Installation
Prerequisite
Cert Manager
XTS depends on cert-manager ↗ to issue certificates.
You’ve probably been using cert-manager. If so, you can skip this section.
cert-manager is a powerful and extensible X.509 certificate controller for Kubernetes and OpenShift workloads. It will obtain certificates from a variety of Issuers, both popular public Issuers as well as private Issuers, and ensure the certificates are valid and up-to-date, and will attempt to renew certificates at a configured time before expiry.
Trust Manager
XTS depends on trust-manager ↗ for trusted CAs for validating certificates during TLS handshakes inside-cluster and cross-region as well.
You’ve probably been using trust-manager. If so, you can skip this section.
trust-manager is designed to complement cert-manager and works well when consuming CA certificates from a cert-manager Issuer or ClusterIssuer.
External Load Balancer Provider
XTS depends on External Load Balancer Provider ↗ to allocate an external IP address.
You’ve probably already installed an external load balancer provider,
- if you’re using a cloud provider like GCP, AWS, Azure…
- or if you’re using something like MetalLB ↗ in your private cloud.
Installation/Upgrade
Download a Release
In every release, there’re several docker images and one helm chart.
e.g.
Upload Docker Image
Choose a docker images which matches your arch, and upload the docker image to your image registry server.
If none image matches your arch, please contact us, we’ll build a docker image for that arch and add it to the release.
Install for the First Time
e.g.
Upgrade
XTS is backward compatible, so you can seamlessly upgrade to a new version.
e.g.
Because helm upgrade doesn’t update CRDs, please execute the following to update CRDs.
Complete List of Options
As follows is the complete list of options of installation and upgrade.
Required | Option | Default Value | Meaning |
---|---|---|---|
namespace | default | The namespace where to install/upgrade XTS | |
✓ | image | Path to docker image of XTS | |
replicas | 2 | Number of replicas of XTS | |
tz | UTC | Local time zone in containers of XTS | |
lease | 15s | Lease duration, used in leader election | |
externalSrvPort | 1058 | XTS external server port | |
restPort | 1060 | RESTful server port | |
maxConn | Max number of concurrent connections. Default to no limit. | ||
idleTimeout | 1m | Idle timeout. If no data is sent from a connection in the specified duration, close the connection. | |
handshakeTimeout | 10s | Handshake timeout. If handshake does not finish in the specified duration, close the connection. | |
dialTimeout | 3s | Connection timeout. See also Go DialTimeout ↗ . | |
tlsHandshakeTimeout | 10s | TLS handshake timeout. If TLS handshake does not finish in the specified duration, close the connection. | |
maxConReq | Max number of concurrent requests to the RESTful server. Default to no limit. | ||
enableTc | false | Whether to enable ATC or not | |
cert.duration | Duration (i.e. lifetime) of Certificate. Default to 90 days as per cert-manager doc. | ||
cert.renewBefore | How long before expiry a certificate should be renewed. Default to 1⁄3 of cert.duration as per cert-manager doc. | ||
✓ | cert.issuer.kind | Kind of cert-manager issuer. Valid values are ClusterIssuer, Issuer. | |
✓ | cert.issuer.name | Name of cert-manager issuer. | |
trustedCAs.kind | ConfigMap | Kind of trust-manager Bundle target. Valid values are ConfigMap, Secret. | |
✓ | trustedCAs.name | Name of trust-manager Bundle target | |
✓ | trustedCAs.key | Key of trust-manager Bundle target | |
resource.mem.request | Memory request of a container of XTS | ||
resource.mem.limit | Memory limit of a container of XTS | ||
resource.cpu.request | CPU request of a container of XTS | ||
resource.cpu.limit | CPU limit of a container of XTS | ||
✓ | licenseSubject | License subject, usually the name of your company | |
✓ | license | Path to license. License subject and license file will be sent to you once you purchase a commercial license. | |
licenseAddon | Path to license of addon. License subject and license file will be sent to you once you purchase a commercial license. | ||
log.fileSize | 10 | Max size in MB of a log file. If a file exceeds this size, the file will be rotated. | |
log.baks | 2 | Max number of old log files. Older files will be removed. |
- For all duration options, the format is defined by Go time.ParseDuration ↗ .
- For all cert-manager options (i.e. cert.*), see also cert-manager API doc ↗ .
- For all trust-manager options (i.e. trustedCAs.*), see also trust-manager doc ↗ .
Log Aggregation
You’ve probably been using a log aggregation system for gathering, querying and displaying logs.
If not, try Loki
↗
.