Install BRIX to Kubernetes

Начало внимание

This article provides deprecated instructions for BRIX On-Premises. For an up-to-date installation in Kubernetes, refer to Install BRIX Enterprise.

Конец внимание

BRIX On-Premises can be deployed using Helm v.3 to an existing Kubernetes cluster.

The installed cluster version must support Kubernetes API version 1.21 or higher. Proxying from pods to the external network must also be enabled.

The BRIX comes as two Helm charts that are installed one by one:

• elma365-dbs. This chart includes a set of databases and data storages necessary for BRIX operation. You can also use custom PostgreSQL, MongoDB, Redis, and RabbitMQ databases and S3 object storage. In this case, you need to specify the connection strings for the values elma365 chart. Please note, that you can disable the installation of the corresponding components in the values-dbs.yaml file by setting their values to false. For example, for PostgreSQL: global.postgresql.enabled. If all five components of the chart are set to false, the chart does not need to be installed. Learn more about connecting to databases in Prepare external databases;
• elma365. This chart contains BRIX.

начало внимание

Please note, that elma365-extension charts are no longer supported. You can switch to elma365-dbs with new versions of databases by creating a dump and restoring it.

конец внимание

Helm chart download links

• elma365-dbs: dl.elma365.com/onPremise/latest/elma365-dbs-latest.tar.gz;

• elma365: https://dl.elma365.com/onPremise/latest/elma365-latest.tar.gz.

For more information about BRIX download links, see Links for downloading BRIX distribution packages.

Install the elma365-dbs chart

1. Fill out the variables in the values-dbs.yaml file. If you are using custom databases, you can disable the installation of the databases included in the package by default.
2. If a specific namespace needs to be created, include it in all the installation commands.
3. Run the following command:

helm upgrade --install elma365-dbs ./elma365-dbs -f values-dbs.yaml [-n namespace]

Please note, that arguments in square brackets are optional. If you use such an argument, specify it without brackets.

Install the elma365 chart

1. Fill out the variables in the in the values-elma365.yaml file.
2. If you need to restore the dump, you can use the elma365-backupper utility or run the elma365db.sh script from the elma365 chart before installing BRIX.

Script example:

./elma365db.sh --restore --namespace elma365 --path /backup/path/ [--kubeconfig /path/to/config --context prod]

3. Run the following command to install the chart:

helm upgrade --install elma365 ./elma365 -f values-elma365.yaml --timeout=30m --wait [-n namespace]

4. Save the values-elma365.yaml file for future updates.
5. You can use the elma365-backupper utility or the elma365db.sh script to create a dump.

Script example:

./elma365db.sh --dump --namespace elma365 --path /backup/path/ [--kubeconfig /path/to/config --context prod]

Install monitoring tools (optional)

1. Download the Helm chart of the optional addons toolset at: https://dl.elma365.com/onPremise/latest/addons-latest.tar.gz.
2. In the values-addons.yaml file in grafana and kube-prometheus-stack blocks, specify the namespace for the monitoring service, for example namespaceOverride: monitoring,and the address that the monitoring service will be available at.
3. Create a namespace for the monitoring service:

kubectl create namespace monitoring

4. Install the chart using the following command:

helm upgrade --install addons ./addons -f values-addons.yaml

5. In the values-elma365.yaml file of the elma365 chart, enable dashboards:

dashboard:
enabled:truUpdate the BRIX application using the following command:

helm upgrade elma365 ./elma365 -f values-elma365.yaml --timeout=30m

Install Linkerd and autoscaling services (optional)

Linkerd is a dedicated infrastructure layer that controls service-to-service communication, automatically encrypts connection, and processes request retries and timeouts. It also provides telemetry (success or delay rate) and many other features.

1. Download the addons helm chart using a Helm chart download link.
2. Generate certificates using openssl by running the commands listed below. Linkerd requires a trust anchor certificate and an issuer certificate with its corresponding key to support TLS connections between services. All certificates must use the ECDSA P-256 algorithm.

# Generate a CA private key
openssl ecparam -name prime256v1 -genkey -noout -out ca-private.pem
 
# Generate a CA public ke
openssl ec -in ca-private.pem -pubout -out ca-public.pem
 
# Generate a self-signed CA certificate
openssl req -x509 -new -key ca-private.pem -days 365 -out ca.crt -subj "/CN=root.linkerd.cluster.local"
# Generate an issuer private key
openssl ecparam -name prime256v1 -genkey -noout -out issuer-private.pem
 
# Generate an issuer public key
openssl ec -in issuer-private.pem -pubout -out issuer-public.pem
 
# Generate a certificate signing request
openssl req -new -key issuer-private.pem -out issuer.csr -subj "/CN=identity.linkerd.cluster.local" -addext basicConstraints=critical,CA:TRUE
 
# Generate an issuer certificate by signing the request
openssl x509 \
    -extfile /etc/ssl/openssl.cnf \
    -extensions v3_ca \
    -req \
    -in issuer.csr \
    -days 180 \
    -CA ca.crt \
    -CAkey ca-private.pem \
    -CAcreateserial \
    -extensions v3_ca \
    -out issuer.crt
# Delete the signing request
rm issuer.csr

3. Enable paramter linkerd2 in the values-addons.yaml file of the addons chart:

linkerd2:
  enabled:true

4. In linkerd2, specify the needed namespace form the Linkerd service (for example, namespace: linkerd) the content of the certificates and the key, and the certificate’s expiry date (crtExpiry). Please note, that the value has to be the same as the issuer certificate’s expiry date.

identityTrustAnchorsPEM: |
    -----BEGIN CERTIFICATE-----
    ca.crt certificate content
    -----END CERTIFICATE-----
  identity:
    issuer:
      crtExpiry: 2023-03-30T05:28:39Z
      tls:
        crtPEM: |
          -----BEGIN CERTIFICATE-----
          issuer.crt certificate content 
          -----END CERTIFICATE-----
        keyPEM: |
          -----BEGIN EC PRIVATE KEY-----
          issuer-private.pem certificate content 
          -----END EC PRIVATE KEY-----

5. Install the chart using the following command:

helm upgrade --install addons ./addons -f values-addons.yaml

6. Add an annotation to the namespace with the BRIX application to automatically inject Linkerd-proxy containers into BRIX services:

kubectl annotate namespace default linkerd.io/inject=enabled

7. Enable autoscaling of services using the autoscaling parameter in the values-elma365.yaml file from the elma365 chart:

autoscaling:
    enabled:true

8. Update the BRIX application using the following command:

helm upgrade elma365 ./elma365 -f values-elma365.yaml --timeout=30m

9. Restart all services with the following command:

kubectl rollout restart deploy [-n namespace] && kubectl rollout restart ds [-n namespace]

Install NodeLocal DNS Cache (optional)

Installing NodeLocal DNS Cache helps to reduce the DNS query load in the Kubernetes cluster and make DNS lookup more consistent. This allows you to avoid DNAT rules, connection tracking, and restrictions on the number of connections.

To install:

1. Download the addons Helm chart at: https://dl.elma365.com/onPremise/latest/addons-latest.tar.gz.
2. Get the IP address of the kube-dns service:

kubectl get svc kube-dns -n kube-system -o jsonpath={.spec.clusterIP}

3. In the addons chart in file values-addons.yaml in node-local-dns configure the following parameters:

• pillar_dns_domain is the cluster domain;
• pillar_dns_server is the IP address of the kube-dns service;
• pillar_local_dns is the local IP address for NodeLocal DNS Cache.

4. Install the chart by running the following command:

helm upgrade --install addons ./addons -f values-addons.yaml

Update BRIX to a new version

In the new chart, replace the values-elma365.yaml file with the one that was saved during the installation. Then run the following command:

helm upgrade --install elma365 ./elma365 -f values-elma365.yaml --timeout=30m --wait [-n namespace]

If database connection strings are changed during the update, restart all services using the following command:

kubectl rollout restart deploy [-n namespace] && kubectl rollout restart ds [-n namespace]

Uninstall

You can delete the charts by running the following commands:

helm uninstall elma365 [-n namespace]
helm uninstall elma365-dbs [-n namespace] 

Was this helpful?

Thanks for your feedback!

Please specify why:

Recommendations did not help meArticle is hard to understandDidn`t answer my questionContent does not match the topicOther

How we can improve it?

YesNo

Please specify whyRecommendations did not help meArticle is hard to understandDidn`t answer my questionContent does not match the topicOther