Skip to content
Snippets Groups Projects

GONRG-5542 fix update readme for ref arch

Merged GONRG-5542 fix update readme for ref arch
GONRG-5542-fix-update-readme-for-ref-arch into master
Merged Tejinder Dhingra requested to merge GONRG-5542-fix-update-readme-for-ref-arch into master
Compare
and
1 file
+ 106
46
Compare changes
  • Side-by-side
  • Inline
helm/osdu-infra-onprem/README.md
+ 106
46
@@ -33,47 +33,109 @@ This chart bootstraps OSDU services and all the required infrastructure applicat
* Well-Delivery
* Workflow
## Prerequisites
### Kubernetes cluster
Helm chart can be installed in **two modes**:
The code was tested on **Kubernetes cluster**(v1.21.11)[^1] with **Istio**[^2] (1.12.6) [^1]
##### 1. **Development mode**
The default storage class should be specified,
to check use the command:
Helm chart installs OSDU to the namespace **not labeled with Istio**: [^3]
```sh
kubectl get sc
```
* it requires fewer hardware resources.
* it reduces security: Istio security policy will not be applied for partition and entitlements OSDU services, which means that authentication will not work for requests because authentication is configured on the Istio side
* Istio is required and used for traffic routing
if not scpecified use command:
This mode is recommended for development purposes only.
```sh
kubectl annotate sc <STORAGE_CLASS_NAME> "storageclass.kubernetes.io/is-default-class"="true"
```
##### 2. **Secure mode**
The installation requires at least 2 cluster nodes. It is partially compatible with [minikube](https://github.com/kubernetes/minikube) (see more details in the [examples](../../examples/osdu_onprem_minikube/README.md)).
Helm chart is installed to the namespace **labeled with Istio**[^3].
Helm chart could be installed in **two modes**:
* In this case, each pod works with an Istio sidecar injected with a security policy and authentication.
* it requires more hardware resources than development mode [^4]
1. #### **Development mode**
**We strongly recommend the approach for any publicly available endpoints.**
Helm chart installs OSDU to the namespace **not labeled with Istio**: [^3]
* it requires fewer hardware resources: 2 worker nodes (not used by other processes) with 4 vCPU and 11 GB RAM per each[^4]
* it reduces security: Istio security policy will not be applied for partition and entitlements OSDU services, which means that authentication will not work for requests because authentication is configured on the Istio side
* Istio is required and used for traffic routing
## Prerequisites
Before starting installation, please ensure that all the required tools and resources are ready and configured.
The steps to install the helm charts in one of the two, Development or Secure, modes follow the instructions as below, respectively:
This mode is recommended for development purposes only.
- **To install the helm charts in Development mode perform steps 1 to 4 and verify the requirements as in step 6.**
- **To install the helm charts in Secure mode perform the steps 1 to 5 and verify the requirements as in step 6.**
2. #### **Secure mode**
##### 1. Operating system
The code works on Debian-based Linux (Debian 10+ and Ubuntu 20.04+) and Windows WSL 2. All other operating systems, including macOS and Google Cloud Shell, are not verified and supported.
Helm chart is installed to the namespace **labeled with Istio**[^3].
##### 2. Packages
Packages needed for installation from a local computer.
* **Kubectl** (version: v1.21.0 or higher) [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl)[^1]
* **HELM** (version: v3.7.1 or higher) [helm](https://helm.sh/docs/intro/install/)[^1]
* In this case, each pod works with an Istio sidecar injected with a security policy and authentication.
* it requires the following free hardware resources: 11 vCPU, 27 GB RAM[^4]
##### 3. Kubernetes cluster
Create a kubernetes cluster with the following requirements:
* **Hardware resources**
The minimum hardware requirements differ for two modes of Helm installation *(described below)*:
* For Development mode minimum 8 vCPUs and 16 GB of RAM should be available cumulatively in all nodes.
* For Secure mode minimum 11 vCPUs and 27 GB of RAM should be available cumulatively in all nodes.
* **Storage Class**
Specify the stoarge class with the command below:
```sh
kubectl annotate sc <STORAGE_CLASS_NAME> "storageclass.kubernetes.io/is-default-class"="true"
```
##### 4. Install ISTIO in cluster
Install ISTIO, version 1.12.6 or above. Visit [this site](https://istio.io/latest/docs/setup/getting-started/) for detailed information about how to install ISTIO in your cluster.
##### 5. Add namespace label (for secure mode)
**_This step is required to install the helm charts in secure mode._**
Add a namespace label, to application &lt;namespace&gt; to instruct Istio to automatically inject Envoy sidecar proxies when you deploy your application later.
To add the namespace run the following command, replace &lt;namespace&gt; with the namespace in which your application would be installed
```sh
kubectl label namespace <namespace> istio-injection=enabled
```
**We strongly recommend the approach for any publicly available endpoints.**
##### 6. Verification
To verify that all the resources and tools are ready for installation, perform the following steps:
* To check kubectl version run:
```sh
kubectl version --short | grep 'Client Version'
```
* To check Helm version run:
```sh
helm version | awk -F '[{,]' '{print $1 $2}'
```
* To check if you are connected to correct cluster run:
```sh
kubectl config current-context
```
* To check the nodes in kubernetes cluster run:
```sh
kubectl get nodes
```
* To verify ISTIO installation run:
```sh
kubectl get svc -A | grep 'istio-'
```
The output list should include following services:
* istio-citadel
* istio-galley
* istio-ingressgateway
* istio-pilot
* istio-policy
* istio-sidecar-injector
* istio-telemetry
* To get ISTIO Ingress Gateway IP address run:
```sh
kubectl get svc istio-ingressgateway -A
```
* For secure mode ensure if application &lt;namespace&gt; is labeled.
Run the following command to check if the &lt;namespace&gt; is enabled for istio-injection:
```sh
kubectl label namespace <namespace> istio-injection=enabled
```
The output should include the lines:
| NAME | STATUS | AGE | ISTIO-INJECTION |
| -- | -- | -- | -- |
| &lt;namespace&gt; | ACTIVE | 35m | enabled |
[^1]: It is possible to use other versions, but it hasn't been tested
@@ -83,17 +145,6 @@ Helm chart could be installed in **two modes**:
[^4]: Hardware requirements were specified during a test installation
### Operating system
The code works in Debian-based Linux (Debian 10 and Ubuntu 20.04) and Windows WSL 2. All other operating systems, including macOS and Google Cloud Shell, are not verified and supported.
### Packages
Packages are only needed for installation from a local computer.
* **HELM** (version: v3.7.1 or higher) [helm](https://helm.sh/docs/intro/install/)[^1]
* **Kubectl** (version: v1.21.0 or higher) [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl)[^1]
## Installation
@@ -419,22 +470,17 @@ helm install osdu-onprem
It takes about 10-20 minutes to install infrastructure applications and OSDU services. It is an expected behavior pods restart several times until they are ready.
### Uninstall OSDU on-prem helm chart
After the helm install process is completed, it provides the list of OSDU Services endpoints, which you can use for verification of the status of your applications. Before verification please wait for around 20 mins till all the pods are in running state.
To uninstall OSDU on-prem helm chart use commands:
To check the status of pods do run the following command from terminal
```sh
helm uninstall osdu-onprem
kubectl get pods
```
Delete secrets and pvc:
```sh
kubectl delete secret --all; kubectl delete pvc --all
```
### OSDU services endpoints
The list of OSDU services endpoints would look like as below, wherein "domain_name" would be replaced with the domain you have provided earlier in values.yaml.
<pre>
CRS-Catalog: "http://osdu.domain_name/api/crs/catalog/v2/info"
@@ -559,6 +605,20 @@ Example of output message after the previous command if you use default variable
</details>
### Uninstall OSDU on-prem helm chart
To uninstall OSDU on-prem helm chart use commands:
```sh
helm uninstall osdu-onprem
```
Delete secrets and pvc:
```sh
kubectl delete secret --all; kubectl delete pvc --all
```
## Install logging and monitoring helm chart
Helm chart with logging and monitoring tools could be installed as described [here](../logging-and-monitoring).