Self-Hosting configure8
Configure8 Self-Hosted Helm Chart Deployment Guide
This guide delineates the steps to deploy the Configure8 (C8) application on a Kubernetes cluster using a Helm chart.
Requirements
A running Kubernetes version 1.22 or above is required to guarantee compatibility with the C8 App. Ensure the cluster has public internet access to fetch Docker images from repositories, specifically from GitHub.
A Kubernetes user with sufficient cluster access privileges is required to install the C8 app.
The Helm Package Manager.
The Kubectl
The AWS CLI
A token provided by the C8 team is required for adding image pull secrets to the cluster.
A MongoDB version 6.0 or above must be set up and accessible by the Kubernetes cluster.
A RabbitMQ version 3.13 or above must be set up for managing message queues within the C8 application.
An OpenSearch cluster version 2.5 or above must be set up for robust search functionality and data analytics within the C8 app.
A Snowflake account must be set up to provide fast search capabilities and the ability to perform complex aggregations.
Step 1: Creating a Namespace
Isolate the C8 application by creating a Kubernetes namespace named "c8":
Step 2: Create Docker Registry Secret
Create a Kubernetes secret to access the C8 Docker registry. Replace and with your specific token and email address, respectively:
Step 3: Create C8 Application Secret
Generate a Kubernetes secret for the C8 application, which will contain sensitive data such as API keys and database credentials. Replace 'value' with the actual values:
Secrets Description
Warning You need to generate your own API_KEY, CRYPTO_IV, JWT_SECRET, and CRYPTO_SECRET which can be any cryptographically secure random string. Feel free to refer to Open Web Application Security Project (OWASP) for secure random number generation recommendations: https://cheatsheetseries.owasp.org/cheatsheets/Cryptographic_Storage_Cheat_Sheet.html#secure-random-number-generation
CRYPTO_IV:
The initialization vector (iv
) should be 16 bytes. You can generate it using Node.js's crypto
module's randomBytes
function. Here's how you might do it:
This will generate a new, random 16-byte initialization vector each time it's run. Remember, each encryption operation should use a unique IV.
Step 4: Install the C8 Helm Chart
Step 4.1: Configure access for the discovery job
AWS
GCP (It can be configured after chart installation)
Azure (It can be configured after chart installation)
Step 4.2: Add Configure8 Chart Repository
Add the Configure8 chart repository and update it:
Install the Helm chart with the desired configurations. Replace the placeholders with your specific values:
Note The example below the uses discovery access type using GCP ServiceAccount (GKE) to access AWS
Note The example below uses the discovery access type Using service account (EKS)
Note The example below uses the discovery access type: Azure application, GCP service account, and AWS access keys.
Note Depending on the chosen discovery access type, the serviceAccount parameters can be overridden
Once you successfully install a Helm chart that includes Ingress configurations, the next vital step is to establish a CNAME record in your DNS settings. This is essential to map your domain name to the Ingress controller's service endpoint.
Ensuring that the DNS propagates the new record correctly and securely linking it via TLS/SSL certificates (if applicable) will bolster both usability and security for end-users navigating to your c8 applications.
Application Variables
The table below lists the key application variables that can be configured during deployment:
The C8 Helm Chart Parameters
The table below shows configurable parameters when deploying the C8 Helm chart:
Last updated