Langkah 6 - Pasang dan konfigurasikan komponen prasyarat
Kumpulkan ARN peranan
Jika anda mempunyai ARN peranan daripada peranan yang dicipta dalam langkah Prerequisites, anda boleh melangkau bahagian ini.
Sebaliknya, jika anda mempunyai nama peranan, sila gunakan arahan di bawah untuk mendapatkan ARN peranan. Pastikan anda menetapkan prefix dan profile dalam arahan di bawah sebelum menjalankannya.
prefix=""
profile=""
external_secrets_iam_role_arn=$(aws iam get-role --role-name role-cdrp-ext-secrets-${prefix} --profile ${profile} --query 'Role.Arn')
echo "external_secrets_iam_role_arn=${external_secrets_iam_role_arn}"
efs_iam_role_arn=$(aws iam get-role --role-name role-cdrp-efs-csi-${prefix} --profile ${profile} --query 'Role.Arn')
echo "external_secrets_iam_role_arn=${efs_iam_role_arn}"
Kini setelah anda mempunyai akses kepada carta Helm, ia boleh digunakan.
- Mula-mula pasang komponen prasyarat:
# Install RabbitMQ cluster operator
helm upgrade --install rabbitmq-cluster-operator oci://glasswallhub.azurecr.io/docker/bitnamicharts/rabbitmq-cluster-operator \
--atomic \
--version 4.4.34 \
--set global.imageRegistry=glasswallhub.azurecr.io \
--set global.imagePullSecrets[0]=acr-secret \
--set global.security.allowInsecureImages=true \
--set msgTopologyOperator.fullnameOverride=rabbitmq-messaging-topology-operator \
--set clusterOperator.image.repository="cgr.dev/rabbitmq-cluster-operator" \
--set clusterOperator.image.tag=2.17.0 \
--set msgTopologyOperator.image.repository="cgr.dev/rabbitmq-messaging-topology-operator" \
--set msgTopologyOperator.image.tag=1.18.3 \
--set credentialUpdaterImage.repository="cgr.dev/rabbitmq-default-user-credential-updater" \
--set credentialUpdaterImage.tag=1.0.12 \
--set rabbitmqImage.repository="cgr.dev/rabbitmq" \
--set rabbitmqImage.tag=4.2.6 \
--set clusterOperator.watchAllNamespaces=false \
--set clusterOperator.watchNamespaces={cdrplatform} \
--set msgTopologyOperator.watchAllNamespaces=false \
--set msgTopologyOperator.watchNamespaces={cdrplatform} \
--set clusterOperator.resources.requests.cpu=100m \
--set clusterOperator.resources.requests.memory=256Mi \
--set clusterOperator.resources.limits.cpu=100m \
--set clusterOperator.resources.limits.memory=256Mi \
--set msgTopologyOperator.resources.requests.cpu=100m \
--set msgTopologyOperator.resources.requests.memory=256Mi \
--set msgTopologyOperator.resources.limits.cpu=100m \
--set msgTopologyOperator.resources.limits.memory=256Mi
# Install KEDA
helm upgrade --install keda "oci://glasswallhub.azurecr.io/ghcr/home-operations/charts-mirror/keda" --atomic \
--namespace cdrplatform \
--set imagePullSecrets[0].name=acr-secret \
--set global.image.registry="glasswallhub.azurecr.io" \
--set image.keda.repository="cgr.dev/keda" \
--set image.keda.tag=2.19.0 \
--set image.metricsApiServer.repository="cgr.dev/keda-metrics-apiserver" \
--set image.metricsApiServer.tag=2.19.0 \
--set image.webhooks.repository="cgr.dev/keda-admission-webhooks" \
--set image.webhooks.tag=2.19.0 \
--version 2.19.0
# Install nginx ingress controller
helm upgrade --install nginx-ingress oci://glasswallhub.azurecr.io/k8s/ingress-nginx/charts/ingress-nginx --atomic \
--set imagePullSecrets[0].name=acr-secret \
--set global.image.registry="glasswallhub.azurecr.io" \
--set controller.image.image="cgr.dev/ingress-nginx-controller" \
--set controller.image.tag=1.14.4-nginx.1.27 \
--set controller.admissionWebhooks.patch.image.image="cgr.dev/kube-webhook-certgen" \
--set controller.admissionWebhooks.patch.image.tag=1.14.4 \
--set controller.image.digest="" \
--set controller.admissionWebhooks.patch.image.digest="" \
--version v4.15.0
# Install External Secrets
helm upgrade --install external-secrets oci://glasswallhub.azurecr.io/ghcr/external-secrets/charts/external-secrets \
--atomic \
--set imagePullSecrets[0].name=acr-secret \
--set webhook.imagePullSecrets[0].name=acr-secret \
--set certController.imagePullSecrets[0].name=acr-secret \
--set image.repository="glasswallhub.azurecr.io/cgr.dev/external-secrets" \
--set image.tag=2.1.0 \
--set webhook.image.repository="glasswallhub.azurecr.io/cgr.dev/external-secrets" \
--set webhook.image.tag=2.1.0 \
--set certController.image.repository="glasswallhub.azurecr.io/cgr.dev/external-secrets" \
--set certController.image.tag=2.1.0 \
--version 2.1.0 \
--set installCRDs=true
# Replace ${external_secrets_iam_role_arn} with the ARN value of the role that has access to Secrets Manager,
# and ${region} with your AWS region.
helm upgrade --install cdrplatform-external-secrets -n cdrplatform cdrplatform-external-secrets --atomic --create-namespace \
--set cloud_providers.aws.enabled=true \
--set cloud_providers.aws.secretsManager.iam_role="${external_secrets_iam_role_arn}" \
--set cloud_providers.aws.secretsManager.region="${region}"
# Replace ${efs_iam_role_arn} with the ARN value of the role for EFS CSI driver.
helm upgrade -i aws-efs-csi-driver aws-efs-csi-driver/aws-efs-csi-driver \
--namespace cdrplatform \
--set image.repository=602401143452.dkr.ecr.${region}.amazonaws.com/eks/aws-efs-csi-driver \
--set controller.serviceAccount.create=true \
--set controller.serviceAccount.name=sa-efs-csi-controller \
--set controller.serviceAccount.annotations."eks\.amazonaws\.com/role-arn"="${efs_iam_role_arn}"
- Perhatian, apabila menaik taraf carta Helm
rabbitmq-cluster-operator, CRD tidak akan dipasang. Jika CRD baharu diperkenalkan dalam keluaran baharu, CRD tersebut perlu dipasang secara manual untuk mengelakkan isu dengan pod operator kluster RabbitMQ yang sedang berjalan.
helm pull oci://glasswallhub.azurecr.io/docker/bitnamicharts/rabbitmq-cluster-operator --untar
kubectl apply -f rabbitmq-cluster-operator/crds/
- Kemudian, pasang komponen sokongan:
# Replace ${file_system_id} and ${storageAmount} with values for your environment.
helm upgrade --install cdrplatform-storage -n cdrplatform cdrplatform-storage \
--set cloud_provider=aws \
--set aws.efs.file_system_id=${file_system_id} \
--set storageAmount=${storageAmount}
helm upgrade --install cdrplatform-rabbitmq -n cdrplatform cdrplatform-rabbitmq \
--set image.registry=glasswallhub.azurecr.io \
--set image.tag=2.18.1-183506 \
--set cloud_provider=aws \
--atomic