Advanced Deployment Guide
A guide to advance deployment methods for MOTAR
Recommended for Scalable Activation Across Organization
Helm Chart Installation
Helm Chart for Kubernetes
This cloud or local installation method is considered an advanced install option.
You can install MOTAR in a high availability fashion and optionally configure MOTAR components for advanced deployments. (Production, multi-node Kubernetes cluster deployments.)
You will access the MOTAR Helm installation package through Dynepic’s Helm Repository with the login credentials sent to you by Dynepic.
This Helm chart installs MOTAR with all of its dependencies in a Kubernetes cluster. Our Helm chart also employs non-MOTAR supporting charts, such as:
A custom Minio chart branched from the Minio public chart.
The Bitnami PostgreSQL chart.
The ingress-nginx kubernetes chart.
The nats public chart.
Prerequisites
The MOTAR Helm chart supports deployments in Kubernetes clusters hosted in nearly any cloud provider, local server, and self-hosted cloud. As such many of the values are left to be filled in by the installing individual.
The default values.yaml should provide information sufficient to help you prepare the installation for your circumstance, if you find anything confusing or not intuitive please reach out Contact Us!.
Below we will provide some general recommended values, and then some recommended values based on deployment type.
You will be providing the values to the deployment which overrides the default where the values are set.
If MOTAR is already installed, proceed to Section X to upgrade MOTAR with Helm.
If using the Dynepic provided helm chart and images, you will need to authenticate with the Dynepic registry to pull the Helm chart and provide a Secret in the cluster which contains the dockerconfigjson to pull the images. See the section for imagePullSecret below.
Step 1 - Configuration
Create a values file values.yaml in a known directory
Replace: your_directory with your details
touch /your_directory/your_value.yamlAdd Installation Values to values.yaml
nano /your_directory/your_value.yamlAdd the following values to your values.yaml. Update and change any values that contain ‘you’ or ‘your’.
Then, save the file with CTRL-X (if using nano).
Sample values.yaml (Single Node Using Nodeport)
global:
motarImageRegistry: harbor.dynepic.net
domainName: your_domain.com
initialAdminEmail: [email protected]
environment: development
mailConfig:
reportTargets:
- [email protected]
securityTargets:
- [email protected]
s3Config:
source: minio
url: api-minio.your_domain.com
motar:
ingress:
className: nginx
annotations:
cert-manager.io/cluster-issuer: letsencrypt-cluster-issuer # If using certmanager clusterIssuer
nginx.ingress.kubernetes.io/cors-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,clientid
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
tls:
enabled: true
tlsSecret: "webapps-cert" # Substitute with your tlsSecret
serviceAccount:
create: true
name: motar
minio:
ingress:
enabled: true
className: nginx
hostname: api-minio.your_domain.com
annotations:
apiVersion: networking.k8s.io/v1
className: nginx
cert-manager.io/cluster-issuer: letsencrypt-cluster-issuer # If using CertManager/ClusterIssuer
nginx.ingress.kubernetes.io/proxy-body-size: "0"
tls:
enabled: true
tlsSecret: "api-minio-cert" # Substitute with your tlsSecret
consoleIngress:
enabled: true
className: "nginx"
annotations:
apiVersion: networking.k8s.io/v1
className: nginx
cert-manager.io/cluster-issuer: letsencrypt-cluster-issuer # If using CertManager/ClusterIssuer
nginx.ingress.kubernetes.io/proxy-body-size: "0"
hosts:
- console-minio.your_domain.com
tls:
enabled: true
tlsSecret: "console-minio-cert" # Substitute with your tlsSecret
storageClass:
enabled: true
provisioner: driver.longhorn.io
parameters:
fsType: ext4
numberOfReplicas: "1"
staleReplicaTimeout: "30"
ingress-nginx:
enabled: true
controller:
service:
type: "NodePort"
nodePorts:
http: 31080
https: 31443
minio:
auth:
existingSecret: "motar-s3-auth"
rootUserSecretKey: "rootUser"
rootPasswordSecretKey: "rootPassword"
postgresql:
sslDisabled: true
auth:
existingSecret: "motar-pg-auth"
secretKeys:
adminPasswordKey: "postgres-password"
motarPasswordKey: "motar-password"Sample values.yaml (AWS EKS)
global:
motarImageRegistry: harbor.dynepic.net
domainName: your_domain.com
initialAdminEmail: [email protected]
environment: development
mailConfig:
reportTargets:
- [email protected]
securityTargets:
- [email protected]
s3Config:
source: minio
url: api-minio.your_domain.com
motar:
ingress:
className: nginx
annotations:
cert-manager.io/cluster-issuer: letsencrypt-cluster-issuer # If using certmanager clusterIssuer
nginx.ingress.kubernetes.io/cors-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,clientid
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
tls:
enabled: true
tlsSecret: "webapps-cert" # Substitute with your tlsSecret
serviceAccount:
create: true
name: motar
minio:
ingress:
enabled: true
className: nginx
hostname: api-minio.your_domain.com
annotations:
apiVersion: networking.k8s.io/v1
className: nginx
cert-manager.io/cluster-issuer: letsencrypt-cluster-issuer # If using CertManager/ClusterIssuer
nginx.ingress.kubernetes.io/proxy-body-size: "0"
tls:
enabled: true
tlsSecret: "api-minio-cert" # Substitute with your tlsSecret
consoleIngress:
enabled: true
className: "nginx"
annotations:
apiVersion: networking.k8s.io/v1
className: nginx
cert-manager.io/cluster-issuer: letsencrypt-cluster-issuer # If using CertManager/ClusterIssuer
nginx.ingress.kubernetes.io/proxy-body-size: "0"
hosts:
- console-minio.your_domain.com
tls:
enabled: true
tlsSecret: "console-minio-cert" # Substitute with your tlsSecret
storageClass:
enabled: true
provisioner: kubernetes.io/aws-ebs
parameters:
fsType: ext4
type: gp3
ingress-nginx:
enabled: true
controller:
config:
use-proxy-protocol: false
service:
type: LoadBalancer
external:
enabled: false
internal:
externalTrafficPolicy: Local
enabled: true
annotations:
service.beta.kubernetes.io/aws-load-balancer-internal: false
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: true
service.beta.kubernetes.io/aws-load-balancer-type: nlb-ip
minio:
auth:
existingSecret: "motar-s3-auth"
rootUserSecretKey: "rootUser"
rootPasswordSecretKey: "rootPassword"
postgresql:
sslDisabled: true
auth:
existingSecret: "motar-pg-auth"
secretKeys:
adminPasswordKey: "postgres-password"
motarPasswordKey: "motar-password"
Step 2 - Prepare the namespace
Create the namespace
kubectl create ns motar
Apply the secrets for the s3 storage solution and postgres solution you intend to use
This can be external s3 using your own solution or utilizing our internal minio chart either case requires secrets applied for the rootUser and rootPassword
You can apply directly from a created yaml file like so:
kubectl apply -f mysecrets.yaml -n motar`Example YAML:
apiVersion: v1
data:
rootPassword: base64enc_value
rootUser: base64enc_value
kind: Secret
metadata:
labels:
app.kubernetes.io/part-of: motar
name: motar-s3-auth
type: OpaqueExample Literals:
kubectl -n motar create secret generic --from-literal=motar-password=supersecret --from-literal=postgres-password=topsecret motar-pg-auth
kubectl -n motar create secret generic --from-literal=rootUser=minioUser --from-literal=rootPassword=topsecretPassword motar-s3-authIf you would like to apply a tls certificate for use on your ingress, this is the point you should do so as well if note using CertManager)
Step 3 - Deploy the Chart
Assuming you have created the value file as appropriate from above or for your specific use case the following list of commands should be sufficient to get you from start to finish.
kubectl create ns motar
helm install motar --version 3.1.0 oci://harbor.dynepic.net/helmrelease/motar -f your_values.yaml -n motarStep 4 - Access the Site
At this step, if you correctly configured your networking to allow DNS routing to the hosting device , everything is up and running you should be able to access the https://admin.motarghost.com.
You have completed HELM setup and may continue to Step 3 - Access your MOTAR Instance
NodePort
If using a NodePort configuration for your ingress controller you will need to ensure you have the networking appropriately set such that traffic goes to the correct port within your deployed environment. Here is a sample way of setting this all up using an nginx-reverse proxy.
Install the required services.
bash
sudo apt update
sudo apt install nginx
sudo apt install libnginx-mod-stream
sudo vim /etc/nginx/nginx.confInclude the proxy passthrough.
Append outside the http block `include /etc/nginx/passthrough.conf;` It should look something like this:
http {
# default configuration
}
include /etc/nginx/passthrough.conf;Declare the proxy passthrough.
Now we need to create the /etc/nginx/passthrough.conf and we need to ensure the ports match the NodePort used in the value file. It will look something like:
stream {
server {
listen 80;
proxy_pass 127.0.0.1:31080;
}
server {
listen 443;
proxy_pass 127.0.0.1:31443;
}
}
Forward http to https with reverse proxy
If you would like to ensure all http traffic to your domain name is transferred to https you will further which to do the following.
Add the appropriate 301 to the sites-available.
`sudo vim /etc/nginx/sites-available/your.domain`
```
server {
if ($host ~ ^[^.]+\.your\.domain$) {
return 301 https://$host$request_uri;
}
listen 80;
}
```
Remove the default nginx site.
sudo rm /etc/nginx/sites-enab...Troubleshooting FAQ (As Needed)
If you are getting ‘bad address at line [any number] of /etc/dnsmasq.conf’ this could be from not having set a HOST_IP in the .env file. Please open your .env and add in your HOST_IP.
dnsmasq | dnsmasq: bad address at line 680 of /etc/dnsmasq.conf
Following the Installation and Tutorial Guide?If you are following along with the tutorial, you should be ready to access and configure your MOTAR Instance. Click the link below to return:
Last updated