What You'll Need
A server running Ubuntu 20.04 LTS or Redhat 7 (This can be bare metal or virtual machine, on premise or in the cloud of your choice)
A server with 100G of disk space, 8 CPUs, and 32G of memory are recommended (AWS EC2 m5.2xlarge, Azure Standard_D8s_v3, GCP n2-standard-8)
An installation of PostgreSQL version 12 or greater with a database provisioned for Aginity Premium (This can be on the same server but using an external service such as AWS RDS is recommended)
A trusted SSL certificate (Premium ships with self-signed certificates, but we highly recommend you bring your own)
Install Snapd (Redhat Only)
Install the Extra Packages for Enterprise Linux (EPEL) Repositories
sudo yum install epel-release
sudo yum -y install snapd
The systemd unit that manages the main snap communication socket needs to be enabled:
sudo systemctl enable --now snapd.socket
To enable classic snap support, enter the following to create a symbolic link between /var/lib/snapd/snap and /snap
sudo ln -s /var/lib/snapd/snap /snap
Log out and back in again to ensure snap’s paths are updated correctly.
MicroK8S will install a minimal, lightweight Kubernetes you can run and use on practically any machine. It can be installed with a snap:
sudo snap install microk8s --classic --channel=1.19
Join the group
MicroK8S creates a group to enable seamless usage of commands which require admin privilege. To add your current user to the group and gain access to the .kube caching directory, run the following two commands:
sudo usermod -a -G microk8s $USER
sudo chown -f -R $USER ~/.kube
You will also need to re-enter the session for the group update to take place:
su - $USER
Check the status
MicroK8S has a built-in command to display its status. During installation you can use the --wait-ready flag to wait for the Kubernetes services to initialize:
microk8s status --wait-ready
Enable MicroK8S Addons
microk8s enable dns ingress storage
By default MicroK8s points to Google’s 18.104.22.168 and 22.214.171.124 servers for resolving addresses. The forward dns servers can also be altered after enabling the addon by running the command:
microk8s kubectl -n kube-system edit configmap/coredns
This will invoke the vim editor so that you can alter the configuration.
sudo snap install helm --classic
MicroK8s uses a namespaced kubectl command to prevent conflicts with any existing installs of kubectl. If you don’t have an existing install, it is easier to add an alias (append to ~/.bash_aliases) like this:
alias kubectl='microk8s kubectl'
Download the Aginity Premium Helm Chart
Pull the Aginity Premium helm chart from our public repository.
helm chart pull public.ecr.aws/aginity/premium/helm:aginity-premium-mk8s
Export the helm chart to local directory, typically /opt/aginity
helm chart export public.ecr.aws/aginity/premium/helm:aginity-premium-mk8s <local_path_to_chart>
Change working directory to directory where chart has been extracted in previous step
Configure Aginity Premium Deployment
Make a copy of the values.yaml.template file by running the following command:
cp values.yaml.template values.yaml
Open the newly created file with your editor of choice. The secrets section contains parameters that will be encrypted and stored inside MicroK8s.
- encryptionKey (salt for encrypting your data)
- superUserName (name of the default superuser)
- superUserPassword (password for the default superuser)
- postgresUser (username to connect PostgreSQL backend)
- postgresPassword (password to connect PostgreSQL backend)
Provide the settings to connect to the PostgreSQL backend database. This database should be created in advance of the Aginity Premium installation.
- postgresHost (leave empty if using IP addressing)
- postgresIp (leave empty if using DNS addressing)
- postgresPort (default is 5432)
It is very important to keep values.yaml and backup it periodically since it contains sensitive data. Also this file will preserve all configuration between upgrades for a consistent upgrade process.
Access to Aginity Premium needs to be secured. This chart contains a self-signed SSL certificate, however, we recommend using a trusted signed SSL certificate from your provider of choice.
To install a trusted SSL certificate:
Replace ./tls/server.crt and ./tls/server.key with your certificate and private key. File extensions must be .crt and .key for the certificate and private key respectively.
Provide domain name in values.yaml. This is under 'ingress' section 'host' value.
Installation of Aginity Premium
To Aginity Premium execute from chart directory
helm install aginity-premium .
Here aginity-premium is the name of deployment in helm.
To upgrade deployment after changes in values.yaml execute:
helm upgrade aginity-premium .
The deployment typically takes about three minutes, during which time you may see pods restarting. You can check the status of the deployment:
kubectl get pods --namespace aginity
Once all of the containers in the deployment achieve a running state, Aginity Premium can be accessed via a Chrome browser:
Accessing Aginity Premium using Self-Signed SSL
By default Aginity Premium will be deployed with self signed SSL certificate and default domain name 'aginity-premium.local'. You can use your certificates and domain name, which is preferable and more secure. In order to access Aginity Premium using a self-signed SSL certificate:
- Find out the external IP address of server, where Aginity Premium has been installed.
- Edit 'hosts' file ( '/etc/hosts' for Linux and MacOS; 'C:\Windows\System32\drivers\etc\hosts' for Windows 10) and add following:
# BEGIN section for Aginity Premium <IP of server> aginity-premium.local # END section for Aginity Premium
- Open Google Chrome and go to 'https://aginity-premium.local'. In case of default deployment with self signed certificate you will see Chrome warning page. Type on your keyboard
thisisunsafeand press 'Enter' key. Refresh page.
Again, we strongly recommend to use valid trusted SSL certificate.
Uninstalling Aginity Premium
To uninstall Aginity Premium from the Kubernetes cluster run the following:
helm uninstall aginity-premium --namespace default