Install KubeRocketCIβοΈ
Inspect the main steps to install EPAM Delivery Platform. Please check the Prerequisites Overview page before starting the installation. Also to authenticate each of the release artifacts, please refer to the Verification of EDP Artifacts guide. There are two recommended ways to deploy EPAM Delivery Platform:
- Using Helm (see below);
- Using Argo CD GitOps approach;
- Using AWS Marketplace.
Note
The installation process below is given for a Kubernetes cluster. The steps that differ for an OpenShift cluster are indicated in the notes.
Disclaimer
KubeRocketCI is aligned with industry standards for storing and managing sensitive data, ensuring optimal security. However, the use of custom solutions introduces uncertainties, thus the responsibility for the safety of your data is totally covered by platform administrator.
-
KubeRocketCI manages secrets via External Secret Operator to integrate with a multitude of utilities. For insights into the secrets in use and their utilization, refer to the provided External Secrets Operator Integration.
-
Create the edp namespace.
Note
For an OpenShift cluster, run the
occommand instead of thekubectlone. -
(Optional) Deploy and configure Keycloak to enable Single Sign-On approach. To see the details on how to configure Keycloak correctly, please refer to the Install Keycloak page.
-
Add the Helm charts repository:
-
Choose the required Helm chart version:
helm search repo epamedp/edp-install NAME CHART VERSION APP VERSION DESCRIPTION epamedp/edp-install 3.9.0 3.9.0 A Helm chart for EDP InstallNote
It is highly recommended to use the latest released version.
-
KubeRocketCI can be integrated with the following version control systems:
This integration implies in what system the development of the application will be or is already being carried out. The
global.gitProvidersflag in the edp-install controls this integration:Global VCS configuration (can be multimple values):
Tekton event listner configuration:
values.yaml... edp-tekton: gitServers: gerrit: eventListener: enabled: true ingress: enabled: false resources: limits: cpu: 500m memory: 128Mi requests: cpu: 50m memory: 64Mi gitProvider: gerrit gitUser: edp-ci host: gerrit.edp nameSshKeySecret: gerrit-ciuser-sshkey quickLink: host: gerrit.example.com sshPort: <gerrit_port> webhook: skipWebhookSSLVerification: false ...Internal Gerrit server can be deployed as a result of EDP deployment when the Gerrit is selected. For more details on how to integrate EDP with GitLab or GitHub instead of Gerrit, please refer to the Integrate GitHub/GitLab in Tekton page.
-
(Optional) Integrate platform with SonarQube:
- External SonarQube - any SonarQube that is installed separately from EDP. For example, SonarQube that is installed using edp-cluster-add-ons or another public SonarQube server. For more details on how EDP recommends to configure SonarQube to work with the platform, please refer to the SonarQube Integration page.
- Internal SonarQube - SonarQube that is installed along with KubeRocketCI.
-
(Optional) Integrate platform with Nexus:
- External Nexus - any Nexus that is installed separately from KubeRocketCI. For example, Nexus that installed using edp-cluster-add-ons or another public Nexus server. For more details on how KubeRocketCI recommends to configure Nexus to work with the platform, please refer to the Nexus Sonatype Integration page.
- Internal Nexus - Nexus that is installed along with KubeRocketCI.
-
(Optional) Configure Container Registry for image storage.
Since KubeRocketCI v3.4.0, we enabled users to configure Harbor registry instead of AWS ECR and Openshift-registry. We recommend installing Harbor using our edp-cluster-add-ons although you can install it any other way. To integrate KubeRocketCI with Harbor, see Harbor integration page.
To enable Harbor as a registry storage, use the values below:
-
Check the parameters in the KubeRocketCI installation chart. For details, please refer to the values.yaml file.
-
Install KubeRocketCI in the edp namespace with the Helm tool:
helm install edp epamedp/edp-install --wait --timeout=900s \ --version <edp_version> \ --values values.yaml \ --namespace edpSee the details on the parameters below:
Example values.yaml fileglobal: # -- platform type that can be either "kubernetes" or "openshift" platform: "kubernetes" # DNS wildcard for routing in the Kubernetes cluster; dnsWildCard: "example.com" # -- Administrators of your tenant # -- Can be gerrit, github or gitlab. By default: github gitProviders: - github dockerRegistry: # -- Docker Registry endpoint url: "<AWS_ACCOUNT_ID>.dkr.ecr.<AWS_REGION>.amazonaws.com" type: "ecr" sso: enabled: false # Keycloak address with which the platform will be integrated keycloakUrl: "https://keycloak.example.com" admins: - "stub_user_one@example.com" developers: - "stub_user_one@example.com" - "stub_user_two@example.com" # AWS Region, e.g. "eu-central-1" awsRegion: edp-tekton: # Tekton Kaniko configuration section kaniko: # -- AWS IAM role to be used for kaniko pod service account (IRSA). Format: arn:aws:iam::<AWS_ACCOUNT_ID>:role/<AWS_IAM_ROLE_NAME> roleArn: gitServers: github: gitProvider: github host: github.com webhook: skipWebhookSSLVerification: false eventListener: enabled: true resources: requests: memory: "64Mi" cpu: "50m" limits: memory: "128Mi" cpu: "500m" ingress: enabled: true edp-headlamp: config: oidc: enabled: falseNote
Set
global.platform=openshiftwhile deploying KubeRocketCI in OpenShift.Info
The full installation with integration between tools will take at least 10 minutes.
-
To check if the installation is successful, run the command below:
You can also check ingress endpoints to enter KubeRocketCI user interface:
-
Once KubeRocketCI is successfully installed, you can navigate to our Use Cases to try out KubeRocketCI functionality.