Step 7 - Install and configure prerequisite components
Now that you have access to the Helm charts, they can be deployed.
- First install the prerequisite components.
helm upgrade --install rabbitmq-cluster-operator oci://glasswallhub.azurecr.io/docker/bitnamicharts/rabbitmq-cluster-operator \
--atomic \
--version 4.4.23 \
--set global.imageRegistry=glasswallhub.azurecr.io \
--set global.imagePullSecrets[0]=acr-secret \
--set global.security.allowInsecureImages=true \
--set msgTopologyOperator.fullnameOverride=rabbitmq-messaging-topology-operator \
--set clusterOperator.image.repository="cgr.dev/rabbitmq-cluster-operator" \
--set clusterOperator.image.tag=2.17.0 \
--set msgTopologyOperator.image.repository="cgr.dev/rabbitmq-messaging-topology-operator" \
--set msgTopologyOperator.image.tag=1.18.0 \
--set credentialUpdaterImage.repository="cgr.dev/rabbitmq-default-user-credential-updater" \
--set credentialUpdaterImage.tag=1.0.9 \
--set rabbitmqImage.repository="cgr.dev/rabbitmq" \
--set rabbitmqImage.tag=4.2.4 \
--set clusterOperator.watchAllNamespaces=false \
--set clusterOperator.watchNamespaces={cdrplatform} \
--set msgTopologyOperator.watchAllNamespaces=false \
--set msgTopologyOperator.watchNamespaces={cdrplatform} \
--set clusterOperator.resources.requests.cpu=100m \
--set clusterOperator.resources.requests.memory=256Mi \
--set clusterOperator.resources.limits.cpu=100m \
--set clusterOperator.resources.limits.memory=256Mi \
--set msgTopologyOperator.resources.requests.cpu=100m \
--set msgTopologyOperator.resources.requests.memory=256Mi \
--set msgTopologyOperator.resources.limits.cpu=100m \
--set msgTopologyOperator.resources.limits.memory=256Mi
helm upgrade --install keda "oci://glasswallhub.azurecr.io/ghcr/home-operations/charts-mirror/keda" --atomic \
--set imagePullSecrets[0].name=acr-secret \
--set global.image.registry="glasswallhub.azurecr.io" \
--set image.keda.repository="cgr.dev/keda" \
--set image.keda.tag=2.18.3 \
--set image.metricsApiServer.repository="cgr.dev/keda-metrics-apiserver" \
--set image.metricsApiServer.tag=2.18.3 \
--set image.webhooks.repository="cgr.dev/keda-admission-webhooks" \
--set image.webhooks.tag=2.18.3 \
--version 2.18.3
helm upgrade --install nginx-ingress oci://glasswallhub.azurecr.io/k8s/ingress-nginx/charts/ingress-nginx --atomic \
--set imagePullSecrets[0].name=acr-secret \
--set global.image.registry="glasswallhub.azurecr.io" \
--set controller.image.image="cgr.dev/ingress-nginx-controller" \
--set controller.image.tag=1.14.3-nginx.1.27 \
--set controller.image.digest="" \
--set controller.admissionWebhooks.patch.image.image="cgr.dev/kube-webhook-certgen" \
--set controller.admissionWebhooks.patch.image.tag=1.14.3 \
--set controller.admissionWebhooks.patch.image.digest="" \
--version v4.13.3
helm upgrade --install external-secrets oci://glasswallhub.azurecr.io/ghcr/external-secrets/charts/external-secrets \
--atomic \
--set imagePullSecrets[0].name=acr-secret \
--set webhook.imagePullSecrets[0].name=acr-secret \
--set certController.imagePullSecrets[0].name=acr-secret \
--set image.repository="glasswallhub.azurecr.io/cgr.dev/external-secrets" \
--set image.tag=0.16.2 \
--set webhook.image.repository="glasswallhub.azurecr.io/cgr.dev/external-secrets" \
--set webhook.image.tag=0.16.2 \
--set certController.image.repository="glasswallhub.azurecr.io/cgr.dev/external-secrets" \
--set certController.image.tag=0.16.2 \
--version 0.16.2 \
--set installCRDs=true
Next, install the supporting components below:
helm upgrade --install cdrplatform-storage cdrplatform-storage \
--set cloud_provider=gcp \
--set gcp.network=[projects/<project-id>/global/networks/<network-name>] \
--set gcp.tier=standard
Note: confirm storage has successfully deployed and is mounted before continuing to the steps below.
helm upgrade --install cdrplatform-rabbitmq cdrplatform-rabbitmq \
--set image.registry=glasswallhub.azurecr.io \
--set image.tag="171395" \
--set cloud_provider=gcp
Note: if your VPC network is shared from another project, use the fully qualified network path: projects/<project-id>/global/networks/<network-name>.
Managed identity
For the next step, select the same method which you used to configure your access to the Secrets Manager in Step 3, and follow the corresponding steps below to configure external secrets and install the secret synchronization.
helm upgrade --install cdrplatform-external-secrets cdrplatform-external-secrets \
--set cloud_providers.gcpsm.enabled=true \
--set cloud_providers.gcpsm.projectID=[project_id] \
--set cloud_providers.gcpsm.auth.workloadIdentity.clusterLocation=[region] \
--set cloud_providers.gcpsm.auth.workloadIdentity.clusterName=[clusterName] \
--set cloud_providers.gcpsm.auth.workloadIdentity.serviceAccountRef.name=external-secrets-sa