Skip to content

Commit

Permalink
docs: add initial k8s docs
Browse files Browse the repository at this point in the history
  • Loading branch information
@moabu
moabu committed Jan 11, 2023
1 parent a2ddd9e commit 3562826
Show file tree
Hide file tree
Showing 20 changed files with 1,805 additions and 187 deletions.
14 changes: 7 additions & 7 deletions automation/docs/generated-cn-docs.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,17 +16,17 @@ cd ..
helm-docs flex-cn-setup/pygluu/kubernetes/templates/helm/
rm -rf helmtemp
echo "Copying Helm chart Readme to helm-chart.md"
cp ./flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/README.md ./docs/admin/reference/kubernetes/helm-chart.md
cp ./flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/README.md ./docs/reference/kubernetes/helm-chart.md
echo "Adding keywords to helm-chart"
sed -i '1 s/^/---\ntags:\n - administration\n - reference\n - kubernetes\n---\n/' ./docs/admin/reference/kubernetes/helm-chart.md
sed -i '1 s/^/---\ntags:\n - administration\n - reference\n - kubernetes\n---\n/' ./docs/reference/kubernetes/helm-chart.md
echo "Copying docker-monolith main README.md to compose.md"
cp ./docker-jans-monolith/README.md ./docs/admin/install/docker-install/compose.md
cp ./docker-jans-monolith/README.md ./docs/install/docker-install/compose.md
echo "Copying docker images Readme to respective image md"
# cp docker files main README.md
docker_images="docker-jans-auth-server docker-jans-certmanager docker-jans-config-api docker-jans-configurator docker-jans-fido2 docker-jans-persistence-loader docker-jans-scim docker-jans-monolith"
docker_images="docker-casa docker-admin-ui docker-jans-monolith"
for image in $docker_images;do
cp ./"$image"/README.md ./docs/admin/reference/kubernetes/"$image".md
cp ./"$image"/README.md ./docs/reference/kubernetes/"$image".md
done
echo "cp docker-opendj main README.md"
wget https://raw.githubusercontent.com/GluuFederation/docker-opendj/5.0/README.md -O ./docs/admin/reference/kubernetes/docker-opendj.md
sed -i '1 s/^/---\ntags:\n - administration\n - reference\n - kubernetes\n - docker image\n---\n/' ./docs/admin/reference/kubernetes/docker-opendj.md
wget https://raw.githubusercontent.com/GluuFederation/docker-opendj/5.0/README.md -O ./docs/reference/kubernetes/docker-opendj.md
sed -i '1 s/^/---\ntags:\n - administration\n - reference\n - kubernetes\n - docker image\n---\n/' ./docs/reference/kubernetes/docker-opendj.md
2 changes: 2 additions & 0 deletions docs/assets/flex-arch-diagram.drawio.xml
View file

Large diffs are not rendered by default.

3 changes: 3 additions & 0 deletions docs/assets/flex-arch-diagram.svg
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
0 docs/assets/favicon.ico → docs/assets/logo/favicon.ico
View file
File renamed without changes.
0 docs/assets/gluu.jpg → docs/assets/logo/gluu.jpg
View file
File renamed without changes
0 docs/assets/gluu.png → docs/assets/logo/gluu.png
View file
File renamed without changes
19 changes: 17 additions & 2 deletions docs/install/helm-install/README.md
View file
Original file line number Diff line number Diff line change
@@ -1,2 +1,17 @@
## Where is this content?
The Gluu Flex documentation is a work in progress, and this document is currently a draft. Keep an eye on this page for updates.
---
tags:
- administration
- installation
- helm
---

# Overview

Gluu Flex enables organizations to build a scalable centralized authentication and authorization service using free open source software.

The components of the project include client and server implementations of the OAuth, OpenID Connect, SCIM and FIDO standards.

All these components are deployed using Gluu [helm chart](https://github.com/GluuFederation/flex/blob/main/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu).

You can check the [reference](../../reference/kubernetes/helm-chart.md) guide to view the list of the chart components and values.

368 changes: 204 additions & 164 deletions docs/install/helm-install/amazon-eks.md
View file

Large diffs are not rendered by default.

224 changes: 222 additions & 2 deletions docs/install/helm-install/google-gke.md
View file
Original file line number Diff line number Diff line change
@@ -1,2 +1,222 @@
## Where is this content?
The Gluu Flex documentation is a work in progress, and this document is currently a draft. Keep an eye on this page for updates.
---
tags:
- administration
- installation
- helm
- GKE
- Google Cloud
- GCP
---

# Install Gluu on GKE

## System Requirements

The resources may be set to the minimum as below:

- 8 GiB RAM
- 8 CPU cores
- 50GB hard-disk

Use the listing below for detailed estimation of minimum required resources. Table contains the default resources recommendations per service. Depending on the use of each service the resources needs may be increase or decrease.

| Service | CPU Unit | RAM | Disk Space | Processor Type | Required |
|-------------------|----------|-------|------------|----------------|------------------------------------|
| Auth server | 2.5 | 2.5GB | N/A | 64 Bit | Yes |
| LDAP (OpenDJ) | 1.5 | 2GB | 10GB | 64 Bit | Only if couchbase is not installed |
| fido2 | 0.5 | 0.5GB | N/A | 64 Bit | No |
| scim | 1.0 | 1.0GB | N/A | 64 Bit | No |
| config - job | 0.5 | 0.5GB | N/A | 64 Bit | Yes on fresh installs |
| persistence - job | 0.5 | 0.5GB | N/A | 64 Bit | Yes on fresh installs |
| nginx | 1 | 1GB | N/A | 64 Bit | Yes if not ALB |
| auth-key-rotation | 0.3 | 0.3GB | N/A | 64 Bit | No [Strongly recommended] |
| config-api | 1 | 1GB | N/A | 64 Bit | No |
| casa | 1 | 1GB | N/A | 64 Bit | No |
| admin-ui | 2 | 2GB | N/A | 64 Bit | No |

Releases of images are in style 1.0.0-beta.0, 1.0.0-0

## Initial Setup

1. If you are using Cloud Shell, you can skip to step 4.

2. Install [gcloud](https://cloud.google.com/sdk/docs/quickstarts)

3. Install kubectl using `gcloud components install kubectl` command

4. Create cluster using a command such as the following example:

```
gcloud container clusters create gluu-cluster --num-nodes 2 --machine-type e2-highcpu-8 --zone us-west1-a
```
You can adjust `num-nodes` and `machine-type` as per your desired cluster size
5. Install [Helm3](https://helm.sh/docs/intro/install/)
6. Create `gluu` namespace where our resources will reside
```
kubectl create namespace gluu
```
## Gluu Installation using Helm
1. Install [Nginx-Ingress](https://github.com/kubernetes/ingress-nginx), if you are not using Istio ingress
```
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo add stable https://charts.helm.sh/stable
helm repo update
helm install nginx ingress-nginx/ingress-nginx
```
2. Create a file named `override.yaml` and add changes as per your desired configuration:
- FQDN/domain is *not* registered:
Get the Loadbalancer IP:
```
kubectl get svc nginx-ingress-nginx-controller --output jsonpath='{.status.loadBalancer.ingress[0].ip}'
```
Add the following yaml snippet to your `override.yaml` file:
```yaml
global:
lbIp: #Add the Loadbalance IP from the previous command
isFqdnRegistered: false
```
- FQDN/domain is registered:
Add the following yaml snippet to your `override.yaml` file`:
```yaml
global:
lbIp: #Add the LoadBalancer IP from the previous command
isFqdnRegistered: true
fqdn: demoexample.gluu.org #CHANGE-THIS to the FQDN used for Gluu
nginx-ingress:
ingress:
path: /
hosts:
- demoexample.gluu.org #CHANGE-THIS to the FQDN used for Gluu
tls:
- secretName: tls-certificate
hosts:
- demoexample.gluu.org #CHANGE-THIS to the FQDN used for Gluu
```
- LDAP/Opendj for persistence storage
Add the following yaml snippet to your `override.yaml` file:
```yaml
global:
cnPersistenceType: ldap
storageClass:
provisioner: kubernetes.io/gce-pd
opendj:
enabled: true
```
So if your desired configuration has no-FQDN and LDAP, the final `override.yaml` file will look something like that:
```yaml
global:
cnPersistenceType: ldap
lbIp: #Add the Loadbalancer IP from the previous command
isFqdnRegistered: false
storageClass:
provisioner: kubernetes.io/gce-pd
opendj:
enabled: true
nginx-ingress:
ingress:
path: /
hosts:
- demoexample.gluu.org #CHANGE-THIS to the FQDN used for Gluu
tls:
- secretName: tls-certificate
hosts:
- demoexample.gluu.org #CHANGE-THIS to the FQDN used for Gluu
```
- MySQL for persistence storage
In a production environment, a production grade MySQL server should be used such as `Cloud SQL`
For testing purposes, you can deploy it on the GKE cluster using the following commands:
```
helm repo add bitnami https://charts.bitnami.com/bitnami
helm install my-release --set auth.rootPassword=Test1234#,auth.database=gluu bitnami/mysql -n gluu
```
Add the following yaml snippet to your `override.yaml` file:
```yaml
global:
cnPersistenceType: sql
config:
configmap:
cnSqlDbName: gluu
cnSqlDbPort: 3306
cnSqlDbDialect: mysql
cnSqlDbHost: my-release-mysql.gluu.svc
cnSqlDbUser: root
cnSqlDbTimezone: UTC
cnSqldbUserPassword: Test1234#
```
So if your desired configuration has FQDN and MySQL, the final `override.yaml` file will look something like that:
```yaml
global:
cnPersistenceType: sql
lbIp: "" #Add the LoadBalancer IP from previous command
isFqdnRegistered: true
fqdn: demoexample.gluu.org #CHANGE-THIS to the FQDN used for Gluu
nginx-ingress:
ingress:
path: /
hosts:
- demoexample.gluu.org #CHANGE-THIS to the FQDN used for Gluu
tls:
- secretName: tls-certificate
hosts:
- demoexample.gluu.org #CHANGE-THIS to the FQDN used for Gluu
config:
configmap:
cnSqlDbName: gluu
cnSqlDbPort: 3306
cnSqlDbDialect: mysql
cnSqlDbHost: my-release-mysql.gluu.svc
cnSqlDbUser: root
cnSqlDbTimezone: UTC
cnSqldbUserPassword: Test1234#
```
3. Install Gluu
After finishing all the tweaks to the `override.yaml` file, we can use it to install gluu.
```
helm repo add gluu-flex https://docs.gluu.org/charts
helm repo update
helm install gluu gluu-flex/gluu -n gluu -f override.yaml
```
60 changes: 58 additions & 2 deletions docs/install/helm-install/local.md
View file
Original file line number Diff line number Diff line change
@@ -1,2 +1,58 @@
## Where is this content?
The Gluu Flex documentation is a work in progress, and this document is currently a draft. Keep an eye on this page for updates.
---
tags:
- administration
- installation
- helm
---

# Install Gluu Server Locally with minikube and MicroK8s

## System Requirements

For local deployments like `minikube` and `MicroK8s` or cloud installations in demo mode, resources may be set to the minimum as below:

- 8GB RAM
- 4 CPU cores
- 50GB hard-disk

Use the listing below for detailed estimation of minimum required resources. Table contains the default resources recommendations per service. Depending on the use of each service the resources needs may be increase or decrease.

| Service | CPU Unit | RAM | Disk Space | Processor Type | Required |
|-------------------|----------|-------|------------|----------------|------------------------------------|
| Auth server | 2.5 | 2.5GB | N/A | 64 Bit | Yes |
| LDAP (OpenDJ) | 1.5 | 2GB | 10GB | 64 Bit | Only if couchbase is not installed |
| fido2 | 0.5 | 0.5GB | N/A | 64 Bit | No |
| scim | 1.0 | 1.0GB | N/A | 64 Bit | No |
| config - job | 0.5 | 0.5GB | N/A | 64 Bit | Yes on fresh installs |
| persistence - job | 0.5 | 0.5GB | N/A | 64 Bit | Yes on fresh installs |
| nginx | 1 | 1GB | N/A | 64 Bit | Yes if not ALB |
| auth-key-rotation | 0.3 | 0.3GB | N/A | 64 Bit | No [Strongly recommended] |
| config-api | 1 | 1GB | N/A | 64 Bit | No |
| casa | 1 | 1GB | N/A | 64 Bit | No |
| admin-ui | 2 | 2GB | N/A | 64 Bit | No |

Releases of images are in style 1.0.0-beta.0, 1.0.0-0

## Installation Steps

Start a fresh ubuntu `18.04` or `20.04` 4 CPU, 16 GB RAM, and 50GB SSD VM with ports `443` and `80` open. Then execute the following

```bash
sudo su -
```
```bash
wget https://raw.githubusercontent.com/GluuFederation/flex/vreplace-flex-version/automation/startflexmonolithdemo.sh && chmod u+x startflexmonolithdemo.sh && ./startflexmonolithdemo.sh
```

This will install docker, microk8s, helm and Gluu with the default settings that can be found inside [values.yaml](https://github.com/GluuFederation/flex/blob/main/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu).

The installer will automatically add a record to your hosts record in the VM but if you want access the endpoints outside the VM you must map the `ip` of the instance running ubuntu to the FQDN you provided and then access the endpoints at your browser such in the example in the table below.

| Service | Example endpoint |
|-------------|-------------------------------------------------|
| Auth server | `https://FQDN/.well-known/openid-configuration` |
| fido2 | `https://FQDN/.well-known/fido2-configuration` |
| scim | `https://FQDN/.well-known/scim-configuration` |
| Casa | `https://FQDN/casa` |
| Admin-UI | `https://FQDN/admin` |

Loading

0 comments on commit 3562826

Please sign in to comment.