Table of Contents


Introduction

Routing Types

a) NodePort with Ingress (default)

b) NodePort Without Ingress

c) Loadbalancer

Access Modes

a) Public

b) Private (default)

TLS Modes

Installation Requirements

DNS and Firewall Configurations

Prerequisites

A. Prepare the Cluster (applicable only for microk8s)

B. Obtain Cluster configuration

C. Prepare Kubernetes client machine

Setting up Air-Gapped Environment

A. VPN and Internal Access to the Kubernetes Client Machine

B. Container Runtime Engine Support

C. Importing gopaddle images

i. Importing in to the Kubernetes Cluster local cache

ii. Importing images in to private docker registry

D. Add DNS resolver to core DNS

Installation Steps

1. Create gopaddle namespace

2. Download installer

3. Configure installation

a. Edition

b. Launch Type (Optional)

c. Routing Type (Optional)

d. Static IP (Optional)

e. Cluster provider (Optional)

f. Domain name and access mode (Optional)

g. StorageClass (Optional)

h. Node Selector (Optional)

i. Airgapped Paramaters

4. Install gopaddle Helm Chart

5. Wait for ready state

6. Add DNS entries to gopaddle core service (air-gapped)

7. Access gopaddle UI

8. License Agreement

Registering local cluster in gopaddle

Using HPE Datafabric Persistent Volumes

Command-line utility (gpctl)

Using Self-Signed Certificates for gopaddle Endpoint

Upgrading gopaddle

Uninstalling gopaddle

Support


Introduction

gopaddle Lite is a community edition with a lifetime free usage. Developers can use the lite edition to modernize applications in their local environment, absolutely free of cost.

Routing Types

Routing type determines the way in which external traffic is routed to the gopaddle installation.

a) NodePort with Ingress (default)

NodePortWithIngress is a primitive routing type in which gopaddle core services can be accessed on ports 30001 and 30002 and its dependency service (RabbitMQ) on port 30000.

The installer brings up an Nginx ingress controller to route the external traffic from the NodePort to the gopaddle core services.

πŸ“Œ Choose this routing type when the gopaddle services have to accessed using a domain name and the alternate ports.

b) NodePort without Ingress

In this mode, gopaddle installer does not install an NGINX ingress controller. gopaddle endpoints are accessed via nodeports (without ingress routes). RabbitMQ can be accessed on port 30000, and gopaddle gateway and UI on 30004 and 30003 respectively. Websockets required for costmanager and activitymanager can be accessed on ports 30005 respectively.

πŸ“Œ Choose this routing type when the gopaddle services have to be accessed directly using the Kubernetes node IP address instead of a domain name.

πŸ“Œ If the Routing Type is NodePortWithOutIngress, then only HTTP access mode is possible.

c) LoadBalancer

For a production-ready deployment, gopaddle can be installed using the LoadBalancer routing type. This requires a LoadBalancer controller to be pre-installed in the Cluster. In this scenario, gopaddle core services can be accessed on ports 80 and 443 and its dependency service (RabbitMQ) on port 5672.

πŸ“Œ Choose this routing type when the gopaddle services have to be accessed using a domain name and the standard HTTP (80)/HTTPS (443) ports.

Access Modes

gopaddle can be installed either in private or in public mode.

πŸ“Œ By default, the Helm installer for gopaddle installs gopaddle in public mode. 

a) Public Mode (default)

When the INBOUND access to the gopaddle endpoints are not limited, then choose public installation mode. Public installation mode is required to perform any of the below-mentioned tasks

  • Provision Managed Kubernetes cluster (AWS EKS, Google GKE, Azure AKS) and use it for building and deploying applications via gopaddle - Not applicable for Lite edition

  • Register an external Cluster provisioned outside the private network and use it for building and deploying applications via gopaddle - Not applicable for Lite edition

  • Perform continuous integration for projects managed under github.com / gitlab.com / bitbucket.com

  • Access gopaddle installation outside the private network

b) Private Mode

When the INBOUND access to the gopaddle endpoints are limited, then choose private installation mode. In private mode, all the 3rd party services like source control management systems (GitHub/ GitLab) that integrate with gopaddle should be able to reach the gopaddle endpoint. For this reason, an on-premise installation of GitLab or GitHub can be used to automate CI/CD workflows with gopaddle. Once the gopaddle installation is complete on a Kubernetes environment, the same cluster can be registered within gopaddle for building and deploying applications.

TLS Modes

TLS mode can be HTTP or HTTPS.

πŸ“Œ By default, the TLS mode is set to HTTPS. This requires SSL certificates.

πŸ“Œ If Routing Type is NodePortWithOutIngress, then only HTTP access mode is possible.

πŸ”” HTTPS mode is required for the following capabilities:
πŸ”Ή Enable Continuous Integration in gopaddle
πŸ”Ή Perform Rolling update of end user application or pipeline automation using gopaddle APIs
πŸ”Ή View End User Application and Cluster metrics
πŸ”Ή Provision and List Persistent Volumes

Installation Requirements

Cluster Provider

MicroK8s v1.21+ (or) HPE Ezmeral Container Platform 5.3 with Kubernetes version 1.18.6 & kubectl-epic v3.4

Helm Version

v3.7.1

Number of worker nodes

1 (Community Edition doesn’t support more than 1 node)

Size of worker nodes

4 vCPU, 8 GB RAM, 50 GB Disk

License Validity

Enterprise Trial - 2 months

Lite Community Edition - Lifetime free

Domain Names (Optional)

Required when the installation type is NodePortWithIngress and Loadbalancer. Can be skipped if the installation type is NodePortWithoutIngress.

2 Domain Names - (gopaddle installation requires 2 domain names to be configured to access the UI/API endpoints and to receive webhook events.

SSL Certificate & Key (Optional)

Required if the access mode is HTTPS. SSL certificates and keys for the domain names are required. Check the section on Self-signed certificates for more information.

Static IP (Optional)

Required only if the gopaddle services have to be accessed using a static IP address.

Others

NTP synchronization across master and worker nodes.

DNS and Firewall Configurations

Private Mode

Public Mode

Name Resolution

Local/Internal DNS resolution. An β€˜A’ record mapping gopaddle domain names to worker node private IP address.

Public DNS resolution. An β€˜A’ record mapping gopaddle domain names to worker node public IP address.

Firewall

NA

For NodeportWithIngress routing type: INBOUND access to ports 30000, 30001 and 30002 have to be opened.

For NodeportWithOutIngress routing type: INBOUND access to ports 30000, 30003 - 30006 have to be opened.

For Load Balancer routing type: INBOUND access to ports 80, 443 and 5672 have to be opened.

If Kubernetes cluster is accessed from a client machine, INBOUND access to Kubernetes master port (default 16443 for microk8s) and the Grafana dashboard port (32000) need to be opened to the specific Kubernetes client machine.

If any application is launched using NodePort, then INBOUND access to the corresponding port needs to be opened.

All Egress to be allowed.

Prerequisites

A. Prepare the Cluster (applicable only for microk8s)

πŸ”” You can skip this step if your cluster provider is not microk8s.

Perform these steps on the microk8s instance.

  1. Make sure the right version of microk8s is installed.

    $ sudo microk8s kubectl version
    Client Version: version.Info{Major:"1", Minor:"24+", GitVersion:"v1.24.0-2+4dd3822a1821bd", GitCommit:"4dd3822a1821bd008a34e5bc879e082e42b93a92", GitTreeState:"clean", BuildDate:"2022-05-04T09:18:45Z", GoVersion:"go1.18.1", Compiler:"gc", Platform:"linux/amd64"}
    Kustomize Version: v4.5.4
    Server Version: version.Info{Major:"1", Minor:"24+", GitVersion:"v1.24.0-2+4dd3822a1821bd", GitCommit:"4dd3822a1821bd008a34e5bc879e082e42b93a92", GitTreeState:"clean", BuildDate:"2022-05-04T09:16:11Z", GoVersion:"go1.18.1", Compiler:"gc", Platform:"linux/amd64"}

  2. Enable storage and dns services in the microk8s installation.

    $ sudo microk8s enable dns
    $ sudo microk8s enable storage
    $ sudo microk8s enable metrics-server
    $ sudo microk8s enable helm3
    $ alias helm="sudo microk8s helm3"
    $ alias kubectl="sudo microk8s kubectl"

  3. If the installation mode is Public, enable host access using the public IP address of the host machine.

    $ sudo microk8s enable host-access:ip=<host-public-ip>

    For e.g. if 54.255.246.53 is the public IP address of the host machine, issue the command:

    $ sudo microk8s enable host-access:ip=54.255.246.53 

  4. If LoadBalancer routing type is desired, then enable the metallb addon as well. If you are running microk8s on a cloud, please check the metallb support matrix to verify its support for the cloud provider.

    $ sudo microk8s enable metallb

  5. If you choose to install gopaddle in public mode, then add the microk8s instance public IP address to the IPs list so that the cluster can be accessed using the public IP address. For eg. if 54.255.246.53 is the public IP address of the microk8s instance, then add an entry in the IP address section as below.

    $ sudo vi /var/snap/microk8s/current/certs/csr.conf.template

    [ alt_names ]
    DNS.1 = kubernetes
    DNS.2 = kubernetes.default
    DNS.3 = kubernetes.default.svc
    DNS.4 = kubernetes.default.svc.cluster
    DNS.5 = kubernetes.default.svc.cluster.local
    IP.1 = 127.0.0.1
    IP.2 = 10.152.183.1
    IP.4 = 54.255.246.53
    #MOREIPS

  6. Restart the microk8s services.

    $ sudo microk8s stop
    $ sudo microk8s start

B. Obtain Cluster configuration

From the Kubernetes master node, execute the below commands. Note down the Kubernetes cluster configuration and save it to a file.

  1. If cluster provider is microk8s, get the configuration as below:

    $ sudo microk8s config

  2. For a cluster provider other than microk8s, get the configuration as below:

    $ sudo kubectl config view

  3. If the installation mode is Public, change the server endpoint in the config file to point to the host public IP address.

    server: https://<host-public-ip>:16443


    For e.g. if 54.255.246.53 is the public IP address of the microk8s instance, then, change the "server:" line in config file ($HOME/k8s.config) as follows:

    server: https://54.255.246.53:16443

C. Prepare Kubernetes client machine

Perform these steps on the Kubernetes client machine from where the gopaddle installation steps are to be executed.

  1. Install kubectl on the client machine by following the steps in the given URL. https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/

  2. Add the Kube Config copied from section B and make sure the cluster is reachable.

    $ kubectl version
    Client Version: version.Info{Major:"1", Minor:"17", GitVersion:"v1.17.4", GitCommit:"8d8aa39598534325ad77120c120a22b3a990b5ea", GitTreeState:"clean", BuildDate:"2020-03-12T21:03:42Z", GoVersion:"go1.13.8", Compiler:"gc", Platform:"darwin/amd64"}
    Server Version: version.Info{Major:"1", Minor:"21+", GitVersion:"v1.21.8-3+b8dc41df93b196", GitCommit:"b8dc41df93b19648f20155d7fc88687a60322f41", GitTreeState:"clean", BuildDate:"2022-01-18T14:53:03Z", GoVersion:"go1.16.13", Compiler:"gc", Platform:"linux/amd64"}

  3. Install helm 3 in your machine by following the steps mentioned in the given URL https://helm.sh/docs/intro/install/

    $ which helm
    /usr/local/bin/helm

  4. Make sure jq is installed.

    $ which jq
    /usr/local/bin/jq

Setting up Air-Gapped Environment

gopaddle enterprise edition can be installed in an air gapped mode on a Kubernetes cluster within a private VPN with no outbound access to the internet. Since the gopaddle docker images cannot be downloaded from the internet, these images need to be imported into the cluster or into a private docker registry within the VPN.

A) VPN and Internal Access to the Kubernetes Client Machine

The Kubernetes client machine must have OUTBOUND access to the internet to download the gopaddle images files. The client machine must also have access to the Kubernetes master node, private docker registry and the private source control repositories within the VPN.

B) Container Runtime Engine Support

gopaddle images are available as separate tar bundles for containerd and CRI-O images. Containerd images can be used in Kubernetes Clusters with containerd or Docker Runtime Engines. CRI-O images can be used in Kubernetes clusters with CRI-O run time engine. To identify the runtime engine of your cluster, execute the below command:

$ kubectl get nodes -o wide 

NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME

microk8s-vm Ready <none> 18d v1.24.6-2+949b88ddc8b8cc 192.168.64.2 <none> Ubuntu 18.04.6 LTS 4.15.0-192-generic containerd://1.5.13

Based on the run time engine supported by the private Kubernetes cluster, the gopaddle images can be downloaded and extracted accordingly.

The below table lists the images required to be downloaded based on the Container runtime engine. Each of these images need to be imported into the docker registry (or) into the local cache.

The images listed below are only available for gopaddle Lite edition. To get access to the tar bundles for Enterprise edition, email us at hello.gopaddle.io.

C) Importing gopaddle images

i) Importing in to the Kubernetes Cluster local cache

  • Copy each of the images.tar file listed in the above table, into the Kubernetes master machine using a secure copy (SCP).

  • Import the images using the command below:

In case of microk8s cluster, import the images using microk8s ctr command.

$ microk8s ctr image import gopaddle-images.tar

For other clusters, import images into the local cache using ctr command.

$ ctr image import <images.tar>

ii) Importing images in to private docker registry

From the Kubernetes client machine that has access to the internet, execute the below commands:

  • Install docker engine. Follow the steps here to install docker on the Kubernetes client machine.

  • Download the script required to tag and push the image into the private docker registry.

    $ wget https://gopaddle-installer.s3.ap-south-1.amazonaws.com/airgapped/scripts/gp-tag-push-images.sh
  • Login to the private docker registry

    $ sudo docker login <registry_endpoint>/<organization or group name> --username root --password <passwd>

    Eg.

    $ sudo docker login registry.gopaddle.io:31864/gp-project --username root --password <passwd>
  • Download images tar files mentioned in the table, tag and push the images to docker private registry by following the steps below:

    $ wget <images tar location>
    $ gunzip <tar.gz file>
    $ curl -s https://gopaddle-installer.s3.ap-south-1.amazonaws.com/airgapped/gp-tag-push-images.sh | sudo bash -x -s -- "<registry_endpoint>/<organization or group name>/<repo name>" ./<tarfile>

    Eg.

    $ curl -s https://gopaddle-installer.s3.ap-south-1.amazonaws.com/airgapped/gp-tag-push-images.sh | sudo bash -x -s -- "registry.gopaddle.io:31864/gp-project/gp-repo" ./gopaddle-images-onprem-4-2-5.tar

πŸ”” When using quickstart wizard or the gopaddle command line utility gpctl in an air gapped mode, the base image name must include the docker repository path or use the base image argument with the images in the private docker repository.

πŸ”” gopaddle air gapped setup does not support gopaddle marketplace subscriptions.  

D) Add DNS resolver to core DNS

Add Source Code management System (SCM) like private GitLab and Docker Private Registry DNS names to CoreDNS. For instance, the nameserver configured in the Kubernetes master server host machine can be added to the CoreDNS resolvers list. The nameserver in the Kubernetes master server host machine can be obtained by executing the below command on the Kubernetes master server:

$ nameserver=$(tail -1 /run/systemd/resolve/resolv.conf | cut -d " " -f 2)

The private IP address of the docker registry and the SCM repository can be obtained by looking up their DNS names using nslookup on the Kubernetes master server host machine as below:

$ nslookup registry.gopaddle.io
Server: 127.0.0.53
Address: 127.0.0.53#53

Non-authoritative answer:
Name: registry.gopaddle.io
Address: 10.0.2.233

If the nameserver is 10.0.0.2 and the private IP of the docker registry (eg. registry.gopaddle.io) and SCM (eg. gitlab.gopaddle.io) is 10.0.2.233, then the CoreDNS config file can be edited with the corresponding values. The final CoreDNS config file would look like:

$ cat coreDNS-resolv.config | jq -c '.data.Corefile' | sed 's/\\n/\n/g'
".:53 {
errors
health {
lameduck 5s
}
ready
log . {
class error
}
kubernetes cluster.local in-addr.arpa ip6.arpa {
pods insecure
fallthrough in-addr.arpa ip6.arpa
}
prometheus :9153
forward . 10.0.0.2 8.8.8.8 8.8.4.4
cache 30
loop
reload
loadbalance
hosts {
10.0.2.233 registry.gopaddle.io gitlab.gopaddle.io
fallthrough
}
}
"

Apply the CoreDNS config and restart the CoreDNS service.

$ kubectl apply -f coreDNS-resolv.config
$ kubectl delete pods -l k8s-app=kube-dns -n kube-system
$ kubectl wait --for=condition=ready pod -l k8s-app=kube-dns -n kube-system --timeout 15m

D. Prepare Storage Configuration (Optional)

gopaddle installer requires storage configuration (StorageClass) in the Kubernetes environment in order to provision gopaddle services.

πŸ”” By default, the installer is configured to obtain the default storageClass from the cluster automatically.

This step can be skipped if a defaultStorage class is sufficient for the installation. To get the storage class name in the cluster, execute the below command and note down the name of the storage class to be used. In the below example, microk8s-hostpath is the storage class name.

$ kubectl get sc
NAME PROVISIONER RECLAIMPOLICY VOLUMEBINDINGMODE ALLOWVOLUMEEXPANSION AGE
microk8s-hostpath (default) microk8s.io/hostpath Delete Immediate false 76m

E. Configure Node Labels (Optional)

If the cluster has more than 1 nodes, to schedule gopaddle services on a single node, we must either label the node or assign the installation based on node IP. Get the worker node IP and the hostname. Note down the InternalIP and the Hostname.

$ kubectl get node -o json | jq .items[0].status.addresses
[
{
"address": "10.0.2.40",
"type": "InternalIP"
},
{
"address": "ip-10-0-2-40",
"type": "Hostname"
}
]

Alternatively, node label key/value can be used to schedule the gopaddle services. For more information on labeling the nodes, please check the Kubernetes documentation here.

Installation steps

Perform these steps from the Kubernetes Client machine.

  1. Create gopaddle namespace

    $ kubectl create ns gp-lite-4-2

  2. Download installer

    Untar the downloaded gopaddle helm archive.

    $ tar -xvf gopaddle-helm.tar
    $ cd gopaddle-helm

3. Configure installation

Edit the values.yaml file and configure the installation.

  1. Edition

    gopaddle edition specifies the edition to be installed.

    Possible values - Enterprise (or) Lite. In case of Enterprise installation, mail us @ hello@gopaddle.io

  2. Routing Type (Optional)

    Change the routing type by editing the routingType configuration. Allowed values are 'NodePortWithOutIngress', 'NodePortWithIngress' and 'LoadBalancer'

    routingType: NodePortWithIngress

  3. Launch Type (Optional)

    This step can be skipped, if the launch type is Public.

    To install gopaddle in private mode, edit the launchType to private.

    launchType: private

  4. Static IP (Optional)

    If the gopaddle services have to be accessed using a public static IP, then configure the static IP as below:

    staticIP: <static-ip>

  5. Cluster provider (Optional)

    Change the cluster provider type as needed. By default, the provider type is set to β€˜other’. To install gopaddle on HPE Ezmeral Container Platform, change the cluster.provider to β€˜hpe’.

    cluster:
    provider: other

  6. Domain name and access mode (Optional)

    This step can be skipped if the access mode is HTTP. Create the TLS certificates to be used for HTTPS access mode.

    $ kubectl create secret tls gp-lite-4-2-lb-portal-tls \
    --cert=<path-to-cert-file> \
    --key=<path-to-key-file> \
    -n gp-lite-4-2

    $ kubectl create secret tls gp-lite-4-2-lb-webhook-tls \
    --cert=<path-to-cert-file> \
    --key=<path-to-key-file> \
    -n gp-lite-4-2

    If the access mode is HTTPS, set the gopaddle and gopaddleWebhook settings to https: true, modify the domainName fields and the secret name for gopaddle and gopaddleWebhook.

    gopaddle:
    domainName: <gopaddleDomainName>
    secretName: gp-lite-4-2-lb-portal-tls
    https: true
    gopaddleWebhook:
    https: true
    domainName: <webhookDomainName>
    secretName: gp-lite-4-2-lb-webhook-tls

  7. StorageClass (Optional)

    This step can be skipped, if the default storage class is sufficient for the installation.

    πŸ”” By default, the installer is configured to obtain the default storageClass from the cluster automatically.

    Get the storage class name in the cluster by executing the below command and note down the name of the storage class to be used. In the below example, microk8s-hostpath is the storage class name.

    $ kubectl get sc
    NAME PROVISIONER RECLAIMPOLICY VOLUMEBINDINGMODE ALLOWVOLUMEEXPANSION AGE
    microk8s-hostpath (default) microk8s.io/hostpath Delete Immediate false 76m

    Uncomment and modify the storageClassName field in the values.yaml file and replace it with the storage class name obtained in the previous step.

    storageClassName: microk8s-hostpath

  8. Node Selector (Optional)

    1. This step can be skipped if there is only one node in the cluster.

      If the cluster has more than 1 node, to schedule gopaddle services on a single node, we must either label the node or assign the installation based on node IP. To get the worker node IP and the hostname, execute the below command and note down the InternalIP and the Hostname.

      $ kubectl get node -o json | jq .items[0].status.addresses
      [
      {
      "address": "10.0.2.40",
      "type": "InternalIP"
      },
      {
      "address": "ip-10-0-2-40",
      "type": "Hostname"
      }
      ]

      Alternatively, node label key/value can be used to schedule the gopaddle services. For more information on labeling the nodes, please check the Kubernetes documentation here.

      Set the node selector in the values.yaml file, either based on the hostname obtained in the previous step or based on the node labels. Please check the Kubernetes documentation on using nodeSelector. gopaddle installer follows the same schema as the standard Kubernetes nodeselector schema. If the nodeSelector attribute is removed from the values.yaml file, then gopaddle services get scheduled on the best fit worker nodes.

      nodeSelector:
      kubernetes.io/hostname: <HostName>

  9. Air Gapped Parameters

    1. Set the below configurations to enable air gapped setup.

      • enabled: Set it to true to enable air gapped installation

      • imageRegistryType: Possible values local or private. Choose local, When gopaddle images are loaded in to the cluster local cache. Choose private, when gopaddle images have to be pulled from the private docker registry.

      • imageRegistryInfo Configure this section when the imageRegistryType is private.

        • registryUrl: registry endpoint. Eg. registry.gopaddle.io:30710.

        • imageRegistryInfo.repoPath: project and repository path where gopaddle images are available. Eg. /gp-registry-group/gp-registry-project

        • authType: Authentication type to access the Docker Private Registry. Possible values: dockerConfig (or) basic

        • dockerConfig: Configure this when the authType is set to dockerConfig. Provide the base64 string of docker auth configuration. To get the docker config, execute the commands below:

          $ docker login <docker-registry-endpoint>
          $ cat ~/.docker/config.json | base64
        • basicAuth: Configure this when the authType is set to basic. Provide the username and password configuration of the Docker Private Registry

        • imageSecret: Kubernetes secret name to push or pull docker images in to the Docker Private Registry at the time of building user applications. Create an image secret Eg. gp-onprem-4-2-image-secret and provide this image secret name under the imageSecret section of the values file.

        • basicAuth: Configure this when the authType is set to basic. Provide the username and password configuration of the Docker Private Registry

        • imageSecret: Kubernetes secret name to push or pull docker images in to the Docker Private Registry at the time of building user applications. Create an image secret Eg. gp-onprem-4-2-image-secret and provide this image secret name under the imageSecret section of the values file.

          $ docker login <docker-registry-endpoint>
          $ kubectl create secret generic gp-onprem-4-2-image-secret \
          --from-file=.dockerconfigjson=~/.docker/config.json \
          --type=kubernetes.io/dockerconfigjson -n gp-lite-4-2

4. Install gopaddle Helm Chart

  1. Install gopaddle RabbitMQ dependency service

    $ helm install gp-rabbitmq-4-2 ./ --namespace gp-lite-4-2 --set global.installer.chart.rabbitmq=true --set global.installer.chart.gp-core=false
    WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /var/snap/microk8s/4023/credentials/client.config
    NAME: gp-rabbitmq-4-2
    LAST DEPLOYED: Fri Oct 14 00:55:03 2022
    NAMESPACE: gp-lite-4-2
    STATUS: deployed
    REVISION: 1
    TEST SUITE: None
  2. Install gopaddle core services

    $ helm install gp-lite-4-2 ./ --namespace gp-lite-4-2 --set global.installer.chart.rabbitmq=false --set global.installer.chart.gp-core=true
    WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /var/snap/microk8s/4023/credentials/client.config
    NAME: gp-onprem-4-2
    LAST DEPLOYED: Fri Oct 14 00:55:46 2022
    NAMESPACE: gp-lite-4-2
    STATUS: deployed
    REVISION: 1
    TEST SUITE: None

5. Wait for ready state

Wait until all the services move to Ready state. It takes around 15 minutes for all the services to move to Ready state.

In case of a non-airgapped setup:

$ kubectl wait --for=condition=ready pod -l released-by=gopaddle -n gp-lite-4-2 --timeout=15m

In case of an air gapped setup:

$ kubectl wait --for=condition=ready pod -l released-by=gopaddle,app!=marketplace -n gp-lite-4-2 --timeout=15m

6. Add DNS entries to gopaddle core service (air-gapped)

In case of airgapped setup, add the private Source Code Management (SCM) and the private Docker registry DNS entries to the gp-core service.

$ registryPrivateIP=<set the IP of the private docker registry>
$ scmPrivateIP=<set the IP of the private scm>

Please check the steps under section d) Add DNS resolver to core DNS of Setting up air-gapped enviroment, to obtain the private IPs.

Add the private IP to the gp core service /etc/hosts to register gitlab and registry

$ gpcore=$(sudo microk8s.kubectl get pods -l app=gpcore -n gp-lite-4-2 | grep gpcore | cut -d " " -f 1)
$ kubectl exec -it pods/$gpcore -c core -n gp-lite-4-2 -- sh -c "echo '$privateIP gitlab.gopaddle.io' >> /etc/hosts"
$ kubectl exec -it pods/$gpcore -c core -n gp-lite-4-2 -- sh -c "echo '$privateIP registry.gopaddle.io' >> /etc/hosts"

7. Access gopaddle UI

Once all the gopaddle services are moved to Ready state, gopaddle UI can be accessed from the browser.

NodePortWithouIngress: http://<nodeIP>:30003

NodePortWithIngress (HTTPS Access Mode): https://<gopaddleDomainName>:30002

NodePortWithIngress (HTTP Access Mode): http://<gopaddleDomainName>:30002

LoadBalancer: https://<domainName>

8. License Agreement

In the license agreement page, provide the official email ID. A copy of the license agreement will be sent to this email ID.

Once the license is agreed, you will be redirected to the login page. Default login credentials are below:

Login user: admin@gopaddle.io

Login password: admin

Registering local cluster in gopaddle

  1. Login to the gopaddle UI.

  2. Navigate to the cluster registration page: https://<domainName:30002>/register in case of NodePort routing type (or) https://<domainName>/register in case of LoadBalancer routing type (or) https://<nodeIP>:30003/register in case of NodePortWithOutIngress routing type.

  3. Under the General section, provide a cluster name, its private IP address and the port. Default port is 16443. You can obtain the connection string from the kube config file obtained in step B.

  4. Under the Authentication section, choose the kubeconfig option and upload the kubeconfig file obtained in step B.

  5. Under the Bastion Host section, disable Use Bastion Host ? option and click on finish to register the cluster.

Command-line utility (gpctl)

Command-line utility compatible with v4.2.3 can be downloaded here.

Using HPE Datafabric Persistent Volumes

To deploy stateful services on HPE Ezmeral Container Platform with DataFabric (MapR) or with NFS Provisioner, the security context must be configured before deploying those services.

  1. Navigate to the services page in gopaddle UI: https://<domainName:30002>/service in case of NodePortWithIngress routing type (or) https://<domainName>/service in case of LoadBalancer routing type (or) https://<nodeIP>:30003/register in case of NodePortWithOutIngress routing type.

  2. Select the stateful service and view the service

  3. Edit the Security Context as below and save the configuration

Now the deployment using this stateful service can be deployed on an HPE Ezmeral Container Platform with DataFabric (MapR) or with NFS Provisioner.

Using Self-Signed Certificates for gopaddle Endpoint

If self-signed certificates are used to set up the gopaddle endpoints, then gpctl must use --insecureSkipVerify option to skip the tls verification.

In case of gopaddle UI - Dockerization quickstart wizard, select the option 'Insecure Skip Verify' option.

Upgrading gopaddle

  1. Untar the new helm package.

    $ tar -xvf gopaddle-helm.tar

  2. Update gopaddle installation and Wait until the the pods move to Ready state.

    $ cd gopaddle-helm
    $ helm upgrade upgrade gp-core-4-2 ./charts/gp-onprem/ --namespace gp-lite-4-2 --values ./charts/gp-onprem/values.yaml --values ./values.yaml

  3. Restart gopaddle pods and wait until all gopaddle pods move to Ready state.

    $ kubectl delete pod -l servicetype=gopaddle -n gp-lite-4-2
    $ kubectl wait --for=condition=ready pod -l servicetype=gopaddle -n gp-lite-4-2 --timeout=15m

Uninstalling gopaddle

  1. Uninstall gopaddle and its dependency resources by following the steps below:

    $ helm delete gp-core-4-2 --namespace gp-lite-4-2
    $ helm delete gp-rabbitmq-4-2 --namespace gp-lite-4-2
    $ kubectl delete ns gp-lite-4-2

  2. If local cluster was registered in gopaddle, then the add-ons created by gopaddle can be deleted by running the below commands:

    $ kubectl delete ns gopaddle-servers
    $ kubectl delete clusterrole gopaddle:prometheus-tool-kube-state-metrics gopaddle:prometheus-tool-server
    $ kubectl delete clusterrolebinding gopaddle:event-exporter-rb gopaddle:prometheus-tool-kube-state-metrics gopaddle:prometheus-tool-server

Support

For any queries related to installation, upgrade, you can reach us at hello@gopaddle.io

Did this answer your question?