Helm Chart Installation

Installation Requirements

  • Kubectl: Default Kubernetes CLI.
  • Helm: Application deployment is done using Helm 3. Download and install the Helm client binary to the workstation that you plan to use for GoodData.CN installation.
  • Permissions: You need admin-level permissions on two Kubernetes namespaces (described below):
    • pulsar - for Apache Pulsar deployment
    • gooddata-cn - for GoodData.CN deployment

Preparation

Choose Hostname

To make GoodData.CN accessible to users, you need a DNS hostname for the application Ingress resource. This hostname must belong to the domain you have under your control.

You may use, for example, gooddata-cn.company.com or analytics.company.com.

This hostname will be referred to as Ingress host later in this guide.

You may need an additional hostname for Dex, the OIDC provider bundled with the GoodData.CN helmchart. If you have your own OIDC provider, you do not need this additional hostname.

You may use, for example, auth.company.com.

If you do not use an External DNS as suggested above, add the new hostname to your DNS server manually.

The type of the record should be one of the following:

  • A - if you want to point to the IP address of the Load balancer representing your Ingress host
  • CNAME - if you want to refer to an existing Load balancer hostname.

Note that adding a DNS record is not necessary if you already have a matching wildcard DNS record pointing to your Load balancer (such as *.company.com in our example).

Get TLS Certificate

GoodData.CN does not use (Transport Layer Security) TLS encryption. Instead, it is assumed that the TLS encryption is terminated on the load balancer because hardware load balancers usually have highly optimized SSL accelerators and offer better throughput.

Use the standard process to get the TLS certificate for the Ingress hostname that you choose. This process may vary depending on the Certification Authority you are using. See TLS Configuration under Deployment Considerations.

You should have two files:

  • the public server certificate
  • the private server key

Upload both files to your Load balancer.

Note: It is possible that you already have a wildcard certificate matching your chosen Ingress hostname loaded into load balancer. In this case you don’t need another certificate and you can use the wildcard certificate to encrypt client traffic between your users and GoodData.CN.

Pull Application Images to Your Registry (Air-gapped installations only)

If your Kubernetes cluster runs in a secure, isolated environment without access to the Internet, you need to pull all required images from a GoodData docker registry and Docker hub, and push them to a private docker registry that your cluster can access.

You will need the following images:

  • Apache Pulsar
    • apachepulsar/pulsar:2.7.2
  • GoodData.CN
    • gooddata/afm-exec-api:${TAG}
    • gooddata/analytical-designer:${TAG}
    • gooddata/apidocs:${TAG}
    • gooddata/aqe:${TAG}
    • gooddata/auth-service:${TAG}
    • gooddata/dashboards:${TAG}
    • gooddata/home-ui:${TAG}
    • gooddata/ldm-modeler:${TAG}
    • gooddata/metadata-api:${TAG}
    • gooddata/result-cache:${TAG}
    • gooddata/scan-model:${TAG}
    • gooddata/sql-executor:${TAG}
    • gooddata/tools:${TAG}
    • gooddata/dex:${TAG}
    • docker.io/peterevans/curl-jq:1.0
    • docker.io/library/postgres:11.6
  • GoodData.CN subcharts
    • docker.io/bitnami/minideb:buster
    • docker.io/bitnami/pgpool:4.2.0-debian-10-r20
    • docker.io/bitnami/postgres-exporter:0.8.0-debian-10-r304
    • docker.io/bitnami/postgresql-repmgr:11.10.0-debian-10-r38
    • docker.io/oliver006/redis_exporter:v1.13.1
    • docker.io/library/redis:6.0.7-alpine

Note: The variable ${TAG} depends on the GoodData.CN release that you plan to install. You can obtain its value from Release Notes for the particular version of the GoodData.CN application.

Get Helm Charts

Pulsar is deployed from Apache’s Helm repository, so you need to register this repository within your Helm client first.

helm repo add apache https://pulsar.apache.org/charts

Response:

"apache" has been added to your repositories

Add the GoodData Helm repository.

helm repo add gooddata https://charts.gooddata.com/

Response:

"gooddata" has been added to your repositories

Create Kubernetes Namespaces

As a cluster administrator, create the following two namespaces:

Note: It is important to set the proper namespace label because Network Policies rely on it.

kubectl apply -f - << END
apiVersion: v1
kind: Namespace
metadata:
  name: pulsar
  labels:
    metadata.labels.kubernetes.io/metadata.name: pulsar
END

Response:

namespace/pulsar created

kubectl apply -f - << END
apiVersion: v1
kind: Namespace
metadata:
  name: gooddata-cn
  labels:
    metadata.labels.kubernetes.io/metadata.name: gooddata-cn
END

Response:

namespace/gooddata-cn created

For the rest of the installation process, the user running Helm has sufficient permissions in these two namespaces.

Install NGINX Ingress

If you already have your Kubernetes cluster with NGINX Ingress deployed, you do not need to perform any actions. GoodData.CN will work with your existing NGINX Ingress installation. Otherwise, it is required to deploy it.

Create NGINX Ingress Namespace

Note: It is important to set the proper namespace label because Network Policies rely on it.

kubectl apply -f - << END
apiVersion: v1
kind: Namespace
metadata:
  name: ingress-nginx
  labels:
    metadata.labels.kubernetes.io/metadata.name: ingress-nginx
END

Response:

namespace/ingress-nginx created

Add the NGINX Ingress Helm repository

helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx

Install the NGINX Ingress

helm -n ingress-nginx install ingress-nginx ingress-nginx/ingress-nginx \
  --set controller.replicaCount=2

Installation

Use Customized values.yaml for Pulsar

Apache Pulsar is a scalable high-performance message broker. Default values from the original Helm chart are oversized for our needs. To decrease the resource requirements, you should use the following customized settings:

Note: On air-gapped installations, update all occurrences of apachepulsar/pulsar to point to your local Docker registry.

Note: Update storageClassName according to your setup (see kubectl get storageclass output). The storageClass will differ on different cloud providers and Kubernetes installations.

# file name: customized-values-pulsar.yaml
components:
  functions: false
  proxy: false
  pulsar_manager: false
  toolset: false
monitoring:
  alert_manager: false
  grafana: false
  node_exporter: false
  prometheus: false
images:
  autorecovery:
    repository: apachepulsar/pulsar
  bookie:
    repository: apachepulsar/pulsar
  broker:
    repository: apachepulsar/pulsar
  zookeeper:
    repository: apachepulsar/pulsar
zookeeper:
  volumes:
    data:
      name: data
      size: 2Gi
      storageClassName: mystorageclass
bookkeeper:
  configData:
    PULSAR_MEM: >
            -Xms128m -Xmx256m -XX:MaxDirectMemorySize=128m
  metadata:
    image:
      repository: apachepulsar/pulsar
  replicaCount: 3
  resources:
    requests:
      cpu: 0.2
      memory: 128Mi
  volumes:
    journal:
      name: journal
      size: 5Gi
      storageClassName: mystorageclass
    ledgers:
      name: ledgers
      size: 5Gi
      storageClassName: mystorageclass
pulsar_metadata:
  image:
    repository: apachepulsar/pulsar
broker:
  configData:
    PULSAR_MEM: >
            -Xms128m -Xmx256m -XX:MaxDirectMemorySize=128m
    subscriptionExpirationTimeMinutes: "5"
    webSocketServiceEnabled: "true"
  replicaCount: 2
  resources:
    requests:
      cpu: 0.2
      memory: 256Mi

Apache Pulsar Chart

This command will deploy Apache Pulsar from extracted Helm chart directory ./pulsar. We recommend version 2.7.2 since it was tested with GoodData.CN.

helm install --namespace pulsar --version 2.7.2 \
    -f customized-values-pulsar.yaml --set initialize=true \
    pulsar apache/pulsar

Prepare Customized values.yaml for GoodData.CN

To support a broad variety of deployment options, the GoodData.CN Helm chart offers multiple parameters that you may tune to fit your environment. Check default values in the Helm chart to see further options.

Option1: Installations with SaaS Redis and Postgres

If you are running in public cloud that offers Redis and Postgres as a service and you have decided to use these services, do not deploy the Redis and Postgres subcharts. Refer to Environment Setup for the Redis and Postgres installations in the public clouds.

# file name: customized-values-gooddata-cn.yaml

service:
  redis:
    hosts:
      - redis.cache
    port: 6379
    clusterMode: false
  postgres:
    host: postgres.database
    port: 5432
    username: postgres@gooddata-cn-pg
    password: <PG_ADMIN_PASSWORD>

deployRedisHA: false
deployPostgresHA: false

Option2: Installations with included Redis and Postgress

If you do not have the possibility to use Redis and Postgress as a service or you simply do not want to, then deploy the Redis and Postgres subcharts (default).

# file name: customized-values-gooddata-cn.yaml

deployRedisHA: true
deployPostgresHA: true

Dex identity provider settings

Based on your assessment in the Deployment Considerations section you may need to setup the Dex. You need to setup the hostname for the Ingress, the authHost, and the certificate for the Dex, being it either the secret containing the certificate or annotation for the CertManager which will provide the certificate.

dex:
  ingress:
    authHost: 'auth.company.com'
    tls:
      authSecretName: gooddata-cn-auth-tls
    annotations:
      kubernetes.io/ingress.class: nginx
    #  cert-manager.io/cluster-issuer: letsencrypt-production

Note: If you do not want to use the default storageClass of your Kubernetes cluster for Redis and/or Postgres helm charts, you need to set storageClass according to your setup (see kubectl get storageclass output).

redis-ha:
  persistentVolume:
    storageClass: mystorageclass
postgresql-ha:
  persistence:
    storageClass: mystorageclass

Note: On air-gapped clusters, you need to override all images so they are fetched from your local Docker registry:

image:
  # this is where GoodData.CN images are stored
  repositoryPrefix: "registry.company.com/gooddata"
  # this is where DockerHub repositories are stored
  dockerhubPrefix: "registry.company.com/dockermirror"

# For postgresql-ha subchart, if used
global:
  # usually the same as image.dockerhubPrefix
  imageRegistry: "registry.company.com/dockermirror"

# Used for redis-ha subchart, if used
redis-ha:
  image:
    repository: "registry.company.com/dockermirror/redis"
  exporter:
    image: "registry.company.com/dockermirror/redis_exporter"

# Used for dex component, if used
dex:
  image:
    name: "registry.company.com/dockermirror/dex"

Add License Key

GoodData.CN requires a valid license key. Use the key you received from GoodData. You have two options for how to pass the license key during Helm chart installation:

  • Directly pass the license key using custom values file:
    license:
  key: "key/eyJhY2NvdW50I...a very long string...IGfMjaRJZcg=="
  • Or use a pre-created Kubernetes Secret resource containing the license key:
    • Create a Secret in the gooddata-cn namespace:
      kubectl -n gooddata-cn create secret generic gooddata-cn-license \
--from-literal=license=key/eyJhY2NvdW50I...a very long string...IGfMjaRJZcg==
    • Assign the secret with the license key to your custom values file:
      license:
  existingSecret: gooddata-cn-license

GoodData.CN Application Chart

This command will deploy GoodData.CN from extracted Helm chart directory ./gooddata-cn.

helm install --version 1.2.0 --namespace gooddata-cn --wait \
  -f customized-values-gooddata-cn.yaml gooddata-cn gooddata/gooddata-cn

Response:

Release "gooddata-cn" has been installed. Happy Helming!
NAME: gooddata-cn
LAST DEPLOYED: Thu Mar 26 14:32:44 2020
NAMESPACE: gooddata-cn
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
Congratulations, you have just deployed GoodData.CN to your Kubernetes cluster.

All necessary services are up and running in your Kubernetes cluster now.

Requirements
Helm Chart Options