Skip to content

Commit

Permalink
Updated installation steps for litmus (#274)
Browse files Browse the repository at this point in the history 
* Updated installation steps for litmus

Signed-off-by: Saranya-jena <[email protected]>

* updated docs

Signed-off-by: Saranya-jena <[email protected]>

* fixed issues with sidebar

Signed-off-by: Saranya-jena <[email protected]>

* fixed broken links

Signed-off-by: Saranya-jena <[email protected]>

---------

Signed-off-by: Saranya-jena <[email protected]>
  • Loading branch information
@Saranya-jena
Saranya-jena authored Jul 15, 2024
1 parent d125098 commit 906a186
Show file tree
Hide file tree
Showing 14 changed files with 363 additions and 541 deletions.
2 changes: 1 addition & 1 deletion website/docs/architecture/chaos-control-plane.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ Chaos control plane consists of micro-services responsible for the functioning o

## Standard Chaos Control Plane Flow

1. The User logs in to the ChaosCenter using a valid login credential. A default project is created for the user on initial login. Every user is a part of a project and has a role assigned to them. To schedule a chaos experiment, the user needs to have an Editor or Owner role assigned in the project.
1. The User logs in to the ChaosCenter using a valid login credential. A default project is created for the user on initial login. Every user is a part of a project and has a role assigned to them. To schedule a chaos experiment, the user needs to have an Owner role assigned in the project.
2. The user uploads a Chaos Experiment manifest using the ChaosCenter, which is received by the Backend Server.
3. Backend Server stores the manifest in the Database and also sends it to the Chaos Infrastructure.
4. Chaos Infrastructure uses the Chaos Experiment manifest to inject chaos into the target resources. The steps of the Chaos Experiment execution can be visualized using the ChaosCenter.
Expand Down
10 changes: 5 additions & 5 deletions website/docs/concepts/teaming.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,12 +10,12 @@ The ChaosCenter has a built in teaming feature to facilitate collaboration betwe

## Project level roles

Each user has a default project created on user creation by the admin for which they maintain a project level `Owner` access. Every `Owner` has the ability to invite other users into their project with different permission levels, namely `Editor`, and `Viewer`.
Each user has a default project created on user creation by the admin for which they maintain a project level `Owner` access. Every `Owner` has the ability to invite other users into their project with different permission levels, namely `Executor`, and `Viewer`.

Teaming is based on the following principles and each user can have one of the 3 project roles:

- **Owner:** One who created the project and owns it. Only the owner has permission to manage(invite or remove) the members in his/her project. The owner can schedule chaos experiments, update and delete chaos experiments.
- **Editor:** Members invited with the editor role can do everything an owner can except for managing the project.
- **Owner:** One who created the project and owns it. Only the owner has permission to manage(invite or remove) the members in his/her project. The owner can create resources such as infrastructures, probes, hubs, experiments, etc, schedule chaos experiments, update and delete chaos experiments.They have both create and execute perimissions.
- **Executor:** Members invited with the executor role only have execute and view permissions which allow them to run/stop experiments, use probes etc, they don't have any create/delete permissions.
- **Viewer:** Members having a viewer role can only view the analytics related to the chaos experiments and the chaos experiments themselves, but are not given permission to schedule chaos experiments in the project.

## Role privileges
Expand All @@ -26,15 +26,15 @@ Teaming is based on the following principles and each user can have one of the 3

- Invite other users for the following roles:
- Viewer
- Editor
- Executor
- View the list of team members with other details including their role in the project, email-id, date-time of joining the project team.
- Rename your project.
- Remove a member from your project.
- Check the status of the invitation you sent to other members.
- Edit the user role in case the invitation is pending.
- Cancel the invitation.

**_As a Viewer or Editor you can:_**
**_As a Viewer or Executor you can:_**

- Check and Accept/Decline the received invitations.
- Switch and browse any project you are a member of.
Expand Down
61 changes: 58 additions & 3 deletions website/docs/getting-started/installation.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
---
id: installation
title: ChaosCenter cluster scope installation
title: ChaosCenter installation
sidebar_label: Installation
---

Expand Down Expand Up @@ -100,10 +100,62 @@ Visit https://docs.litmuschaos.io to find more info.
> **Note:** Litmus uses Kubernetes CRDs to define chaos intent. Helm3 handles CRDs better than Helm2. Before you start running a chaos experiment, verify if Litmus is installed correctly.
### **Install Litmus using kubectl**
## **Install Litmus using kubectl**
In this method the users need to install mongo first via helm and then apply the installation manifest. Follow the instructions [here](https://github.com/litmuschaos/litmus/tree/master/chaoscenter#installation-steps-for-litmus-300-beta9).
### **Install mongo**
```bash
helm repo add bitnami https://charts.bitnami.com/bitnami
```

Mongo Values

```bash
auth:
enabled: true
rootPassword: "1234"
# -- existingSecret Existing secret with MongoDB(&reg;) credentials (keys: `mongodb-passwords`, `mongodb-root-password`, `mongodb-metrics-password`, ` mongodb-replica-set-key`)
existingSecret: ""
architecture: replicaset
replicaCount: 3
persistence:
enabled: true
volumePermissions:
enabled: true
metrics:
enabled: false
prometheusRule:
enabled: false

# bitnami/mongodb is not yet supported on ARM.
# Using unofficial tools to build bitnami/mongodb (arm64 support)
# more info: https://github.com/ZCube/bitnami-compat
#image:
# registry: ghcr.io/zcube
# repository: bitnami-compat/mongodb
# tag: 6.0.5
```

```bash
helm install my-release bitnami/mongodb --values mongo-values.yml -n <NAMESPACE> --create-namespace
```

Litmus supports for HTTP and HTTPS mode of installation.

### Basic installation (HTTP based and allows all origins)

Applying the manifest file will install all the required service account configuration and ChaosCenter in namespaced scope.

```bash
kubectl apply -f https://raw.githubusercontent.com/litmuschaos/litmus/master/chaoscenter/manifests/litmus-getting-started.yaml -n <NAMESPACE>
```

### Advanced installation (HTTPS based and CORS rules apply)

For advanced installation visit [here](../user-guides/chaoscenter-advanced-installation.md)

---

## **Verify your installation**
Expand Down Expand Up @@ -182,6 +234,9 @@ http://172.17.0.3:31846/

> Where `172.17.0.3` is my NodeIP and `31846` is the frontend service PORT. If using a LoadBalancer, the only change would be to provide a `<LoadBalancerIP>:<PORT>`. [Learn more about how to access ChaosCenter with LoadBalancer](../user-guides/setup-without-ingress.md#with-loadbalancer)


**NOTE:** With advanced installation CORS rules are applied, once manifest is applied frontend loadbalancer IP needs to be added in the `ALLOWED_ORIGINS` environment in both auth and graphql server deployment.

You should be able to see the Login Page of Litmus ChaosCenter. The **default credentials** are

```yaml
Expand All @@ -197,7 +252,7 @@ By default you are assigned with a default project with Owner permissions.

## Learn more

- [Install ChaosCenter in Namespace Scope](../user-guides/chaoscenter-namespace-scope-installation.md)
- [Install ChaosCenter with HTTPS](../user-guides/chaoscenter-advanced-installation.md)
- [Connect External Chaos Infrastructures to ChaosCenter](../user-guides/chaos-infrastructure-installation.md)
- [Setup Endpoints and Access ChaosCenter without Ingress](../user-guides/setup-without-ingress.md)
- [Setup Endpoints and Access ChaosCenter with Ingress](../user-guides/setup-with-ingress.md)
260 changes: 260 additions & 0 deletions website/docs/user-guides/chaoscenter-advanced-installation.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,260 @@
---
id: chaoscenter-advanced-installation
title: ChaosCenter Advanced Installation
sidebar_label: Setup with HTTPS
---

---

## Prerequisites

- Kubernetes 1.17 or later

- A Persistent volume of 20GB

:::note
Recommend to have a Persistent volume(PV) of 20GB, You can start with 1GB for test purposes as well. This PV is used as persistent storage to store the chaos config and chaos-metrics in the Portal. By default, litmus install would use the default storage class to allocate the PV. Provide this value
:::

- [Helm3](https://v3.helm.sh/) or [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl)

## Installation

Users looking to use Litmus for the first time have two options available to them today. One way is to use a hosted Litmus service like [Harness Chaos Engineering SaaS](https://app.harness.io/auth/#/signin). Alternatively, users looking for some more flexibility can install Litmus into their own Kubernetes cluster.

Users choosing the self-hosted option can refer to our Install and Configure docs for installing alternate versions and more detailed instructions.

import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';

<Tabs>
<TabItem value="self-hosted" label="Self-Hosted" default>
Installation of Self-Hosted Litmus can be done using either of the below methods:
<li><a href="#install-litmus-using-helm">Helm3</a> chart</li>
<li><a href="#install-litmus-using-kubectl">Kubectl</a> yaml spec file</li>
<br/>
Refer to the below details for Self-Hosted Litmus installation.
</TabItem>
<TabItem value="hosted" label="Hosted (Beta)">
<a href="https://harness.io/">Harness</a> offers a free service for community members which makes getting started with Litmus easy. Create an account to get started. Once logged in, create a new hosted control plane and connect to it via the up CLI. Litmus can be used as a hosted cloud service using <a href="https://app.harness.io/auth/#/signin">Harness Chaos Engineering SaaS</a>. Harness Chaos Engineering SaaS executes your Chaos Experiments in the cloud by managing all your Chaos Control Plane components, while the Chaos Execution Plane components exist on your Kubernetes cluster as part of an external chaos infrastructure.
<br/><br/>
To get started with Harness Chaos Engineering SaaS, visit <a href="https://developer.harness.io/docs/chaos-engineering/get-started/learn-more-free-plan">Harness Chaos Engineering SaaS</a> and register for free. You can skip the below installation steps.
</TabItem>
</Tabs>

### Install Litmus using Helm

The helm chart will install all the required service account configuration and ChaosCenter.

The following steps will help you install Litmus ChaosCenter via helm.

#### Step-1: Add the litmus helm repository

```bash
helm repo add litmuschaos https://litmuschaos.github.io/litmus-helm/
helm repo list
```

#### Step-2: Create the namespace on which you want to install Litmus ChaosCenter

- The ChaosCenter can be placed in any namespace, but for this scenario we are choose `litmus` as the namespace.

```bash
kubectl create ns litmus
```

#### Step-3: Install Litmus ChaosCenter

```bash
helm install chaos litmuschaos/litmus --namespace=litmus --set portal.frontend.service.type=NodePort
```

> **Note:** If your Kubernetes cluster isn't local, you may want not to expose Litmus via `NodePort`. If so, remove `--set portal.frontend.service.type=NodePort` option. To connect to Litmus UI from your laptop, you can use `port-forward svc/chaos-litmus-frontend-service 9091:9091`. Then you can use your browser and open `127.0.0.1:9091`.
- Litmus helm chart depends on `bitnami/mongodb` [helm chart](https://github.com/bitnami/charts/tree/main/bitnami/mongodb), which uses a mongodb image not supported on ARM. If you want to install Litmus on an ARM-based server, please replace the default one with your custom mongodb arm image as shown below.

```bash
helm install chaos litmuschaos/litmus --namespace=litmus \
--set portal.frontend.service.type=NodePort \
--set mongodb.image.registry=<put_registry> \
--set mongodb.image.repository=<put_image_repository> \
--set mongodb.image.tag=<put_image_tag>
```

<span style={{color: 'green'}}><b>Expected Output</b></span>

```
NAME: chaos
LAST DEPLOYED: Tue Jun 15 19:20:09 2021
NAMESPACE: litmus
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
Thank you for installing litmus 😀

Your release is named chaos and its installed to namespace: litmus.

Visit https://docs.litmuschaos.io to find more info.
```
> **Note:** Litmus uses Kubernetes CRDs to define chaos intent. Helm3 handles CRDs better than Helm2. Before you start running a chaos experiment, verify if Litmus is installed correctly.
## **Install Litmus using kubectl**
In this method the users need to install mongo first via helm and then apply the installation manifest. Follow the instructions [here](https://github.com/litmuschaos/litmus/tree/master/chaoscenter#installation-steps-for-litmus-300-beta9).
### **Install mongo**
```bash
helm repo add bitnami https://charts.bitnami.com/bitnami
```

Mongo Values

```bash
auth:
enabled: true
rootPassword: "1234"
# -- existingSecret Existing secret with MongoDB(&reg;) credentials (keys: `mongodb-passwords`, `mongodb-root-password`, `mongodb-metrics-password`, ` mongodb-replica-set-key`)
existingSecret: ""
architecture: replicaset
replicaCount: 3
persistence:
enabled: true
volumePermissions:
enabled: true
metrics:
enabled: false
prometheusRule:
enabled: false

# bitnami/mongodb is not yet supported on ARM.
# Using unofficial tools to build bitnami/mongodb (arm64 support)
# more info: https://github.com/ZCube/bitnami-compat
#image:
# registry: ghcr.io/zcube
# repository: bitnami-compat/mongodb
# tag: 6.0.5
```

```bash
helm install my-release bitnami/mongodb --values mongo-values.yml -n <NAMESPACE> --create-namespace
```

Litmus supports for HTTP and HTTPS mode of installation.

### Advanced installation (HTTPS based and CORS rules apply)

1. Generate TLS certificates: You can provide your own certificates or can generate using [this](https://github.com/litmuschaos/litmus/blob/master/chaoscenter/mtls-helper.sh) bash script.

2. Create secret

```bash
kubectl create secret generic tls-secret --from-file=ca.crt=ca.crt --from-file=tls.crt=tls.crt --from-file=tls.key=tls.key -n <NAMESPCACE>
```
3. Applying the manifest file will install all the required service account configuration and ChaosCenter in namespaced scope.

```bash
kubectl apply -f https://raw.githubusercontent.com/litmuschaos/litmus/master/chaoscenter/manifests/litmus-installation.yaml -n <NAMESPACE>
```

---

## **Verify your installation**

#### **Verify if the frontend, server, and database pods are running**

- Check the pods in the namespace where you installed Litmus:

```bash
kubectl get pods -n litmus
```

<span style={{color: 'green'}}><b>Expected Output</b></span>

```bash
NAME READY STATUS RESTARTS AGE
litmusportal-server-6fd57cc89-6w5pn 1/1 Running 0 57s
litmusportal-auth-server-7b596fff9-5s6g5 1/1 Running 0 57s
litmusportal-frontend-55974fcf59-cxxrf 1/1 Running 0 58s
my-release-mongodb-0 1/1 Running 0 63s
my-release-mongodb-1 1/1 Running 0 63s
my-release-mongodb-2 1/1 Running 0 62s
my-release-mongodb-arbiter-0 1/1 Running 0 64s
```

- Check the services running in the namespace where you installed Litmus:

```bash
kubectl get svc -n litmus
```

<span style={{color: 'green'}}><b>Expected Output</b></span>

```bash
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
chaos-exporter ClusterIP 10.68.45.7 <none> 8080/TCP 23h
litmusportal-auth-server-service NodePort 10.68.34.91 <none> 9003:32368/TCP,3030:31051/TCP 23h
litmusportal-frontend-service NodePort 10.68.43.68 <none> 9091:30070/TCP 23h
litmusportal-server-service NodePort 10.68.33.242 <none> 9002:32455/TCP,8000:30722/TCP 23h
my-release-mongodb-arbiter-headless ClusterIP None <none> 27017/TCP 23h
my-release-mongodb-headless ClusterIP None <none> 27017/TCP 23h
workflow-controller-metrics ClusterIP 10.68.33.65 <none> 9090/TCP 23h
```

---

## **Accessing the ChaosCenter**

To setup and login to ChaosCenter expand the available services just created and copy the `PORT` of the `litmusportal-frontend-service` service

```bash
kubectl get svc -n litmus
```

<span style={{color: 'green'}}><b>Expected Output</b></span>

```bash
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
litmusportal-frontend-service NodePort 10.43.79.17 <none> 9091:31846/TCP 102s
litmusportal-server-service NodePort 10.43.30.54 <none> 9002:31245/TCP,8000:32714/TCP 101s
litmusportal-auth-server-service NodePort 10.43.81.108 <none> 9003:32618/TCP,3030:31899/TCP 101s
mongo-service ClusterIP 10.43.227.10 <none> 27017/TCP 101s
mongo-headless-service ClusterIP None <none> 27017/TCP 101s
```

> **Note**: In this case, the PORT for `litmusportal-frontend-service` is `31846`. Yours will be different.

Once you have the PORT copied in your clipboard, simply use your IP and PORT in this manner `<NODEIP>:<PORT>` to access the Litmus ChaosCenter.

For example:

```yaml
https://172.17.0.3:31846/
```

> Where `172.17.0.3` is my NodeIP and `31846` is the frontend service PORT. If using a LoadBalancer, the only change would be to provide a `<LoadBalancerIP>:<PORT>`. [Learn more about how to access ChaosCenter with LoadBalancer](../user-guides/setup-without-ingress.md#with-loadbalancer)


**NOTE:** With advanced installation CORS rules are applied, once manifest is applied frontend loadbalancer IP needs to be added in the `ALLOWED_ORIGINS` environment in both auth and graphql server deployment.

You should be able to see the Login Page of Litmus ChaosCenter. The **default credentials** are

```yaml
Username: admin
Password: litmus
```

<img src={require('../assets/login.png').default} width="800" />

By default you are assigned with a default project with Owner permissions.

<img src={require('../assets/landing-page.png').default} width="800" />

## Learn more

- [Install ChaosCenter with HTTP](../getting-started/installation.md)
- [Setup Endpoints and Access ChaosCenter without Ingress](setup-without-ingress.md)
- [Setup Endpoints and Access ChaosCenter with Ingress](setup-with-ingress.md)
Loading

0 comments on commit 906a186

Please sign in to comment.