⚠️ This document is work in progress. Feedback is welcome. ⚠️

3. Installation#

This section describes the installation and deployment of Univention Nubus in a Kubernetes cluster.

Before you begin, make sure you meet the requirements outlined in Requirements. Choose one of the following scenarios:

Depending on the planned scenario, you need information from the cluster operator, such as endpoints to services and the corresponding authentication credentials. Finally, the section Deploying Nubus describes the deployment step-by-step with the respective commands.

3.1. Deploy requirements based on examples included in Nubus#

In this setup, you deploy the requirements for Nubus based on examples included in Nubus. This setup is good for getting started with Nubus and for demonstration.

For production use, you need to consider your own concepts for redundancy, failover, and security. For more information, see Use requirements provided by Kubernetes cluster.

By default, Nubus bundles the following services unless configured otherwise:

  1. S3-compatible object storage with MinIO

  2. Relational database with PostgreSQL for the Notifications API in the Univention Portal

  3. Relational database with PostgreSQL for the UMC Server

  4. Relational database with PostgreSQL for Keycloak

  5. Key-value store with Memcached for the UMC Server

Nubus provides a set of default configuration values in the Helm Chart. Copy the demo_values.yaml file and customize the domain portal.local-cluster.test to your needs.

Listing 3.1 Create custom configuration values#
$ cp helm/ums/demo_values.yaml helm/ums/custom_values.yaml

After you have configured all dependencies, proceed with the steps described in Deploying Nubus.

Note

Each service offers a bundled database.

Recommendation for a production environment: use a database management system for all services with concepts for redundancy, failover, and more, depending on your needs.

For more information about this use case, see Use requirements provided by Kubernetes cluster.

3.2. Use requirements provided by Kubernetes cluster#

The deployment of the default configuration assumes that your cluster provides the components Nubus depends on as described in Kubernetes cluster.

Note

You may base your configuration on the demo_values.yaml file provided in the Helm Chart. Create custom_values.yaml file and adjust the values to your needs, as shown in Listing 3.4.

To make Nubus use the existing deployed services from the Kubernetes cluster, deactivate the following services in the Helm Chart configuration. Ask your cluster operator to provide the required configuration values for these services:

Listing 3.2 Deactivate bundled services for Nubus to use requirements provided by Kubernetes cluster#
minio:
  enabled: false
umc-server:
  memcached:
    bundled: false
  postgresql:
    bundled: false
keycloak-postgresql:
  enabled: false
notifications-api:
  postgresql:
    bundled: false

Then, provide custom values for the following services:

S3-compatible object storage:

endpoint, bucket, access key ID, and secret for the access key ID.

  • Portal Listener

  • Portal Server

  • Stack Gateway configuration for serving public object storage icons.

Relational database management system

with databases, one for each of the following services:

  • Keycloak

  • Notifications API

  • UMC Server

Now you have configured all dependencies, proceed with the steps described in Deploying Nubus.

3.3. Use external PostgreSQL database#

This section describes, how you can use an external PostgreSQL database management system for all services. Use this configuration, if you have a PostgreSQL database cluster already in place, with redundancy and failover mechanisms.

To configure an external PostgreSQL database, you need to provide the connection details in the Helm Chart configuration in your custom_values.yaml file as outlined in Listing 3.3. Replace the following placeholders with your configuration values:

custom-host:

The hostname to the external PostgreSQL database management system.

custom-database:

The database within PostgreSQL to use for the respective service.

custom-username:

The username for authentication to the PostgreSQL database for the respective service.

custom-password:

The password for the username to authenticate for the PostgreSQL database.

Listing 3.3 Content for custom_values.yaml file to configure external PostgreSQL database#
umc-server:
  postgresql:
    # Disables the bundled PostgreSQL database
    bundled: false
    connection:
      host: "custom-host"
      port: 5432
    auth:
      username: "custom-username"
      database: "custom-database"
      password: "custom-password"
      postgresPassword: "custom-password"

keycloak-postgresql:
  # Disables the bundled PostgreSQL database
  enabled: false

keycloak:
  config:
    database:
      host: "custom-host"
      port: 5432
      username: "custom-username"
      database: "custom-database"
      existingSecret:
        name: "not-ums-keycloak-postgresql-credentials"
        key: "keycloakDatabasePassword"

notifications-api:
  postgresql:
    # Disables the bundled PostgreSQL database
    bundled: false
    connection:
      host: "custom-host"
      port: 5432
    auth:
      username: "custom-username"
      database: "custom-database"
      # Point to the secret with the password. It will retrieve keys
      # `postgres-password` and `password` from the secret
      existing_secret: "not-ums-notifications-api-postgresql-credentials"

# Define the secrets for the custom database
extraSecrets:
  - name: "not-ums-notifications-api-postgresql-credentials"
    stringData:
      postgres-password: "custom-password"
      password: "custom-password"
  - name: "not-ums-keycloak-postgresql-credentials"
    stringData:
      keycloakDatabasePassword: "custom-password"

3.4. Deploying Nubus#

This section describes the steps to deploy Nubus. Before you can install Nubus, you need to choose a scenario mentioned before, collect the required configuration data, and write your custom_values.yaml file.

  1. Nubus provides a set of default configuration values in the Helm Chart. Fetch the example values file from the following repository with curl:

    Listing 3.4 Download example configuration values for deployment#
    $ curl \
       --output custom_values.yaml \
       https://raw.githubusercontent.com/univention/nubus-stack/main/helm/ums/demo_values.yaml
    
  2. Adjust the configuration values in custom_values.yaml depending on your previously chosen scenario.

  3. Install Univention Nubus with Helm:

    $ helm upgrade \
       --install nubus \
       --namespace=<your-namespace> \
       oci://registry.souvap-univention.de/souvap/tooling/charts/univention/ums \
       --values custom_values.yaml
       --timeout 10m
    

    Tip

    The installation may take some time depending on your cluster resources, internet connection and other factors. You can verify the status of the deployment with the following command:

    $ kubectl get pods -n <your-namespace>
    

    The deployment is complete when all pods are in the state Running.