Helm based deployment for Expertflow-CX solution
Helm based deployment can also be made for expertflow-CX soluton.
Install the chart
helm upgrade \
--install=true \
--debug \
--wait=true \
--namespace=expertflow \
--create-namespace \
--timeout=19m15s \
--set global.ingressRouter=<FQDN> \
ef-cx \
oci://charts.expertflow.com/library/ef-cx \
--version <CHART-VERSION> helm chart details can be edited and specified using a customer values file. Below given is a list of options that can be edited or by using --set option to override the default value.
Please make sure that the external components are already deployed and running in ef-external namespace. This is a pre-requirement to be met before installing the helm chart.
Meta Chart Detailed
In addition to sub-chart details, below given are the details for this meta chart. Any key:value pair present in this file supersedes the values file in sub-chart's values file.
Item | Details | default |
|---|---|---|
global.ingressRouter | This parameter defines the FQDN used across the Expertflow Solution and is evaluated as a standard FQDN expression i-e can be a FQDN or, subdomain only. | "ef.com" |
global.registry | this parameter gives the end user ability to customize the deployment in an air-gapped environment. Changing its values will evaluate all images below this variable and must be changed in "imageCredentials.registry " | "gitimages.expertflow.com" |
imageCredentials.registry | provides the registry URL | "gitimages.expertflow.com" |
imageCredentials.username | username to use | "efcx" |
imageCredentials.password | Password for the user | "RecRpsuH34yqp56YRFUb" |
imageCredentials.email | an email address for the user | "devops@expertflow.com" |
ssl.enabled | when enabled to true, a self-Signed-Certificate ( includes .Values.global.ingressRouter, 127.0.0.1 and ef.expertflow as default Domain Names ) | true |
ssl.generateTLS | If False use the external/customer's SSL Cert/Key pair (mentioned below for defaultKey and defaultCert) | false |
ssl.defaultSANList | Additional Domains to be included in the list of SANS | ef.expertflow |
ssl.defaultIPList | Additional IP address list for inclusion | 127.0.0.1 |
ssl.defaultKey | custom SSL Key | "" |
ssl.defaultCert | custom SSL Cert | "" |
SubChart Declaration
MetaChart includes declaration of sub-charts in below given format.
Subchart Item | Details | Default |
|---|---|---|
| subchart.install | Enable or Disable this chart TRUE/FALSE | true |
| subchart.replicaCount | Replica Count for this sub-Chart's pods | 1 |
| subchart.image.repository | storage path on the registry | per component |
| subchart.image.tag | tag to be used for this chart | per component |
| subchart.includeCommonEfConnections | Whether CommonEFConnection CM be added to this component. TRUE/FALSE | true |
| subchart.envOverride | includes runtime configurable parameters for the subchart/component | empty |
Ingress for Keycloak and Grafana
after the helm based deployment has been finished and all component pods are running, add the ingresses for both Keycloak and Grafana using ( after changing the <FQDN> in manifests )
For Keycloak
kubectl apply -f - <<EOF
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.org/server-snippets: |
location / {
proxy_set_header X-Forwarded-For $host;
proxy_set_header X-Forwarded-Proto $scheme;
}
name: keycloak
namespace: ef-external
spec:
rules:
- host: <FQND>
http:
paths:
- backend:
service:
name: keycloak
port:
number: 80
path: /auth
pathType: Prefix
tls:
- hosts:
- <FQDN>
secretName: ef-ingress-tls-secret
EOF For Grafana
kubectl apply -f - <<EOF
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/rewrite-target: /$2
name: ef-grafana
namespace: ef-external
spec:
rules:
- host: <FQDN>
http:
paths:
- backend:
service:
name: grafana
port:
number: 3000
path: /grafana(/|$)(.*)
pathType: Prefix
tls:
- hosts:
- <FQND>
secretName: ef-ingress-tls-secret
EOF SSL integration for Keycloak
this helm chart by default generates SSL certificate for the global.ingressRouter's value which is the main FQDN used to access the Expertflow-CX solution. For compatibility with external components, please export the SSL Certificate secrete to 'ef-external name space' by
kubectl -n expertflow get secret <fqdn>-cert -o yaml |sed -e 's/namespace: expertflow/namespace: ef-external/g'| kubectl create -f -replace the fqdn with the value you provided when deploying the helm chart.