From 00c3664a046461b372a76c014dde08ecb700bd01 Mon Sep 17 00:00:00 2001 From: Jarod Wilson Date: Mon, 3 Mar 2025 15:08:27 -0800 Subject: [PATCH 01/11] feat: updated install pages for v4 installation --- content/deploy/install/keycloak.md | 131 ++++----- content/deploy/install/services.md | 309 +++++++++------------ content/deploy/install/setup-kubernetes.md | 23 +- 3 files changed, 195 insertions(+), 268 deletions(-) diff --git a/content/deploy/install/keycloak.md b/content/deploy/install/keycloak.md index 87f51b343..454983ba6 100644 --- a/content/deploy/install/keycloak.md +++ b/content/deploy/install/keycloak.md @@ -44,7 +44,7 @@ To create your Rhize realm, follow these steps. 1. In the side menu, select **Realm Settings**. 1. Enter the following values: | Field | value | - |--------------|-----------------------| + | ------------ | --------------------- | | Frontend URL | Keycloak frontend URL | | Require SSL | External requests | @@ -122,9 +122,9 @@ Create a client for the UI as follows: 1. Configure the **Access Settings**: - - **Root URL**: `.` without trailing slashes - - **Home URL**: `.` without trailing slashes - - **Web Origins**: `.` without trailing slashes + - **Root URL**: `` without trailing slashes + - **Home URL**: `` without trailing slashes + - **Web Origins**: `` without trailing slashes 1. Select **Next**, then **Save**. @@ -149,11 +149,11 @@ Create a client for the UI as follows: 1. Configure the **Access Settings**: - - **Root URL**: `.` without trailing slashes - - **Home URL**: `.` without trailing slashes + - **Root URL**: `` without trailing slashes + - **Home URL**: `` without trailing slashes - **Valid redirect URIs**: `/login/generic_oauth` without trailing slashes - **Valid post logout redirect URIs**: `+` without trailing slashes - - **Home URL**: `.` without trailing slashes + - **Home URL**: `` without trailing slashes 1. Select **Next**, then **Save**. @@ -162,22 +162,20 @@ Create a client for the UI as follows: The other services do not need authorization but do need client authentication. By default you need to add only the client ID. -For example, to create the BPMN engine client: +For example, to create the Workflow client: 1. In the side menu, select **Clients > create client**. -1. For **Client ID**, enter `{{< param application_name >}}Bpmn` +1. For **Client ID**, enter `{{< param application_name >}}Workflow` 1. Configure the **Capability config**: - **Client Authentication**: On 1. Select **Next**, then **Save**. -**Repeat this process for each of the following services:** +Repeat the process above for each of the following services with the given alterations: -| Client ID | Description | -|----------------------------------------|-----------------------| -| `{{< param application_name >}}Audit` | The audit log service | -| `{{< param application_name >}}Core` | The edge agent | -| `{{< param application_name >}}Router` | API router | - -Based on your architecture, repeat for any Libre Edge Agents, `{{< param application_name >}}Agent`. +| Client ID | Description | +| ------------------------------------- | ----------- | +| `{{< param application_name >}}Agent` | | +| `{{< param application_name >}}ISA95` | | +| `{{< param application_name >}}KPI` | | ### Scope services @@ -197,31 +195,24 @@ To create a scope for your Rhize services, follow these steps: - **Display on consent screen**: `On` - **Include in token scope**: `On` 1. **Create**. -1. Select the **Mappers** tab, then **Configure new mapper**. Add an audience mapper for the DB client: - - **Mapper Type**: `Audience` - - **Name**: `{{< param db >}}AudienceMapper` - - **Include Client Audience**: `{{< param db >}}` - - **Add to ID Token**: `On` - - **Add to access token**: `On` -1. Repeat the preceding step for a mapper for the UI client: - - **Mapper Type**: `Audience` - - **Name**: `{{< param application_name >}}UIAudienceMapper` - - **Include Client Audience**: `{{< param application_name >}}UI` - - **Add to ID Token**: `On` - - **Add to access token**: `Off` -1. Repeat the preceding step for a mapper for the BPMN client: - - **Mapper Type**: `Audience` - - **Name**: `{{< param application_name >}}BPMNAudienceMapper` - - **Include Client Audience**: `{{< param application_name >}}Bpmn` - - **Add to ID Token**: `On` - - **Add to access token**: `On` -1. If using the Rhize Audit microservice, repeat the preceding step for an Audit scope and audience mapper: - - **Mapper Type**: `Audience` - - **Name**: `{{< param application_name >}}AuditAudienceMapper` - - **Include Client Audience**: - - **Included Custom Audience**: `audit` - - **Add to ID Token**: `On` - - **Add to access token**: `On` + +#### Create audience mappers +Select the **Mappers** tab, then **Configure new mapper**. Add an audience mapper for the DB client: + - **Mapper Type**: `Audience` + - **Name**: `{{< param db >}}AudienceMapper` + - **Include Client Audience**: `{{< param db >}}` + - **Add to ID Token**: `On` + - **Add to access token**: `On` + +Repeat the process above for each of the following services with the given alterations: + +| Name | Include Client Audience | ID Token | Access Token | +| ------------------------------------------------------ | ---------------------------------------- | :------: | :----------: | +| `{{< param application_name >}}AgentAudienceMapper` | `{{< param application_name >}}Agent` | `On` | `On` | +| `{{< param application_name >}}ISA95AudienceMapper` | `{{< param application_name >}}ISA95` | `On` | `On` | +| `{{< param application_name >}}KPIAudienceMapper` | `{{< param application_name >}}KPI` | `On` | `On` | +| `{{< param application_name >}}UIAudienceMapper` | `{{< param application_name >}}UI` | `On` | `Off` | +| `{{< param application_name >}}WorkflowAudienceMapper` | `{{< param application_name >}}Workflow` | `On` | `On` | #### Add services to the scope @@ -231,7 +222,16 @@ To create a scope for your Rhize services, follow these steps: 1. Select `{{< param application_name >}}ClientScope` from the list. 1. **Add > Default**. -Repeat this process for the `dashboard`, `{{< param application_name >}}UI`, `{{< param application_name >}}Bpmn`, `{{< param application_name >}}Core`, `{{< param application_name >}}Router`, `{{< param application_name >}}Audit` (if applicable). Based on your architecture repeat for any Libre Edge Agent clients. +Repeat the process above for each of the following services: + +| Name | +| :--------------------------------------: | +| `dashboard` | +| `{{< param application_name >}}Agent` | +| `{{< param application_name >}}ISA95` | +| `{{< param application_name >}}KPI` | +| `{{< param application_name >}}UI` | +| `{{< param application_name >}}Workflow` | ### Create roles and groups @@ -340,43 +340,14 @@ Now create a user password: 1. For **Temporary**, choose `Off`. 1. **Save**. -Repeat this process for the following accounts: - -- Audit: - - **Username**: `{{< param application_name >}}Audit@{{< param domain_name >}}` - - **Email**: `{{< param application_name >}}Audit@{{< param domain_name >}}` - - **Email Verified**: `On` - - **First name**: `Audit` - - **Last name**: `{{< param brand_name >}}` - - **Join Groups**: `{{< param application_name >}}AdminGroup` -- Core: - - **Username**: `{{< param application_name >}}Core@{{< param domain_name >}}` - - **Email**: `{{< param application_name >}}Core@{{< param domain_name >}}` - - **Email Verified**: `On` - - **First name**: `Core` - - **Last name**: `{{< param brand_name >}}` - - **Join Groups**: `{{< param application_name >}}AdminGroup` -- BPMN - - **Username**: `{{< param application_name >}}Bpmn@{{< param domain_name >}}` - - **Email**: `{{< param application_name >}}Bpmn@{{< param domain_name >}}` - - **Email Verified**: `On` - - **First name**: `Bpmn` - - **Last name**: `{{< param brand_name >}}` - - **Join Groups**: `{{< param application_name >}}AdminGroup` -- Router - - **Username**: `{{< param application_name >}}Router@{{< param domain_name >}}` - - **Email**: `{{< param application_name >}}Router@{{< param domain_name >}}` - - **Email Verified**: `On` - - **First name**: `Router` - - **Last name**: `{{< param brand_name >}}` - - **Join Groups**: `{{< param application_name >}}AdminGroup` -- Agent - - **Username**: `{{< param application_name >}}Agent@{{< param domain_name >}}` - - **Email**: `{{< param application_name >}}Agent@{{< param domain_name >}}` - - **Email Verified**: `On` - - **First name**: `Agent` - - **Last name**: `{{< param brand_name >}}` - - **Join Groups**: `{{< param application_name >}}AdminGroup` +Repeat the process above for each of the following services with the given alterations: + +| Username | First name | +| ------------------------------------------------------------------ | ---------- | +| `{{< param application_name >}}Agent@{{< param domain_name >}}` | Agent | +| `{{< param application_name >}}ISA95@{{< param domain_name >}}` | ISA95 | +| `{{< param application_name >}}KPI@{{< param domain_name >}}` | KPI | +| `{{< param application_name >}}Workflow@{{< param domain_name >}}` | Workflow | ### Enable Keycloak Audit Trail diff --git a/content/deploy/install/services.md b/content/deploy/install/services.md index b7e3d0940..372d66b2c 100644 --- a/content/deploy/install/services.md +++ b/content/deploy/install/services.md @@ -32,6 +32,7 @@ Common values that are changed include: ## Get client secrets. 1. Go to Keycloak and get the secrets for each client you've created. + 1. Create Kubernetes secrets for each service. You can either create a secret file, or pass raw data from the command line. {{< callout type="caution" >}} @@ -43,14 +44,12 @@ Common values that are changed include: ```bash kubectl create secret generic {{< param application_name >}}-client-secrets \ - -n {{< param application_name >}} --from-literal=dashboard=}}Agent=123 \ - --from-literal={{< param application_name >}}Audit=123 \ - --from-literal={{< param application_name >}}Baas=KYbMHlRLhXwiDNFuDCl3qtPj1cNdeMSl \ - --from-literal={{< param application_name >}}BPMN=123 \ - --from-literal={{< param application_name >}}Core=123 \ - --from-literal={{< param application_name >}}UI=123 \ - --from-literal=router=123 + -n {{< param application_name >}} \ + --from-literal=dashboard=G4hoxIL37F5S9DQgeDYGQejcJ6oJhOPA \ + --from-literal={{< param application_name >}}Workflow=GTy1x64U0IHAUTWizugEAnN47a9kWgX8 \ + --from-literal={{< param application_name >}}ISA95=Yvtx1tZWCPFayvDCzHTTInEz9gnuLyLc \ + --from-literal={{< param application_name >}}Baas=KYbMHlRLhXwiDNFuDCl3qtPj1cNdeMSl \ + --from-literal={{< param application_name >}}UI=54yUQqmvgcxoKPaIbPZTQGlEs8Xu2qH0 ``` As you install services through Helm, their respective YAML files reference these secrets. @@ -62,7 +61,7 @@ You must add the helm chart repository for Rhize. 1. Add the Helm Chart Repository ```bash - helm repo add libre https://gitlab.com/api/v4/projects/42214456/packages/helm/stable + helm repo add {{< param application_name >}} https://gitlab.com/api/v4/projects/42214456/packages/helm/stable ``` ## Install and add roles for the DB {#db} @@ -87,13 +86,12 @@ If enabling the Audit Trail, also the include the configuration in [Enable chang All statuses should be `RUNNING`. - 1. Return to the Keycloak UI and add all `{{< param application_name >}}` roles to the admin group. 1. Proxy the `http:8080` port on `{{< param application_name >}}-baas-dgraph-alpha`. ``` - kubectl port-forward -n libre pod/baas-baas-alpha-0 8080:8080 + kubectl port-forward -n {{< param application_name >}} pod/baas-baas-alpha-0 8080:8080 ``` 1. Get a token using the credentials. With `curl`, it looks like this: @@ -148,23 +146,27 @@ helm install \ For the full configuration options, read the official [Helm `install` reference](https://helm.sh/docs/helm/helm_install/). - -### NATS {#nats} - +### Redpanda + +Rhize uses Redpanda to buffer requests to Restate and connect to Agent. +Install Redpanda with these steps: -[NATS](https://nats.io) is the message broker that powers Rhize's event-driven architecture. +1. If it doesn't exist, add the Redpanda repository: + + ```bash + helm repo add redpanda https://charts.redpanda.com + helm repo update + ``` -Install NATS with these steps: +1. Modify the Helm file as needed. -1. Modify the NATS Helm file with your code editor. Edit any necessary overrides. 1. Install with Helm: - ``` - helm install nats -f nats.yaml {{< param application_name >}}/nats -n {{< param application_name >}} + ```bash + helm install redpanda -f redpanda.yaml redpanda/redpanda -n {{< param application_name >}} ``` - ### Tempo Rhize uses [Tempo](https://grafana.com/oss/tempo/) to trace BPMN processes. @@ -178,61 +180,115 @@ Install Tempo with these steps: ``` 1. Modify the Helm file as needed. + 1. Install with Helm: ```bash helm install tempo -f tempo.yaml grafana/tempo -n {{< param application_name >}} ``` -### Core +> Note: Depending on your configuration you may need to run Tempo in distributed mode. When installing with Helm instead of using `grafana/tempo` instead do `grafana/tempo-distributed`. -The {{< param brand_name >}} Core service is the custom edge agent that monitors data sources, like OPC-UA servers, and publishes and subscribes topics to NATS. +### Restate -> **Requirements**: Core requires the [{{< param db >}}](#db) and [NATS](#nats) services. +Install Restate with these steps: -Install the Core agent with these steps: +1. Modify the Helm file as needed. -1. In the `core.yaml` Helm file, edit the `clientSecret` and `password` with settings from the Keycloak client. -1. Override any other values, as needed. 1. Install with Helm: ```bash - helm install core -f core.yaml {{< param application_name >}}/core -n {{< param application_name >}} + helm install restate -f restate.yaml oci://ghcr.io/restatedev/restate-helm -n {{< param application_name >}} ``` -### BPMN +The port for Restate will need to be proxied in order to register certain services with it. -The BPMN service is the custom engine Rhize uses to process low-code workflows modeled in the BPMN UI. + ```bash + kubectl port-forward -n {{< param application_name >}} pod/restate-0 9070:9070 + ``` + +### Workflow -> **Requirements**: The BPMN service requires the [{{< param db >}}](#db), [NATS](#nats), and [Tempo](#tempo) services. +The Workflow service is the custom engine Rhize uses to process low-code workflows modeled in the Workflow UI. -Install the BPMN engine with these steps: +> **Requirements**: The Workflow service requires the [{{< param db >}}](#db), [Restate](#restate), and [Tempo](#tempo) services. + +Install Workflow with these steps: + +1. Modify the Helm file as needed. -1. Open `bpmn.yaml` Update the `clientSecret` and `password` for your BPMN Keycloak credentials. -1. Modify any other values, as needed. 1. Install with Helm: ```bash - helm install bpmn -f bpmn.yaml {{< param application_name >}}/bpmn -n {{< param application_name >}} + helm install workflow -f workflow.yaml {{< param application_name >}}/workflow -n {{< param application_name >}} ``` -### Router +1. Workflow should register with Restate when it starts up. If it doesn't then it can be registered it by running the following: -Rhize uses the [Apollo router](https://www.apollographql.com/docs/router) to unite queries for different services in a single endpoint. + ```bash + curl --location 'http://localhost:9070/deployments' \ + --header 'Content-Type: application/json' \ + --data '{"uri":"http://workflow.{{< param application_name >}}.svc.cluster.local:29080", "force":true}' + ``` + +### Typescript Host Service -> **Requirements:** Router requires the [GraphDB](#db), [BPMN](#bpmn), and [Core](#core) services. +Install Typescript Host Service with these steps: -Install the router with these steps: +1. Modify the Helm file as needed. -1. Modify the router Helm YAML file as needed. 1. Install with Helm: + ```bash + helm install typescript-host-service -f typescript-host-service.yaml {{< param application_name >}}/typescript-host-service -n {{< param application_name >}} + ``` + +1. Register with Restate + ```bash - helm install router -f router.yaml {{< param application_name >}}/router -n {{< param application_name >}} + curl --location 'http://localhost:9070/deployments' \ + --header 'Content-Type: application/json' \ + --data '{"uri":"http://typescript-host-service.{{< param application_name >}}.svc.cluster.local:9081", "force":true}' ``` -If the install is successful, the Router explorer is available on its -[default port]({{< ref "default-ports" >}}). +### QuestDB + +Install QuestDB with these steps: + +1. If it doesn't exist, add the Redpanda repository: + + ```bash + helm repo add questdb https://helm.questdb.io/ + helm repo update + ``` + +1. Modify the Helm file as needed. + +1. Install with Helm: + + ```bash + helm install questdb -f questdb.yaml questdb/questdb -n {{< param application_name >}} + ``` + +### ISA 95 + +Install ISA 95 with these steps: + +1. Modify the Helm file as needed. + +1. Install with Helm: + + ```bash + helm install isa95 -f isa95.yaml {{< param application_name >}}/isa95 -n {{< param application_name >}} + ``` + +1. ISA 95 should register with Restate when it starts up. If it doesn't then it can be registered it by running the following: + + ```bash + curl --location 'http://localhost:9070/deployments' \ + --header 'Content-Type: application/json' \ + --data '{"uri":"http://isa95.{{< param application_name >}}.svc.cluster.local:29082", "force":true}' + ``` ### Grafana @@ -240,13 +296,14 @@ Rhize uses [Grafana](https://grafana.com) for its dashboard to monitor real time Install Grafana with these steps: -1. Modify the Grafana Helm YAML file as needed. - 1. Add the Helm repository ```bash helm repo add grafana https://grafana.github.io/helm-charts + helm repo update ``` +1. Modify the Grafana Helm YAML file as needed. + 1. Install with Helm: ```bash @@ -256,58 +313,63 @@ Install Grafana with these steps: If the install is successful, the Grafana service is available on its [default port]({{< ref "default-ports" >}}). -### Agent +## Install Admin UI The Rhize agent bridges your plant processes with the Rhize data hub. -It collects data emitted from the plant and publishes it to the NATS message broker. -> **Requirements:** Agent requires the [Graph DB](#db), [Nats](#nats), and [Tempo](#tempo) services. +The Admin UI is the graphical frontend to [handle events]({{< relref "/how-to/bpmn" >}}) and [define work masters]({{< relref "/how-to/model" >}}). -Install the agent with these steps: +> **Requirements:** The Admin UI requires the [Workflow](#workflow) services. -1. Modify the Agent Helm file as needed. -2. Install with Helm: +After installing all other services, install the UI with these steps: + +1. Modify the UI Helm file as needed. + +1. Install with Helm: ```bash - helm install agent -f agent.yaml libre/agent -n {{< param application_name >}} + helm install admin-ui -f admin-ui.yaml {{< param application_name >}}/admin-ui -n {{< param application_name >}} ``` -## Install UI +If the install is successful, the UI is available on its +[default port]({{< ref "default-ports" >}}). -The UI is the graphical frontend to [handle events]({{< relref "/how-to/bpmn" >}}) and [define work masters]({{< relref "/how-to/model" >}}). +## Optional: Agent -> **Requirements:** The UI requires the [GraphDB](#db), [BPMN](#bpmn), [Core](#core), and [Router](#router) services. +Install Agent Service with these steps: -After installing all other services, install the UI with these steps: +1. Modify the Agent Helm file as needed. + +1. In Rhize add in a Data Source for Agent to interact with: + - In the lefthand menu open `Master Data` > `Data Sources` > `+ Create Data Source` + - Input a name for the Data Source. + - Add a Connection String and Create. + - Add any relevant Topics. + - Activate the Data Source. -1. Forward the port from the Router API. -1. Open the UI Helm file. Update the `envVars` object with settings from the UI Keycloak client. -1. Modify any other values, as needed. 1. Install with Helm: ```bash - helm install ui -f ui-overrides.yaml {{< param application_name >}}/admin-ui -n {{< param application_name >}} + helm install agent -f agent.yaml {{< param application_name >}}/agent -n {{< param application_name >}} ``` -If the install is successful, the UI is available on its -[default port]({{< ref "default-ports" >}}). +Agent can be verified to be working by checking in Redpanda's UI. ## Optional: Audit Trail service - The Rhize [Audit]({{< relref "/how-to/audit" >}}) service provides an audit trail for database changes to install. The Audit service uses PostgreSQL for storage. Install Audit Service with these steps: 1. Modify the Audit trail Helm YAML file. It is *recommended* to change the PostgreSQL username and password values. -2. Install with Helm: +1. Install with Helm: ```bash helm install audit -f audit.yaml libre/audit -n {{< param application_name >}} ``` -3. Create partition tables in the PostgreSQL database: +1. Create partition tables in the PostgreSQL database: ```sql create table public.audit_log_partition( like public.audit_log ); @@ -332,122 +394,17 @@ alpha: replicas: 1 ``` -### Enable Audit subgraph +## Optional: KPI -To use the Audit trail in the UI, you must add the Audit trail subgraph into the router. To enable router to use and compose the subgraph: +Install KPI with these steps: -1. Update the Router Helm chart overrides, `router.yaml`, to include: - -```yaml -# Add Audit to the router subgraph url override -router: - configuration: - override_subgraph_url: - AUDIT: http://audit:8084/query - -# If supergraph compose is enabled -supergraphCompose: - supergraphConfig: - subgraphs: - AUDIT: - routing_url: http://audit:8084/query - schema: - subgraph_url: http://audit:8084/query -``` - -2. Update the Router deployment - -```shell -$ helm upgrade --install router -f router.yaml {{< param application_name >}}/router -n {{< param application_name >}} -``` - -## Optional: calendar service - -The [{{< param brand_name >}} calendar service]({{< relref "/how-to/work-calendars">}}) monitors work calendar definitions and creates work calendar entries in real time, both in the [Graph](#db) and time-series databases. - -> **Requirements:** The calendar service requires the [GraphDB](#db), [Keycloak](#keycloak), and [NATS](#nats) services. - -{{% callout type="info" %}} -The work calendar requires a time-series DB installed such as [InfluxDB](https://influxdata.com/), [QuestDB](https://questdb.io) or [TimescaleDB](https://www.timescale.com/). The following instructions are specific to QuestDB. -{{% /callout %}} - -Install the calendar service with these steps: - -1. Create tables in the time series. For example: - - - ```sql - CREATE TABLE IF NOT EXISTS PSDT_POT( - EquipmentId SYMBOL, - EquipmentVersion STRING, - WorkCalendarId STRING, - WorkCalendarIid STRING, - WorkCalendarDefinitionId STRING, - WorkCalendarDefinitionEntryId STRING, - WorkCalendarDefinitionEntryIid STRING, - WorkCalendarEntryId STRING, - WorkCalendarEntryIid SYMBOL, - HierarchyScopeId STRING, - EntryType STRING, - ISO22400CalendarState STRING, - isDeleted boolean, - updatedAt TIMESTAMP, - time TIMESTAMP, - lockerCount INT, - lockers STRING - ) TIMESTAMP(time) PARTITION BY month - DEDUP UPSERT KEYS(time, EquipmentId, WorkCalendarEntryIid); - - CREATE TABLE IF NOT EXISTS PDOT_PBT( - EquipmentId SYMBOL, - EquipmentVersion STRING, - WorkCalendarId STRING, - WorkCalendarIid STRING, - WorkCalendarDefinitionId STRING, - WorkCalendarDefinitionEntryId STRING, - WorkCalendarDefinitionEntryIid STRING, - WorkCalendarEntryId STRING, - WorkCalendarEntryIid SYMBOL, - HierarchyScopeId STRING, - EntryType STRING, - ISO22400CalendarState STRING, - isDeleted boolean, - updatedAt TIMESTAMP, - time TIMESTAMP, - lockerCount INT, - lockers STRING - ) TIMESTAMP(time) PARTITION BY month - DEDUP UPSERT KEYS(time, EquipmentId, WorkCalendarEntryIid); - - CREATE TABLE IF NOT EXISTS Calendar_AdHoc( - EquipmentId SYMBOL, - EquipmentVersion STRING, - WorkCalendarId STRING, - WorkCalendarIid STRING, - WorkCalendarDefinitionId STRING, - WorkCalendarDefinitionEntryId STRING, - WorkCalendarDefinitionEntryIid STRING, - WorkCalendarEntryId STRING, - WorkCalendarEntryIid SYMBOL, - HierarchyScopeId STRING, - EntryType STRING, - ISO22400CalendarState STRING, - isDeleted boolean, - updatedAt TIMESTAMP, - time TIMESTAMP, - lockerCount INT, - lockers STRING - ) TIMESTAMP(time) PARTITION BY month - DEDUP UPSERT KEYS(time, EquipmentId, WorkCalendarEntryIid); - ``` - -1. Modify the calendar YAML file as needed. +1. Modify the Helm file as needed. -1. Deploy with helm +1. Install with Helm: - ```bash - helm install calendar-service -f calendar-service.yaml {{< param application_name >}}/calendar-service -n {{< param application_name >}} - ``` + ```bash + helm install kpi -f kpi.yaml {{< param application_name >}}/kpi -n {{< param application_name >}} + ``` ## Optional: change service configuration diff --git a/content/deploy/install/setup-kubernetes.md b/content/deploy/install/setup-kubernetes.md index 355d10f15..6b2b3d667 100644 --- a/content/deploy/install/setup-kubernetes.md +++ b/content/deploy/install/setup-kubernetes.md @@ -62,20 +62,20 @@ Then, follow these steps. ```bash helm repo add \ - --username \ - --password \ - {{< param application_name >}} \ - + --username \ + --password \ + {{< param application_name >}} \ + https://gitlab.com/api/v4/projects/42214456/packages/helm/stable ``` - 1. Create the container image pull secret: ```bash - kubectl create secret docker-registry {{< param application_name >}}-registry-credential \ + kubectl create secret docker-registry {{< param application_name >}} + --registry-credential \ --docker-server= \ ## the repository - --docker-password= \ - --docker-email= + --docker-password= \ + --docker-email= ``` Confirm the secrets with this command: @@ -84,7 +84,6 @@ Then, follow these steps. kubectl get secrets ``` - 1. Add the Bitnami Helm repository: ```bash @@ -96,13 +95,13 @@ Then, follow these steps. 1. Update overrides to `keycloak.yaml`. Then install with this command: ```bash - helm install keycloak -f ./keycloak.yaml bitnami/keycloak -n libre + helm install keycloak -f ./keycloak.yaml bitnami/keycloak -n {{< param application_name >}} ``` -1. Set up port forwarding from Keycloak. For example, this forwards traffic to port `5101` on `localhost` +1. Set up port forwarding from Keycloak. For example, this forwards traffic to port `5101` on `localhost`: ```bash - kubectl port-forward svc/keycloak 5101:80 + kubectl port-forward svc/keycloak 5101:80 ``` ## Next steps From 72aa6478096128863a75767111ab1f19652f280c Mon Sep 17 00:00:00 2001 From: Jarod Wilson Date: Wed, 2 Apr 2025 19:25:02 -0700 Subject: [PATCH 02/11] fix: implementing suggested changes --- content/deploy/install/keycloak.md | 22 ++++++++---------- content/deploy/install/services.md | 37 ++++++++++++++++++++---------- 2 files changed, 35 insertions(+), 24 deletions(-) diff --git a/content/deploy/install/keycloak.md b/content/deploy/install/keycloak.md index a96c0fafd..732479a00 100644 --- a/content/deploy/install/keycloak.md +++ b/content/deploy/install/keycloak.md @@ -169,7 +169,7 @@ For example, to create the Workflow client: - **Client Authentication**: On 1. Select **Next**, then **Save**. -Repeat the process above for each of the following services with the given alterations: +Repeat the preceding process for each of the following services with the given alterations: | Client ID | Description | | ------------------------------------- | ----------- | @@ -204,7 +204,7 @@ Select the **Mappers** tab, then **Configure new mapper**. Add an audience mappe - **Add to ID Token**: `On` - **Add to access token**: `On` -Repeat the process above for each of the following services with the given alterations: +Repeat the preceding process for each of the following services with the corresponding values in the table. | Name | Include Client Audience | ID Token | Access Token | | ------------------------------------------------------ | ---------------------------------------- | :------: | :----------: | @@ -222,16 +222,14 @@ Repeat the process above for each of the following services with the given alter 1. Select `{{< param application_name >}}ClientScope` from the list. 1. **Add > Default**. -Repeat the process above for each of the following services: +Repeat the preceding process above for each of the following services: -| Name | -| :--------------------------------------: | -| `dashboard` | -| `{{< param application_name >}}Agent` | -| `{{< param application_name >}}ISA95` | -| `{{< param application_name >}}KPI` | -| `{{< param application_name >}}UI` | -| `{{< param application_name >}}Workflow` | +- `dashboard` +- `{{< param application_name >}}Agent` +- `{{< param application_name >}}ISA95` +- `{{< param application_name >}}KPI` +- `{{< param application_name >}}UI` +- `{{< param application_name >}}Workflow` ### Create roles and groups @@ -340,7 +338,7 @@ Now create a user password: 1. For **Temporary**, choose `Off`. 1. **Save**. -Repeat the process above for each of the following services with the given alterations: +Repeat the preceding process for each of the following services with the corresponding values in the table. | Username | First name | | ------------------------------------------------------------------ | ---------- | diff --git a/content/deploy/install/services.md b/content/deploy/install/services.md index 453e439b1..08c52ad1d 100644 --- a/content/deploy/install/services.md +++ b/content/deploy/install/services.md @@ -152,7 +152,7 @@ Rhize uses Redpanda to buffer requests to Restate and connect to Agent. Install Redpanda with these steps: -1. If it doesn't exist, add the Redpanda repository: +1. If the Redpanda repository doesn't exist, add it: ```bash helm repo add redpanda https://charts.redpanda.com @@ -187,7 +187,8 @@ Install Tempo with these steps: helm install tempo -f tempo.yaml grafana/tempo -n {{< param application_name >}} ``` -> Note: Depending on your configuration you may need to run Tempo in distributed mode. When installing with Helm instead of using `grafana/tempo` instead do `grafana/tempo-distributed`. +> [!Note] +> Depending on your configuration you may need to run Tempo in distributed mode. When installing with Helm instead of using `grafana/tempo` instead do `grafana/tempo-distributed`. ### Restate @@ -201,7 +202,7 @@ Install Restate with these steps: helm install restate -f restate.yaml oci://ghcr.io/restatedev/restate-helm -n {{< param application_name >}} ``` -The port for Restate will need to be proxied in order to register certain services with it. +So that you can register certain services with Restate, proxy the Restate port: ```bash kubectl port-forward -n {{< param application_name >}} pod/restate-0 9070:9070 @@ -223,7 +224,13 @@ Install Workflow with these steps: helm install workflow -f workflow.yaml {{< param application_name >}}/workflow -n {{< param application_name >}} ``` -1. Workflow should register with Restate when it starts up. If it doesn't then it can be registered it by running the following: +1. When the Workflow service starts, it should register with Restate. Verify this by running: + + ```bash + curl localhost:9070/deployments | jq '.deployments[].uri' + ``` + + This will show the URL of each registered service. If Workflow's URL is not present, register it by running: ```bash curl --location 'http://localhost:9070/deployments' \ @@ -270,9 +277,9 @@ Install QuestDB with these steps: helm install questdb -f questdb.yaml questdb/questdb -n {{< param application_name >}} ``` -### ISA 95 +### ISA-95 -Install ISA 95 with these steps: +Install ISA-95 with these steps: 1. Modify the Helm file as needed. @@ -282,12 +289,18 @@ Install ISA 95 with these steps: helm install isa95 -f isa95.yaml {{< param application_name >}}/isa95 -n {{< param application_name >}} ``` -1. ISA 95 should register with Restate when it starts up. If it doesn't then it can be registered it by running the following: +1. When the ISA-95 service starts, it should register with Restate. Verify this by running: + + ```bash + curl localhost:9070/deployments | jq '.deployments[].uri' + ``` + + This will show the URL of each registered service. If ISA-95's URL is not present, register it by running: ```bash curl --location 'http://localhost:9070/deployments' \ --header 'Content-Type: application/json' \ - --data '{"uri":"http://isa95.{{< param application_name >}}.svc.cluster.local:29082", "force":true}' + --data '{"uri":"http://isa95.{{< param application_name >}}.svc.cluster.local:29080", "force":true}' ``` @@ -342,8 +355,8 @@ Install Agent Service with these steps: 1. Modify the Agent Helm file as needed. -1. In Rhize add in a Data Source for Agent to interact with: - - In the lefthand menu open `Master Data` > `Data Sources` > `+ Create Data Source` +1. In the Rhize UI, add a Data Source for Agent to interact with: + - In the lefthand menu, open **Master Data > Data Sources > + Create Data Source**. - Input a name for the Data Source. - Add a Connection String and Create. - Add any relevant Topics. @@ -355,11 +368,11 @@ Install Agent Service with these steps: helm install agent -f agent.yaml {{< param application_name >}}/agent -n {{< param application_name >}} ``` -Agent can be verified to be working by checking in Redpanda's UI. +To verify that Agent is working, check the Redpanda UI. ## Optional: Audit Trail service -The Rhize [Audit]({{< relref "/how-to/audit" >}}) service provides an audit trail for database changes to install. The Audit service uses PostgreSQL for storage. +The Rhize [Audit]({{< relref "/how-to/audit" >}}) service provides an audit trail for database changes. The Audit service uses PostgreSQL for storage. Install Audit Service with these steps: From 7ebb25fc25f561f6e3ac87073bc76688607f68ae Mon Sep 17 00:00:00 2001 From: Jarod Wilson Date: Tue, 8 Apr 2025 16:55:35 -0700 Subject: [PATCH 03/11] fix: applying additional fixes from review and removing optional from agent --- content/deploy/install/keycloak.md | 2 +- content/deploy/install/services.md | 17 ++++++++--------- 2 files changed, 9 insertions(+), 10 deletions(-) diff --git a/content/deploy/install/keycloak.md b/content/deploy/install/keycloak.md index 732479a00..f314ede12 100644 --- a/content/deploy/install/keycloak.md +++ b/content/deploy/install/keycloak.md @@ -169,7 +169,7 @@ For example, to create the Workflow client: - **Client Authentication**: On 1. Select **Next**, then **Save**. -Repeat the preceding process for each of the following services with the given alterations: +Repeat the preceding process for each of the following services with the corresponding values in the table. | Client ID | Description | | ------------------------------------- | ----------- | diff --git a/content/deploy/install/services.md b/content/deploy/install/services.md index 08c52ad1d..51e1f9275 100644 --- a/content/deploy/install/services.md +++ b/content/deploy/install/services.md @@ -90,7 +90,7 @@ If enabling the Audit Trail, also the include the configuration in [Enable chang 1. Proxy the `http:8080` port on `{{< param application_name >}}-baas-dgraph-alpha`. - ``` + ```bash kubectl port-forward -n {{< param application_name >}} pod/baas-baas-alpha-0 8080:8080 ``` @@ -187,7 +187,7 @@ Install Tempo with these steps: helm install tempo -f tempo.yaml grafana/tempo -n {{< param application_name >}} ``` -> [!Note] +> [!NOTE] > Depending on your configuration you may need to run Tempo in distributed mode. When installing with Helm instead of using `grafana/tempo` instead do `grafana/tempo-distributed`. ### Restate @@ -224,13 +224,13 @@ Install Workflow with these steps: helm install workflow -f workflow.yaml {{< param application_name >}}/workflow -n {{< param application_name >}} ``` -1. When the Workflow service starts, it should register with Restate. Verify this by running: +1. When the Workflow service starts, it should register with Restate. Verify this with: ```bash curl localhost:9070/deployments | jq '.deployments[].uri' ``` - This will show the URL of each registered service. If Workflow's URL is not present, register it by running: + This will show the URL of each registered service. If Workflow's URL is not present, register it with: ```bash curl --location 'http://localhost:9070/deployments' \ @@ -250,7 +250,7 @@ Install Typescript Host Service with these steps: helm install typescript-host-service -f typescript-host-service.yaml {{< param application_name >}}/typescript-host-service -n {{< param application_name >}} ``` -1. Register with Restate +1. Register with Restate: ```bash curl --location 'http://localhost:9070/deployments' \ @@ -289,13 +289,13 @@ Install ISA-95 with these steps: helm install isa95 -f isa95.yaml {{< param application_name >}}/isa95 -n {{< param application_name >}} ``` -1. When the ISA-95 service starts, it should register with Restate. Verify this by running: +1. When the ISA-95 service starts, it should register with Restate. Verify this with: ```bash curl localhost:9070/deployments | jq '.deployments[].uri' ``` - This will show the URL of each registered service. If ISA-95's URL is not present, register it by running: + This will show the URL of each registered service. If ISA-95's URL is not present, register it with: ```bash curl --location 'http://localhost:9070/deployments' \ @@ -348,8 +348,7 @@ After installing all other services, install the UI with these steps: If the install is successful, the UI is available on its [default port]({{< ref "default-ports" >}}). -## Optional: Agent - +## Agent Install Agent Service with these steps: From 50538d1f8b89d53757b7330106cd87068da77f45 Mon Sep 17 00:00:00 2001 From: Jarod Wilson Date: Wed, 9 Apr 2025 17:20:54 -0700 Subject: [PATCH 04/11] feat: removed steps for adding ADMIN group, as it is no longer required --- content/deploy/install/keycloak.md | 20 +------------------- 1 file changed, 1 insertion(+), 19 deletions(-) diff --git a/content/deploy/install/keycloak.md b/content/deploy/install/keycloak.md index f314ede12..b1422538b 100644 --- a/content/deploy/install/keycloak.md +++ b/content/deploy/install/keycloak.md @@ -236,30 +236,12 @@ Repeat the preceding process above for each of the following services: In Keycloak, _roles_ identify a category or type of user. _Groups_ are a common set of attributes for a set of users. -Rhize creates an `ADMIN` role and group. - -#### Add the admin realm role - -1. Select **Realm Roles**. Then **Create role**. -1. Enter the following values: - - Role name: `ADMIN` - - Description: `ADMIN` - 1. **Save**. - #### Add the Admin Group 1. In the left hand menu, select **Groups > Create group**. 1. Give the group a name like `{{< param application_name >}}AdminGroup`. 1. **Create**. -Now map a role. - -1. From the group list, select the group you just created. -1. Select the **Role mapping** tab. -1. Select **Assign Role** -1. Select `ADMIN`. -1. **Assign.** - #### Add the dashboard realm roles 1. Select **Realm Roles**, and then **Create role**. @@ -300,7 +282,7 @@ Now map the scope: 1. In the left hand menu, select **Clients**, and then `dashboard`. 1. Select the **Client scopes** tab. 1. **Add client scope**. -1. Select `groups` and `{{< param application_name >}}ClientScope`. +1. Select `groups`. 1. **Add Default**. ### Add Client Policy From daf01f344845116653290f0b617e7a5e39f41572 Mon Sep 17 00:00:00 2001 From: Jarod Wilson Date: Wed, 9 Apr 2025 23:04:58 -0700 Subject: [PATCH 05/11] feat: add in router as optional install --- content/deploy/install/keycloak.md | 44 +++++++++++++++++++++--------- content/deploy/install/services.md | 14 +++++++++- 2 files changed, 44 insertions(+), 14 deletions(-) diff --git a/content/deploy/install/keycloak.md b/content/deploy/install/keycloak.md index b1422538b..6f75a06b8 100644 --- a/content/deploy/install/keycloak.md +++ b/content/deploy/install/keycloak.md @@ -165,17 +165,23 @@ By default you need to add only the client ID. For example, to create the Workflow client: 1. In the side menu, select **Clients > create client**. 1. For **Client ID**, enter `{{< param application_name >}}Workflow` +1. **Name**: `{{< param brand_name >}} Workflow Engine` +1. **Description**: `{{< param brand_name >}} Workflow Engine` 1. Configure the **Capability config**: - **Client Authentication**: On 1. Select **Next**, then **Save**. Repeat the preceding process for each of the following services with the corresponding values in the table. -| Client ID | Description | -| ------------------------------------- | ----------- | -| `{{< param application_name >}}Agent` | | -| `{{< param application_name >}}ISA95` | | -| `{{< param application_name >}}KPI` | | +| Client ID | Name | Description | +| --------------------------------------- | --------------------------------------- | --------------------------- | +| `{{< param application_name >}}Agent` | {{< param brand_name >}} Agent | The agent data service | +| `{{< param application_name >}}Audit`* | {{< param brand_name >}} Audit Log | The audit log service | +| `{{< param application_name >}}ISA95` | {{< param brand_name >}} ISA-95 Model | The ISA-95 model service | +| `{{< param application_name >}}KPI`* | {{< param brand_name >}} KPI Calculator | The ISO22400 KPI calculator | +| `{{< param application_name >}}Router`* | {{< param brand_name >}} API Router | The API router | + +*- Optional based on your architecture. ### Scope services @@ -208,12 +214,16 @@ Repeat the preceding process for each of the following services with the corresp | Name | Include Client Audience | ID Token | Access Token | | ------------------------------------------------------ | ---------------------------------------- | :------: | :----------: | +| `{{< param application_name >}}AuditAudienceMapper`* | `audit`** | `On` | `On` | | `{{< param application_name >}}AgentAudienceMapper` | `{{< param application_name >}}Agent` | `On` | `On` | | `{{< param application_name >}}ISA95AudienceMapper` | `{{< param application_name >}}ISA95` | `On` | `On` | -| `{{< param application_name >}}KPIAudienceMapper` | `{{< param application_name >}}KPI` | `On` | `On` | +| `{{< param application_name >}}KPIAudienceMapper`* | `{{< param application_name >}}KPI` | `On` | `On` | | `{{< param application_name >}}UIAudienceMapper` | `{{< param application_name >}}UI` | `On` | `Off` | | `{{< param application_name >}}WorkflowAudienceMapper` | `{{< param application_name >}}Workflow` | `On` | `On` | +*- Optional based on your architecture. +**- Included as a Custom Audience. + #### Add services to the scope 1. Go to **Clients**. Select `{{< param db >}}`. @@ -224,12 +234,16 @@ Repeat the preceding process for each of the following services with the corresp Repeat the preceding process above for each of the following services: -- `dashboard` -- `{{< param application_name >}}Agent` -- `{{< param application_name >}}ISA95` -- `{{< param application_name >}}KPI` -- `{{< param application_name >}}UI` -- `{{< param application_name >}}Workflow` +- `dashboard` +- `{{< param application_name >}}Audit`* +- `{{< param application_name >}}Agent` +- `{{< param application_name >}}ISA95` +- `{{< param application_name >}}KPI`* +- `{{< param application_name >}}Router`* +- `{{< param application_name >}}UI` +- `{{< param application_name >}}Workflow` + +*- Optional based on your architecture. ### Create roles and groups @@ -324,11 +338,15 @@ Repeat the preceding process for each of the following services with the corresp | Username | First name | | ------------------------------------------------------------------ | ---------- | +| `{{< param application_name >}}Audit@{{< param domain_name >}}`* | Audit | | `{{< param application_name >}}Agent@{{< param domain_name >}}` | Agent | | `{{< param application_name >}}ISA95@{{< param domain_name >}}` | ISA95 | -| `{{< param application_name >}}KPI@{{< param domain_name >}}` | KPI | +| `{{< param application_name >}}KPI@{{< param domain_name >}}`* | KPI | +| `{{< param application_name >}}Router@{{< param domain_name >}}`* | Router | | `{{< param application_name >}}Workflow@{{< param domain_name >}}` | Workflow | +*- Optional based on your architecture. + ### Enable Keycloak Audit Trail With the `libre` realm selected: diff --git a/content/deploy/install/services.md b/content/deploy/install/services.md index 51e1f9275..fb7072d8c 100644 --- a/content/deploy/install/services.md +++ b/content/deploy/install/services.md @@ -348,7 +348,7 @@ After installing all other services, install the UI with these steps: If the install is successful, the UI is available on its [default port]({{< ref "default-ports" >}}). -## Agent +### Agent Install Agent Service with these steps: @@ -392,6 +392,18 @@ Install Audit Service with these steps: For details about maintaining the Audit trail, read [Archive the PostgresQL Audit trail]({{< relref "../maintain/audit/" >}}). +## Optional: Apollo Router integration + +1. Modify overrides as needed. + +1. Install with Helm: + + ```bash + helm install router -f router.yaml libre/router -n {{< param application_name >}} + ``` + +If the install is successful, the Router explorer is available on its [default port]({{< relref "../../reference/default-ports" >}}). + ### Enable change data capture The Audit trail requires [change data capture (CDC)]({{< relref "../../how-to/publish-subscribe/track-changes" >}}) to function. To enable CDC in {{< param application_name >}} BAAS, include the following values for the Helm chart overrides: From a9700594a1b3757b7d302432c11ead90a56a1199 Mon Sep 17 00:00:00 2001 From: Jarod Wilson Date: Thu, 10 Apr 2025 22:35:59 -0700 Subject: [PATCH 06/11] fix: location of Apollo Router instructions --- content/deploy/install/services.md | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/content/deploy/install/services.md b/content/deploy/install/services.md index fb7072d8c..7e9ceaca9 100644 --- a/content/deploy/install/services.md +++ b/content/deploy/install/services.md @@ -392,18 +392,6 @@ Install Audit Service with these steps: For details about maintaining the Audit trail, read [Archive the PostgresQL Audit trail]({{< relref "../maintain/audit/" >}}). -## Optional: Apollo Router integration - -1. Modify overrides as needed. - -1. Install with Helm: - - ```bash - helm install router -f router.yaml libre/router -n {{< param application_name >}} - ``` - -If the install is successful, the Router explorer is available on its [default port]({{< relref "../../reference/default-ports" >}}). - ### Enable change data capture The Audit trail requires [change data capture (CDC)]({{< relref "../../how-to/publish-subscribe/track-changes" >}}) to function. To enable CDC in {{< param application_name >}} BAAS, include the following values for the Helm chart overrides: @@ -420,6 +408,18 @@ alpha: replicas: 1 ``` +## Optional: Apollo Router integration + +1. Modify overrides as needed. + +1. Install with Helm: + + ```bash + helm install router -f router.yaml libre/router -n {{< param application_name >}} + ``` + +If the install is successful, the Router explorer is available on its [default port]({{< relref "../../reference/default-ports" >}}). + ## Optional: KPI Install KPI with these steps: From 7cb72597e31db5fe0475c32e643bc197c2ee3e0b Mon Sep 17 00:00:00 2001 From: Jarod Wilson Date: Thu, 10 Apr 2025 22:41:41 -0700 Subject: [PATCH 07/11] feat: added more detail to router instructions --- content/deploy/install/services.md | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/content/deploy/install/services.md b/content/deploy/install/services.md index 7e9ceaca9..47b70639d 100644 --- a/content/deploy/install/services.md +++ b/content/deploy/install/services.md @@ -380,7 +380,7 @@ Install Audit Service with these steps: 1. Install with Helm: ```bash - helm install audit -f audit.yaml libre/audit -n {{< param application_name >}} + helm install audit -f audit.yaml {{< param application_name >}}/audit -n {{< param application_name >}} ``` 1. Create partition tables in the PostgreSQL database: @@ -410,12 +410,18 @@ alpha: ## Optional: Apollo Router integration -1. Modify overrides as needed. +While Rhize provides a built in GraphQL Playground using Apollo's Sandobx, [Apollo Router](https://www.apollographql.com/docs/router) can be installed to unite queries for different services in a single endpoint outside of Rhize's interface. + +> **Requirements:** Router requires the [GraphDB](#db) service. + +Install Router with these steps: + +1. Modify the Router overrides as needed. 1. Install with Helm: ```bash - helm install router -f router.yaml libre/router -n {{< param application_name >}} + helm install router -f router.yaml {{< param application_name >}}/router -n {{< param application_name >}} ``` If the install is successful, the Router explorer is available on its [default port]({{< relref "../../reference/default-ports" >}}). From be6709dcd0d1658bfce949fcdb0de62d38add540 Mon Sep 17 00:00:00 2001 From: Jarod Wilson Date: Thu, 10 Apr 2025 22:57:40 -0700 Subject: [PATCH 08/11] feat: added in solace and rearranged optional services under it's own section --- content/deploy/install/services.md | 58 +++++++++++++++++++++--------- 1 file changed, 42 insertions(+), 16 deletions(-) diff --git a/content/deploy/install/services.md b/content/deploy/install/services.md index 47b70639d..b86711651 100644 --- a/content/deploy/install/services.md +++ b/content/deploy/install/services.md @@ -369,11 +369,13 @@ Install Agent Service with these steps: To verify that Agent is working, check the Redpanda UI. -## Optional: Audit Trail service +## Optional Services + +### Audit Trail The Rhize [Audit]({{< relref "/how-to/audit" >}}) service provides an audit trail for database changes. The Audit service uses PostgreSQL for storage. -Install Audit Service with these steps: +Install Audit with these steps: 1. Modify the Audit trail Helm YAML file. It is *recommended* to change the PostgreSQL username and password values. @@ -392,7 +394,7 @@ Install Audit Service with these steps: For details about maintaining the Audit trail, read [Archive the PostgresQL Audit trail]({{< relref "../maintain/audit/" >}}). -### Enable change data capture +#### Enable change data capture The Audit trail requires [change data capture (CDC)]({{< relref "../../how-to/publish-subscribe/track-changes" >}}) to function. To enable CDC in {{< param application_name >}} BAAS, include the following values for the Helm chart overrides: @@ -408,35 +410,59 @@ alpha: replicas: 1 ``` -## Optional: Apollo Router integration +### KPI -While Rhize provides a built in GraphQL Playground using Apollo's Sandobx, [Apollo Router](https://www.apollographql.com/docs/router) can be installed to unite queries for different services in a single endpoint outside of Rhize's interface. +The Rhize KPI service is a GraphQL service which calcualtes ISO22400 KPIs using timseries tables. -> **Requirements:** Router requires the [GraphDB](#db) service. +Install KPI with these steps: -Install Router with these steps: +1. Modify the Helm file as needed. -1. Modify the Router overrides as needed. +1. Install with Helm: + + ```bash + helm install kpi -f kpi.yaml {{< param application_name >}}/kpi -n {{< param application_name >}} + ``` + +### Solace + +Solace is an event broker that can be used alongside Agent. + +1. Add the Solace Charts Helm repo. + + ```bash + helm repo add solacecharts https://solaceproducts.github.io/pubsubplus-kubernetes-helm-quickstart/helm-charts + ``` + +1. Modify the Helm overrides as needed. 1. Install with Helm: ```bash - helm install router -f router.yaml {{< param application_name >}}/router -n {{< param application_name >}} + helm install solace -f solace.yaml solacecharts/pubsubplus -n {{< param application_name >}} ``` -If the install is successful, the Router explorer is available on its [default port]({{< relref "../../reference/default-ports" >}}). +> [!NOTE] +> Solace can be installed in high availability by using `pubsubplus-ha` instead of `pubsubplus`. +> See detailed instructions on [github](https://github.com/SolaceProducts/pubsubplus-kubernetes-helm-quickstart). -## Optional: KPI +### Apollo Router -Install KPI with these steps: +While Rhize provides a built in GraphQL Playground using Apollo's Sandobx, [Apollo Router](https://www.apollographql.com/docs/router) can be installed to unite queries for different services in a single endpoint outside of Rhize's interface. -1. Modify the Helm file as needed. +> **Requirements:** Router requires the [GraphDB](#db) service. + +Install Router with these steps: + +1. Modify the Router overrides as needed. 1. Install with Helm: - ```bash - helm install kpi -f kpi.yaml {{< param application_name >}}/kpi -n {{< param application_name >}} - ``` + ```bash + helm install router -f router.yaml {{< param application_name >}}/router -n {{< param application_name >}} + ``` + +If the install is successful, the Router explorer is available on its [default port]({{< relref "../../reference/default-ports" >}}). ## Optional: change service configuration From 0a8aab89c870cc08bee2305b71bee992acea0fee Mon Sep 17 00:00:00 2001 From: Jarod Wilson Date: Fri, 11 Apr 2025 15:00:26 -0700 Subject: [PATCH 09/11] feat: changed and unified language to specify modifying helm overrides instead of helm files, and added details for othe services like Audit --- content/deploy/install/services.md | 41 ++++++++++++++++++------------ 1 file changed, 25 insertions(+), 16 deletions(-) diff --git a/content/deploy/install/services.md b/content/deploy/install/services.md index b86711651..a468c6f00 100644 --- a/content/deploy/install/services.md +++ b/content/deploy/install/services.md @@ -159,7 +159,7 @@ Install Redpanda with these steps: helm repo update ``` -1. Modify the Helm file as needed. +1. Modify the Redpanda Helm overrides as needed. 1. Install with Helm: @@ -179,7 +179,7 @@ Install Tempo with these steps: helm repo add grafana https://grafana.github.io/helm-charts ``` -1. Modify the Helm file as needed. +1. Modify the Tempo Helm overrides as needed. 1. Install with Helm: @@ -192,9 +192,11 @@ Install Tempo with these steps: ### Restate +Rhize uses Restate as a platform for orchestrating other services. + Install Restate with these steps: -1. Modify the Helm file as needed. +1. Modify the Restate Helm overrides as needed. 1. Install with Helm: @@ -216,7 +218,7 @@ The Workflow service is the custom engine Rhize uses to process low-code workflo Install Workflow with these steps: -1. Modify the Helm file as needed. +1. Modify the Workflow Helm overrides as needed. 1. Install with Helm: @@ -242,7 +244,7 @@ Install Workflow with these steps: Install Typescript Host Service with these steps: -1. Modify the Helm file as needed. +1. Modify the Typescript Host Service Helm overrides as needed. 1. Install with Helm: @@ -260,16 +262,18 @@ Install Typescript Host Service with these steps: ### QuestDB +QuestDB is used by Rhize to store timeseries data, however it can be substitude for another historian. + Install QuestDB with these steps: -1. If it doesn't exist, add the Redpanda repository: +1. If it doesn't exist, add the QuestDB repository: ```bash helm repo add questdb https://helm.questdb.io/ helm repo update ``` -1. Modify the Helm file as needed. +1. Modify the QuestDB Helm overrides as needed. 1. Install with Helm: @@ -281,7 +285,7 @@ Install QuestDB with these steps: Install ISA-95 with these steps: -1. Modify the Helm file as needed. +1. Modify the ISA-95 Helm overrides as needed. 1. Install with Helm: @@ -316,7 +320,7 @@ Install Grafana with these steps: helm repo update ``` -1. Modify the Grafana Helm YAML file as needed. +1. Modify the Grafana Helm overrides as needed. 1. Install with Helm: @@ -337,7 +341,7 @@ The Admin UI is the graphical frontend to [handle events]({{< relref "/how-to/bp After installing all other services, install the UI with these steps: -1. Modify the UI Helm file as needed. +1. Modify the UI Helm overrides as needed. 1. Install with Helm: @@ -350,9 +354,14 @@ If the install is successful, the UI is available on its ### Agent -Install Agent Service with these steps: +The Rhize agent bridges your plant processes with the Rhize data hub. +It collects data emitted from the plant and publishes it to the NATS message broker. + +> **Requirements:** Agent requires the [Graph DB](#db), [Tempo](#tempo), Redpanda, and an event broker service to communicate with. + +Install Agent with these steps: -1. Modify the Agent Helm file as needed. +1. Modify the Agent Helm overrides as needed. 1. In the Rhize UI, add a Data Source for Agent to interact with: - In the lefthand menu, open **Master Data > Data Sources > + Create Data Source**. @@ -416,7 +425,7 @@ The Rhize KPI service is a GraphQL service which calcualtes ISO22400 KPIs using Install KPI with these steps: -1. Modify the Helm file as needed. +1. Modify the KPI Helm overrides as needed. 1. Install with Helm: @@ -426,7 +435,7 @@ Install KPI with these steps: ### Solace -Solace is an event broker that can be used alongside Agent. +Solace is an event broker that can be used alongside Agent, though it can be substituted for any other event broker. 1. Add the Solace Charts Helm repo. @@ -434,7 +443,7 @@ Solace is an event broker that can be used alongside Agent. helm repo add solacecharts https://solaceproducts.github.io/pubsubplus-kubernetes-helm-quickstart/helm-charts ``` -1. Modify the Helm overrides as needed. +1. Modify the Solace Helm overrides as needed. 1. Install with Helm: @@ -454,7 +463,7 @@ While Rhize provides a built in GraphQL Playground using Apollo's Sandobx, [Apol Install Router with these steps: -1. Modify the Router overrides as needed. +1. Modify the Router Helm overrides as needed. 1. Install with Helm: From 505770d01f4dc831b1480d82cb1af6ea17057c6b Mon Sep 17 00:00:00 2001 From: Jarod Wilson Date: Wed, 23 Apr 2025 21:48:28 -0700 Subject: [PATCH 10/11] fix: removing some mentions of nats --- content/deploy/install/keycloak.md | 2 +- content/deploy/install/services.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/content/deploy/install/keycloak.md b/content/deploy/install/keycloak.md index 6f75a06b8..56fe8c7eb 100644 --- a/content/deploy/install/keycloak.md +++ b/content/deploy/install/keycloak.md @@ -221,7 +221,7 @@ Repeat the preceding process for each of the following services with the corresp | `{{< param application_name >}}UIAudienceMapper` | `{{< param application_name >}}UI` | `On` | `Off` | | `{{< param application_name >}}WorkflowAudienceMapper` | `{{< param application_name >}}Workflow` | `On` | `On` | -*- Optional based on your architecture. +*- Optional based on your architecture.
**- Included as a Custom Audience. #### Add services to the scope diff --git a/content/deploy/install/services.md b/content/deploy/install/services.md index a468c6f00..65133b443 100644 --- a/content/deploy/install/services.md +++ b/content/deploy/install/services.md @@ -355,7 +355,7 @@ If the install is successful, the UI is available on its ### Agent The Rhize agent bridges your plant processes with the Rhize data hub. -It collects data emitted from the plant and publishes it to the NATS message broker. +It collects data emitted from the plant and publishes it to the message broker. > **Requirements:** Agent requires the [Graph DB](#db), [Tempo](#tempo), Redpanda, and an event broker service to communicate with. From 5e285268c4ee6b08e1aa914487f69e1fe5553bd5 Mon Sep 17 00:00:00 2001 From: Jarod Wilson Date: Sun, 27 Apr 2025 22:26:25 -0700 Subject: [PATCH 11/11] fix: formatting in certain spots, added helm repo update to all helm repo installs, added alloy, and changed to use grafana lgtm --- content/deploy/install/keycloak.md | 4 +- content/deploy/install/services.md | 74 ++++++++++++++---------------- 2 files changed, 37 insertions(+), 41 deletions(-) diff --git a/content/deploy/install/keycloak.md b/content/deploy/install/keycloak.md index 56fe8c7eb..5c6cec534 100644 --- a/content/deploy/install/keycloak.md +++ b/content/deploy/install/keycloak.md @@ -306,8 +306,8 @@ Rhize requires authorization for the database service. 1. In the left hand menu, select **Clients**, and then `{{< param db >}}`. 1. Select the **Authorization** tab. -1. Select **Policies > Create Policy** -1. Select **Group > Create Policy**. +1. Select the **Policies** subtab. +1. Select **Create Policy > Group**. 1. Name the policy `{{< param application_name >}}AdminGroupPolicy`. 1. Select **Add Groups**. 1. Select `{{< param application_name >}}AdminGroup`. diff --git a/content/deploy/install/services.md b/content/deploy/install/services.md index 65133b443..160c7caba 100644 --- a/content/deploy/install/services.md +++ b/content/deploy/install/services.md @@ -62,6 +62,7 @@ You must add the helm chart repository for Rhize. ```bash helm repo add {{< param application_name >}} https://gitlab.com/api/v4/projects/42214456/packages/helm/stable + helm repo update ``` ## Install and add roles for the DB {#db} @@ -97,11 +98,10 @@ If enabling the Audit Trail, also the include the configuration in [Enable chang 1. Get a token using the credentials. With `curl`, it looks like this: ```bash - curl --location --request POST 'https://- - auth.{{< param application_name >}}/realms/{{< param application_name >}}/protocol/openid-connect/token' \ + curl --location --request POST '/realms/{{< param application_name >}}/protocol/openid-connect/token' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data-urlencode 'grant_type=password' \ - --data-urlencode 'username=system@{{< param application_name >}}.com' \ + --data-urlencode 'username=' \ --data-urlencode 'password=' \ --data-urlencode 'client_id={{< param application_name >}}Baas' \ --data-urlencode 'client_secret=' @@ -110,7 +110,7 @@ If enabling the Audit Trail, also the include the configuration in [Enable chang 1. Post the schema: ```bash - curl --location --request POST 'http://localhost:/admin/schema' \ + curl --location --request POST '/admin/schema' \ --header 'Authorization: Bearer ' \ --header 'Content-Type: application/octet-stream' \ --data-binary '@' @@ -118,7 +118,7 @@ If enabling the Audit Trail, also the include the configuration in [Enable chang This creates more roles. -1. Go to Keycloak UI and add all new {{< param db >}} roles to the `ADMIN` group. +1. Go to Keycloak UI and add all new {{< param db >}} roles to the `libreAdminGroup`. If the install is successful, the Keycloak UI is available on its [default port]({{< relref "../../reference/default-ports" >}}). @@ -167,28 +167,41 @@ Install Redpanda with these steps: helm install redpanda -f redpanda.yaml redpanda/redpanda -n {{< param application_name >}} ``` -### Tempo - -Rhize uses [Tempo](https://grafana.com/oss/tempo/) to trace BPMN processes. +### Alloy -Install Tempo with these steps: +Install Alloy with these steps: -1. If it doesn't exist, add the Tempo repository: +1. If the Grafana repository doesn't exist, add it: ```bash helm repo add grafana https://grafana.github.io/helm-charts + helm repo update ``` -1. Modify the Tempo Helm overrides as needed. +1. Modify the Alloy Helm overrides as needed. 1. Install with Helm: ```bash - helm install tempo -f tempo.yaml grafana/tempo -n {{< param application_name >}} + helm install alloy -f alloy.yaml grafana/alloy -n {{< param application_name >}} ``` -> [!NOTE] -> Depending on your configuration you may need to run Tempo in distributed mode. When installing with Helm instead of using `grafana/tempo` instead do `grafana/tempo-distributed`. +### Grafana LGTM + +Grafana LGTM includes Tempo and Grafana. Rhize uses [Tempo](https://grafana.com/oss/tempo/) to trace BPMN processes. + +Install Grafana LGTM with these steps: + +1. Modify the Grafana LGTM Helm overrides as needed. + +1. Install with Helm: + + ```bash + helm install lgtm-distributed -f lgtm-distributed.yaml grafana/lgtm-distributed -n {{< param application_name >}} + ``` + +If the install is successful, the Grafana service is available on its +[default port]({{< relref "../../reference/default-ports" >}}). ### Restate @@ -252,7 +265,13 @@ Install Typescript Host Service with these steps: helm install typescript-host-service -f typescript-host-service.yaml {{< param application_name >}}/typescript-host-service -n {{< param application_name >}} ``` -1. Register with Restate: +1. When the Typescript Host Service starts, it should register with Restate. Verify this with: + + ```bash + curl localhost:9070/deployments | jq '.deployments[].uri' + ``` + + This will show the URL of each registered service. If Typescript Host Service's URL is not present, register it with: ```bash curl --location 'http://localhost:9070/deployments' \ @@ -307,30 +326,6 @@ Install ISA-95 with these steps: --data '{"uri":"http://isa95.{{< param application_name >}}.svc.cluster.local:29080", "force":true}' ``` - -### Grafana - -Rhize uses [Grafana](https://grafana.com) for its dashboard to monitor real time data. - -Install Grafana with these steps: - -1. Add the Helm repository - ```bash - helm repo add grafana https://grafana.github.io/helm-charts - helm repo update - ``` - -1. Modify the Grafana Helm overrides as needed. - -1. Install with Helm: - - ```bash - helm install grafana -f grafana.yaml grafana/grafana -n {{< param application_name >}} - ``` - -If the install is successful, the Grafana service is available on its -[default port]({{< relref "../../reference/default-ports" >}}). - ## Install Admin UI The Rhize agent bridges your plant processes with the Rhize data hub. @@ -441,6 +436,7 @@ Solace is an event broker that can be used alongside Agent, though it can be sub ```bash helm repo add solacecharts https://solaceproducts.github.io/pubsubplus-kubernetes-helm-quickstart/helm-charts + helm repo update ``` 1. Modify the Solace Helm overrides as needed.