This guide details the process of deploying the Howso Platform using Helm in a non-air-gapped Kubernetes environment. This example emphasizes a straightforward installation process for environments with direct internet access, making minimal configuration changes to the default Helm charts. It is recommended to confirm that you can setup a basic environment before making any customizations.
Ensure you have completed the prerequisites before proceeding, and have a Kubernetes cluster running, with a howso namespace, and are logged into the Helm registry.
Not your first run-through? Apply the following to get up and running quickly.
# helm registry login --username [email protected] --password your_license_id
# add pypi|api|www| to /etc/hosts
k3d cluster create --config prereqs/k3d-single-node.yaml
kubectl create namespace howso
The datastore Helm charts used by the Howso Platform require random credentials generated before they initialize. The charts, in their default configuration, will create these credentials directly as part of Kubernetes' secret resources. However, this is not an approach that should be taken in a production environment for the following reasons:
- There are circumstances where random secrets managed by Helm can be unstable (change when you don't expect them to). However if configured to do so, Helm will look-up an existing value, and try to keep the secret the same when upgrading a release; tools like Argo CD, that do not directly install with the Helm CLI (rather they template out the resources and apply them directly) will not necessarily have the same behavior.
- It is harder to avoid the secrets being stored in places they shouldn't be, like in a repository used for gitops.
- It is also a common requirement to have these secrets managed by different tooling i.e. Hashicorp Vault, or Azure Key Vault.
As such, all examples in this documentation will create the secrets out-of-band, as a separate step from the main installation, and then configure the chart to look for these pre-existing secrets. This is superior to the default behavior but is not done to be prescriptive, but to cleanly separate the secrets management step to delineate where an organization's own policies and procedures should be applied.
kubectl create secret generic platform-minio --from-literal=rootPassword="$(openssl rand -base64 20)" --from-literal=rootUser="$(openssl rand -base64 20)" --dry-run=client -o yaml | kubectl -n howso apply -f -
kubectl create secret generic platform-postgres-postgresql --from-literal=postgres-password="$(openssl rand -base64 20)" --dry-run=client -o yaml | kubectl -n howso apply -f -
kubectl create secret generic platform-redis --from-literal=redis-password="$(openssl rand -base64 20)" --dry-run=client -o yaml | kubectl -n howso apply -f -
Now install the Helm charts. It is encouraged to check the values manifest files for each chart, to see the minimal configuration applied to each.
Note. Using the same release names is important, so that the default configuration of the Howso Platform chart can find the other components.
Standalone mode is used as an alternative to a much more heavyweight default configuration.
helm install platform-minio oci:// --namespace howso --values helm-basic/manifests/minio.yaml --wait
NATS with Jetstream enabled is a mandatory component.
helm install platform-nats oci:// --namespace howso --values helm-basic/manifests/nats.yaml --wait
Existing secrets are used as described above
helm install platform-postgres oci:// --namespace howso --values helm-basic/manifests/postgres.yaml --wait
Read replicas are scaled down for a smaller/basic installation.
helm install platform-redis oci:// --namespace howso --values helm-basic/manifests/redis.yaml --wait
Howso Platform is installed last - when all other components are ready. The only configuration changes are to configure the Replicated container registry and to choose a parent domain name (matching the one setup in our hosts file). The registry credentials are injected into the chart in your customer-specific Helm registry.
helm install howso-platform oci:// --namespace howso --values helm-basic/manifests/howso-platform.yaml
Time to install may vary significantly depending on network speed and resources -so the above install command avoids waiting. Instead check the status of the pods in the howso namespace, as they come online (CTRL-C to exit).
watch kubectl -n howso get po
Set up a test user and Python client environment using the instructions here.