Skip to content
Snippets Groups Projects

GONRG-5542 fix update readme for ref arch

Merged GONRG-5542 fix update readme for ref arch
GONRG-5542-fix-update-readme-for-ref-arch into master
Merged Tejinder Dhingra requested to merge GONRG-5542-fix-update-readme-for-ref-arch into master
Compare
and
1 file
+ 86
55
Compare changes
  • Side-by-side
  • Inline
helm/osdu-infra-onprem/README.md
+ 86
55
@@ -34,46 +34,79 @@ This chart bootstraps OSDU services and all the required infrastructure applicat
* Workflow
## Prerequisites
Before starting installation, please ensure that all the required tools and resources are ready and configured, as listed below.
### Kubernetes cluster
The code was tested on **Kubernetes cluster**(v1.21.11)[^1] with **Istio**[^2] (1.12.6) [^1]
The default storage class should be specified,
to check use the command:
```sh
kubectl get sc
```
if not scpecified use command:
```sh
kubectl annotate sc <STORAGE_CLASS_NAME> "storageclass.kubernetes.io/is-default-class"="true"
```
The installation requires at least 2 cluster nodes. It is partially compatible with [minikube](https://github.com/kubernetes/minikube) (see more details in the [examples](../../examples/osdu_onprem_minikube/README.md)).
Helm chart could be installed in **two modes**:
1. #### **Development mode**
Helm chart installs OSDU to the namespace **not labeled with Istio**: [^3]
* it requires fewer hardware resources: 2 worker nodes (not used by other processes) with 4 vCPU and 11 GB RAM per each[^4]
* it reduces security: Istio security policy will not be applied for partition and entitlements OSDU services, which means that authentication will not work for requests because authentication is configured on the Istio side
* Istio is required and used for traffic routing
This mode is recommended for development purposes only.
##### 1. Operating system
The code works in Debian-based Linux (Debian 10 and Ubuntu 20.04) and Windows WSL 2. All other operating systems, including macOS and Google Cloud Shell, are not verified and supported.
2. #### **Secure mode**
##### 2. Packages
Helm chart is installed to the namespace **labeled with Istio**[^3].
Packages needed for installation from a local computer.
* **Kubectl** (version: v1.21.0 or higher) [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl)[^1]
* **HELM** (version: v3.7.1 or higher) [helm](https://helm.sh/docs/intro/install/)[^1]
* In this case, each pod works with an Istio sidecar injected with a security policy and authentication.
* it requires the following free hardware resources: 11 vCPU, 27 GB RAM[^4]
**We strongly recommend the approach for any publicly available endpoints.**
##### 3. Kubernetes cluster
Create a kubernetes cluster with the following requirements:
* **Hardware resources**
The minimum hardware requirements differ for two modes of Helm installation *(described below)*:
* For Development mode minimum 8 vCPUs and 16 GB of RAM should be available cumutatively in all nodes.
* For Secure mode minimum 11 vCPUs and 27 GB of RAM should be available cumutatively in all nodes.
* **Storage Class**
Specify the stoarge class with the command below:
```sh
kubectl annotate sc <STORAGE_CLASS_NAME> "storageclass.kubernetes.io/is-default-class"="true"
```
##### 4. Install ISTIO in cluster
For *Secure mode* install ISTIO, version 1.12.6 or above. Visit [this site](https://istio.io/latest/docs/setup/getting-started/) for detailed information about how to install ISTIO in your cluster.
##### 5. Verification
To verify that all the resources and tools are ready for installation, perform the following steps:
* To check kubectl version run:
```
kubectl version --short | grep 'Client Version'
```
* To check Helm version run:
```
helm version | awk -F '[{,]' '{print $1 $2}'
```
* To check if you are connected to correct cluster run:
```
kubectl config current-context
```
* To check the nodes in kubernetes cluster run:
```
kubectl get nodes
```
* To verify ISTIO installation run:
```
kubectl get svc -n istio-system
```
* To get ISTIO Ingress Gateway IP address run:
```
kubectl get svc istio-ingressgateway -n istio-system
```
Helm chart can be installed in **two modes**:
##### 1. **Development mode**
Helm chart installs OSDU to the namespace **not labeled with Istio**: [^3]
* it requires fewer hardware resources: 2 worker nodes (not used by other processes) with 4 vCPU and 11 GB RAM per each[^4]
* it reduces security: Istio security policy will not be applied for partition and entitlements OSDU services, which means that authentication will not work for requests because authentication is configured on the Istio side
* Istio is required and used for traffic routing
This mode is recommended for development purposes only.
##### 2. **Secure mode**
Helm chart is installed to the namespace **labeled with Istio**[^3].
* In this case, each pod works with an Istio sidecar injected with a security policy and authentication.
* it requires the following free hardware resources: 11 vCPU, 27 GB RAM[^4]
**We strongly recommend the approach for any publicly available endpoints.**
[^1]: It is possible to use other versions, but it hasn't been tested
@@ -83,17 +116,6 @@ Helm chart could be installed in **two modes**:
[^4]: Hardware requirements were specified during a test installation
### Operating system
The code works in Debian-based Linux (Debian 10 and Ubuntu 20.04) and Windows WSL 2. All other operating systems, including macOS and Google Cloud Shell, are not verified and supported.
### Packages
Packages are only needed for installation from a local computer.
* **HELM** (version: v3.7.1 or higher) [helm](https://helm.sh/docs/intro/install/)[^1]
* **Kubectl** (version: v1.21.0 or higher) [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl)[^1]
## Installation
@@ -419,22 +441,17 @@ helm install osdu-onprem
It takes about 10-20 minutes to install infrastructure applications and OSDU services. It is an expected behavior pods restart several times until they are ready.
### Uninstall OSDU on-prem helm chart
After the helm install process is completed, it provides the list of OSDU Services endpoints, which you can use for verification of the status of your applications. Before verification please wait for around 20 mins till all the pods are in running state.
To uninstall OSDU on-prem helm chart use commands:
To check the status of pods do run the following command from terminal
```sh
helm uninstall osdu-onprem
kubectl get pods
```
Delete secrets and pvc:
```sh
kubectl delete secret --all; kubectl delete pvc --all
```
### OSDU services endpoints
The list of OSDU services endpoints would look like as below, wherein "domain_name" would be replaced with the domain you have provided earlier in values.yaml.
<pre>
CRS-Catalog: "http://osdu.domain_name/api/crs/catalog/v2/info"
@@ -559,6 +576,20 @@ Example of output message after the previous command if you use default variable
</details>
### Uninstall OSDU on-prem helm chart
To uninstall OSDU on-prem helm chart use commands:
```sh
helm uninstall osdu-onprem
```
Delete secrets and pvc:
```sh
kubectl delete secret --all; kubectl delete pvc --all
```
## Install logging and monitoring helm chart
Helm chart with logging and monitoring tools could be installed as described [here](../logging-and-monitoring).