Setup with Helm
You can deploy Dirigible via Helm Chart in a Kubernetes cluster.
Prerequisites
- Helm
- Kubernetes Cluster on IaaS provider of your choice
Steps
Add the Eclipse Dirigible Helm repository:
helm repo add dirigible https://eclipse.github.io/dirigible helm repo updateVerify Eclipse Dirigible Helm chart:
helm pull dirigible/dirigible --prov curl -o ~/.gnupg/pubring.gpg https://eclipse.github.io/dirigible/charts/pubring.gpg helm verify dirigible-<version>.tgzYou shoul see message: Signed by: Using Key With Fingerprint: Chart Hash Verified:Basic:
helm install dirigible dirigible/dirigible???+ info "Access" This will install Eclipse Dirigible Deployment and Service with ClusterIP only. To access the Dirigible instance execute the command that was printed in the console.
Example: ``` export POD_NAME=$(kubectl get pods --namespace default -l "app.kubernetes.io/name=dirigible,app.kubernetes.io/instance=dirigible" -o jsonpath="{.items[0].metadata.name}") echo "Visit http://127.0.0.1:8080 to use your application" kubectl --namespace default port-forward $POD_NAME 8080:8080 ``` - Navigate to: [http://127.0.0.1:8080](http://127.0.0.1:8080) - Login with: `dirigible`/`dirigible`Kubernetes:
=== "Basic"
``` helm install dirigible dirigible/dirigible \ --set ingress.enabled=true \ --set ingress.host=<ingress-host> ``` This will expose the Dirigible instance through Ingress host (**`http://...`**).=== "Istio"
!!! info "Prerequisites" Install [Istio](https://istio.io/latest/docs/setup/getting-started/). ``` kubectl label namespace default istio-injection=enabled ``` ``` helm install dirigible dirigible/dirigible \ --set istio.enabled=true \ --set ingress.host=<ingress-host> ``` This will install Eclipse Dirigible `Deployment`, `Service` with `ClusterIP` only and Istio `Gateway` and `Virtual Service`. To access the Dirigible instance execute the command that was printed in the console. ``` kubectl get svc istio-ingressgateway -n istio-system \ -o jsonpath="{.status.loadBalancer.ingress[*].hostname}" ```=== "PostgreSQL"
``` helm install dirigible dirigible/dirigible \ --set ingress.enabled=true \ --set ingress.host=<ingress-host> \ --set database.enabled=true ``` This will install also `PostgreSQL` database with `1Gi` storage and update the Dirigible datasource configuration to consume the database.=== "PostgreSQL & Keycloak"
``` helm install dirigible dirigible/dirigible \ --set ingress.enabled=true \ --set ingress.host=<ingress-host> \ --set database.enabled=true \ --set keycloak.enabled=true \ --set keycloak.install=true \ --set keycloak.database.enabled=true ``` In addition `Keycloak` will be deployed and configured. !!! info "Disable HTTPS" In some cases you might want to disable the "Required HTTPS" for Keycloak. - Login to the `PostgreSQL` Pod: ``` kubectl exec -it keycloak-database-<pod-uuid> /bin/bash ``` - Connect to the `keycloak` database: ``` psql --u keycloak ``` - Set the `ssl_required` to `NONE`: ``` update REALM set ssl_required='NONE' where id = 'master'; ``` - Restart the `Keycloak` pod to apply the updated configuration: ``` kubectl delete pod keycloak-<pod-uuid> ``` Now the `Required HTTPS` should be disabled and the keycloak instance should be accessible via **`http://`**=== "GCP Cloud SQL Postgre & Keycloak"
!!! info "Prerequisites" - Install the [gcloud CLI](https://cloud.google.com/sdk/docs/install) - Install [kubectl](https://kubernetes.io/docs/tasks/tools/) and [configure cluster access](https://cloud.google.com/kubernetes-engine/docs/how-to/cluster-access-for-kubectl#default_cluster_kubectl) - Install [Helm](https://helm.sh/docs/intro/install/) !!! info "Info" - You can check the [blog](https://www.dirigible.io/blogs/2022/08/10/gcp-gke-dns-istio-letsencrypt-postgresql-keycloak/) for more details. ``` helm upgrade --install dirigible dirigible -n dirigible-demo \ --set volume.enabled=true \ --set serviceAccount.create=false \ --set keycloak.serviceAccountCreate=false \ --set ingress.tls=true \ --set keycloak.enabled=true \ --set keycloak.install=true \ --set istio.enabled=true \ --set istio.enableHttps=true \ --set gke.cloudSQL=true \ --set gke.projectId=<your-project-id> \ --set gke.region=<your-gke-cluster-region> \ --set ingress.host=<your-domain> ```Kyma:
=== "Basic"
``` helm install dirigible dirigible/dirigible \ --set kyma.enabled=true \ --set kyma.apirule.host=<kyma-host> ``` This will install additionally an `ApiRule` and XSUAA `ServiceInstance` and `ServiceBinding`. The appropriate roles should be assigned to the user.=== "PostgreSQL"
``` helm install dirigible dirigible/dirigible \ --set kyma.enabled=true \ --set kyma.apirule.host=<kyma-host> \ --set database.enabled=true ``` This will install also `PostgreSQL` database with `1Gi` storage and update the Dirigible datasource configuration to consume the database.=== "PostgreSQL & Keycloak"
``` helm install dirigible dirigible/dirigible \ --set kyma.enabled=true \ --set kyma.apirule.host=<kyma-host> \ --set database.enabled=true \ --set keycloak.enabled=true \ --set keycloak.install=true ``` In addition `Keycloak` will be deployed and configured. !!! info "Disable HTTPS" In some cases you might want to disable the "Required HTTPS" for Keycloak. - Login to the `PostgreSQL` Pod: ``` kubectl exec -it keycloak-database-<pod-uuid> /bin/bash ``` - Connect to the `keycloak` database: ``` psql --u keycloak ``` - Set the `ssl_required` to `NONE`: ``` update REALM set ssl_required='NONE' where id = 'master'; ``` - Restart the `Keycloak` pod to apply the updated configuration: ``` kubectl delete pod keycloak-<pod-uuid> ``` Now the `Required HTTPS` should be disabled and the keycloak instance should be accessible via **`http://`**Uninstall:
helm uninstall dirigible
Configuration
The following table lists all the configurable parameters expose by the Dirigible chart and their default values.
Generic
| Name | Description | Default |
|---|---|---|
dirigible.image | Custom Dirigible image | "" |
image.repository | Dirigible image repo | dirigiblelabs/dirigible-all |
image.repositoryKyma | Dirigible Kyma image repo | dirigiblelabs/dirigible-sap-kyma |
image.repositoryKeycloak | Dirigible Keycloak image repo | dirigiblelabs/dirigible-keycloak |
image.pullPolicy | Image pull policy | IfNotPresent |
service.type | Service type | ClusterIP |
service.port | Service port | 8080 |
replicaCount | Number of replicas | 1 |
imagePullSecrets | Image pull secrets | [] |
nameOverride | Name override | "" |
fullnameOverride | Fullname override | "" |
podSecurityContext | Pod security context | {} |
nodeSelector | Node selector | {} |
tolerations | Tolerations | [] |
affinity | Affinity | {} |
resources | Resources | {} |
Basic
| Name | Description | Default |
|---|---|---|
volume.enabled | Volume to be mounted | true |
volume.storage | Volume storage size | 1Gi |
database.enabled | Database to be deployed | false |
database.image | Database image | postgres:13 |
database.driver | Database JDBC driver | org.postgresql.Driver |
database.storage | Database storage size | 1Gi |
database.username | Database username | dirigible |
database.password | Database password | dirigible |
ingress.enabled | Ingress to be created | false |
ingress.annotations | Ingress annotations | {} |
ingress.host | Ingress host | "" |
ingress.tls | Ingress tls | false |
Istio
| Name | Description | Default |
|---|---|---|
istio.enabled | Istio to be enable | false |
istio.gatewayName | Istio gateway name | gateway |
istio.serversPortNumber | Istio servers port number | 80 |
istio.serversPortName | Istio servers port name | http |
istio.serversPortProtocol | Istio servers port protocol | HTTP |
istio.serversHost | Istio servers host | * |
istio.virtualserviceName | Istio virtual service name | dirigible |
istio.virtualserviceHosts | Istio virtual service hosts | * |
istio.virtualserviceGateways | Istio virtual service gateway | gateway |
istio.virtualserviceDestination | Istio virtual service destination | dirigible |
istio.virtualservicePort | Istio virtual service port | 8080 |
Kyma
| Name | Description | Default |
|---|---|---|
kyma.enabled | Kyma environment to be used | false |
kyma.apirule.enabled | Kyma ApiRule to be created | true |
kyma.apirule.host | Kyma host to be used in ApiRule | "" |
Keycloak
| Name | Description | Default |
|---|---|---|
keycloak.enabled | Keycloak environment to be used | false |
keycloak.install | Keycloak to be installed | false |
keycloak.name | Keycloak deployment name | keycloak |
keycloak.image | Keycloak image | jboss/keycloak:12.0.4 |
keycloak.username | Keycloak username | admin |
keycloak.password | Keycloak password | admin |
keycloak.replicaCount | Keycloak number of replicas | 1 |
keycloak.realm | Keycloak realm to be set | master |
keycloak.clientId | Keycloak clientId to be used | dirigible |
keycloak.database.enabled | Keycloak database to be used | false |
keycloak.database.enabled | Keycloak database to be used | true |
keycloak.database.image | Keycloak database image | postgres:13 |
keycloak.database.storage | Keycloak database storage size | 1Gi |
keycloak.database.username | Keycloak database username | keycloak |
keycloak.database.password | Keycloak database password | keycloak |
Usage
Specify the parameters you which to customize using the --set argument to the helm install command. For instance,
helm install dirigible dirigible/dirigible \
--set ingress.enabled=true \
--set ingress.host=my-ingress-host.comThe above command sets the ingress.host to my-ingress-host.com.
Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
helm install dirigible dirigible/dirigible --values values.yamlTIP
You can use the default values.yaml.