Installation
Prerequisites and Guidelines
- Installation into dedicated kubernetes cluster or namespace is recommended to limit access to Kriten resources for administrators only:
- No other workloads beside Kriten running in cluster/namespace.
- Kubernetes and Helm access restricted to cluster/namespace for administrators only.
- Kubernetes 1.21+
- Helm v3+
Helm install
The Chart can be installed by adding the helm repo to your system.
Kriten can be installed along with local PostgreSQL database (recommended for Dev and UAT environments) or with external PostgreSQL database (recommended for production use).
Kriten supports local authenticator and Microsoft AD authenticator at same time. If no Microsoft AD authenticator enabled and configured, only local authentication will take place.
Helm install with values.yaml modified for target configuration:
Add helm repo
Copy values.yaml (if necessary) and edit myvalues.yaml
helm show values kriten/kriten > myvalues.yaml
Install
helm install -f myvalues.yaml kriten kriten/kriten -n kriten --create-namespace
or
helm install kriten kriten/kriten -n kriten --create-namespace
MacBook Install
Install kubectl: Install and Set Up kubectl on macOS
Install Helm: Installing Helm
Install Docker Desktop: Install Docker Desktop on Mac
In Docker Desktop settings, enable Kubernetes from the settings page.
When Docker Desktop has restarted, you should have a config file in $HOME/.kube Check that you have the docker-desktop context and switch to it, and check kubectl is working:
kubectl config get-contexts
kubectl config use-context docker-desktop
Switched to context "docker-desktop".
kubectl get nodes
NAME STATUS ROLES AGE VERSION
docker-desktop Ready control-plane 7m4s v1.32.2
Add the Kriten helm repo:
Add nodeports:
kubectl apply -n kriten -f - <<EOF
apiVersion: v1
kind: Service
metadata:
name: kriten-nodeport
spec:
selector:
app: kriten
type: NodePort
ports:
- name: http
port: 80
targetPort: 8080
nodePort: 30040
---
apiVersion: v1
kind: Service
metadata:
name: kriten-frontend-nodeport
spec:
selector:
app: kriten-frontend
type: NodePort
ports:
- name: http
port: 80
targetPort: 80
nodePort: 30050
EOF
Set an environment variable to the IP address of your macbook:
Use helm to install Kriten and the frontend:
helm install kriten kriten/kriten -n kriten \
--set frontend.enabled=true \
--set frontend.backendAddress=$IP_ADDRESS':30040' \
--set frontend.image.repository=kubecodeio/kriten-frontend \
--set frontend.image.tag="latest" \
--namespace kriten --create-namespace
You should now be able to connect to the Kriten API:
curl -c ./token.txt -X POST 'http://'$IP_ADDRESS':30040/api/v1/login' \
--header 'Content-Type: application/json' \
--data '{
"username": "root",
"password": "root",
"provider": "local"
}'
Which returns a token:
{"token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6InJvb3QiLCJ1c2VyX2lkIjoiODJkOTg4NGItZmIxZC00MmQ4LTgxM2MtZTJlYjY1ZDllYmMzIiwicHJvdmlkZXIiOiJsb2NhbCIsImV4cCI6MTc0MTQ1OTkwMn0.zerwoMCIYHM4qE5k3h2rw9chwtWhrr2568zh2_1x5SY"}
Browse to "http://"$IP_ADDRESS":30050".
Helm Chart Parameters
Parameter | Description | Default |
---|---|---|
ingress.enabled |
Ingress configuration enabled | false |
ingress.className |
Ingress class name | "nginx" |
ingress.hosts[0].host |
Ingress host name | "example.com" |
frontend.enabled |
Set to true to install GUI | false |
frontend.backendAddress |
URL for the backend ingress | "example.com" |
replicaCount |
Number of desired Kriten pods | 1 |
image.repository |
Kriten Docker image repository | "kubecodeio/kriten" |
image.tag |
Kriten Docker image tag | "latest" |
image.pullPolicy |
Pull policy for Kriten Docker image | "IfNotPresent" |
imagePullSecrets |
Kubernetes secrets to pull container images from private repository | ["name": "dockerhub] |
name |
Kriten deployment name | "kriten" |
namespace |
Namespace for Kriten | "kriten" |
serviceAccount.create |
Specifies whether a service account should be created for Kriten | true |
serviceAccount.annotations |
Annotations to add to the service account | {} |
serviceAccount.name |
The name of the service account to use, if not set and create true, a name is generated using the fullname template | "" |
service.type |
Kriten k8s service type | ClusterIP |
service.port |
Kriten k8s service port | 80 |
ldap.enabled |
LDAP/AD authenticator enabled | false |
ldap.binUser |
LDAP/AD bind account name | "" |
ldap.bindPass |
LDAP/AD bind account password | "" |
ldap.fqdn |
LDAP/AD service IP or FQDN | "" |
ldap.port |
LDAP/AD access TCP port (389 or 639 for TLS) | 389 |
ldap.baseDN |
LDAP/AD base DN | "" |
jwt.key |
Private key or secret to sign issued JWT | "" |
jwt.expiry_seconds |
JWT expiry in seconds | 3600 |
postgresql.install |
PostgreSQL installed as part of Kriten installation if set to true, or use external if false | true |
postgresql.host |
PostgreSQL Host for internal or external depending on postgresql.install parameter | "kriten-community-postgresql" |
postgresql.port |
PostgreSQL TCP port | 5432 |
postgresql.image.registry |
PostgreSQL Docker image registry | docker.io |
postgresql.image.repository |
PostgreSQL Docker image repository | bitnami/postgresql |
postgresql.image.tag |
PostgreSQL image tag | "16" |
postgresql.auth.username |
PostgreSQL username | kriten |
postgresql.auth.password |
PostgreSQL password | kriten |
postgresql.auth.database |
PostgreSQL database name | kriten |
postgresql.persistence.enabled |
PostgreSQL database persistnce storage enabled | true |