Helm chart 2.0.1
App version: 3.0.1
Introduction
This Helm chart installs Linksight nodes in a Kubernetes cluster, including:
- Data station
- Analysis Hub
Prerequisites
- Kubernetes cluster 1.20+
- Helm 3
- Harbor (container image and helm charts registry) login from Linksight
- A user account on the Governance Hub (https://linksight.network) with the
Organization adminrole
Installation
Add Helm repository
helm repo add linksight --username <harbor_username> https://registry.linksight.network/chartrepo/linksight
Configure the chart
Create a values.yaml file for your release, to override values of the values.yaml in this chart (recommended).
Alternatively, you can also override values of this chart during deployment:
helm install --set foo=bar --set baz.bar=newbar my-release linksight/linksight
Read more here: https://helm.sh/docs/helm/helm_install/#helm-install
Check out the values.yaml file of this chart to explore all configuration options.
Required
Image pull secret
Define the image registry credential as follows in your values:
registryCredentials:
endpoint: https://registry.linksight.network
username: xxxxx
token: xxxxx
Alternatively, the registry credential can also be applied to the cluster as secret of type kubernetes.io/dockerconfigjson, under the key .dockerconfigjson.
---
apiVersion: v1
kind: Secret
metadata:
name: my-registry-secret
data:
.dockerconfigjson: <base64 of {"auths":{"registry.linksight.network":{"auth":"<base64 of REGISTRY_USERNAME:REGISTRY_TOKEN>"}}} >
type: kubernetes.io/dockerconfigjson
Then set imagePullSecrets:
imagePullSecrets:
- name: my-registry-secret
Data station host
This is the external public hostname/IP of the data station where other (external) data station can reach the data station. It can be set in datastation.config.host:
datastation:
config:
host: 4.2.4.2
Recommended
Identity Provider
Depending on the chosen identity provider (see https://docs.linksight.network/3.0.x/docs/deploy-linksight/configure/user-identity-management), some values need to be adjusted.
For identity providers that use OIDC (all but local credentials), it is important to set the analysisHub.backend.config.frontend.host and analysisHub.backend.config.frontend.port variables correctly to the host and port where the frontend is reachable on from the outside:
analysisHub:
backend:
config:
frontend:
host: your-host # If not filled in, the value of `analysisHub.frontend.ingress.host` (if set) is used
port: 443 # default
When enabling ingress, the host is set automatically.
Linksight Identity Provider
No adjustments necessary.
Microsoft OIDC Provider
To use the Microsoft OIDC Provider, set analysisHub.backend.config.auth.provider to microsoft and fill in the values in the analysisHub.backend.config.auth.oidc.microsoft:
analysisHub:
backend:
config:
auth:
provider: microsoft
oidc:
microsoft:
tenantid: my-tentant-id
clientid: my-client-id
clientsecret: my-client-secret
Alternatively, the client secret can also be supplied using a secret with key 'client-secret':
analysisHub:
backend:
secrets:
auth:
oidc:
microsoft:
clientSecretSecretName: my-secret
Custom OIDC Provider
To use the Custom OIDC Provider, set analysisHub.backend.config.auth.provider to customoidc and fill in the values in the analysisHub.backend.config.auth.oidc.custom:
analysisHub:
backend:
config:
auth:
provider: customoidc
oidc:
custom:
issuerurl: my-issuer-url
clientid: my-client-id
clientsecret: my-client-secret
Alternatively, the client secret can also be supplied using a secret with key 'client-secret':
analysisHub:
backend:
secrets:
auth:
oidc:
custom:
clientSecretSecretName: my-secret
Local credentials
To use local credentials (username/password), set analysisHub.backend.config.auth.provider to localdb and fill in the values in the analysisHub.backend.config.auth.localdb:
analysisHub:
backend:
config:
auth:
provider: localdb
localdb:
dbpath: /data/auth.db
## Set the admin credentials, or use a secret in the 'secrets' block.
admin:
username: my-org-admin
password: pleasechangethis
## Password hashing parameters
argon2:
memory: 47104
iterations: 1
parallelism: 1
saltlength: 16
keylength: 32
Alternatively, the admin credentials can also be supplied using a secret with keys 'username' and 'password':
analysisHub:
backend:
secrets:
auth:
localdb:
adminSecretName: my-secret
Analysis Hub frontend served without TLS
When using no TLS (that is, users connect to the Analysis Hub over plain HTTP), it is important to set analysisHub.backend.config.frontend.tls.enabled to false:
analysisHub:
backend:
config:
frontend:
tls:
enabled: false
Ingress (analysisHub.frontend.ingress.*)
To enable ingress, set the relevant values under analysisHub.frontend.ingress, e.g.:
analysisHub:
frontend:
ingress:
annotations: {}
ingressClassName: nginx
host: analysis.domain.internal
tls: true
tlsSecretName: my-org-tls
grpcEnabled: false
Alternatively, the user interface can be exposed by modifying analysisHub.frontend.service:
analysisHub:
frontend:
service:
type: LoadBalancer
port: 80
Persistence
The linksight components require persistence, which is configured in the charts. By default, the default storage class of the cluster is used.
To set a custom storage class for the components, set datastation.persistence.storageClass and/or analysisHub.backend.persistence.storageClass:
datastation:
persistence:
storageClass: my-storage-class
The chart prevents PVCs from being deleted during a helm delete operation. When it is preferred to delete PVCs after the chart is deleted, set:
persistence:
resourcePolicy: ""
Other
Dual setup
By default, this chart deploys the data station and Analysis Hub in dual setup mode. If each component needs to be registered separately, then this can be disabled by setting registration.dualSetup to false:
registration:
dualSetup: false
Install the chart
Install the Harbor helm chart with a release name my-release:
helm install -f values.yaml my-release linksight/linksight
Uninstall
To uninstall/delete the my-release deployment:
helm uninstall my-release
Additional chart configuration
Check out the values.yaml file of this chart to explore all configuration options.