scottk/deployment
1
0
Fork 0
mirror of https://github.com/outbackdingo/deployment.git synced 2026-03-21 18:41:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
44 Commits 1 Branch 0 Tags
ed0a43ba771582f3f19f5eaaca8be868e17c8575
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Cedric Verstraeten ed0a43ba77 Update README.microk8s.md
2024-08-11 17:30:50 +02:00
data-filtering-deployment.yaml
Update data-filtering-deployment.yaml
2024-08-10 23:50:46 +02:00
kerberos-agent-deployment.yaml
update
2024-08-10 19:36:13 +02:00
kerberos-vault-deployment.yaml
update to node port
2024-08-09 09:14:18 +02:00
minio-tenant-base.yaml
updates
2024-08-09 23:51:07 +02:00
mongodb-config.yaml
fix password
2024-08-09 09:16:02 +02:00
mongodb-values.yaml
Update mongodb-values.yaml
2024-08-09 09:02:00 +02:00
rabbitmq-values.yaml
Update rabbitmq-values.yaml
2024-08-10 08:54:11 +02:00
README.k8s.md
add docs
2024-08-11 08:52:30 +02:00
README.microk8s.md
Update README.microk8s.md
2024-08-11 17:30:50 +02:00

README.microk8s.md

Edge deployment on microk8s

MicroK8s is a lightweight, fast, and secure Kubernetes distribution designed for developers and edge computing use cases. Developed by Canonical, MicroK8s is a minimalistic version of Kubernetes that can be installed with a single command and runs on various platforms, including Linux, macOS, and Windows. It is ideal for local development, CI/CD pipelines, IoT, and edge deployments due to its small footprint and ease of use. MicroK8s includes essential Kubernetes components and add-ons, such as DNS, storage, and the Kubernetes dashboard, making it a convenient choice for both beginners and experienced Kubernetes users.

In this tutorial, we will guide you through the installation of the Kerberos.io edge stack, which includes the Kerberos Agent, Kerberos Vault, and the Data Filtering Service. This setup enables the storage of recordings from multiple cameras at the edge, facilitating local data processing and ensuring secure and efficient management of video streams.

Install Microk8s

To install MicroK8s on your system, follow these steps. First, ensure that you have snapd installed on your machine. If not, you can install it using the following command:

To install MicroK8s on your system, follow these steps.

  1. Ensure that you have snapd installed on your machine. If not, you can install it using the following command:

    sudo apt update
sudo apt install snapd

  2. Install MicroK8s. Once snapd is installed, you can install MicroK8s with:

    sudo snap install microk8s --classic

  3. Add your user to the microk8s group. This step is necessary to avoid using sudo for MicroK8s commands:

    sudo usermod -a -G microk8s $USER
sudo chown -f -R $USER ~/.kube

  4. Apply the new group membership. You need to re-enter your session for the group change to take effect:

    su - $USER

  5. Check the status of MicroK8s. Ensure that MicroK8s is running correctly:

    microk8s status --wait-ready

  6. Add an alias for kubectl as microk8s:

To simplify the usage of kubectl with MicroK8s, you can create an alias. This allows you to use the kubectl command without needing to prefix it with microk8s. every time. Add the following line to your shell configuration file (e.g., .bashrc, .zshrc):

alias kubectl='microk8s kubectl'

or use the snap command:

sudo snap alias microk8s.kubectl kubectl

For more detailed instructions and troubleshooting, please refer to the official MicroK8s documentation.

Dependencies

When installing the Kerberos.io stack, several dependencies are required for storage, such as a database (e.g., MongoDB) and a message broker (e.g., RabbitMQ) for asynchronous behavior. We will install these components before setting up the Kerberos Agents and Kerberos Vault.

One of the key advantages of MicroK8s is its out-of-the-box addons, which can be enabled with a single command. This eliminates the need for complex Helm charts or operators, simplifying the setup process. We will enable some common services, such as DNS, GPU support, and storage, to streamline the installation.

microk8s enable dns
microk8s enable dashboard
microk8s enable gpu
microk8s enable hostpath-storage

You can verify the status of the enabled addons by running the following command:

microk8s.status

Or view the pod status with:

kubectl get po -w -A

Object storage: MinIO

MinIO is a high-performance, distributed object storage system that is compatible with Amazon S3 cloud storage service. It is designed to handle large-scale data storage and retrieval, making it an ideal choice for modern cloud-native applications.

In the context of the Kerberos.io stack, MinIO will be used to store recordings from the Kerberos Agents. These recordings are crucial for surveillance and monitoring purposes, and having a reliable storage solution like MinIO ensures that the data is stored securely and can be accessed efficiently.

kubectl create namespace minio-tenant

kubectl apply -k github.com/minio/operator\?ref=v6.0.1

Next we'll create a tenant

sed -i 's/openebs-hostpath/microk8s-hostpath/g' ./minio-tenant-base.yaml
kubectl apply -f minio-tenant-base.yaml

We create a bucket in the minio tenant

kubectl port-forward svc/myminio-hl 9000 -n minio-tenant

You might need to install the minio client if not yet available.

curl https://dl.min.io/client/mc/release/linux-amd64/mc \
  --create-dirs \
  -o $HOME/minio-binaries/mc

chmod +x $HOME/minio-binaries/mc
export PATH=$PATH:$HOME/minio-binaries/

mc alias set myminio https://localhost:9000 minio minio123 --insecure
mc mb myminio/mybucket --insecure

or if not possible we will access the minio console using a reverse tunnel.

kubectl port-forward svc/myminio-console -n minio-tenant 8080:9090
ssh -L 8080:localhost:8080 youruser@x.x.x.x

Database: MongoDB

When using Kerberos Vault, it will persist references to the recordings stored in your storage provider in a MongoDB database. As used before, we are using helm to install MongoDB in our Kubernetes cluster. Within the Kerberos Vault project we are using the latest official mongodb driver, so we support all major MongoDB versions (4.x, 5.x, 6.x, 7.x).

Have a look into the ./mongodb-values.yaml file, you will find plenty of configurations for the MongoDB helm chart. To change the username and password of the MongoDB instance, go ahead and find the attribute where you can change the root password. Please note that we are using the official Bitnami Mongodb helm chart, so please use their repository for more indepth configuration.

Next to that you might also consider a SaaS MongoDB deployment using MongoDB Atlas or using a managed cloud like AWS, GCP, Azure or Alibaba cloud. A managed service takes away a lot of management and maintenance from your side (backups, security, sharing, etc). If you do want to install MongoDB in your own cluster then please continue with this tutorial.

microk8s helm repo add bitnami https://charts.bitnami.com/bitnami
kubectl create namespace mongodb

Note: If you are installing a self-hosted Kubernetes cluster, we recommend using openebs. Therefore make sure to uncomment the global.storageClass attribute, and make sure it's using microk8s-hostpath instead.

sed -i 's/openebs-hostpath/microk8s-hostpath/g' ./mongodb-values.yaml
microk8s helm install mongodb -n mongodb bitnami/mongodb --values ./mongodb-values.yaml

Or after updating the ./mongodb-values.yaml file again

microk8s helm upgrade mongodb -n mongodb bitnami/mongodb --values ./mongodb-values.yaml

Message broker: RabbitMQ

 kubectl create namespace rabbitmq

sed -i 's/openebs-hostpath/microk8s-hostpath/g' ./rabbitmq-values.yaml
microk8s helm install rabbitmq bitnami/rabbitmq -n rabbitmq -f rabbitmq-values.yaml
kubectl get po -A -w

microk8s helm upgrade rabbitmq bitnami/rabbitmq -n rabbitmq -f rabbitmq-values.yaml

microk8s helm del rabbitmq -n rabbitmq

Kerberos Vautl

Config Map

Kerberos Vault requires a configuration to connect to the MongoDB instance. To handle this configmap map is created in the ./mongodb/mongodb.config.yaml file. However you might also use the environment variables within the ./kerberos-vault/deployment.yaml file to configure the mongodb connection.

Modify the MongoDB credentials in the ./mongodb/mongodb.config.yaml, and make sure they match the credentials of your MongoDB instance, as described above. There are two ways of configuring the mongodb connection, either you provide a MONGODB_URI or you specify the individual variables MONGODB_USERNAME, MONGODB_PASSWORD, etc.

As mentioned above a managed MongoDB is easier to setup and manage, for example for MongoDB Atlas, you will get a MongoDB URI in the form of "mongodb+srv://xx:xx@kerberos-hub.xxx.mongodb.net/?retryWrites=true&w=majority&appName=xxx". By applying this value into the MONGODB_URI field, you will have setup your MongoDB connection successfully.

    - name: MONGODB_URI
      value: "mongodb+srv://xx:xx@kerberos-hub.xxx.mongodb.net/?retryWrites=true&w=majority&appName=xxx"

Once you applied this value, the other values like MONGODB_USERNAME, MONGODB_PASSWORD and others will be ignored. If you don't like the MONGODB_URI format you can still use the old way of defining the MongoDB connection by providing the different values.

    - name: MONGODB_USERNAME
      value: "root"
    - name: MONGODB_PASSWORD
-->   value: "yourmongodbpassword"

Create the config map in the kerberos-vault namespace.

kubectl create namespace kerberos-vault
kubectl apply -f ./mongodb-config.yaml -n kerberos-vault

Deployment

To install the Kerberos Vault web app inside your cluster, simply execute below kubectl command. This will create the deployment for us with the necessary configurations, and exposed it on internal/external IP address, thanks to our LoadBalancer MetalLB or cloud provider.

kubectl apply -f ./kerberos-vault-deployment.yaml -n kerberos-vault

Access the UI

If you have chosen to use the NodePort configuration you should be able to reach the Kerberos Vault using the http://localhost:30080 endpoint in your browser. However if you have a server installation without a GUI, you might choose to do a reverse proxy so you can open the browser on your local machine.

ssh -L 8080:localhost:30080 user@server-ip -p 22

Configure the Kerberos Vault

..... (should be done through env files so we do not need to get in the UI) create the minio provider, add integration

  • Add storage provider

    • Minio
      • Provider name: minio
      • Bucket name: mybucket
      • Region: na
      • Hostname: myminio-hl.minio-tenant:9000
      • Access key: minio
      • Secret key: minio123

  • Add an integration

    • RabbitMQ
      • Integration name: rabbitmq
      • Broker: rabbitmq.rabbitmq:5672
      • Exchange:
      • Queue: data-filtering
      • Username: yourusername
      • Password: yourpassword

  • Add an account

    • Account name: myaccount
    • Main provider: minio
    • Day limit: 30
    • Integration: rabbitmq
    • Directory: *
    • Access key: XJoi2@bgSOvOYBy#
    • Secret key: OGGqat4lXRpL@9XBYc8FUaId@5

Create an agent

Create the data filtering

add forwarding integration

Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme 3.8 MiB
Languages
HTML 98.6%
Shell 0.9%
Dockerfile 0.5%