diff --git a/content/deploy/install/keycloak.md b/content/deploy/install/keycloak.md index 83a254d27..5c6cec534 100644 --- a/content/deploy/install/keycloak.md +++ b/content/deploy/install/keycloak.md @@ -44,7 +44,7 @@ To create your Rhize realm, follow these steps. 1. In the side menu, select **Realm Settings**. 1. Enter the following values: | Field | value | - |--------------|-----------------------| + | ------------ | --------------------- | | Frontend URL | Keycloak frontend URL | | Require SSL | External requests | @@ -122,9 +122,9 @@ Create a client for the UI as follows: 1. Configure the **Access Settings**: - - **Root URL**: `.` without trailing slashes - - **Home URL**: `.` without trailing slashes - - **Web Origins**: `.` without trailing slashes + - **Root URL**: `` without trailing slashes + - **Home URL**: `` without trailing slashes + - **Web Origins**: `` without trailing slashes 1. Select **Next**, then **Save**. @@ -149,11 +149,11 @@ Create a client for the UI as follows: 1. Configure the **Access Settings**: - - **Root URL**: `.` without trailing slashes - - **Home URL**: `.` without trailing slashes + - **Root URL**: `` without trailing slashes + - **Home URL**: `` without trailing slashes - **Valid redirect URIs**: `/login/generic_oauth` without trailing slashes - **Valid post logout redirect URIs**: `+` without trailing slashes - - **Home URL**: `.` without trailing slashes + - **Home URL**: `` without trailing slashes 1. Select **Next**, then **Save**. @@ -162,22 +162,26 @@ Create a client for the UI as follows: The other services do not need authorization but do need client authentication. By default you need to add only the client ID. -For example, to create the BPMN engine client: +For example, to create the Workflow client: 1. In the side menu, select **Clients > create client**. -1. For **Client ID**, enter `{{< param application_name >}}Bpmn` +1. For **Client ID**, enter `{{< param application_name >}}Workflow` +1. **Name**: `{{< param brand_name >}} Workflow Engine` +1. **Description**: `{{< param brand_name >}} Workflow Engine` 1. Configure the **Capability config**: - **Client Authentication**: On 1. Select **Next**, then **Save**. -**Repeat this process for each of the following services:** +Repeat the preceding process for each of the following services with the corresponding values in the table. -| Client ID | Description | -|----------------------------------------|-----------------------| -| `{{< param application_name >}}Audit` | The audit log service | -| `{{< param application_name >}}Core` | The edge agent | -| `{{< param application_name >}}Router` | API router | +| Client ID | Name | Description | +| --------------------------------------- | --------------------------------------- | --------------------------- | +| `{{< param application_name >}}Agent` | {{< param brand_name >}} Agent | The agent data service | +| `{{< param application_name >}}Audit`* | {{< param brand_name >}} Audit Log | The audit log service | +| `{{< param application_name >}}ISA95` | {{< param brand_name >}} ISA-95 Model | The ISA-95 model service | +| `{{< param application_name >}}KPI`* | {{< param brand_name >}} KPI Calculator | The ISO22400 KPI calculator | +| `{{< param application_name >}}Router`* | {{< param brand_name >}} API Router | The API router | -Based on your architecture, repeat for any Libre Edge Agents, `{{< param application_name >}}Agent`. +*- Optional based on your architecture. ### Scope services @@ -197,31 +201,28 @@ To create a scope for your Rhize services, follow these steps: - **Display on consent screen**: `On` - **Include in token scope**: `On` 1. **Create**. -1. Select the **Mappers** tab, then **Configure new mapper**. Add an audience mapper for the DB client: - - **Mapper Type**: `Audience` - - **Name**: `{{< param db >}}AudienceMapper` - - **Include Client Audience**: `{{< param db >}}` - - **Add to ID Token**: `On` - - **Add to access token**: `On` -1. Repeat the preceding step for a mapper for the UI client: - - **Mapper Type**: `Audience` - - **Name**: `{{< param application_name >}}UIAudienceMapper` - - **Include Client Audience**: `{{< param application_name >}}UI` - - **Add to ID Token**: `On` - - **Add to access token**: `Off` -1. Repeat the preceding step for a mapper for the BPMN client: - - **Mapper Type**: `Audience` - - **Name**: `{{< param application_name >}}BPMNAudienceMapper` - - **Include Client Audience**: `{{< param application_name >}}Bpmn` - - **Add to ID Token**: `On` - - **Add to access token**: `On` -1. If using the Rhize Audit microservice, repeat the preceding step for an Audit scope and audience mapper: - - **Mapper Type**: `Audience` - - **Name**: `{{< param application_name >}}AuditAudienceMapper` - - **Include Client Audience**: - - **Included Custom Audience**: `audit` - - **Add to ID Token**: `On` - - **Add to access token**: `On` + +#### Create audience mappers +Select the **Mappers** tab, then **Configure new mapper**. Add an audience mapper for the DB client: + - **Mapper Type**: `Audience` + - **Name**: `{{< param db >}}AudienceMapper` + - **Include Client Audience**: `{{< param db >}}` + - **Add to ID Token**: `On` + - **Add to access token**: `On` + +Repeat the preceding process for each of the following services with the corresponding values in the table. + +| Name | Include Client Audience | ID Token | Access Token | +| ------------------------------------------------------ | ---------------------------------------- | :------: | :----------: | +| `{{< param application_name >}}AuditAudienceMapper`* | `audit`** | `On` | `On` | +| `{{< param application_name >}}AgentAudienceMapper` | `{{< param application_name >}}Agent` | `On` | `On` | +| `{{< param application_name >}}ISA95AudienceMapper` | `{{< param application_name >}}ISA95` | `On` | `On` | +| `{{< param application_name >}}KPIAudienceMapper`* | `{{< param application_name >}}KPI` | `On` | `On` | +| `{{< param application_name >}}UIAudienceMapper` | `{{< param application_name >}}UI` | `On` | `Off` | +| `{{< param application_name >}}WorkflowAudienceMapper` | `{{< param application_name >}}Workflow` | `On` | `On` | + +*- Optional based on your architecture.
+**- Included as a Custom Audience. #### Add services to the scope @@ -231,37 +232,30 @@ To create a scope for your Rhize services, follow these steps: 1. Select `{{< param application_name >}}ClientScope` from the list. 1. **Add > Default**. -Repeat this process for the `dashboard`, `{{< param application_name >}}UI`, `{{< param application_name >}}Bpmn`, `{{< param application_name >}}Core`, `{{< param application_name >}}Router`, `{{< param application_name >}}Audit` (if applicable). Based on your architecture repeat for any Libre Edge Agent clients. +Repeat the preceding process above for each of the following services: + +- `dashboard` +- `{{< param application_name >}}Audit`* +- `{{< param application_name >}}Agent` +- `{{< param application_name >}}ISA95` +- `{{< param application_name >}}KPI`* +- `{{< param application_name >}}Router`* +- `{{< param application_name >}}UI` +- `{{< param application_name >}}Workflow` + +*- Optional based on your architecture. ### Create roles and groups In Keycloak, _roles_ identify a category or type of user. _Groups_ are a common set of attributes for a set of users. -Rhize creates an `ADMIN` role and group. - -#### Add the admin realm role - -1. Select **Realm Roles**. Then **Create role**. -1. Enter the following values: - - Role name: `ADMIN` - - Description: `ADMIN` - 1. **Save**. - #### Add the Admin Group 1. In the left hand menu, select **Groups > Create group**. 1. Give the group a name like `{{< param application_name >}}AdminGroup`. 1. **Create**. -Now map a role. - -1. From the group list, select the group you just created. -1. Select the **Role mapping** tab. -1. Select **Assign Role** -1. Select `ADMIN`. -1. **Assign.** - #### Add the dashboard realm roles 1. Select **Realm Roles**, and then **Create role**. @@ -302,7 +296,7 @@ Now map the scope: 1. In the left hand menu, select **Clients**, and then `dashboard`. 1. Select the **Client scopes** tab. 1. **Add client scope**. -1. Select `groups` and `{{< param application_name >}}ClientScope`. +1. Select `groups`. 1. **Add Default**. ### Add Client Policy @@ -312,8 +306,8 @@ Rhize requires authorization for the database service. 1. In the left hand menu, select **Clients**, and then `{{< param db >}}`. 1. Select the **Authorization** tab. -1. Select **Policies > Create Policy** -1. Select **Group > Create Policy**. +1. Select the **Policies** subtab. +1. Select **Create Policy > Group**. 1. Name the policy `{{< param application_name >}}AdminGroupPolicy`. 1. Select **Add Groups**. 1. Select `{{< param application_name >}}AdminGroup`. @@ -340,43 +334,18 @@ Now create a user password: 1. For **Temporary**, choose `Off`. 1. **Save**. -Repeat this process for the following accounts: - -- Audit: - - **Username**: `{{< param application_name >}}Audit@{{< param domain_name >}}` - - **Email**: `{{< param application_name >}}Audit@{{< param domain_name >}}` - - **Email Verified**: `On` - - **First name**: `Audit` - - **Last name**: `{{< param brand_name >}}` - - **Join Groups**: `{{< param application_name >}}AdminGroup` -- Core: - - **Username**: `{{< param application_name >}}Core@{{< param domain_name >}}` - - **Email**: `{{< param application_name >}}Core@{{< param domain_name >}}` - - **Email Verified**: `On` - - **First name**: `Core` - - **Last name**: `{{< param brand_name >}}` - - **Join Groups**: `{{< param application_name >}}AdminGroup` -- BPMN - - **Username**: `{{< param application_name >}}Bpmn@{{< param domain_name >}}` - - **Email**: `{{< param application_name >}}Bpmn@{{< param domain_name >}}` - - **Email Verified**: `On` - - **First name**: `Bpmn` - - **Last name**: `{{< param brand_name >}}` - - **Join Groups**: `{{< param application_name >}}AdminGroup` -- Router - - **Username**: `{{< param application_name >}}Router@{{< param domain_name >}}` - - **Email**: `{{< param application_name >}}Router@{{< param domain_name >}}` - - **Email Verified**: `On` - - **First name**: `Router` - - **Last name**: `{{< param brand_name >}}` - - **Join Groups**: `{{< param application_name >}}AdminGroup` -- Agent - - **Username**: `{{< param application_name >}}Agent@{{< param domain_name >}}` - - **Email**: `{{< param application_name >}}Agent@{{< param domain_name >}}` - - **Email Verified**: `On` - - **First name**: `Agent` - - **Last name**: `{{< param brand_name >}}` - - **Join Groups**: `{{< param application_name >}}AdminGroup` +Repeat the preceding process for each of the following services with the corresponding values in the table. + +| Username | First name | +| ------------------------------------------------------------------ | ---------- | +| `{{< param application_name >}}Audit@{{< param domain_name >}}`* | Audit | +| `{{< param application_name >}}Agent@{{< param domain_name >}}` | Agent | +| `{{< param application_name >}}ISA95@{{< param domain_name >}}` | ISA95 | +| `{{< param application_name >}}KPI@{{< param domain_name >}}`* | KPI | +| `{{< param application_name >}}Router@{{< param domain_name >}}`* | Router | +| `{{< param application_name >}}Workflow@{{< param domain_name >}}` | Workflow | + +*- Optional based on your architecture. ### Enable Keycloak Audit Trail diff --git a/content/deploy/install/services.md b/content/deploy/install/services.md index 77debd977..160c7caba 100644 --- a/content/deploy/install/services.md +++ b/content/deploy/install/services.md @@ -32,6 +32,7 @@ Common values that are changed include: ## Get client secrets. 1. Go to Keycloak and get the secrets for each client you've created. + 1. Create Kubernetes secrets for each service. You can either create a secret file, or pass raw data from the command line. {{< callout type="caution" >}} @@ -43,14 +44,12 @@ Common values that are changed include: ```bash kubectl create secret generic {{< param application_name >}}-client-secrets \ - -n {{< param application_name >}} --from-literal=dashboard=}}Agent=123 \ - --from-literal={{< param application_name >}}Audit=123 \ - --from-literal={{< param application_name >}}Baas=KYbMHlRLhXwiDNFuDCl3qtPj1cNdeMSl \ - --from-literal={{< param application_name >}}BPMN=123 \ - --from-literal={{< param application_name >}}Core=123 \ - --from-literal={{< param application_name >}}UI=123 \ - --from-literal=router=123 + -n {{< param application_name >}} \ + --from-literal=dashboard=G4hoxIL37F5S9DQgeDYGQejcJ6oJhOPA \ + --from-literal={{< param application_name >}}Workflow=GTy1x64U0IHAUTWizugEAnN47a9kWgX8 \ + --from-literal={{< param application_name >}}ISA95=Yvtx1tZWCPFayvDCzHTTInEz9gnuLyLc \ + --from-literal={{< param application_name >}}Baas=KYbMHlRLhXwiDNFuDCl3qtPj1cNdeMSl \ + --from-literal={{< param application_name >}}UI=54yUQqmvgcxoKPaIbPZTQGlEs8Xu2qH0 ``` As you install services through Helm, their respective YAML files reference these secrets. @@ -62,7 +61,8 @@ You must add the helm chart repository for Rhize. 1. Add the Helm Chart Repository ```bash - helm repo add libre https://gitlab.com/api/v4/projects/42214456/packages/helm/stable + helm repo add {{< param application_name >}} https://gitlab.com/api/v4/projects/42214456/packages/helm/stable + helm repo update ``` ## Install and add roles for the DB {#db} @@ -87,23 +87,21 @@ If enabling the Audit Trail, also the include the configuration in [Enable chang All statuses should be `RUNNING`. - 1. Return to the Keycloak UI and add all `{{< param application_name >}}` roles to the admin group. 1. Proxy the `http:8080` port on `{{< param application_name >}}-baas-dgraph-alpha`. - ``` - kubectl port-forward -n libre pod/baas-baas-alpha-0 8080:8080 + ```bash + kubectl port-forward -n {{< param application_name >}} pod/baas-baas-alpha-0 8080:8080 ``` 1. Get a token using the credentials. With `curl`, it looks like this: ```bash - curl --location --request POST 'https://- - auth.{{< param application_name >}}/realms/{{< param application_name >}}/protocol/openid-connect/token' \ + curl --location --request POST '/realms/{{< param application_name >}}/protocol/openid-connect/token' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data-urlencode 'grant_type=password' \ - --data-urlencode 'username=system@{{< param application_name >}}.com' \ + --data-urlencode 'username=' \ --data-urlencode 'password=' \ --data-urlencode 'client_id={{< param application_name >}}Baas' \ --data-urlencode 'client_secret=' @@ -112,7 +110,7 @@ If enabling the Audit Trail, also the include the configuration in [Enable chang 1. Post the schema: ```bash - curl --location --request POST 'http://localhost:/admin/schema' \ + curl --location --request POST '/admin/schema' \ --header 'Authorization: Bearer ' \ --header 'Content-Type: application/octet-stream' \ --data-binary '@' @@ -120,7 +118,7 @@ If enabling the Audit Trail, also the include the configuration in [Enable chang This creates more roles. -1. Go to Keycloak UI and add all new {{< param db >}} roles to the `ADMIN` group. +1. Go to Keycloak UI and add all new {{< param db >}} roles to the `libreAdminGroup`. If the install is successful, the Keycloak UI is available on its [default port]({{< relref "../../reference/default-ports" >}}). @@ -148,166 +146,250 @@ helm install \ For the full configuration options, read the official [Helm `install` reference](https://helm.sh/docs/helm/helm_install/). - -### NATS {#nats} - +### Redpanda + +Rhize uses Redpanda to buffer requests to Restate and connect to Agent. + +Install Redpanda with these steps: +1. If the Redpanda repository doesn't exist, add it: -[NATS](https://nats.io) is the message broker that powers Rhize's event-driven architecture. + ```bash + helm repo add redpanda https://charts.redpanda.com + helm repo update + ``` -Install NATS with these steps: +1. Modify the Redpanda Helm overrides as needed. -1. Modify the NATS Helm file with your code editor. Edit any necessary overrides. 1. Install with Helm: + ```bash + helm install redpanda -f redpanda.yaml redpanda/redpanda -n {{< param application_name >}} ``` - helm install nats -f nats.yaml {{< param application_name >}}/nats -n {{< param application_name >}} - ``` +### Alloy + +Install Alloy with these steps: -### Tempo +1. If the Grafana repository doesn't exist, add it: -Rhize uses [Tempo](https://grafana.com/oss/tempo/) to trace BPMN processes. + ```bash + helm repo add grafana https://grafana.github.io/helm-charts + helm repo update + ``` -Install Tempo with these steps: +1. Modify the Alloy Helm overrides as needed. -1. If it doesn't exist, add the Tempo repository: +1. Install with Helm: ```bash - helm repo add grafana https://grafana.github.io/helm-charts + helm install alloy -f alloy.yaml grafana/alloy -n {{< param application_name >}} ``` -1. Modify the Helm file as needed. +### Grafana LGTM + +Grafana LGTM includes Tempo and Grafana. Rhize uses [Tempo](https://grafana.com/oss/tempo/) to trace BPMN processes. + +Install Grafana LGTM with these steps: + +1. Modify the Grafana LGTM Helm overrides as needed. + 1. Install with Helm: ```bash - helm install tempo -f tempo.yaml grafana/tempo -n {{< param application_name >}} + helm install lgtm-distributed -f lgtm-distributed.yaml grafana/lgtm-distributed -n {{< param application_name >}} ``` -### Core +If the install is successful, the Grafana service is available on its +[default port]({{< relref "../../reference/default-ports" >}}). + +### Restate -The {{< param brand_name >}} Core service is the custom edge agent that monitors data sources, like OPC-UA servers, and publishes and subscribes topics to NATS. +Rhize uses Restate as a platform for orchestrating other services. -> **Requirements**: Core requires the [{{< param db >}}](#db) and [NATS](#nats) services. +Install Restate with these steps: -Install the Core agent with these steps: +1. Modify the Restate Helm overrides as needed. -1. In the `core.yaml` Helm file, edit the `clientSecret` and `password` with settings from the Keycloak client. -1. Override any other values, as needed. 1. Install with Helm: ```bash - helm install core -f core.yaml {{< param application_name >}}/core -n {{< param application_name >}} + helm install restate -f restate.yaml oci://ghcr.io/restatedev/restate-helm -n {{< param application_name >}} ``` -### BPMN +So that you can register certain services with Restate, proxy the Restate port: + + ```bash + kubectl port-forward -n {{< param application_name >}} pod/restate-0 9070:9070 + ``` + +### Workflow -The BPMN service is the custom engine Rhize uses to process low-code workflows modeled in the BPMN UI. +The Workflow service is the custom engine Rhize uses to process low-code workflows modeled in the Workflow UI. -> **Requirements**: The BPMN service requires the [{{< param db >}}](#db), [NATS](#nats), and [Tempo](#tempo) services. +> **Requirements**: The Workflow service requires the [{{< param db >}}](#db), [Restate](#restate), and [Tempo](#tempo) services. -Install the BPMN engine with these steps: +Install Workflow with these steps: + +1. Modify the Workflow Helm overrides as needed. -1. Open `bpmn.yaml` Update the `clientSecret` and `password` for your BPMN Keycloak credentials. -1. Modify any other values, as needed. 1. Install with Helm: ```bash - helm install bpmn -f bpmn.yaml {{< param application_name >}}/bpmn -n {{< param application_name >}} + helm install workflow -f workflow.yaml {{< param application_name >}}/workflow -n {{< param application_name >}} ``` -### Router +1. When the Workflow service starts, it should register with Restate. Verify this with: + + ```bash + curl localhost:9070/deployments | jq '.deployments[].uri' + ``` + + This will show the URL of each registered service. If Workflow's URL is not present, register it with: + + ```bash + curl --location 'http://localhost:9070/deployments' \ + --header 'Content-Type: application/json' \ + --data '{"uri":"http://workflow.{{< param application_name >}}.svc.cluster.local:29080", "force":true}' + ``` -Rhize uses the [Apollo router](https://www.apollographql.com/docs/router) to unite queries for different services in a single endpoint. +### Typescript Host Service -> **Requirements:** Router requires the [GraphDB](#db), [BPMN](#bpmn), and [Core](#core) services. +Install Typescript Host Service with these steps: -Install the router with these steps: +1. Modify the Typescript Host Service Helm overrides as needed. -1. Modify the router Helm YAML file as needed. 1. Install with Helm: + ```bash + helm install typescript-host-service -f typescript-host-service.yaml {{< param application_name >}}/typescript-host-service -n {{< param application_name >}} + ``` + +1. When the Typescript Host Service starts, it should register with Restate. Verify this with: + ```bash - helm install router -f router.yaml {{< param application_name >}}/router -n {{< param application_name >}} + curl localhost:9070/deployments | jq '.deployments[].uri' ``` -If the install is successful, the Router explorer is available on its -[default port]({{< relref "../../reference/default-ports" >}}). + This will show the URL of each registered service. If Typescript Host Service's URL is not present, register it with: + + ```bash + curl --location 'http://localhost:9070/deployments' \ + --header 'Content-Type: application/json' \ + --data '{"uri":"http://typescript-host-service.{{< param application_name >}}.svc.cluster.local:9081", "force":true}' + ``` -### Grafana +### QuestDB -Rhize uses [Grafana](https://grafana.com) for its dashboard to monitor real time data. +QuestDB is used by Rhize to store timeseries data, however it can be substitude for another historian. -Install Grafana with these steps: +Install QuestDB with these steps: -1. Modify the Grafana Helm YAML file as needed. +1. If it doesn't exist, add the QuestDB repository: -1. Add the Helm repository ```bash - helm repo add grafana https://grafana.github.io/helm-charts + helm repo add questdb https://helm.questdb.io/ + helm repo update ``` +1. Modify the QuestDB Helm overrides as needed. + 1. Install with Helm: ```bash - helm install grafana -f grafana.yaml grafana/grafana -n {{< param application_name >}} + helm install questdb -f questdb.yaml questdb/questdb -n {{< param application_name >}} ``` -If the install is successful, the Grafana service is available on its -[default port]({{< relref "../../reference/default-ports" >}}). +### ISA-95 -### Agent +Install ISA-95 with these steps: -The Rhize agent bridges your plant processes with the Rhize data hub. -It collects data emitted from the plant and publishes it to the NATS message broker. +1. Modify the ISA-95 Helm overrides as needed. + +1. Install with Helm: + + ```bash + helm install isa95 -f isa95.yaml {{< param application_name >}}/isa95 -n {{< param application_name >}} + ``` -> **Requirements:** Agent requires the [Graph DB](#db), [Nats](#nats), and [Tempo](#tempo) services. +1. When the ISA-95 service starts, it should register with Restate. Verify this with: -Install the agent with these steps: + ```bash + curl localhost:9070/deployments | jq '.deployments[].uri' + ``` -1. Modify the Agent Helm file as needed. -2. Install with Helm: + This will show the URL of each registered service. If ISA-95's URL is not present, register it with: ```bash - helm install agent -f agent.yaml libre/agent -n {{< param application_name >}} + curl --location 'http://localhost:9070/deployments' \ + --header 'Content-Type: application/json' \ + --data '{"uri":"http://isa95.{{< param application_name >}}.svc.cluster.local:29080", "force":true}' ``` -## Install UI +## Install Admin UI -The UI is the graphical frontend to [handle events]({{< relref "../../how-to/bpmn" >}}) and [define work masters]({{< relref "../../how-to/model" >}}). +The Rhize agent bridges your plant processes with the Rhize data hub. + +The Admin UI is the graphical frontend to [handle events]({{< relref "/how-to/bpmn" >}}) and [define work masters]({{< relref "/how-to/model" >}}). -> **Requirements:** The UI requires the [GraphDB](#db), [BPMN](#bpmn), [Core](#core), and [Router](#router) services. +> **Requirements:** The Admin UI requires the [Workflow](#workflow) services. After installing all other services, install the UI with these steps: -1. Forward the port from the Router API. -1. Open the UI Helm file. Update the `envVars` object with settings from the UI Keycloak client. -1. Modify any other values, as needed. +1. Modify the UI Helm overrides as needed. + 1. Install with Helm: ```bash - helm install ui -f ui-overrides.yaml {{< param application_name >}}/admin-ui -n {{< param application_name >}} + helm install admin-ui -f admin-ui.yaml {{< param application_name >}}/admin-ui -n {{< param application_name >}} ``` If the install is successful, the UI is available on its -[default port]({{< relref "../../reference/default-ports" >}}). +[default port]({{< ref "default-ports" >}}). + +### Agent + +The Rhize agent bridges your plant processes with the Rhize data hub. +It collects data emitted from the plant and publishes it to the message broker. + +> **Requirements:** Agent requires the [Graph DB](#db), [Tempo](#tempo), Redpanda, and an event broker service to communicate with. + +Install Agent with these steps: + +1. Modify the Agent Helm overrides as needed. + +1. In the Rhize UI, add a Data Source for Agent to interact with: + - In the lefthand menu, open **Master Data > Data Sources > + Create Data Source**. + - Input a name for the Data Source. + - Add a Connection String and Create. + - Add any relevant Topics. + - Activate the Data Source. + +1. Install with Helm: + + ```bash + helm install agent -f agent.yaml {{< param application_name >}}/agent -n {{< param application_name >}} + ``` + +To verify that Agent is working, check the Redpanda UI. -## Optional: Audit Trail service +## Optional Services +### Audit Trail -The Rhize [Audit]({{< relref "../../how-to/audit" >}}) service provides an audit trail for database changes to install. The Audit service uses PostgreSQL for storage. +The Rhize [Audit]({{< relref "/how-to/audit" >}}) service provides an audit trail for database changes. The Audit service uses PostgreSQL for storage. -Install Audit Service with these steps: +Install Audit with these steps: 1. Modify the Audit trail Helm YAML file. It is *recommended* to change the PostgreSQL username and password values. -2. Install with Helm: +1. Install with Helm: ```bash - helm install audit -f audit.yaml libre/audit -n {{< param application_name >}} + helm install audit -f audit.yaml {{< param application_name >}}/audit -n {{< param application_name >}} ``` -3. Create partition tables in the PostgreSQL database: +1. Create partition tables in the PostgreSQL database: ```sql create table public.audit_log_partition( like public.audit_log ); @@ -316,7 +398,7 @@ Install Audit Service with these steps: For details about maintaining the Audit trail, read [Archive the PostgresQL Audit trail]({{< relref "../maintain/audit/" >}}). -### Enable change data capture +#### Enable change data capture The Audit trail requires [change data capture (CDC)]({{< relref "../../how-to/publish-subscribe/track-changes" >}}) to function. To enable CDC in {{< param application_name >}} BAAS, include the following values for the Helm chart overrides: @@ -332,123 +414,61 @@ alpha: replicas: 1 ``` -### Enable Audit subgraph - -To use the Audit trail in the UI, you must add the Audit trail subgraph into the router. To enable router to use and compose the subgraph: +### KPI -1. Update the Router Helm chart overrides, `router.yaml`, to include: +The Rhize KPI service is a GraphQL service which calcualtes ISO22400 KPIs using timseries tables. -```yaml -# Add Audit to the router subgraph url override -router: - configuration: - override_subgraph_url: - AUDIT: http://audit:8084/query - -# If supergraph compose is enabled -supergraphCompose: - supergraphConfig: - subgraphs: - AUDIT: - routing_url: http://audit:8084/query - schema: - subgraph_url: http://audit:8084/query -``` +Install KPI with these steps: -2. Update the Router deployment +1. Modify the KPI Helm overrides as needed. -```shell -$ helm upgrade --install router -f router.yaml {{< param application_name >}}/router -n {{< param application_name >}} -``` +1. Install with Helm: -## Optional: calendar service + ```bash + helm install kpi -f kpi.yaml {{< param application_name >}}/kpi -n {{< param application_name >}} + ``` -The [{{< param brand_name >}} calendar service]({{< relref "../../how-to/work-calendars">}}) monitors work calendar definitions and creates work calendar entries in real time, both in the [Graph](#db) and time-series databases. +### Solace -> **Requirements:** The calendar service requires the [GraphDB](#db), [Keycloak](#keycloak), and [NATS](#nats) services. +Solace is an event broker that can be used alongside Agent, though it can be substituted for any other event broker. -{{% callout type="info" %}} -The work calendar requires a time-series DB installed such as [InfluxDB](https://influxdata.com/), [QuestDB](https://questdb.io) or [TimescaleDB](https://www.timescale.com/). The following instructions are specific to QuestDB. -{{% /callout %}} +1. Add the Solace Charts Helm repo. -Install the calendar service with these steps: + ```bash + helm repo add solacecharts https://solaceproducts.github.io/pubsubplus-kubernetes-helm-quickstart/helm-charts + helm repo update + ``` -1. Create tables in the time series. For example: +1. Modify the Solace Helm overrides as needed. +1. Install with Helm: - ```sql - CREATE TABLE IF NOT EXISTS PSDT_POT( - EquipmentId SYMBOL, - EquipmentVersion STRING, - WorkCalendarId STRING, - WorkCalendarIid STRING, - WorkCalendarDefinitionId STRING, - WorkCalendarDefinitionEntryId STRING, - WorkCalendarDefinitionEntryIid STRING, - WorkCalendarEntryId STRING, - WorkCalendarEntryIid SYMBOL, - HierarchyScopeId STRING, - EntryType STRING, - ISO22400CalendarState STRING, - isDeleted boolean, - updatedAt TIMESTAMP, - time TIMESTAMP, - lockerCount INT, - lockers STRING - ) TIMESTAMP(time) PARTITION BY month - DEDUP UPSERT KEYS(time, EquipmentId, WorkCalendarEntryIid); - - CREATE TABLE IF NOT EXISTS PDOT_PBT( - EquipmentId SYMBOL, - EquipmentVersion STRING, - WorkCalendarId STRING, - WorkCalendarIid STRING, - WorkCalendarDefinitionId STRING, - WorkCalendarDefinitionEntryId STRING, - WorkCalendarDefinitionEntryIid STRING, - WorkCalendarEntryId STRING, - WorkCalendarEntryIid SYMBOL, - HierarchyScopeId STRING, - EntryType STRING, - ISO22400CalendarState STRING, - isDeleted boolean, - updatedAt TIMESTAMP, - time TIMESTAMP, - lockerCount INT, - lockers STRING - ) TIMESTAMP(time) PARTITION BY month - DEDUP UPSERT KEYS(time, EquipmentId, WorkCalendarEntryIid); - - CREATE TABLE IF NOT EXISTS Calendar_AdHoc( - EquipmentId SYMBOL, - EquipmentVersion STRING, - WorkCalendarId STRING, - WorkCalendarIid STRING, - WorkCalendarDefinitionId STRING, - WorkCalendarDefinitionEntryId STRING, - WorkCalendarDefinitionEntryIid STRING, - WorkCalendarEntryId STRING, - WorkCalendarEntryIid SYMBOL, - HierarchyScopeId STRING, - EntryType STRING, - ISO22400CalendarState STRING, - isDeleted boolean, - updatedAt TIMESTAMP, - time TIMESTAMP, - lockerCount INT, - lockers STRING - ) TIMESTAMP(time) PARTITION BY month - DEDUP UPSERT KEYS(time, EquipmentId, WorkCalendarEntryIid); + ```bash + helm install solace -f solace.yaml solacecharts/pubsubplus -n {{< param application_name >}} ``` -1. Modify the calendar YAML file as needed. +> [!NOTE] +> Solace can be installed in high availability by using `pubsubplus-ha` instead of `pubsubplus`. +> See detailed instructions on [github](https://github.com/SolaceProducts/pubsubplus-kubernetes-helm-quickstart). + +### Apollo Router + +While Rhize provides a built in GraphQL Playground using Apollo's Sandobx, [Apollo Router](https://www.apollographql.com/docs/router) can be installed to unite queries for different services in a single endpoint outside of Rhize's interface. -1. Deploy with helm +> **Requirements:** Router requires the [GraphDB](#db) service. + +Install Router with these steps: + +1. Modify the Router Helm overrides as needed. + +1. Install with Helm: ```bash - helm install calendar-service -f calendar-service.yaml {{< param application_name >}}/calendar-service -n {{< param application_name >}} + helm install router -f router.yaml {{< param application_name >}}/router -n {{< param application_name >}} ``` +If the install is successful, the Router explorer is available on its [default port]({{< relref "../../reference/default-ports" >}}). + ## Optional: change service configuration The services installed in the previous step have many parameters that you can configure for your performance and deployment requirements. diff --git a/content/deploy/install/setup-kubernetes.md b/content/deploy/install/setup-kubernetes.md index 355d10f15..6b2b3d667 100644 --- a/content/deploy/install/setup-kubernetes.md +++ b/content/deploy/install/setup-kubernetes.md @@ -62,20 +62,20 @@ Then, follow these steps. ```bash helm repo add \ - --username \ - --password \ - {{< param application_name >}} \ - + --username \ + --password \ + {{< param application_name >}} \ + https://gitlab.com/api/v4/projects/42214456/packages/helm/stable ``` - 1. Create the container image pull secret: ```bash - kubectl create secret docker-registry {{< param application_name >}}-registry-credential \ + kubectl create secret docker-registry {{< param application_name >}} + --registry-credential \ --docker-server= \ ## the repository - --docker-password= \ - --docker-email= + --docker-password= \ + --docker-email= ``` Confirm the secrets with this command: @@ -84,7 +84,6 @@ Then, follow these steps. kubectl get secrets ``` - 1. Add the Bitnami Helm repository: ```bash @@ -96,13 +95,13 @@ Then, follow these steps. 1. Update overrides to `keycloak.yaml`. Then install with this command: ```bash - helm install keycloak -f ./keycloak.yaml bitnami/keycloak -n libre + helm install keycloak -f ./keycloak.yaml bitnami/keycloak -n {{< param application_name >}} ``` -1. Set up port forwarding from Keycloak. For example, this forwards traffic to port `5101` on `localhost` +1. Set up port forwarding from Keycloak. For example, this forwards traffic to port `5101` on `localhost`: ```bash - kubectl port-forward svc/keycloak 5101:80 + kubectl port-forward svc/keycloak 5101:80 ``` ## Next steps