search string side menu

BRIX On-Premises > Prepare infrastructure > Databases / Prepare embedded databases

Prepare embedded databases

For the BRIX On-Premises system to operate, database management systems such as PostgreSQL, MongoDB, Redis, the service bus RabbitMQ, and an S3 compatible object storage are required. This article describes the installation of these databases and S3 storage in a Kubernetes cluster using the  elma365-dbs chart. It's possible to install only the required components from the elma365-dbs, with unused ones being disabled.

The installation consists of four steps:

  1. Downloading the Helm chart and configuration file.
  2. Filling out the configuration file.
  3. Installing the elma365-dbs chart using helm in the Kubernetes cluster.
  4. Connecting to the databases and S3.

Step 1: Downloading the Helm chart and configuration file

To install via the internet, obtain the configuration file values-elma365-dbs.yaml by executing the following command:

helm repo add elma365 https://charts.elma365.tech
helm repo update
helm show values elma365/elma365-dbs > values-elma365-dbs.yaml

Obtaining the configuration file for installation in a closed loop without internet access

First, download the file on a computer with internet access.

  1. Download the BRIX images and upload them to your local image registry. Read more in Download BRIX images.
  2. Download the latest version archive of the chart elma365-dbs from the elma365 repository by executing the following command:

helm repo add elma365 https://charts.elma365.tech
helm repo update
helm pull elma365/elma365-dbs

  1. Copy the obtained chart archive elma365-dbs-X.Y.Z.tgz to the server where the installation will be carried out.
  1. Unpack the chart elma365-dbs-X.Y.Z.tgz on the server where the installation will take place and copy the default configuration file values.yaml to values-elma365-dbs.yaml:

tar -xf elma365-dbs-X.Y.Z.tgz
cp elma365-dbs/values.yaml values-elma365-dbs.yaml

Step 2: Filling out the configuration file

Fill out the configuration file values-elma365-dbs.yaml for the installation of databases and S3 storage.

This article will cover the installation of databases and S3 storage in a Kubernetes cluster using the chart elma365-dbs. For this, standard connection strings and passwords specified in the chart will be used.

In the chart elma365-dbs, there is the global section where the installation of components and chart sections is enabled or disabled. This is necessary for configuring parameters of each component: postgresql, mongodb, rabbitmq, redis, minio, elasticsearch. We will discuss the necessary parameters for installing databases and S3 storage for the sections of these components.

In the global section, enable the installation of databases and S3 storage.

Ensure that in the global section for the components postgresql, mongodb, rabbitmq, redis, minio, the parameter enabled is set to true.

### Selecting databases to install.
global:
  postgresql:
    ## Installing postgres
    enabled: true
  mongodb:
    ## Installing mongoDB
    enabled: true
  redis:
    ## Installing redis
    enabled: true
  rabbitmq:
    ## Installing rabbitmq
    enabled: true
  minio:
    ## Installing minio for S3 storage.
    enabled: true
  elasticsearch:
    ## Installing Elasticsearch (is enabled for BRIX Bot)
    enabled: false

  1. PostgreSQL configuration parameters.

If necessary, change the parameters:

  • database  is the name of the database that will be created in PostgreSQL at the time of installation;
  • username is the name of the user for accessing the database specified in database. The user will be created in PostgreSQL at the time of installation;
  • postgresPassword is the password for the user specified in username;
  • size is the size of the data storage, selected individually.

### Selecting databases to install.
global:
...
### postgres database settings
postgresql:
  auth:
    ## database name
    database: elma365
    ## user
    username: postgres
    ## Postgres database password
    postgresPassword: pgpassword
    replicationUsername: repl_user
    replicationPassword: repl_password
    enablePostgresUser: true
    password: pgpassword
  primary:
    persistence:
      ## data storage size (PVC)
      size: 100Gi
      enabled: true
...

Filling out clustering parameters for PostgreSQL

To configure fault tolerance, uncomment and fill in the parameters cluster Mode. For the parameter postgresql.readReplicas.replicaCount, specify the required number of replicas.

### Selecting databases to install.
global:
...
### Postgres database settings
postgresql:
...
  ## cluster Mode — uncomment the following lines
  architecture: replication
  readReplicas:
    replicaCount: 2
  replication:
    synchronousCommit: 'on'
    numSynchronousReplicas: 1
    applicationName: replication
...

Filling out connection parameters to the private registry for installation in a closed loop without internet access

To connect to a private registry, you need to:

  1. Specify the address and path to the private registry in the parameter postgresql.volumePermissions.image.repository for the initialization container.
  2. Indicate the name of the secret with access rights to the private registry in the parameter postgresql.volumePermissions.image.pullSecrets for the initialization container. The secret must be created manually and encrypted in Base64.
  3. Specify the address and path to the private registry in the parameter postgresql.image.repository.
  4. Indicate the name of the secret with access rights to the private registry in the parameter postgresql.image.pullSecrets. The secret must be created manually and encrypted in Base64.

### Selecting databases to install.
global:
...
### Postgres database settings
postgresql:
...
  ## Enabling the initialization container, which changes the owner and group of the volume mount point to `RunAsUser:fsGroup
  volumePermissions:
    enabled: true
    ## address and secret for the private registry of initialization container images
    image:
      registry: registry.example.com/bitnami-shell
      ## The secret with access rights to the private registry must be created manually, encrypted in Base64
      pullSecrets:
        - myRegistryKeySecretName
...
  ## Address and secret for the private registry
  image:
    registry: registry.example.com/postgresql
    ## The secret with access rights to the private registry must be created manually, encrypted in Base64
    pullSecrets:
      - myRegistryKeySecretName
...

Where repository format is:

  • address is registry.example.com;
  • path is /postgresql (for initialization container /bitnami-shell).
  1. MongoDB configuration parameters.

If necessary, change the following parameters:

  • database is the name of the database to be created in MongoDB during installation;
  • username is the name of the user for accessing the specified database in database. The user will be created in MongoDB during installation;
  • password is the  password for the user mentioned in username;
  • size is the data storage size, which is selected individually.

### Selecting databases to install.
global:
...
### MongoDB settings
mongodb:
  auth:
    ## user
    username: elma365
    ## database name
    database: elma365
    ## database password
    password: mongopassword
    ## root password
    rootPassword: mongorootpassword
    replicaSetKey: replicapassword
  persistence:
    ## data storage size (PVC)
    size: 20Gi
...

Filling out clustering parameters for MongoDB

To configure fault tolerance, uncomment and fill in the parameters cluster Mode. For the parameter mongodb.replicaCount, specify the required number of nodes in the cluster.

### Selecting databases to install.
global:
...
### MongoDB settings
mongodb:
...
  ## cluster Mode — uncomment the following lines
  architecture: replicaset
  replicaCount: 3
...

Filling out parameters for connecting to a private registry for offline installation

To connect to a private registry, you need to:

  1. Specify the address and path to the private registry in the parameter mongodb.volumePermissions.image.repository for the initialization container.
  2. Indicate the name of the secret with access rights to the private registry in the parameter mongodb.volumePermissions.image.pullSecrets for the initialization container. The secret must be created manually and encrypted in Base64.
  3. Specify the address and path to the private registry in the parameter mongodb.image.repository.
  4. Indicate the name of the secret with access rights to the private registry in the parameter mongodb.image.pullSecrets. The secret must be created manually and encrypted in Base64.

### Selecting databases to install.
global:
...
### MongoDB settings
mongodb:
...
  ## Enabling the initialization container, which changes the owner and group of the volume mount point to `RunAsUser:fsGroup
  volumePermissions:
    enabled: true
    ## address and secret for the private registry of initialization container images
    image:
      registry: registry.example.com/bitnami-shell
      ## The secret with access rights to the private registry must be created manually, encrypted in Base64
      pullSecrets:
        - myRegistryKeySecretName
...
  ## address and secret for the private registry of initialization container images
  image:
    registry: registry.example.com/mongodb
    ## The secret with access rights to the private registry must be created manually, encrypted in Base64
    pullSecrets:
      - myRegistryKeySecretName
...

Where repository format is:

  • address is registry.example.com;
  • path is /mongodb (for initialization container /bitnami-shell).
  1. RabbitMQ configuration parameters.

If necessary, change the following parameters:

  • vhost is the name of the database to be created in RabbitMQ during installation;
  • username is the name of the user for accessing the virtual host specified in vhost. The user will be created in RabbitMQ during installation;
  • password is the  password for the user mentioned in username;
  • size is the data storage size, which is selected individually.

### Selecting databases to install.
global:
...
### rabbitMQ settings
rabbitmq:
  auth:
    ## user
    username: elma365
    ## vhost
    vhost: elma365
    ## password
    password: rmqpassword
    erlangCookie: zk8Jdo2Kzz4ql
  persistence:
    ## data storage size (PVC)
    size: 5Gi
...

Filling out clustering parameters for RabbitMQ

To configure fault tolerance, uncomment and fill in the parameters cluster Mode. For the parameter rabbitmq.replicaCount, specify the required number of nodes in the cluster.

### Selecting databases to install.
global:
...
### rabbitMQ settings
rabbitmq:
...
  ## cluster Mode — uncomment the following lines
  replicaCount: 3
...

Filling out parameters for connecting to a private registry for offline installation

To connect to a private registry, you need to:

  1. Specify the address and path to the private registry in the parameter rabbitmq.volumePermissions.image.repository for the initialization container.
  2. Indicate the name of the secret with access rights to the private registry in the parameter rabbitmq.volumePermissions.image.pullSecrets for the initialization container. The secret must be created manually and encrypted in Base64.
  3. Specify the address and path to the private registry in the parameter rabbitmq.image.repository.
  4. Indicate the name of the secret with access rights to the private registry in the parameter rabbitmq.image.pullSecrets. The secret must be created manually and encrypted in Base64.

### Selecting databases to install.
global:
...
### rabbitMQ settings
rabbitmq:
...
  ## Enabling the initialization container, which changes the owner and group of the volume mount point to `RunAsUser:fsGroup
  volumePermissions:
    enabled: true
    ## address and secret for the private registry of initialization container images
    image:
      registry: registry.example.com/bitnami-shell
      ## The secret with access rights to the private registry must be created manually, encrypted in Base64
      pullSecrets:
        - myRegistryKeySecretName
...
  ## address and secret for the private registry
  image:
    registry: registry.example.com/rabbitmq
    ## The secret with access rights to the private registry must be created manually, encrypted in Base64
    pullSecrets:
      - myRegistryKeySecretName
...

Where repository format is:

  • address is registry.example.com;
  • path is /rabbitmq (for initialization container /bitnami-shell).
  1. Redis confguration parameters.

If necessary, change the data storage size in the parameter size, which is selected individually.

### Selecting databases to install.
global:
...
### Redis settings
redis:
  master:
    persistence:
      ## data storage size (PVC)
      size: 10Gi
      ## If undefined, the default StorageClass is used
      # storageClass: "-"
...
  commonConfiguration: |-
    maxclients 20000
  replica:
    persistence:
      ## data storage size (PVC)
      size: 10Gi
...

Filling out clustering parameters for Redis

To configure fault tolerance, uncomment and fill in the parameters cluster Mode. For the parameter redis.replica.replicaCount, specify the required number of nodes in the cluster.

### Selecting databases to install.
global:
...
### Redis settomgs
redis:
...
  replica:
    persistence:
      ...
    replicaCount: 3
  ## cluster Mode — uncomment the following lines
  architecture: replication
  sentinel:
    enabled: true
    quorum: 2
...

Filling out parameters for connecting to a private registry for offline installation

To connect to a private registry, you need to:

  1. Specify the address and path to the private registry in the parameter redis.volumePermissions.image.repository for the initialization container.
  2. Indicate the name of the secret with access rights to the private registry in the parameter redis.volumePermissions.image.pullSecrets for the initialization container. The secret must be created manually and encrypted in Base64.
  3. Specify the address and path to the private registry in the parameter redis.image.repository.
  4. Indicate the name of the secret with access rights to the private registry in the parameter redis.image.pullSecrets. The secret must be created manually and encrypted in Base64.

### Selecting databases to install.
global:
...
### Redis settings
redis:
...
  ## Enabling the initialization container, which changes the owner and group of the volume mount point to `RunAsUser:fsGroup
  volumePermissions:
    enabled: true
    ## address and secret for the private registry of initialization container images
    image:
      registry: registry.example.com/bitnami-shell
      ## The secret with access rights to the private registry must be created manually, encrypted in Base64
      pullSecrets:
        - myRegistryKeySecretName
...
  ## address and secret for the private registry
  image:
    registry: registry.example.com/redis
    ## The secret with access rights to the private registry must be created manually, encrypted in Base64
    pullSecrets:
      - myRegistryKeySecretName
...

Where repository format is:

  • address is registry.example.com;
  • path is /redis (for initialization container /bitnami-shell).
  1. MinIO configuration parameters.

If necessary, modify the following parameters:

  • rootUser is the name of the user for access to the S3 storage. The user will be created in MinIO during installation;
  • rootPassword is the password for the user specified in rootUser;
  • defaultBuckets is the name of the bucket that will be created in MinIO during installation.

Начало внимание

The bucket name in S3 must follow the format s3elma365*.

Examples:

  • s3elma365;
  • s3elma365-dev;
  • s3elma365-prod.

Конец внимание

  • apiIngress.apiIngress.path is the name of the bucket for Ingress, which must match defaultBuckets;
  • apiIngress.apiIngress.name is the domain name (FQDN) by which the S3 storage will be accessible. In the context of this article it is elma365_server.your_domain;
  • size is the data storage size, which is selected individually.

### Selecting databases to install.
global:
...
### minio (S3 storage)settings
minio:
  auth:
    rootUser: "PZSF73JG72Ksd955JKU1HIA"
    rootPassword: "aFDkj28Jbs2JKbnvJH678MNwiz88zKjsuNBHHs"
  ## BRIX bucket
  defaultBuckets: s3elma365
  ## Additional buckets are enabled for BRIX + BRIX Bot
  # defaultBuckets: s3elma365,s3elma365bot,elma365bot-static-files,elma365bot-temporary-files
  apiIngress:
    extraHosts:
      - path: /s3elma365
        name: elma365_server.your_domain
...
  persistence:
    ## data storage size (PVC)
    size: 100Gi
...

Filling out TLS/SSL enabling parameters for MinIO

To enable TLS/SSL support in MinIO, follow these steps:

  1. Prepare a secret with a certificate for HTTPS operation. Read more in Create a secret with a certificate for HTTPS operation.
  2. Fill in the TLS/SSL parameters for MinIO:

### Selecting databases to install.
global:
...
### minio (S3 storage) settings
minio:
...
  apiIngress:
    extraHosts:
      - path: /s3elma365
        ## enabling host in ingress (necessary to specify for TLS)
        ## for the app, enable hostEnabled in the file values-elma365.yaml
        name: elma365_server.your_domain
    ## TLS settings for minio
    extraTls:
      - hosts:
          - elma365_server.your_domain
        secretName: "elma365-onpremise-tls"
...

where:

  • global.minio.extraTls.secretName is the name of the secret created in the previous step. In the context of this article it is elma365-onpremise-tls;
  • global.minio.extraHosts.name and global.minio.extraTls.hosts ishe domain name (FQDN) by which the MinIO S3 storage is accessible. In the context of this article it is elma365_server.your_domain.

If you used a self-signed certificate created with OpenSSL or a certificate issued by a local certification authority when creating the secret for HTTPS operation, you need to configure trust support for the user's CA certificate. For built-in databases, you can do this using the Kyverno add-ons module.

Filling out parameters for connecting to a private registry for offline installation

To connect to a private registry, you need to:

  1. Specify the address and path to the private registry in the parameter minio.volumePermissions.image.repository for the initialization container.
  2. Indicate the name of the secret with access rights to the private registry in the parameter minio.volumePermissions.image.pullSecrets for the initialization container. The secret must be created manually and encrypted in Base64.
  3. Specify the address and path to the private registry in the parameter minio.image.repository.
  4. Indicate the name of the secret with access rights to the private registry in the parameter minio.image.pullSecrets. The secret must be created manually and encrypted in Base64.

### Selecting databases to install.
global:
...
### minio (S3 storage) settings
minio:
...
  ## Enabling the initialization container, which changes the owner and group of the volume mount point to `RunAsUser:fsGroup
  volumePermissions:
    enabled: true
    ## address and secret for the private registry of initialization container images
    image:
      registry: registry.example.com/bitnami-shell
      ## The secret with access rights to the private registry must be created manually, encrypted in Base64
      pullSecrets:
        - myRegistryKeySecretName
...
  ## address and secret for the private registry
  image:
    registry: registry.example.com/minio
    ## The secret with access rights to the private registry must be created manually, encrypted in Base64
    pullSecrets:
      - myRegistryKeySecretName
...

Where repository format is:

  • address is registry.example.com;
  • path is /minio (for initialization container /bitnami-shell).

 

Step 3: Installing the elma365-dbs chart using helm in the Kubernetes cluster

Install the elma365-dbs chart in the elma365-dbs namespace.

For online installation:

helm upgrade --install elma365-dbs elma365/elma365-dbs -f values-elma365-dbs.yaml -n elma365-dbs --create-namespace

For offline installation without internet access, go to the directory with the downloaded chart and execute the command:

helm upgrade --install elma365-dbs ./elma365-dbs -f values-elma365-dbs.yaml -n elma365-dbs --create-namespace 

Step 4: Connecting to the databases and S3

The domain name for the Kubernetes cluster is assumed to be cluster.local.

Connection string for PostgreSQL:

postgresql://elma365:SecretPassword@postgres.elma365-dbs.svc.cluster.local:5432/elma365?sslmode=disable

Connection string for MongoDB:

mongodb://elma365:SecretPassword@mongo.elma365-dbs.svc.cluster.local:27017/elma365?ssl=false&replicaSet=rs0&readPreference=nearest

Connection string for RabbitMQ:

amqp://elma365user:SecretPassword@rabbitmq.elma365-dbs.svc.cluster.local:5672/elma365vhost

Connection string for Redis:

redis://redis.elma365-dbs.svc.cluster.local:6379/0

Connection string for MinIO:

  • addresselma365_your_domain;
  • buckets3elma365;
  • regionru-central-1;
  • access key IDPZSF73JG72Ksd955JKU1HIA;
  • secret access keyaFDkj28Jbs2JKbnvJH678MNwiz88zKjsuNBHHs;
  • upload methodPUT;
  • enable SSLNo.

Deleting elma365-dbs chart using helm in the Kubernetes cluster

Начало внимание

Before deleting the chart elma365-dbs, perform a backup of the databases and S3 storage. Deleting the chart elma365-dbs will lead to a complete loss of data by the BRIX application.

Конец внимание

Delete chart elma365-dbs in namespace elma365-dbs:

helm uninstall elma365-dbs -n elma365-dbs

 

fail-safe-kubernetes-cluster.html postgresql.html