IraCPA with IraCluster installation (k3s)

1. Install Helm if it is not installed 

verify if helm is installed using :

Check this link to install helm https://helm.sh/docs/intro/install/, else you can run the below commands to install helm.

2. Generating Nkeys (Nats Keys)

Create NKeys (required for authentication in NATS)

You need to generate two pairs of nkeys, one for the normal user and one for the system user. The system user is used by iracluster, whereas, rest of the applications use the normal user for authentication.

To generate nkeys, go to this link and download the package that is relevant to your operating system

https://github.com/nats-io/nkeys/releases/tag/v0.4.7

Example,

Go to the above link and download nkeys-v0.4.7-linux-amd64.zip, unpack the zip and you will find the nk binary which you can copy to /usr/local/bin 

Then, execute the below command to generate pair of nkeys

We need to execute the above command twice, once for a pair of keys for system user and another for normal user.

The string starting from S is the seed key and starting from U is the public key.

Set one pair for nats_public_key, nats_seed_key and the other pair for sys_nats_public_key and sys_nats_seed_key in the later steps.

For more information on nkeys, check this link https://docs.nats.io/running-a-nats-service/configuration/securing_nats/auth_intro/nkey_auth

3. Download the required JSON files

For the kubernetes components installation we need to have json files ready.

They can be downloaded from this URL. 

4. Editing the JSON files

Make sure to edit the common_config.json with the correct nkeys, nats_url and correct cluster-id.  format for nats url is nats://<nats-url public-ip>:4222

Also make sure to edit the irapca.json and put the tenant-id and external ip of the host machine there.

As of now 4222 port does not exist since NATS is not installed yet. This will be done in step 7 of this manual

The cluster_id is equivalent to unique_hive_name in the older deployments. This can be created in license.epicode.in.

5.Installation of kubernetes

curl -sfL https://get.k3s.io | K3S_KUBECONFIG_MODE="644" sh -s - sudo systemctl start k3s sudo systemctl status k3s sudo systemctl enable k3s export KUBECONFIG=/etc/rancher/k3s/k3s.yaml

6. Download the YAML files

 Download the yamls file zip and extract it to the home directory of the machine.

Make sure to add the correct NATS System key and NATS Normal Key in nats-values.yaml file

7. Apply the Yaml files.

Note: The ingress routes and the persistent volumes may have to be changed based on the deployment Kubernetes environment.

Run the following commands in the yamls folder which you downloaded

8. Verifying the installation

After running the script, please follow these steps to verify that all pods are running correctly:

Verify Pod Status: To ensure that all your Kubernetes components have been deployed successfully and your pods are running as expected. Run the following command 

Verify Service (SVC) Status

In addition to pods, you should verify that the services (SVC) are correctly deployed and running. Run the following command to list all services

Check the logs in /var/log/epi/k8s and make sure irapass log file has acquired the license in it.

This command will display all services in the current namespace with services with the ClusterIP, NodePort, or LoadBalancer type, based on how they are configured. Ensure the services are assigned an external IP or cluster IP.

Check for Additional Resources

You can also check the status of other Kubernetes resources such as deployments, replicasets, or daemonsets to ensure everything is running smoothly: