Начало внимание
This article provides deprecated instructions for BRIX On‑Premises. For an up-to-date installation in Kubernetes, refer to Install BRIX Enterprise in Kubernetes.
Конец внимание
BRIX On‑Premises can be deployed using Helm to an existing Kubernetes cluster. For supported Kubernetes and Helm versions, see the System requirements for BRIX On‑Premises article.
Proxying from pods to the external network must also be enabled.
The BRIX comes as two Helm charts that are installed one by one:
- brix365-dbs. This chart includes a set of databases and data storages necessary for BRIX operation. You can also use custom PostgreSQL, MongoDB, Redis, and RabbitMQ databases and S3 object storage. In this case, you need to specify the connection strings for the
valuesbrix365 chart. Please note, that you can disable the installation of the corresponding components in thevalues-dbs.yamlfile by setting their values tofalse. For example, for PostgreSQL:global.postgresql.enabled. If all five components of the chart are set tofalse, the chart does not need to be installed. Learn more about connecting to databases in Prepare external databases; - brix365. This chart contains BRIX.
начало внимание
Please note, that brix365-extension charts are no longer supported. You can switch to brix365-dbs with new versions of databases by creating a dump and restoring it.
конец внимание
Install the brix365-dbs chart
- Fill out the variables in the
values-dbs.yamlfile. If you are using custom databases, you can disable the installation of the databases included in the package by default. - If a specific
namespaceneeds to be created, include it in all the installation commands. - Run the following command:
helm upgrade --install brix365-dbs ./brix365-dbs -f values-dbs.yaml [-n namespace]
Please note, that arguments in square brackets are optional. If you use such an argument, specify it without brackets.
Install the brix365 chart
- Fill out the variables in the in the
values-elma365.yamlfile. - If you need to restore the dump, you can use the brix365-backupper utility or run the
elma365db.shscript from the brix365 chart before installing BRIX.
Script example:
./brix365db.sh --restore --namespace brix365 --path /backup/path/ [--kubeconfig /path/to/config --context prod]
- Run the following command to install the chart:
helm upgrade --install brix365 ./brix365 -f values-brix365.yaml --timeout=30m --wait [-n namespace]
- Save the
values-elma365.yamlfile for future updates. - You can use the brix365-backupper utility or the
elma365db.shscript to create a dump.
Script example:
./brix365db.sh --dump --namespace brix365 --path /backup/path/ [--kubeconfig /path/to/config --context prod]
Install monitoring tools (optional)
- Download the Helm chart of the optional addons toolset at: https://dl.brix365.com/onPremise/latest/addons-latest.tar.gz.
- In the
values-addons.yamlfile ingrafanaandkube-prometheus-stackblocks, specify thenamespacefor the monitoring service, for examplenamespaceOverride: monitoring,and the address that the monitoring service will be available at. - Create a
namespacefor the monitoring service:
kubectl create namespace monitoring
- Install the chart using the following command:
helm upgrade --install addons ./addons -f values-addons.yaml
- In the
values-elma365.yamlfile of the brix365 chart, enable dashboards:
dashboard:
enabled:truUpdate the BRIX application using the following command:
helm upgrade brix365 ./brix365 -f values-brix365.yaml --timeout=30m
Install Linkerd and autoscaling services (optional)
Linkerd is a dedicated infrastructure layer that controls service-to-service communication, automatically encrypts connection, and processes request retries and timeouts. It also provides telemetry (success or delay rate) and many other features.
- Download the addons helm chart using a Helm chart download link.
- Generate certificates using
opensslby running the commands listed below. Linkerd requires a trust anchor certificate and an issuer certificate with its corresponding key to support TLS connections between services. All certificates must use the ECDSA P-256 algorithm.
# Generate a CA private key
openssl ecparam -name prime256v1 -genkey -noout -out ca-private.pem
# Generate a CA public ke
openssl ec -in ca-private.pem -pubout -out ca-public.pem
# Generate a self-signed CA certificate
openssl req -x509 -new -key ca-private.pem -days 365 -out ca.crt -subj "/CN=root.linkerd.cluster.local"
# Generate an issuer private key
openssl ecparam -name prime256v1 -genkey -noout -out issuer-private.pem
# Generate an issuer public key
openssl ec -in issuer-private.pem -pubout -out issuer-public.pem
# Generate a certificate signing request
openssl req -new -key issuer-private.pem -out issuer.csr -subj "/CN=identity.linkerd.cluster.local" -addext basicConstraints=critical,CA:TRUE
# Generate an issuer certificate by signing the request
openssl x509 \
-extfile /etc/ssl/openssl.cnf \
-extensions v3_ca \
-req \
-in issuer.csr \
-days 180 \
-CA ca.crt \
-CAkey ca-private.pem \
-CAcreateserial \
-extensions v3_ca \
-out issuer.crt
# Delete the signing request
rm issuer.csr
- Enable paramter
linkerd2in thevalues-addons.yamlfile of the addons chart:
linkerd2:
enabled:true
- In
linkerd2, specify the needednamespaceform the Linkerd service (for example,namespace: linkerd) the content of the certificates and the key, and the certificate’s expiry date (crtExpiry). Please note, that the value has to be the same as the issuer certificate’s expiry date.
identityTrustAnchorsPEM: |
-----BEGIN CERTIFICATE-----
ca.crt certificate content
-----END CERTIFICATE-----
identity:
issuer:
crtExpiry: 2023-03-30T05:28:39Z
tls:
crtPEM: |
-----BEGIN CERTIFICATE-----
issuer.crt certificate content
-----END CERTIFICATE-----
keyPEM: |
-----BEGIN EC PRIVATE KEY-----
issuer-private.pem certificate content
-----END EC PRIVATE KEY-----
- Install the chart using the following command:
helm upgrade --install addons ./addons -f values-addons.yaml
- Add an annotation to the
namespacewith the BRIX application to automatically inject Linkerd-proxy containers into BRIX services:
kubectl annotate namespace default linkerd.io/inject=enabled
- Enable autoscaling of services using the
autoscalingparameter in thevalues-elma365.yamlfile from the brix365 chart:
autoscaling:
enabled:true
- Update the BRIX application using the following command:
helm upgrade brix365 ./brix365 -f values-brix365.yaml --timeout=30m
- Restart all services with the following command:
kubectl rollout restart deploy [-n namespace] && kubectl rollout restart ds [-n namespace]
Install NodeLocal DNS Cache (optional)
Installing NodeLocal DNS Cache helps to reduce the DNS query load in the Kubernetes cluster and make DNS lookup more consistent. This allows you to avoid DNAT rules, connection tracking, and restrictions on the number of connections.
To install:
- Download the addons Helm chart at: https://dl.brix365.com/onPremise/latest/addons-latest.tar.gz.
- Get the IP address of the kube-dns service:
kubectl get svc kube-dns -n kube-system -o jsonpath={.spec.clusterIP}
- In the addons chart in file
values-addons.yamlinnode-local-dnsconfigure the following parameters:
pillar_dns_domainis the cluster domain;pillar_dns_serveris the IP address of the kube-dns service;pillar_local_dnsis the local IP address for NodeLocal DNS Cache.
- Install the chart by running the following command:
helm upgrade --install addons ./addons -f values-addons.yaml
Update BRIX to a new version
In the new chart, replace the values-elma365.yaml file with the one that was saved during the installation. Then run the following command:
helm upgrade --install brix365 ./brix365 -f values-brix365.yaml --timeout=30m --wait [-n namespace]
If database connection strings are changed during the update, restart all services using the following command:
kubectl rollout restart deploy [-n namespace] && kubectl rollout restart ds [-n namespace]
Uninstall
You can delete the charts by running the following commands:
helm uninstall brix365 [-n namespace]
helm uninstall brix365-dbs [-n namespace]
Found a typo? Select it and press Ctrl+Enter to send us feedback