Self-Hosting configure8

Configure8 Self-Hosted Helm Chart Deployment Guide

This guide delineates the steps to deploy the Configure8 (C8) application on a Kubernetes cluster using a Helm chart.

Requirements

  1. A running Kubernetes version 1.22 or above is required to guarantee compatibility with the C8 App. Ensure the cluster has public internet access to fetch Docker images from repositories, specifically from GitHub.

  2. A Kubernetes user with sufficient cluster access privileges is required to install the C8 app.

  3. A token provided by the C8 team is required for adding image pull secrets to the cluster.

  4. A MongoDB version 6.0 or above must be set up and accessible by the Kubernetes cluster.

  5. A RabbitMQ version 3.13 or above must be set up for managing message queues within the C8 application.

  6. An OpenSearch cluster version 2.5 or above must be set up for robust search functionality and data analytics within the C8 app.

  7. A Snowflake account must be set up to provide fast search capabilities and the ability to perform complex aggregations.

Step 1: Creating a Namespace

Isolate the C8 application by creating a Kubernetes namespace named "c8":

kubectl create namespace c8

Step 2: Create Docker Registry Secret

Create a Kubernetes secret to access the C8 Docker registry. Replace and with your specific token and email address, respectively:

kubectl create secret docker-registry c8-docker-registry-secret \
--docker-server=ghcr.io \
--docker-username=c8-user \
--docker-password=<Token provided to you by the C8 team> \
--docker-email=<your email>` \
-n c8

Step 3: Create C8 Application Secret

Generate a Kubernetes secret for the C8 application, which will contain sensitive data such as API keys and database credentials. Replace 'value' with the actual values:

kubectl create secret generic c8-secret \
    --from-literal=API_KEY='value' \
    --from-literal=CRYPTO_IV='value' \
    --from-literal=CRYPTO_SECRET='value' \
    --from-literal=JWT_SECRET='value' \
    --from-literal=DB_USERNAME='value' \
    --from-literal=DB_PASSWORD='value' \
    --from-literal=RABBITMQ_USERNAME='value' \
    --from-literal=RABBITMQ_PASSWORD='value' \
    --from-literal=SMTP_USERNAME='value' \
    --from-literal=SMTP_PASSWORD='value' \
    --from-literal=SF_USERNAME='value' \
    --from-literal=SF_PASSWORD='value' \
    -n c8 --dry-run=client -o yaml | kubectl apply -f -

Secrets Description

Warning You need to generate your own API_KEY, CRYPTO_IV, JWT_SECRET, and CRYPTO_SECRET which can be any cryptographically secure random string. Feel free to refer to Open Web Application Security Project (OWASP) for secure random number generation recommendations: https://cheatsheetseries.owasp.org/cheatsheets/Cryptographic_Storage_Cheat_Sheet.html#secure-random-number-generation

CRYPTO_IV:

The initialization vector (iv) should be 16 bytes. You can generate it using Node.js's crypto module's randomBytes function. Here's how you might do it:

import crypto from 'crypto';
const iv = crypto.randomBytes(16);

This will generate a new, random 16-byte initialization vector each time it's run. Remember, each encryption operation should use a unique IV.

Step 4: Install the C8 Helm Chart

Step 4.1: Configure access for the discovery job

AWS

GCP (It can be configured after chart installation)

Azure (It can be configured after chart installation)

Step 4.2: Add Configure8 Chart Repository

Add the Configure8 chart repository and update it:

helm repo add c8 https://helm.configure8.io/store/
helm repo update

Install the Helm chart with the desired configurations. Replace the placeholders with your specific values:

Note The example below the uses discovery access type using GCP ServiceAccount (GKE) to access AWS

helm upgrade -i c8 c8/c8 \
    -n c8 \
    --set variables.AWS_REGION='value' \
    --set variables.DB_HOST='value' \
    --set variables.DB_DATABASE='value' \
    --set variables.DEEPLINK_URL='value' \
    --set variables.HOOKS_CALLBACK_URL='value' \
    --set variables.OPENSEARCH_NODE='value' \
    --set variables.RABBITMQ_HOST='value' \
    --set common.ingress.ingressClassName='value' \
    --set djm.serviceAccount.job_worker.annotations."iam\.gke\.io/gcp-service-account"="c8-backend@PROJECT_ID.iam.gserviceaccount.com" \
    --set backend.serviceAccount.annotations."iam\.gke\.io/gcp-service-account"="c8-djw@PROJECT_ID.iam.gserviceaccount.com"

Note The example below uses the discovery access type Using service account (EKS)

helm upgrade -i c8 c8/c8 \
    -n c8 \
    --set variables.AWS_REGION='value' \
    --set variables.DB_HOST='value' \
    --set variables.DB_DATABASE='value' \
    --set variables.DEEPLINK_URL='value' \
    --set variables.HOOKS_CALLBACK_URL='value' \
    --set variables.OPENSEARCH_NODE='value' \
    --set variables.RABBITMQ_HOST='value' \
    --set common.ingress.ingressClassName='value' \
    --set djm.serviceAccount.job_worker.annotations."eks\.amazonaws\.com/role-arn"='The IAM role was created above for the service account' \
    --set backend.serviceAccount.annotations."eks\.amazonaws\.com/role-arn"='The IAM role was created above for the service account'

Note The example below uses the discovery access type: Azure application, GCP service account, and AWS access keys.

helm upgrade -i c8 c8/c8 \
    -n c8 \
    --set variables.AWS_REGION='value' \
    --set variables.DB_HOST='value' \
    --set variables.DB_DATABASE='value' \
    --set variables.DEEPLINK_URL='value' \
    --set variables.HOOKS_CALLBACK_URL='value' \
    --set variables.OPENSEARCH_NODE='value' \
    --set variables.RABBITMQ_HOST='value' \
    --set common.ingress.ingressClassName='value'

Note Depending on the chosen discovery access type, the serviceAccount parameters can be overridden

Once you successfully install a Helm chart that includes Ingress configurations, the next vital step is to establish a CNAME record in your DNS settings. This is essential to map your domain name to the Ingress controller's service endpoint.

Ensuring that the DNS propagates the new record correctly and securely linking it via TLS/SSL certificates (if applicable) will bolster both usability and security for end-users navigating to your c8 applications.

Application Variables

The table below lists the key application variables that can be configured during deployment:

The C8 Helm Chart Parameters

The table below shows configurable parameters when deploying the C8 Helm chart:

Last updated

Copyright © 2023 configure8, Inc. All rights reserved.