Helm charts for deploying Gen3 services to a kubernetes cluster.
helm repo add gen3 http://helm.gen3.org
helm upgrade --install gen3 gen3/gen3 -f ./values.yaml
Use the following as a template for your values.yaml file
You can set the postgres passwords to be what you want, if you leave them blank, they will be autogenerated for you.
global:
hostname: localhost
postgres:
host: postgres-postgresql.postgres.svc.cluster.local
master:
username: postgres
password:
port: 5432
arborist:
postgres:
password: test
audit:
postgres:
password: test
fence:
postgres:
password: test
FENCE_CONFIG:
OPENID_CONNECT:
google:
client_id: ""
client_secret: ""
indexd:
postgres:
password: test
manifestservice:
postgres:
password: test
metadata:
postgres:
password: test
peregrine:
postgres:
password: test
pidgin:
postgres:
password: test
requestor:
postgres:
password: test
sheepdog:
postgres:
password: test
wts:
postgres:
password: test
Any kubernetes cluster should work. We are testing with EKS, AKS, GKE and Rancher Desktop.
It is suggested to use Rancher Desktop as Kubernetes on your laptop, especially on M1 Mac's. You also get ingress and other benefits out of the box.
We need a postgres database. For development clusters you can deploy the postgres helm chart using the following commands:
helm repo add bitnami https://charts.bitnami.com/bitnami
helm install postgres bitnami/postgresql -n postgres --create-namespace
This will setup a postgres instance in a namespace called postgres
For production installations use a managed postgres service.
Gen3 does not have any IDP, but can integrate with many. We will cover Google login here, but refer to the fence documentation for additional options.
You need to set up a google credential for google login as that's the default enabled option in fence.
The following steps explain how to create credentials for your gen3
Go to the Credentials page.
Click Create credentials > OAuth client ID.
Select the Web application application type. Name your OAuth 2.0 client and click Create.
For Authorized Javascript Origins add https://localhost
For "Authorized redirect URIs" add https://localhost/user/login/google/login/
After configuration is complete, take note of the client ID that was created. You will need the client ID and client secret to complete the next steps.
These helm charts are not yet ready for production, but check back again soon.