Ga naar hoofdinhoud

Helm chart 2.0.3

App version: 3.1.0

Introduction

This Helm chart installs Linksight nodes in a Kubernetes cluster, including:

  • Data station
  • Analysis Hub

Prerequisites

  • Kubernetes cluster 1.20+
  • Helm 3

Installation

Install the chart with values

Create a values.yaml file for your release, to override values of the values.yaml in this chart (recommended). Then install the chart:

helm install -f values.yaml my-release oci://registry.linksight.network/charts/linksight [--version x.x.x] [--namespace my-namespace]

Alternatively, you can also pass values from the command line:

helm install --set datastation.config.host=1.2.3.4 --set foo.bar=baz my-release oci://registry.linksight.network/charts/linksight [--version x.x.x] [--namespace my-namespace]

Read more here: https://helm.sh/docs/helm/helm_install/#helm-install

Additional chart configuration

Check out the values.yaml file of this chart to explore all configuration options.

helm show values oci://registry.linksight.network/charts/linksight [--version x.x.x]

Uninstall

To uninstall/delete the my-release deployment:

helm uninstall my-release

Required values

Data station host

This is the external public hostname/IP of the data station where other (external) data station can reach the data station. It can be set in datastation.config.host:

datastation:
config:
host: 4.2.4.2

Identity Provider

By default, the Linksight Identity Provider will be used for user authentication. To configure an alternative identity provider (see https://docs.linksight.network/3.1.x/docs/deploy-linksight/configure/user-identity-management), some values need to be adjusted.

The available identity providers are:

For identity providers that use OIDC (all but local credentials), it is important to set the analysisHub.backend.config.frontend.host and analysisHub.backend.config.frontend.port variables correctly to the host and port where the frontend is reachable on from the outside:

analysisHub:
backend:
config:
frontend:
host: the.host.where.the.user.reaches.the.frontend # If empty, the value of `analysisHub.frontend.ingress.host` (if set) is used
port: 443 # default

When enabling ingress, the host is set automatically.

Microsoft OIDC Provider

To use the Microsoft OIDC Provider, set analysisHub.backend.config.auth.provider to microsoft and fill in the values in the analysisHub.backend.config.auth.oidc.microsoft:

analysisHub:
backend:
config:
auth:
provider: microsoft
oidc:
microsoft:
tenantid: my-tentant-id
clientid: my-client-id
clientsecret: my-client-secret

Alternatively, the client secret can also be supplied using a secret with key 'client-secret':

analysisHub:
backend:
secrets:
auth:
oidc:
microsoft:
clientSecretSecretName: my-secret

See also: https://docs.linksight.network/3.1.x/docs/deploy-linksight/configure/user-identity-management#microsoft-oidc-provider

Custom OIDC Provider

To use the Custom OIDC Provider, set analysisHub.backend.config.auth.provider to customoidc and fill in the values in the analysisHub.backend.config.auth.oidc.custom:

analysisHub:
backend:
config:
auth:
provider: customoidc
oidc:
custom:
issuerurl: my-issuer-url
clientid: my-client-id
clientsecret: my-client-secret

Alternatively, the client secret can also be supplied using a secret with key 'client-secret':

analysisHub:
backend:
secrets:
auth:
oidc:
custom:
clientSecretSecretName: my-secret

See also: https://docs.linksight.network/3.1.x/docs/deploy-linksight/configure/user-identity-management#custom-oidc-provider

Local credentials

To use local credentials (username/password), set analysisHub.backend.config.auth.provider to localdb and fill in the values in the analysisHub.backend.config.auth.localdb:

analysisHub:
backend:
config:
auth:
provider: localdb
localdb:
dbpath: /data/auth.db
## Set the admin credentials, or use a secret in the 'secrets' block.
admin:
username: my-org-admin
password: pleasechangethis
## Password hashing parameters
argon2:
memory: 47104
iterations: 1
parallelism: 1
saltlength: 16
keylength: 32

Alternatively, the admin credentials can also be supplied using a secret with keys 'username' and 'password':

analysisHub:
backend:
secrets:
auth:
localdb:
adminSecretName: my-secret

See also: https://docs.linksight.network/3.1.x/docs/deploy-linksight/configure/user-identity-management#local-credentials-usernamepassword

Analysis Hub frontend served without TLS

When using no TLS (that is, users connect to the Analysis Hub over plain HTTP), it is important to set analysisHub.backend.config.frontend.tls.enabled to false:

analysisHub:
backend:
config:
frontend:
tls:
enabled: false

Ingress (analysisHub.frontend.ingress.*)

To enable ingress, set the relevant values under analysisHub.frontend.ingress, e.g.:

analysisHub:
frontend:
ingress:
annotations: {}
ingressClassName: nginx
host: analysis.domain.internal
tls: true
tlsSecretName: my-org-tls
grpcEnabled: false

Alternatively, the user interface can be exposed by modifying analysisHub.frontend.service:

analysisHub:
frontend:
service:
type: LoadBalancer
port: 80

Persistence

The linksight components require persistence, which is configured in the charts. By default, the default storage class of the cluster is used.

To set a custom storage class for the components, set datastation.persistence.storageClass and/or analysisHub.backend.persistence.storageClass:

datastation:
persistence:
storageClass: my-storage-class

The chart prevents PVCs from being deleted during a helm delete operation. When it is preferred to delete PVCs after the chart is deleted, set:

persistence:
resourcePolicy: ""

Other

Dual setup

By default, this chart deploys the data station and Analysis Hub in dual setup mode. If each component needs to be registered separately, then this can be disabled by setting registration.dualSetup to false:

registration:
dualSetup: false