From 65b623854a1077ba4dad8be0de3f2bb4b73279a9 Mon Sep 17 00:00:00 2001 From: Joe Sirianni Date: Wed, 10 Apr 2024 14:18:01 -0400 Subject: [PATCH 1/2] Add example --- docs/example/gke/README.md | 148 +++++++++++++++++++++++++++++++++++ docs/example/gke/values.yaml | 101 ++++++++++++++++++++++++ 2 files changed, 249 insertions(+) create mode 100644 docs/example/gke/README.md create mode 100644 docs/example/gke/values.yaml diff --git a/docs/example/gke/README.md b/docs/example/gke/README.md new file mode 100644 index 00000000..07062865 --- /dev/null +++ b/docs/example/gke/README.md @@ -0,0 +1,148 @@ +# Google Kubernetes Engine + +This example deploys BindPlane to GKE, sized to support 20,000 agents. + +## Create Namespace + +Create the `bindplane` namespace. + +```bash +kubectl create namespace bindplane +``` + +## Create Secret + +Create the `bindplane` secret in the `bindplane` namespace. +See the [secret](/README.md#create-secret) documentation for +more information. + +```bash +kubectl -n bindplane create secret generic bindplane \ + --from-literal=username= \ + --from-literal=password= \ + --from-literal=secret_key= \ + --from-literal=sessions_secret= \ + --from-literal=license= +``` + +Example: + +```bash +kubectl -n bindplane create secret generic bindplane \ + --from-literal=username=my-username \ + --from-literal=password=my-secure-password \ + --from-literal=secret_key=353753ca-ae48-40f9-9588-28cf86430910 \ + --from-literal=sessions_secret=d9425db6-c4ee-4769-9c1f-a66987679e90 \ + --from-literal=license=mylicense-key +``` + +## Configure + +Edit the `values.yaml` file in this directory. + +### Ingress + +Remove the `ingress` block if you do not want to use an ingress class +to provide access to BindPlane. This example uses Ingress NGINX with +Cert Manager. + +```yaml +ingress: + enable: true + host: bindplane.data-metric.com + class: nginx + tls: + enable: true + secret: bindplane-tls + annotations: + cert-manager.io/issuer: letsencrypt +``` + +If removing ingress, remove the `config.server_url` option. If using +ingress, update `config.server_url` to match your ingress hostname. + +```yaml +config: + server_url: https://bindplane.data-metric.com +``` + +### Pub/Sub + +Update the Pub/Sub `projectid` and `topic`. + +```yaml +eventbus: + type: 'pubsub' + pubsub: + projectid: 'my-project' + topic: 'bindplane' +``` + +Make sure your GKE node pool's have the [Pub/Sub scope](https://developers.google.com/identity/protocols/oauth2/scopes#pubsub) enabled. + +### Postgres + +Update the Postgres configuration's `host`, `database`, `username` and `password` options to reflect your environment. + +```yaml +backend: + type: postgres + postgres: + host: '34.23.43.29' + port: 5432 + database: 'bindplane' + username: 'your-username' + password: 'your-secure-password' + maxConnections: 10 +``` + +## Deploy + +```bash +helm repo update + +helm upgrade \ + --values="values.yaml" \ + --namespace=bindplane \ + --create-namespace \ + --install \ + bindplane \ + bindplane/bindplane +``` + +Once deployed, the `bindplane` namespace will look like this: + +``` +NAME READY STATUS +bindplane-58968545f8-6n6pm 1/1 Running +bindplane-58968545f8-79rt4 1/1 Running +bindplane-58968545f8-7wtbh 1/1 Running +bindplane-58968545f8-987pb 1/1 Running +bindplane-58968545f8-cxpkq 1/1 Running +bindplane-58968545f8-whg6v 1/1 Running +bindplane-58968545f8-z5wm7 1/1 Running +bindplane-prometheus-0 1/1 Running +bindplane-transform-agent-675d8f5865-8rzrn 1/1 Running +bindplane-transform-agent-675d8f5865-pgvh2 1/1 Running +``` + +If using ingress, the ingress resource will look like this: + +``` +NAME CLASS HOSTS ADDRESS PORTS AGE +bindplane bindplane.data-metric.com 34.23.141.224 80, 443 74m +``` + +If using ingress with TLS, a certificate and secret resource will be present in the namespace. + +```bash +$ kubectl -n bindplane get certificate +NAME READY SECRET AGE +bindplane-tls True bindplane-tls 72m +``` +```bash +$ kubectl -n bindplane get secret bindplane-tls +NAME TYPE DATA AGE +bindplane-tls kubernetes.io/tls 2 70m +``` + diff --git a/docs/example/gke/values.yaml b/docs/example/gke/values.yaml new file mode 100644 index 00000000..7fa26c7e --- /dev/null +++ b/docs/example/gke/values.yaml @@ -0,0 +1,101 @@ +# This ingress example uses Ingress NGINX and Cert Manager +# for creating Lets Encrypt signed certificates. +# +# - https://kubernetes.github.io/ingress-nginx/deploy/#gce-gke +# - https://cert-manager.io/docs/tutorials/getting-started-with-cert-manager-on-google-kubernetes-engine-using-lets-encrypt-for-ingress-ssl/ +# +ingress: + enable: true + host: bindplane.data-metric.com + class: nginx + tls: + enable: true + secret: bindplane-tls + annotations: + cert-manager.io/issuer: letsencrypt + +config: + # Use the secret named "bindplane", which contains + # the license, username, password, secret_key, and sessions_secret. + # If you do not want to use a secret, see the comment below and + # disable this option. + licenseUseSecret: true + + # See the readme for information on how to create a secret + # that contains these values. If you do not with to use a + # secret, uncomment these options and set them. + # + # https://github.com/observIQ/bindplane-op-helm/tree/main?tab=readme-ov-file#secrets + # + #license: '' + #username: '' + #password: '' + #secret_key: '' + #sessions_secret: '' + + # Defaults to ws://bindplane.bindplane.svc.cluster.local:3001/v1/opamp, + # which is the bindplane namespace's bindplane service. This is suitable + # for connecting agents within the same cluster. We are using ingress + # so server_url needs to be updated to the ingress host. + # NOTE: server_url maps to bindplane's network.remoteURL option. + server_url: https://bindplane.data-metric.com + + +# Enables mutli account, allowing you to create +# multiple Tenants within the same BindPlane instance. +multiAccount: true + +# Fixed number of pods. BindPlane CPU usage is bursty, using +# a pod autoscaler can be tricky. Generally a fixed number +# of pods is recommended. +replicas: 7 + +resources: + # Allow cpu bursting by leaving limits.cpu unset + requests: + cpu: '1000m' + memory: '4096Mi' + limits: + memory: '4096Mi' + +# Node pools must be authenticated to Pub/Sub with one of the following options +# - Pub/Sub scope enabled +# - GKE Service Account with Pub/Sub permissions +# - Service Account key file and the GOOGLE_APPLICATION_CREDENTIALS environment variable set +# to the path of the key file. You can use extraVolumes, extraVolumeMounts, extraEnv to +# mount a configMap or secret containing the key file. +eventbus: + type: 'pubsub' + pubsub: + projectid: 'my-project' + topic: 'bindplane' + +backend: + type: postgres + postgres: + host: '34.23.43.29' + port: 5432 + database: 'bindplane' + username: 'your-username' + password: 'your-secure-password' + # Replicas * max connections should not exceed + # your Postgres instance's max connections. + # This option defaults to 100, which is too high + # for an environment with 7 replicas. + maxConnections: 10 + +transform_agent: + replicas: 2 + +# Prometheus is deployed and managed by the Helm chart. At scale +# it will require additional resources which can be set here. +prometheus: + resources: + requests: + cpu: '2000m' + memory: '8192Mi' + limits: + memory: '8192Mi' + storage: + volumeSize: '120Gi' + From c4b8ee37f0b7d39f20afe268426a2de62fcdf945 Mon Sep 17 00:00:00 2001 From: Joe Sirianni Date: Wed, 10 Apr 2024 14:42:50 -0400 Subject: [PATCH 2/2] use link to values file --- docs/example/gke/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/example/gke/README.md b/docs/example/gke/README.md index 07062865..e92e6440 100644 --- a/docs/example/gke/README.md +++ b/docs/example/gke/README.md @@ -38,7 +38,7 @@ kubectl -n bindplane create secret generic bindplane \ ## Configure -Edit the `values.yaml` file in this directory. +Edit the [values.yaml](./values.yaml) file in this directory. ### Ingress