Helm chart for Kubernetes deployment
This option requires a Kubernetes cluster, Helm, and a PostgreSQL database to be available and is intended for the production deployment of Governor. If you prefer an easier option to install Governor for evaluation and demonstration purposes, use the demo setup instead. If you want to run Governor in production without a Kubernetes cluster, use the docker-compose based installation option. |
Prerequisites
-
Kubernetes cluster
-
kubectl tool installed and set up for your cluster.
-
Helm 3 installed
-
PostgreSQL server (version 13 or later) must be available in order to hold the Governor database. Empty database should be created prior to installation of Governor and login credentials for this database should be known.
Configuring and installing the Helm chart
-
Configure the
kubectl
tool to work with your Kubernetes cluster. For cloud distributions of Kubernetes, you might need to install additional tools and/or apply additional configuration. Refer to your cloud documentation providers reference for details: -
Set Up Database Credentials:
-
Mac/Linux
-
Windows (Powershell)
export DB_URL=[db-url]
export DB_USERNAME=[db-username]
export DB_PASSWORD=[db-password]
$DB_URL=[db-url]
$DB_USERNAME=[db-username]
$DB_PASSWORD=[db-password]
DB_URL
is the JDBC URL for Governor database in the following format: jdbc:postgresql://[host]:5432/[database-name]
.
-
Generate JWT Secret for Authentication:
-
Mac/Linux
-
Windows (Powershell)
export JWT_SECRET=$(openssl rand -base64 256 | tr -d '\n')
$JWT_SECRET=[Convert]::ToBase64String((Get-Random -Count 256 -InputObject (0..255)))
-
Set admin email
-
Mac/Linux
-
Windows (Powershell)
export ADMIN_EMAIL=[admin email]
$ADMIN_EMAIL=[admin email]
-
Generate admin password
-
Mac/Linux
-
Windows (Powershell)
export ADMIN_DEFAULT_PASSWORD=$(openssl rand -hex 20 | tr -d '\n')
$ADMIN_DEFAULT_PASSWORD = -join ((33..126) | Get-Random -Count 20 | ForEach-Object {[char]$_})
-
Set the Licence key:
-
Mac/Linux
-
Windows (Powershell)
export SYNTHESIZED_KEY=[synthesized-key]
$SYNTHESIZED_KEY=[synthesized-key]
-
Run the following command to download and install the Governor Helm Chart:
helm pull oci://synthesizedio.jfrog.io/helm/governor
helm install governor oci://synthesizedio.jfrog.io/helm/governor \
--set api.container.secretConfig.SPRING_DATASOURCE_URL=$DB_URL \
--set api.container.secretConfig.SPRING_DATASOURCE_USERNAME=$DB_USERNAME \
--set api.container.secretConfig.SPRING_DATASOURCE_PASSWORD=$DB_PASSWORD \
--set api.container.secretConfig.JWT_SECRET=$JWT_SECRET \
--set api.container.secretConfig.ADMIN_EMAIL=$ADMIN_EMAIL \
--set api.container.secretConfig.ADMIN_DEFAULT_PASSWORD=$ADMIN_DEFAULT_PASSWORD \
--set api.container.secretConfig.SYNTHESIZED_KEY=$SYNTHESIZED_KEY
Use kubectl get pods
command in order to make sure that governor-api
and governor-front
are in Running
status. The most common source of potential problems is connectivity to the database. Verify that database connection URL, username and password are correct, check governor-api
logs for details if the problem persists.
Configuring the Kubernetes Ingress
In order to make Governor UI available for end users, Kubernetes ingress must be configured for governor-front
service. As governor-front
works over HTTP port 80, ingress must also provide TLS termination (that is, enable users to connect to Governor UI using https://).
The easiest way to do this is via your cloud provider user interface.
For example, in Azure you have to navigate to your Kubernetes service, and then to "Services and ingresses". Click on governor-front
service and then click Add ingress
. You will need to provide an SSL certificate and the domain name, as well as decide whether are you using Azure DNS or 3rd party DNS provider (in the latter case you will also need to create an A
DNS record for your domain referring to external IP address of the load balancer). (See also official documentation which explains the needed steps via CLI tools.)
If you are willing to create an ingress using kubectl
CLI, this is the template for ingress resource:
apiVersion: v1
items:
- apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: governor
spec:
rules:
- host: [YOUR_HOST]
http:
paths:
- backend:
service:
name: governor-front
port:
number: 80
path: /
pathType: Prefix
tls:
- hosts:
- [YOUR_HOST]
secretName: [YOUR_SECRET_NAME]
Modify this template and apply it to your cluster using the following command:
kubectl apply -f ingress.yaml