Installation using Helm

Helm is currently the preferred way to install and deploy dA Platform with Application Manager.

Before continuing, please read the documentation about the dA Platform Docker images and take any necessary action.

Prerequisites

You must have a working Kubernetes environment, an installation of the helm CLI tool, and a healthy “Tiller” pod—Helm’s server-side component—running on your cluster. Setting up Helm is not covered by this guide, so please refer to the Helm documentation for further information.

Attention

If your Kubernetes cluster is enabled with RBAC, you may get an “access denied” error when trying to use Helm. If this is the case, make sure you have created a service account and role binding according to the documentation.

To verify that your environment is prepared, the following commands should complete without error:

$ kubectl get pods
$ helm list

If you are working in a Kubernetes namespace that is not the default specified in your local Kubernetes configuration file, you can specify the namespace in the above command as follows:

$ kubectl --namespace my-namespace get pods

Similarly, if you set up Helm to use a non-default namespace for its Tiller pod, you can specify it in the above command as follows:

$ helm --tiller-namespace my-tiller-namespace list

Generating a values file

Helm charts allow their configuration values to be set and overridden in various ways. To aid the installation process, dA Platform includes a tool generate-chart-values that will produce a “values file” that can be used when running helm install to properly configure dA Platform for your environment.

The generate-chart-values tool prints its output in YAML format, so you should redirect it to a file. See below for detailed usage information.

Notes about the usage of this tool:

  • If no license file is referenced, Application Manager will operate in a limited trial mode, with its capabilities restricted.
  • By default, the installer will use the Docker registry hosted by dA. To specify your own registry, pass the flag --registry REGISTRY. (See dA Platform Docker Images)
  • By default, the installer will create and manage persistent volumes for the components that require them. For this to work, your Kubernetes installation must have a default StorageClass configured. You can use existing PersistentVolumeClaims that you manage using the --*-pvc options as documented below.
  • If your Kubernetes installation uses role-based access control (RBAC), you must specify either --with-rbac or reference an existing ServiceAccount that you manage using the --service-account-name option.

For example, if you wish to use the public Docker registry, require the use of RBAC, and want to use an existing persistent volume for Application Manager, you could execute:

./bin/generate-chart-values \
    --use-da-registry \
    --appmanager-pvc my-pvc \
    --with-rbac \
    > values.yaml

Completing the installation using Helm

With the included Helm chart (named daplatform-1.1.0.tgz) and the values.yaml file generated in the previous step, complete the installation using helm install. To install into the Kubernetes namespace my-namespace and call the release daplatform, run:

helm install \
    --namespace my-namespace \
    --name daplatform \
    --values values.yaml \
    daplatform-1.1.0.tgz

Appendix: Detailed usage of generate-chart-values

$ ./bin/generate-chart-values --help
usage: generate-chart-values [-h] [-h] [--license LICENSE_FILE]
                                  (--use-da-registry | --registry REGISTRY)
                                  [--image-namespace IMAGE_NAMESPACE]
                                  [--without-persistent-volumes]
                                  [--appmanager-pvc APPMANAGER_PVC]
                                  [--elasticsearch-pvc ELASTICSEARCH_PVC]
                                  [--grafana-pvc GRAFANA_PVC]
                                  [--influxdb-pvc INFLUXDB_PVC]
                                  [--with-rbac | --service-account-name SERVICE_ACCOUNT_NAME]
                                  [--authentication AUTHENTICATION]
                                  [--authorization AUTHORIZATION]
                                  [--oidc_client OIDC_CLIENT]
                                  [--oidc_secret OIDC_SECRET]
                                  [--oidc_discovery OIDC_DISCOVERY]
                                  [--apitoken_secret APITOKEN_SECRET]
                                  [--auth_rbac_admin AUTH_RBAC_ADMIN]

Generate chart values

optional arguments:
  -h, --help            show this help message and exit
  --license LICENSE_FILE
                        Path to a dA Platform license file. If not provided,
                        Application Manager's capabilities will be limited.
  --use-da-registry     Use dA's hosted Docker registry instead of a
                        private one. Equivalent to: --registry
                        registry.platform.data-artisans.net --image-namespace
                        v1.1
  --registry REGISTRY   Docker registry containing the dA Platform images.
  --image-namespace IMAGE_NAMESPACE
                        Namespace to use for Docker image paths. Example:
                        <registry>/<image-namespace>/appmanager (default:
                        daplatform)
  --without-persistent-volumes
                        By default, PersistentVolumeClaims will be created for
                        stateful components. Use this option to disable this
                        behavior. Use the --*-pvc options to specify an
                        existing PVC to use per-component. Note: the
                        Kubernetes cluster must be configured with a default
                        StorageClass.
  --appmanager-pvc APPMANAGER_PVC
                        An existing PersistentVolumeClaim to use for
                        Application Manager.
  --elasticsearch-pvc ELASTICSEARCH_PVC
                        An existing PersistentVolumeClaim to use for
                        Elasticsearch.
  --grafana-pvc GRAFANA_PVC
                        An existing PersistentVolumeClaim to use for Grafana.
  --influxdb-pvc INFLUXDB_PVC
                        An existing PersistentVolumeClaim to use for InfluxDB.
  --with-rbac           Create and manage RBAC resources.
  --service-account-name SERVICE_ACCOUNT_NAME
                        An existing ServiceAccount to use. (Conflicts with
                        --with-rbac)
  --authentication AUTHENTICATION
                        Whether to enable authentication in Application
                        Manager.
  --authorization AUTHORIZATION
                        Whether to enable authorization in Application
                        Manager.
  --oidc_client OIDC_CLIENT
                        The OIDC client id to configure for authentication.
  --oidc_secret OIDC_SECRET
                        The OIDC secret to configure for authentication.
  --oidc_discovery OIDC_DISCOVERY
                        The OIDC discovery url to use for authentication.
  --apitoken_secret APITOKEN_SECRET
                        The secret to use for api token generation.
  --auth_rbac_admin AUTH_RBAC_ADMIN
                        The default admin user when using RBAC authentication.