Deploying Litmus UNS on Kubernetes using Helm Chart

you can deploy litmus uns on kubernetes using a helm chart this chart initializes a litmus uns deployment on a kubernetes cluster using the helm package manager before you begin have familiarity with kubernetes and ensure you have kubernetes version 1 25 or higher installed have familiarity with helm and ensure you have helm version 3 8 0 or higher installed quick installation make sure kubectl proxy is started on a separate console window or in the background if a kubectl proxy is not used, the kubeconfig file will need to be adjusted to accommodate this sudo kubectl proxy port=8080 note create an order at the litmus uns homepage to obtain the kubernetes pull secret from litmus automation given that we have the secret yaml file in our current working directory sudo kubectl create namespace uns set secret key name in kubernetes resource with uns namespace sudo kubectl create f litmusautomation uns centralportal secret yml namespace=uns perform helm installation of the litmus uns chart helm install uns oci //quay io/litmusautomation/charts/litmus uns wait namespace uns create namespace set "imagepullsecrets\[0] name=litmusautomation uns centralportal pull secret" the user can try to log in with https //ipaddress and username/password admin / admin tip use helm list to display all releases the parameters section provides a list of configuration options available for installation to learn more about creating, editing, managing, or deleting kubernetes secrets, refer to the managing secrets using kubectl guide detailed installation this section provides detailed instructions on how to configure and install litmus uns using helm step 1 configure ssl certificates for uns the helm chart can configure ssl/tls for the litmus uns service using kubernetes secrets below are the steps and configurations for setting up ssl certificates default ssl certificate by default, the helm chart deploys a self signed ssl certificate, which is stored in a kubernetes secret and generated during the deployment process the following parameters can be configured secret name the helm parameter luns tlssecretname specifies the name of the kubernetes secret used for the ssl certificate certificate validity the certificate's default time to live (ttl) is determined by luns tls ttl and is set to 390 days by default dns and ip configuration dns alternative names configure using luns tls altnames with a default value of uns local ip addresses the default ip is 127 0 0 1 , configured through luns tls iplist binding a static ip to the ssl certificate to learn how to set up a static ip and associate it with a load balancer service in azure, you can refer to the azure manual when using this helm chart, you can define annotations for the load balancer service using the helm parameter service annotations custom ssl certificate to use a custom ssl certificate , follow these steps 1\ create a kubernetes secret with your ssl certificate and private key kubectl create secret generic ca secret from file=tls crt=server crt from file=tls key=server key from file=ca crt=ca crt 2\ update the helm chart values to use the name of your new secret you can do this by setting luns tlssecretname to the name of your created secret helm upgrade n \[namespace] \[release] \[chart] set luns tlssecretname=new secret name for this guide, when using the release name uns in the uns namespace, the previously mentioned command should be adjusted as follows helm upgrade n uns uns oci //quay io/litmusautomation/charts/litmus uns set luns tlssecretname=new secret name step 2 using external database for uns the helm chart deploys a postgresql database server by default however, you can also use a more reliable external database managed by a cloud provider like google cloud sql external postgresql configuration to use an external postgresql database, set the following chart parameters postgres enabled false external enabled true host "your postgresql host" port 5432 secretname ext db creds parameters host is the postgresql database server hostname port is the postgresql database server port secretname is the kubernetes secret containing the database administrator credentials, which can be created with the following command kubectl n uns create secret generic ext db creds from literal=postgres user='your postgres username' from literal=postgres password='your postgres password' example google cloud sql configuration note follow the google cloud sql documentation to deploy an instance of cloud sql for postgresql in this example, we will use the cloud sql auth proxy to set up a connection to configure cloud sql auth proxy 1\ create a secret with the service account key for cloud sql auth proxy kubectl n uns create secret generic cloud sql instance credentials \\ \ from file=credentials json=/path/to/your/service account key json 2\ create a file cloudsql proxy yaml with the following content, replacing google project\ cloudsql zone\ cloudsql instance with actual values apiversion apps/v1 kind deployment metadata name cloudsql proxy labels app cloudsql proxy spec replicas 1 selector matchlabels app cloudsql proxy template metadata labels app cloudsql proxy spec containers \ name cloudsql proxy image gcr io/cloudsql docker/gce proxy\ latest command \["/cloud sql proxy", " instances=google project\ cloudsql zone\ cloudsql instance=tcp 0 0 0 0 5432", " credential file=/secrets/cloudsql/credentials json"] ports \ containerport 5432 volumemounts \ name cloudsql instance credentials mountpath /secrets/cloudsql readonly true volumes \ name cloudsql instance credentials secret secretname cloud sql instance credentials \ apiversion v1 kind service metadata name cloudsql proxy labels app cloudsql proxy spec type clusterip ports \ port 5432 targetport 5432 selector app cloudsql proxy 3\ create the cloud sql auth proxy deployment in the namespace where the chart will be installed kubectl n uns apply f cloudsql proxy yaml 4\ deploy the chart with the following parameters postgres enabled false external enabled true host "cloudsql proxy" port 5432 secretname ext db creds step 3 upgrade litmus uns before upgrading from single mode to cluster mode (parameter mqtt replicacount > 1), and vice versa, scale down the mqtt statefulset to zero kubectl n uns scale statefulset mqtt replicas=0 step 4 uninstall litmus uns to uninstall the helm chart with the release name uns in the namespace uns helm uninstall uns namespace uns ensure that you manually delete the persistent volume claims (pvcs) for statefulsets in kubernetes, as they are not automatically removed pvcs=$(kubectl get pvc o jsonpath='{ items\[ ] metadata name}' l app=uns n uns) for pvc in $pvcs; do kubectl delete pvc $pvc n uns done faqs what should i do if i encounter the error installation failed context deadline exceeded during litmus uns installation? there are three possible solutions to solve this error 1 check if the pull secret is empty run the following command to verify kubectl describe serviceaccount uns litmus uns n uns 2 apply the pull secret if it's missing use this command to patch the service account kubectl patch serviceaccount uns litmus uns p '{"imagepullsecrets" \[{"name" "the secret name"}]}' namespace uns 3 upgrade the litmus uns instance execute the following command to perform the upgrade helm upgrade uns oci //quay io/litmusautomation/charts/litmus uns wait namespace uns create namespace set "imagepullsecrets\[0] name=litmusautomation uns centralportal pull secret"