are deploying to AWS EKS, Google GCE, Azure, Own Rancher + Longhorn Kubernetes cluster, this will already be built-into the Kubernetes cluster, and you will not have to do anything. However, for private Kubernetes clusters, for using with another block storage system (not nfs, not longhorn), you will need to perform this step.
By default, OpenIAM deploys nfs as part of the Kubernetes stack or uses longhorn (depends on which case you choose in setup.sh script). This will not work if you have your own block storage system installed. Below, there is an example of the steps necessary to take, when using yourstorageclass. This can be extrapolated to use with another block storage system.
- Edit
openiam-pvc/values.yaml.
nfs-server-provisioner:replicaCount: 0 # <--- add this linestorageClass:create: false # <-- Change from "true" to "false" since we'll use Longhorn[..]# Replace all storageClassstorageClass: 'nfs'# bystorageClass: 'yourstorageclass'
You will have to run ./setup.sh after making these changes and enter 3 in Please enter your choice: request.
Destroying
Run the destroy command.
terraform destroy # enter 'yes' when asked to do so
Finally, you will have to delete Terraform's state files, as indicated below.
rm -rf terraform.tfstate*
Update Notes
Updating to 4.2.1.2
In 4.2.1.2 version of OpenIAM we've upgraded Redis. Hence, to upgrade, you will need to perform the steps below.
- Delete the result of:
helm list | grep redis. - Remove terraform module:
terraform state rm module.deployment.module.redis.helm_release.redis. - Delete any PVC in the response of:
kubectl get pvc | grep redis.
Another change in place is removing HBase in favour of Cassandra. To apply changes, do the following.
- Delete the result of:
helm list | grep hbase. - Remove terraform module:
terraform state rm module.deployment.module.gremlin.helm_release.hbase. - Delete any PVC in the response of:
kubectl get pvc | grep hbase.