Helm chart 2.0.4
App version: 3.1.1
Introduction
This Helm chart installs Linksight nodes in a Kubernetes cluster, including:
- Data station
- Analysis Hub
Prerequisites
- Kubernetes cluster 1.20+
- Helm 3
Installation
Install the chart with values
Create a values.yaml file for your release, to override values of the values.yaml in this chart (recommended). Then install the chart:
helm install -f values.yaml my-release oci://registry.linksight.network/charts/linksight [--version x.x.x] [--namespace my-namespace]
Alternatively, you can also pass values from the command line:
helm install --set datastation.config.host=1.2.3.4 --set foo.bar=baz my-release oci://registry.linksight.network/charts/linksight [--version x.x.x] [--namespace my-namespace]
Read more here: https://helm.sh/docs/helm/helm_install/#helm-install
Additional chart configuration
Check out the values.yaml file of this chart to explore all configuration options.
helm show values oci://registry.linksight.network/charts/linksight [--version x.x.x]
Uninstall
To uninstall/delete the my-release deployment:
helm uninstall my-release
Required values
Data station host
This is the external public hostname/IP of the data station where other (external) data station can reach the data station. It can be set in datastation.config.host:
datastation:
config:
host: 4.2.4.2
Recommended values
Identity Provider
By default, the Linksight Identity Provider will be used for user authentication. To configure an alternative identity provider (see https://docs.linksight.network/3.1.x/docs/deploy-linksight/configure/user-identity-management), some values need to be adjusted.
The available identity providers are:
- Linksight Identity Provider (default)
- Microsoft OIDC Provider
- Custom OICD Provider
- Local credentials (username/password)
For identity providers that use OIDC (all but local credentials), it is important to set the analysisHub.backend.config.frontend.host and analysisHub.backend.config.frontend.port variables correctly to the host and port where the frontend is reachable on from the outside:
analysisHub:
backend:
config:
frontend:
host: the.host.where.the.user.reaches.the.frontend # If empty, the value of `analysisHub.frontend.ingress.host` (if set) is used
port: 443 # default
When enabling ingress, the host is set automatically.
Microsoft OIDC Provider
To use the Microsoft OIDC Provider, set analysisHub.backend.config.auth.provider to microsoft and fill in the values in the analysisHub.backend.config.auth.oidc.microsoft:
analysisHub:
backend:
config:
auth:
provider: microsoft
oidc:
microsoft:
tenantid: my-tentant-id
clientid: my-client-id
clientsecret: my-client-secret
Alternatively, the client secret can also be supplied using a secret with key 'client-secret':
analysisHub:
backend:
secrets:
auth:
oidc:
microsoft:
clientSecretSecretName: my-secret
Custom OIDC Provider
To use the Custom OIDC Provider, set analysisHub.backend.config.auth.provider to customoidc and fill in the values in the analysisHub.backend.config.auth.oidc.custom:
analysisHub:
backend:
config:
auth:
provider: customoidc
oidc:
custom:
issuerurl: my-issuer-url
clientid: my-client-id
clientsecret: my-client-secret
Alternatively, the client secret can also be supplied using a secret with key 'client-secret':
analysisHub:
backend:
secrets:
auth:
oidc:
custom:
clientSecretSecretName: my-secret
Local credentials
To use local credentials (username/password), set analysisHub.backend.config.auth.provider to localdb and fill in the values in the analysisHub.backend.config.auth.localdb:
analysisHub:
backend:
config:
auth:
provider: localdb
localdb:
dbpath: /data/auth.db
## Set the admin credentials, or use a secret in the 'secrets' block.
admin:
username: my-org-admin
password: pleasechangethis
## Password hashing parameters
argon2:
memory: 47104
iterations: 1
parallelism: 1
saltlength: 16
keylength: 32
Alternatively, the admin credentials can also be supplied using a secret with keys 'username' and 'password':
analysisHub:
backend:
secrets:
auth:
localdb:
adminSecretName: my-secret
Analysis Hub frontend served without TLS
When using no TLS (that is, users connect to the Analysis Hub over plain HTTP), it is important to set analysisHub.backend.config.frontend.tls.enabled to false:
analysisHub:
backend:
config:
frontend:
tls:
enabled: false
Ingress (analysisHub.frontend.ingress.*)
To enable ingress, set the relevant values under analysisHub.frontend.ingress, e.g.:
analysisHub:
frontend:
ingress:
annotations: {}
ingressClassName: nginx
host: analysis.domain.internal
tls: true
tlsSecretName: my-org-tls
grpcEnabled: false
Alternatively, the user interface can be exposed by modifying analysisHub.frontend.service:
analysisHub:
frontend:
service:
type: LoadBalancer
port: 80
Persistence
The linksight components require persistence, which is configured in the charts. By default, the default storage class of the cluster is used.
To set a custom storage class for the components, set datastation.persistence.storageClass and/or analysisHub.backend.persistence.storageClass:
datastation:
persistence:
storageClass: my-storage-class
The chart prevents PVCs from being deleted during a helm delete operation. When it is preferred to delete PVCs after the chart is deleted, set:
persistence:
resourcePolicy: ""
Other
Dual setup
By default, this chart deploys the data station and Analysis Hub in dual setup mode. If each component needs to be registered separately, then this can be disabled by setting registration.dualSetup to false:
registration:
dualSetup: false