You can install Adeptia Connect microservices using Helm Charts. A Helm Chart is a collection of files and templates that describe Kubernetes resources governing the deployment of microservices.
...
- Service Accounts required by Adeptia Connect application.
- ClusterRoles, and ClusterRoleBindings required for the these Service Accounts.
- Permission required by the user who is deploying the helm chart.
- Roles and RoleBindings required by this user.
- External secret crd yaml.
- External secret ClusterRoleBindings.
| Anchor | ||||
|---|---|---|---|---|
|
Adeptia provides you with a roles zip file along with the Adeptia Connect Helm chart. This zip contains the YAML files required to create Service Accounts, ClusteRoles, ClusterRoleBindings, etc. The following table helps you understand the purpose of each yaml file. Service Accounts, ClusteRoles, ClusterRoleBindings, etc. The following table helps you understand the purpose of each yaml file.
| Warning | ||
|---|---|---|
| ||
While deploying AC v4.1.3 or above with default Kubernetes secrets, the following Service Accounts, ClusterRoles, and ClusterRoleBindings files are not included in the roles zip. The application automatically takes care of creating and configuring the Service Accounts and its privileges.
|
File Name | Purpose | Description | ||
For Service Accounts required by Adeptia Connect application | ||||
serviceaccount-adeptia.yaml | It creates a Service Account with the name “adeptia”. | This Service Account is used by all the Adeptia core services except autoscaler. You need to update the namespace in which you want to deploy the Adeptia Connect helm chart. | ||
clusterrole-adeptia.yaml | It creates a ClusterRole with the name “adeptia-connect”.
| This ClusterRole contains the permission required by the above service account. | ||
clusterrolebinding-adeptia.yaml | It creates a ClusterRoleBinding for the service account “adeptia” with the “adeptia-connect” cluster role.
| In this file, you need to update the namespace in which you will deploy the Adeptia Connect helm. | ||
serviceaccount-autoscaler.yaml | It creates a Service Account with the name “autoscaler-runtime”. | This Service Account will be used by the runtime autoscaler to launch a runtime deployment whenever a queue is created within the Adeptia Connect application. For this Service Account, Role and RoleBinding will get created automatically during helm deployment by autoscaler sub chart. You need to update the namespace in which you want to deploy the Adeptia Connect helm chart. | ||
For the user, who will deploy the helm chart | ||||
role-deployment-user.yaml | It creates the Role with name “adeptia-user” | This Role contains the permission required by the user who will deploy the Adeptia Connect helm chart. In this file, you need to update the namespace in which you want to deploy the Adeptia Connect helm chart. | ||
rolebinding-deployment-user.yaml | It creates the RoleBinding with the name “adeptia-user”. | In this file, you need to update the namespace in which you want to deploy the Adeptia Connect helm chart. You also need to update the name of the user, who will deploy the Adeptia Connect helm chart. | ||
Required for External Secret This is needed only when you will use the external secret to fetch the secrets from the external vault. | ||||
serviceaccount-adeptia-es.yaml | It creates a Service Account with the name “adeptia- es”. | This Service Account will be used by external secret. You need to enter namespace in this file. | ||
clusterrole-adeptia-es.yaml | It creates a ClusterRole with the name “adeptia- connect-es”. | This ClusterRole contains the permission required by the above service account used by external secret. | ||
clusterrolebinding-adeptia-es.yaml | It creates a ClusterRoleBinding for the service account “adeptia-es” with the “adeptia-connect-es” ClusterRole. | In this file, you need to update the namespace in which you will deploy the Adeptia Connect helm. | ||
es-crd.yaml | It creates the external secret component CRDs. | This is needed only when you will use the external secret to fetch the secrets from the external vault. | ||
es-clusterrolebinding-deployment-user.yaml | It creates a ClusterRoleBinding to provide “system:auth-delegator” permission to the user who will deploy the Adeptia Connect helm. | In this file you need to update the name of the user, who will deploy the Adeptia Connect helm. | ||
To create Service Accounts, ClusteRoles, ClusterRoleBindings, follow the steps given below.
| Warning | ||
|---|---|---|
| ||
| In case of deploying AC v4.1.3 or above, refer to this note. |
- Download the roles.tgz (roles zip) file from the following link:
https://adeptia.github.io/adeptia-connect-roles/charts/roles-4.0.tgz - Unzip this file.
- Update the yaml files as explained in the table above.
Run the following command to deploy the yaml files.
Code Block language css theme Midnight kubectl apply -f adeptia_roles/
This creates the required Service Accounts, ClusterRoles, ClusterRoleBindings, Roles, and RoleBindings.Info If you want to use external secret, run the following command to create Service Accounts, ClusterRoles, ClusterRoleBindings and external crd for external secret.
Code Block language css theme Midnight kubectl apply -f es/
Enabling OCI support in the Helm 3 client
Helm 3 supports Open Container Initiative (OCI) for package distribution. Set the HELM_EXPERIMENTAL_OCI in the environment to enable OCI support in the Helm 3 client by running the following command on the Helm CLI.
| Code Block | ||||
|---|---|---|---|---|
| ||||
export HELM_EXPERIMENTAL_OCI=1 |
...
Uninstalling Adeptia Connect
If you wish to uninstall the application, run the following command.
| Code Block | ||||
|---|---|---|---|---|
| ||||
helm uninstall <adeptia-connect> |
...
| Info |
|---|
| If you've configured external Secrets, you need to manually delete the Secrets and its deployment after you uninstall the application. |