3. Installation#
This section describes the installation and deployment of Univention Nubus in a Kubernetes cluster.
Before you begin, make sure you meet the requirements outlined in Requirements. Choose one of the following scenarios:
Depending on the planned scenario, you need information from the cluster operator, such as endpoints to services and the corresponding authentication credentials. Finally, the section Deploying Nubus describes the deployment step-by-step with the respective commands.
3.1. Deploy requirements based on examples included in Nubus#
In this setup, you deploy the requirements for Nubus based on examples included in Nubus. This setup is good for getting started with Nubus and for demonstration.
For production use, you need to consider your own concepts for redundancy, failover, and security. For more information, see Use requirements provided by Kubernetes cluster.
By default, Nubus bundles the following services unless configured otherwise:
S3-compatible object storage with MinIO
Relational database with PostgreSQL for the Notifications API in the Univention Portal
Relational database with PostgreSQL for the UMC Server
Relational database with PostgreSQL for Keycloak
Key-value store with Memcached for the UMC Server
Nubus provides a set of default configuration values in the Helm Chart.
Copy the demo_values.yaml file and customize the domain portal.local-cluster.test to your needs.
$ cp helm/ums/demo_values.yaml helm/ums/custom_values.yaml
After you have configured all dependencies, proceed with the steps described in Deploying Nubus.
Note
Each service offers a bundled database.
Recommendation for a production environment: use a database management system for all services with concepts for redundancy, failover, and more, depending on your needs.
For more information about this use case, see Use requirements provided by Kubernetes cluster.
3.2. Use requirements provided by Kubernetes cluster#
The deployment of the default configuration assumes that your cluster provides the components Nubus depends on as described in Kubernetes cluster.
Note
You may base your configuration on the demo_values.yaml file provided in the Helm Chart.
Create custom_values.yaml file and adjust the values to your needs,
as shown in Listing 3.4.
To make Nubus use the existing deployed services from the Kubernetes cluster, deactivate the following services in the Helm Chart configuration. Ask your cluster operator to provide the required configuration values for these services:
minio:
enabled: false
umc-server:
memcached:
bundled: false
postgresql:
bundled: false
keycloak-postgresql:
enabled: false
notifications-api:
postgresql:
bundled: false
Then, provide custom values for the following services:
- S3-compatible object storage:
endpoint, bucket, access key ID, and secret for the access key ID.
Portal Listener
Portal Server
Stack Gateway configuration for serving public object storage icons.
- Relational database management system
with databases, one for each of the following services:
Keycloak
Notifications API
UMC Server
Now you have configured all dependencies, proceed with the steps described in Deploying Nubus.
3.3. Use external PostgreSQL database#
This section describes, how you can use an external PostgreSQL database management system for all services. Use this configuration, if you have a PostgreSQL database cluster already in place, with redundancy and failover mechanisms.
To configure an external PostgreSQL database,
you need to provide the connection details in the Helm Chart configuration in your
custom_values.yaml file
as outlined in Listing 3.3.
Replace the following placeholders with your configuration values:
custom-host:The hostname to the external PostgreSQL database management system.
custom-database:The database within PostgreSQL to use for the respective service.
custom-username:The username for authentication to the PostgreSQL database for the respective service.
custom-password:The password for the username to authenticate for the PostgreSQL database.
umc-server:
postgresql:
# Disables the bundled PostgreSQL database
bundled: false
connection:
host: "custom-host"
port: 5432
auth:
username: "custom-username"
database: "custom-database"
password: "custom-password"
postgresPassword: "custom-password"
keycloak-postgresql:
# Disables the bundled PostgreSQL database
enabled: false
keycloak:
config:
database:
host: "custom-host"
port: 5432
username: "custom-username"
database: "custom-database"
existingSecret:
name: "not-ums-keycloak-postgresql-credentials"
key: "keycloakDatabasePassword"
notifications-api:
postgresql:
# Disables the bundled PostgreSQL database
bundled: false
connection:
host: "custom-host"
port: 5432
auth:
username: "custom-username"
database: "custom-database"
# Point to the secret with the password. It will retrieve keys
# `postgres-password` and `password` from the secret
existing_secret: "not-ums-notifications-api-postgresql-credentials"
# Define the secrets for the custom database
extraSecrets:
- name: "not-ums-notifications-api-postgresql-credentials"
stringData:
postgres-password: "custom-password"
password: "custom-password"
- name: "not-ums-keycloak-postgresql-credentials"
stringData:
keycloakDatabasePassword: "custom-password"
3.4. Deploying Nubus#
This section describes the steps to deploy Nubus.
Before you can install Nubus, you need to choose a scenario mentioned before,
collect the required configuration data, and write your custom_values.yaml file.
Nubus provides a set of default configuration values in the Helm Chart. Fetch the example values file from the following repository with curl:
$ curl \ --output custom_values.yaml \ https://raw.githubusercontent.com/univention/nubus-stack/main/helm/ums/demo_values.yaml
Adjust the configuration values in
custom_values.yamldepending on your previously chosen scenario.Install Univention Nubus with Helm:
$ helm upgrade \ --install nubus \ --namespace=<your-namespace> \ oci://registry.souvap-univention.de/souvap/tooling/charts/univention/ums \ --values custom_values.yaml --timeout 10m
Tip
The installation may take some time depending on your cluster resources, internet connection and other factors. You can verify the status of the deployment with the following command:
$ kubectl get pods -n <your-namespace>
The deployment is complete when all pods are in the state Running.