Follow these steps in order to install the ABtutor solution.
First of all, make a fork of this repo, and keep your own private copy with your own customized files.
When components are upgraded, or additional steps are added to the scripts, you can simply pull the changes from here into your own fork.
If you are installing a pre-release version (i.e. if any of the versions mentioned in versions.sh are latest, or are suffixed with -alpha.* or -rc.*), you will need to perform a couple of additional steps.
Customize your Kubernetes service account with imagePullSecrets that allow you to pull from the Corporate Modelling Services internal registry, located at cr.corporatemodelling.com.
- If you do not already have one, contact CMS to obtain a deploy token.
- Update the
imagePullSecretsof your service account to use this token when accessing thecr.corporatemodelling.comregistry (see commands below).
If you don't have a specialized service account, use
default.
# Create a new secret in Kubernetes, containing your deploy token
kubectl create secret docker-registry cms-deploy-secret --docker-server=cr.corporatemodelling.com --docker-username=username --docker-password=your_deploy_token
# If your service account currently does not contain any pull secrets ...
kubectl patch serviceaccount your_service_account --type "json" -p '[{"op": "add", "path": "/imagePullSecrets","value": [{"name": "cms-deploy-secret"}]}]'
# Otherwise ...
kubectl patch serviceaccount your_service_account --type "json" -p '[{"op": "add", "path": "/imagePullSecrets/-","value": {"name": "cms-deploy-secret"}}]'You should also login to the Corporate Modelling internal registry via Helm:
# When prompted, enter the username and password (deploy token) that was provided to you.
helm registry login cr.corporatemodelling.comNow customize the __*.sh files. These contain variables that are used by the installation scripts. Look for the # ! markers, which indicate the variables that you most likely should modify. Other values can be modified, if you wish.
If installing a development or test environment, install 0-dev.sh before anything else. This installs a Redis, a mock SMTP server, and a TLS/SSL certificate configured for your hostname.
For a production environment, it is up to you to provide these.
The installed SSL certificate is signed by an internal CMS certificate. Outside of CMS, it will be reported as "insecure".
Install the 0-webhooks.sh script before the main scripts.
Mutating webhooks affect a Kubernetes cluster globally, not just within the namespace that they are installed into. So, if these have already been installed (into any namespace, even for a different product deployment), there is no need to install them again.
The namespace that the webhooks are installed into is defined in
__k8s.sh.
Installing them again into the same namespace will do no harm, but if you have already installed them, but want to install them into a different namespace, you must uninstall the previous instance first. Multiple webhooks performing the same mutations will most likely cause chaos.
If your cluster already has a CockroachDB database that you want to use, you should make additional modifications to __cockroach.sh to ensure that the follow-up scripts receive the correct values for COCKROACHDB_ADMIN_USER_SSL_SECRET and COCKROACH_HOST.
Otherwise, run 0-database.sh to install an empty CockroachDB database cluster.
Either install a clean schema, or restore an existing database backup.
Simply run 0-schema.sh to install the database schema.
If you intend to restore a backup of a database to work with, the backup will already contain the schema, so there
is no need to run the 0-schema.sh script.
After you have restored your backup of an existing database, you will probably need to GRANT the admin user (abtadmin by default) permissions on that database, plus the abtutor and dbo schemas.
e.g. if the database is called abtutor:
GRANT ALL ON DATABASE abtutor TO abtadmin;
GRANT ALL ON SCHEMA abtutor TO abtadmin;
GRANT ALL ON ALL TABLES IN SCHEMA abtutor TO abtadmin;
GRANT ALL ON SCHEMA dbo TO abtadmin;
GRANT ALL ON ALL TABLES IN SCHEMA dbo TO abtadmin;Run 1-install.sh to install the Keycloak IDP, the customized WebWFTL, the various webservices, and the network configurations.
The
helmcommands have the--waitcommand-line option, which means that, where possible, they will wait until all installed services are running and reporting as healthy. Give these commands time to complete.