Pro Installation
Prerequisite
Cert Manager
DCS RESTful server depends on cert-manager ↗ to issue certificates.
You’ve probably been using cert-manager. If so, you can skip this section.
cert-manager is a powerful and extensible X.509 certificate controller for Kubernetes and OpenShift workloads. It will obtain certificates from a variety of Issuers, both popular public Issuers as well as private Issuers, and ensure the certificates are valid and up-to-date, and will attempt to renew certificates at a configured time before expiry.
Trust Manager
DCS RESTful server depends on trust-manager ↗ for trusted CAs for validating certificates during TLS handshakes.
You’ve probably been using trust-manager. If so, you can skip this section.
trust-manager is designed to complement cert-manager and works well when consuming CA certificates from a cert-manager Issuer or ClusterIssuer.
Installation/Upgrade
Download a Release
In every release, there’re several docker images and one helm chart.
e.g.
Upload Docker Image
Choose a docker images which matches your arch, and upload the docker image to your image registry server.
If none image matches your arch, please contact us, We’ll build a docker image for that arch and add it to the release.
Install for the First Time
e.g.
Upgrade to a New Version
DCS is backward compatible, so you can seamlessly upgrade to a New Version.
e.g.
Because helm upgrade doesn’t update CRDs, please execute the following to update CRDs.
Complete List of Options
As follows is the complete list of options of installation and upgrade.
Required | Option | Default Value | Meaning |
---|---|---|---|
namespace | default | The namespace where to install/upgrade DCS | |
✓ | image | Path to docker image of DCS | |
tz | UTC | Local time zone in containers of DCS | |
lease | 15s | Lease duration, used in leader election | |
restPort | 1058 | RESTful server port | |
maxConReq | Max number of concurrent requests to the RESTful server. Default to no limit. | ||
cert.duration | Duration (i.e. lifetime) of Certificate. Default to 90 days as per cert-manager doc. | ||
cert.renewBefore | How long before expiry a certificate should be renewed. Default to 1⁄3 of cert.duration as per cert-manager doc. | ||
✓ | cert.issuer.kind | Kind of cert-manager issuer. Valid values are ClusterIssuer, Issuer. | |
✓ | cert.issuer.name | Name of cert-manager issuer. | |
trustedCAs.kind | ConfigMap | Kind of trust-manager Bundle target. Valid values are ConfigMap, Secret. | |
✓ | trustedCAs.name | Name of trust-manager Bundle target | |
✓ | trustedCAs.key | Key of trust-manager Bundle target | |
resource.mem.request | Memory request of a container of DCS | ||
resource.mem.limit | Memory limit of a container of DCS | ||
resource.cpu.request | CPU request of a container of DCS | ||
resource.cpu.limit | CPU limit of a container of DCS | ||
✓ | licenseSubject | License subject, usually the name of your company | |
✓ | license | Path to license. License subject and license file will be sent to you once you purchase a commercial license. | |
log.fileSize | 10 | Max size in MB of a log file. If a file exceeds this size, the file will be rotated. | |
log.baks | 2 | Max number of old log files. Older files will be removed. |
- For all duration options, the format is defined by Go time.ParseDuration ↗ .
- For all cert-manager options (i.e. cert.*), see also cert-manager API doc ↗ .
- For all trust-manager options (i.e. trustedCAs.*), see also trust-manager doc ↗ .
Log Aggregation
You’ve probably been using a log aggregation system for gathering, querying and displaying logs.
If not, try Loki
↗
.