Open-source Edition: Azure AKS

Modified on Wed, 14 Jun 2023 at 07:22 PM

CATION: For the latest open-source installation instructions see the Direktiv documentation pages:

https://docs.direktiv.io/installation/

TABLE OF CONTENTS

Overview
- Component Overview
- Connectivity / Firewall Requirements
  - Initial Installation Requirements
  - Running Requirements
Installation Instructions

Overview

Component Overview

Direktiv can be deployed in the following 3 configurations.

Open source: A single virtual machine running a k8s environment or a public cloud provider Kubernetes service, hosting the direktiv pods and the containers used for integration.
Enterprise Edition Production VM(s) Only: a single virtual machine (or 3 virtual machines for HA purposes), running a k8s environment (or clustered across multiple), hosting the direktiv pods and the containers used for integration
Enterprise Edition Production Kubernetes: a cloud provider Kubernetes service, hosting the direktiv pods and the containers used for integration

The diagram below illustrates the proposed option 1 for the deployment on a public cloud provider Kubernetes service:

Proposed deployment diagram

The Kubernetes deployment runs on the Azure Kubernetes Service. The installation will contain the following components:

A Kubernetes environment running in Azure AKS.
A single instance of the Direktiv open-source edition, which includes a PostgreSQL database

The following components are assumed to be available:

Optional: a single GitLab instances (if not available in customer environment, or access to a GitHub instance)
Optional: a single Docker repository for storing local images (if not available in customer environment). Alternatively,Docker Hubcan also be used.

NOTE: the PostgreSQL database instance running on the Kubernetes cluster. In this configuration it is the responsibility of the owner to ensure that the database backups are maintained separately.

The architecture above is not a production deployment. It is solely to be used for PoC as the database and Direktiv components all reside on a single instance virtual machine.

Connectivity / Firewall Requirements

The following requirements exist for the successful deployment of Direktiv:

Initial Installation Requirements

The following network configurations are critical, all components need to have the following services configured and working correctly:

Firewall: firewalls on the VMs need to be disabled or the ports described in the table below need to be opened.

The tables below capture all of the external connectivity requirements for initial deployment.

Source	Destination	Protocol / Port	Notes
JumpHost	download.docker.com, registry-1.docker.io, cloudfront.net, production.cloudflare.docker.com	HTTPS	Initial Docker install on the VM. If no access is allowed, download the Docker package from https://download.docker.com/linux/ubuntu/dists/ and install using https://docs.docker.com/engine/install/ubuntu/#install-from-a-package
JumpHost	raw.githubusercontent.com/helm	HTTPS	Initial helm installer
JumpHost	get.helm.sh/	HTTPS	Helm package download. If no access is allowed, download the helm package from https://github.com/helm/helm/releases and install it manually using https://helm.sh/docs/intro/install/
JumpHost	docker.io/smallstep/step-cli	HTTPS	Used to create the certificates used by Linkerd
JumpHost	chart.direktiv.io	HTTPS	Helm chart used for database install and Direktiv application install (OPTIONAL)
JumpHost	registry.developers.crunchydata.com, prod.developers.crunchydata.com	HTTPS	Database install for Postgresql (OPTIONAL)
JumpHost	githubusercontent.com/direktiv/direktiv	HTTPS	Configure Direktiv database from pre-configured settings (OPTIONAL)
JumpHost / K8S IP	ghcr.io/projectcontour	HTTPS	Knative
JumpHost / K8S IP	docker.io/envoyproxy	HTTPS	Knative
JumpHost / K8S IP	gcr.io/knative-releases/	HTTPS	Knative
JumpHost / K8S IP	k8s.gcr.io/ingress-nginx/	HTTPS	NGINX install (ingress load balancer, part of Direktiv helm chart)
JumpHost / K8S IP	docker.io/jimmidyson/configmap-reload	HTTPS	Configmap reload for Kubernetes install (part of Direktiv helm chart)
JumpHos/ K8S IP	quay.io/prometheus	HTTPS	Prometheus install (part of Direktiv helm chart)
JumpHos/ K8S IP	docker.io/direktiv	HTTPS	Direktiv installation
JumpHost	download.docker.com, registry-1.docker.io, cloudfront.net, production.cloudflare.docker.com	HTTPS	Initial Docker install on the VM. If no access is allowed, download the Docker package from https://download.docker.com/linux/ubuntu/dists/ and install using https://docs.docker.com/engine/install/ubuntu/#install-from-a-package
JumpHost	raw.githubusercontent.com/helm	HTTPS	Initial helm installer

The Docker registries whitelist includes:

Running Requirements

There are several running firewall/connectivity requirements to ensure the ongoing operation of the environment. The tables below capture all of the external connectivity requirements for an operational state:

Source	Destination	Protocol / Port	Notes
Direktiv IP	direktiv.azurecr.io	HTTPS	Pulling Direktiv pre-built containers
Direktiv IP	hub.docker.com/direktiv	HTTPS	Pulling Direktiv pre-built containers
JumpHost	Direktiv VM	TCP: 443 / 6443 / 10250 / 2379-2380	Kubernetes API Server, Kubelet metrics, HA
Client	Direktiv IP	TCP: 443	Direktiv UI & API access
Client	Direktiv IP	TCP: 443	Direktiv UI & API access

Installation Instructions

JumpHost Proxy Settings

If the environment requires a proxy to be configured, the following settings can be applied on the JumpHost. You can set up a permanent proxy for a single user by editing the ~/.bashrc file:

First, log in to your Ubuntu system with a user whom you want to set a proxy for.
Next, open the terminal interface and edit the ~/.bashrcfile as shown below:

vi ~/.bashrc

Add the following lines at the end of the file that matches your proxy server:

export http_proxy=username:password@proxy-server-ip:8080
export https_proxy=username:password@proxy-server-ip:8082
export ftp_proxy=username:password@proxy-server-ip:8080
export no_proxy=localhost, 127.0.0.1

Save and close the file when you are finished.
Then to activate your new proxy settings for the current session, use the following command:

source ~/.bashrc

Install Docker (Jumphost)

Install Docker on the single VM deployment using the following steps.

For the latest installation instructions per distro please review: https://docs.docker.com/engine/install/

Uninstall old versions

Older versions of Docker were called docker, docker.io, or docker-engine. If these are installed, uninstall them:

sudo apt-get remove docker docker-engine docker.io containerd runc

It’s OK if apt-get reports that none of these packages are installed.

Set up the repository

Update the apt package index and install packages to allow apt to use a repository over HTTPS:

sudo apt-get update
sudo apt-get install \
    ca-certificates \
    curl \
    gnupg \
    lsb-release

Add Docker’s official GPG key:

sudo mkdir -p /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg

Use the following command to set up the repository:

echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
  $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

Install Docker Engine

Update the apt package index, and install the latest versionof Docker Engine, containers, and Docker Compose, or go to the next step to install a specific version:

sudo apt-get update

Next command:

sudo apt-get install docker-ce docker-ce-cli containerd.io docker-compose-plugin

Verify that Docker Engine is installed correctly by running the hello-world image. This might not work, depending on whether connectivity can be established to https://hub.docker.com

sudo docker run hello-world

Install Azure CLI (Jumphost)

Azure command-line interface is NOT installed by default. To access the Kubernetes cluster the Azure CLI is used to collect the Kubernetes cluster credentials.

NOTE: Install the Azure CLI using the link below or follow the steps below:

https://docs.microsoft.com/en-us/cli/azure/install-azure-cli

Install the Azure CLI client on an Ubuntu machine:

sudo apt install azure-cli

Authenticate the Azure CLI client with your credentials. This will also store the credentials for all subsequent commands used:

az login

**Install helm (Jumphost)**

helm is used to install Direktiv and Knative components.

NOTE: For the latest installation instructions per distro, please refer to: https://helm.sh/docs/intro/install/

To install helm, the following steps need to be followed.

curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
chmod 700 get_helm.sh
./get_helm.sh

**Install kubectl (Jumphost)**

kubectl is used to manage the Kubernetes cluster.

NOTE: For the latest installation instructions per distro, please refer to: https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/

To install kubectl, the following steps need to be followed:

Update the apt package index and install packages needed to use the Kubernetes apt repository:

sudo apt-get update
sudo apt-get install -y ca-certificates curl

Download the Google Cloud public signing key:

sudo curl -fsSLo /usr/share/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpg

Add the Kubernetes apt repository:

echo "deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list

Update apt package index with the new repository and install kubectl:

sudo apt-get update
sudo apt-get install -y kubectl

Verify the installation:

# kubectl version --client --output=yaml
clientVersion:
  buildDate: "2022-08-23T17:44:59Z"
  compiler: gc
  gitCommit: a866cbe2e5bbaa01cfd5e969aa3e033f3282a8a2
  gitTreeState: clean
  gitVersion: v1.25.0
  goVersion: go1.19
  major: "1"
  minor: "25"
  platform: linux/amd64
kustomizeVersion: v4.5.7

Deploy Azure AKS (Jumphost)

The following steps show how to deploy a default Azure AKS service.

NOTE: The first thing to check before building an Azure Kubernetes cluster is your subscription type. For the purpose of this document, we’ll assume that the subscription type is “Pay-As-You-Go”. This implies that there are no resource restrictions and adequate subscription capacity to deploy the Kubernetes cluster and node resources

Azure Resource Group

An Azure resource group is a logical group in which Azure resources are deployed and managed. When you create a resource group, you are prompted to specify a location. This location is:

The storage location of your resource group metadata.
Where your resources will run in Azure if you don't specify another region during resource creation.

The following example creates a resource group named myResourceGroup in the westus2 location:

az group create --name <resource-group> --location <location>

where:

resource-group is the resource group name, and
location is the location of the Azure instance (see the output from command az account list-locations)

Below is an example of creating the resource group in the westus2 region with the name direktivResourceGroup:

az group create --name direktivResourceGroup --location westus2
{
  "id": "/subscriptions/40eb3cb3-a114-4cd1-b584-5bbedd2126a2/resourceGroups/direktivResourceGroup",
  "location": "westus2",
  "managedBy": null,
  "name": "direktivResourceGroup",
  "properties": {
    "provisioningState": "Succeeded"
  },
  "tags": null,
  "type": "Microsoft.Resources/resourceGroups"
}

Azure AKS Cluster Build

Create the AKS cluster and worker nodes.

On the Azure Portal, select the “Kubernetes services”
On the “Create” drop-down in the middle of the page select “Create a Kubernetes cluster”
The following options are dependent on the subscription type and the type of environment you would run Direktiv in, but for the purposes of PoC we select the following options:
- Select the “Subscription” for which the cluster has resource available (Pay-As-You-Go in the case of this deployment)
- Resource Group: direktivResourceGroup (created in the previous section)
- Cluster preset configuration: Standard ($$)
- Kubernetes cluster name: direktiv-cluster
- Region: US-West-2 <select whatever region was set during Resource Group creation>
- Availability zones: None (PoC), All available (Production)
- Kubernetes version: 1.22.11 (default) - select the default version
- API server availability: 99.5% for PoC, 99.9% for Production
- Node size: minimum recommended combinations are shown in the table below.

Please note: the node group configuration can be changed based on individual customer needs. The table below is a guideline ONLY for a medium sized Direktiv deployment:

Environment	Node size	Scale method	Node count
PoC / Development	4 vCPUs, 16GB (Standard B4ms)	Autoscale	1 - 2
Production	4 vCPUs, 16GB (Standard B4ms)	Autoscale	3+
Production	2 vCPUs, 7 GB (Standard DS2_v2) if using an additional node pool (see below)	Autoscale	2 - 3
Node Pool	2 vCPUs, 7 GB (Standard DS2_v2) if using an additional node pool (see below)	Autoscale	3+

Node pools:
- Create a node pool based on the settings in the table above
- Enable virtual nodes: Unchecked
- Node pool OS disk encryption: (Default) Encryption at-rest with a platform-managed key
Access:
- Authentication & Authorization: Local accounts with Kubernetes RBAC (PoC), whatever the organisation uses (Production)
Networking:
- Network configuration: Kubenet
- DNS name prefix: Generated automatically, but can be changed to suit
- Load balancer: Standard
- Enable HTTP application routing: Unchecked
- Enable private cluster: Unchecked
- Set authorised IP ranges: Unchecked (PoC), Production implementation will have this set to allow (at minimum) internal ranges and Jumphost range access
- Network policy: None (PoC), Calico (Production)
Integrations:
- Container registry: None
- Container monitoring: Disabled
- Azure Policy: Disabled
Advanced:
- Enable secret store CSI driver: Unchecked
Tags:
- Tags: <whatever the organisation uses>
Review and create:
- Create

The deployment process will start, this typically (depending on the the complexity of the setup and the amount of nodes and node pools) takes approximately 15 minutes (see below deployment started at 15:13 completed at 15:27):

Group 2773

Once the deployment is completed, click the “Connect to cluster” button. This will present you with all the steps necessary to connect to your cluster from your Linux Jumphost:

Group 2774

The below is the template used for the proof-of-concept open source deployment:

{
  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
      "resourceName": {
          "type": "string",
          "metadata": {
              "description": "The name of the Managed Cluster resource."
          }
      },
      "location": {
          "type": "string",
          "metadata": {
              "description": "The location of AKS resource."
          }
      },
      "dnsPrefix": {
          "type": "string",
          "metadata": {
              "description": "Optional DNS prefix to use with hosted Kubernetes API server FQDN."
          }
      },
      "osDiskSizeGB": {
          "type": "int",
          "defaultValue": 0,
          "metadata": {
              "description": "Disk size (in GiB) to provision for each of the agent pool nodes. This value ranges from 0 to 1023. Specifying 0 will apply the default disk size for that agentVMSize."
          },
          "minValue": 0,
          "maxValue": 1023
      },
      "kubernetesVersion": {
          "type": "string",
          "defaultValue": "1.7.7",
          "metadata": {
              "description": "The version of Kubernetes."
          }
      },
      "networkPlugin": {
          "type": "string",
          "allowedValues": [
              "azure",
              "kubenet"
          ],
          "metadata": {
              "description": "Network plugin used for building Kubernetes network."
          }
      },
      "enableRBAC": {
          "type": "bool",
          "defaultValue": true,
          "metadata": {
              "description": "Boolean flag to turn on and off of RBAC."
          }
      },
      "vmssNodePool": {
          "type": "bool",
          "defaultValue": false,
          "metadata": {
              "description": "Boolean flag to turn on and off of virtual machine scale sets"
          }
      },
      "windowsProfile": {
          "type": "bool",
          "defaultValue": false,
          "metadata": {
              "description": "Boolean flag to turn on and off of virtual machine scale sets"
          }
      },
      "nodeResourceGroup": {
          "type": "string",
          "metadata": {
              "description": "The name of the resource group containing agent pool nodes."
          }
      },
      "adminGroupObjectIDs": {
          "type": "array",
          "defaultValue": [],
          "metadata": {
              "description": "An array of AAD group object ids to give administrative access."
          }
      },
      "azureRbac": {
          "type": "bool",
          "defaultValue": false,
          "metadata": {
              "description": "Enable or disable Azure RBAC."
          }
      },
      "disableLocalAccounts": {
          "type": "bool",
          "defaultValue": false,
          "metadata": {
              "description": "Enable or disable local accounts."
          }
      },
      "enablePrivateCluster": {
          "type": "bool",
          "defaultValue": false,
          "metadata": {
              "description": "Enable private network access to the Kubernetes cluster."
          }
      },
      "enableHttpApplicationRouting": {
          "type": "bool",
          "defaultValue": true,
          "metadata": {
              "description": "Boolean flag to turn on and off http application routing."
          }
      },
      "enableAzurePolicy": {
          "type": "bool",
          "defaultValue": false,
          "metadata": {
              "description": "Boolean flag to turn on and off Azure Policy addon."
          }
      },
      "enableSecretStoreCSIDriver": {
          "type": "bool",
          "defaultValue": false,
          "metadata": {
              "description": "Boolean flag to turn on and off secret store CSI driver."
          }
      }
  },
  "resources": [
      {
          "apiVersion": "2022-06-01",
          "dependsOn": [],
          "type": "Microsoft.ContainerService/managedClusters",
          "location": "[parameters('location')]",
          "name": "[parameters('resourceName')]",
          "properties": {
              "kubernetesVersion": "[parameters('kubernetesVersion')]",
              "enableRBAC": "[parameters('enableRBAC')]",
              "dnsPrefix": "[parameters('dnsPrefix')]",
              "nodeResourceGroup": "[parameters('nodeResourceGroup')]",
              "agentPoolProfiles": [
                  {
                      "name": "agentpool",
                      "osDiskSizeGB": "[parameters('osDiskSizeGB')]",
                      "count": 2,
                      "enableAutoScaling": true,
                      "minCount": 1,
                      "maxCount": 2,
                      "vmSize": "Standard_DS2_v2",
                      "osType": "Linux",
                      "storageProfile": "ManagedDisks",
                      "type": "VirtualMachineScaleSets",
                      "mode": "System",
                      "maxPods": 110,
                      "availabilityZones": null,
                      "nodeTaints": [],
                      "enableNodePublicIP": false,
                      "tags": {}
                  }
              ],
              "networkProfile": {
                  "loadBalancerSku": "standard",
                  "networkPlugin": "[parameters('networkPlugin')]"
              },
              "disableLocalAccounts": "[parameters('disableLocalAccounts')]",
              "apiServerAccessProfile": {
                  "enablePrivateCluster": "[parameters('enablePrivateCluster')]"
              },
              "addonProfiles": {
                  "httpApplicationRouting": {
                      "enabled": "[parameters('enableHttpApplicationRouting')]"
                  },
                  "azurepolicy": {
                      "enabled": "[parameters('enableAzurePolicy')]"
                  },
                  "azureKeyvaultSecretsProvider": {
                      "enabled": "[parameters('enableSecretStoreCSIDriver')]",
                      "config": null
                  }
              }
          },
          "tags": {},
          "sku": {
              "name": "Basic",
              "tier": "Free"
          },
          "identity": {
              "type": "SystemAssigned"
          }
      }
  ],
  "outputs": {
      "controlPlaneFQDN": {
          "type": "string",
          "value": "[reference(concat('Microsoft.ContainerService/managedClusters/', parameters('resourceName'))).fqdn]"
      }
  }
}

Install Linkerd

For the installation of Linkerd and the rest of the open-source components, the KUBECONFIG environment variable needs to be set:

Create or update a kubeconfig file for your cluster using the Azure CLI previously installed. Replace resource-groupe with the Azure Resource Group created and aks-cluster-namewith the name of the AKS cluster:

az aks get-credentials --resource-group <resource-group> --name <aks-cluster-name>

Example output is shown below:

# az aks get-credentials --resource-group direktivResourceGroup --name direktiv-cluster
Merged "direktiv-cluster" as current context in /home/wwonigkeit/.kube/config

Set the KUBECONFIG environment variable:

echo "export KUBECONFIG=$HOME/.kube/config" >> ~/.bashrc

Then to activate your new proxy settings for the current session, use the following command:

source ~/.bashrc

Linkerd is used to secure the data between pods with mTLS. Generate certificates with the following command:

$ certDir=$(exe='step certificate create root.linkerd.cluster.local ca.crt ca.key \
--profile root-ca --no-password --insecure \
&& step certificate create identity.linkerd.cluster.local issuer.crt issuer.key \
--profile intermediate-ca --not-after 87600h --no-password --insecure \
--ca ca.crt --ca-key ca.key'; \
  sudo docker run --mount "type=bind,src=$(pwd),dst=/home/step"  -i smallstep/step-cli /bin/bash -c "$exe";  \
echo $(pwd));

It stores four files in /tmp and permissions need to be changed to make them readable by the current user (they only have root access after creation):
- /tmp/ca.crt
- /tmp/ca.key
- /tmp/issuer.crt
- /tmp/issuer.key

Install Linkerd CRDs:

helm repo add linkerd https://helm.linkerd.io/stable;
helm install linkerd-crds linkerd/linkerd-crds -n linkerd --create-namespace

Install Linkerd

helm install linkerd-control-plane \
  -n linkerd \
  --set-file identityTrustAnchorsPEM=ca.crt \
  --set-file identity.issuer.tls.crtPEM=issuer.crt \
  --set-file identity.issuer.tls.keyPEM=issuer.key \
  linkerd/linkerd-control-plane --wait

Create namespaces and annotate. All annotated namespaces will use Linkerd. The following command creates the namespaces and annotates them for linkerd:

kubectl create namespace direktiv
kubectl annotate ns --overwrite=true direktiv linkerd.io/inject=enabled

Install PostgreSQL Database

We are using the CrunchyData Postgres operator for PoCs.

To install the operator add the chart:

# helm repo add direktiv https://chart.direktiv.io
"direktiv" has been added to your repositories

Run the install operator:

$ helm install -n postgres --create-namespace postgres direktiv/pgo
NAME: postgres
LAST DEPLOYED: Wed Jun 14 23:02:52 2023
NAMESPACE: postgres
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
Thank you for deploying PGO v5.3.1!

                          ((((((((((((((((((((((
                    (((((((((((((%%%%%%%(((((((((((((((
                (((((((((((%%%             %%%%((((((((((((
            (((((((((((%%(   (((( (            %%%(((((((((((
          (((((((((((((%%     (( ,((               %%%(((((((((((
        (((((((((((((((%%         *%%/            %%%%%%%((((((((((
      (((((((((((((((((((%%(( %%%%%%%%%%#(((((%%%%%%%%%%#((((((((((((
    ((((((((((((((((((%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%((((((((((((((
  *((((((((((((((((((((%%%%%%     /%%%%%%%%%%%%%%%%%%%((((((((((((((((
  (((((((((((((((((((((((%%%/      .%,             %%%((((((((((((((((((,
  ((((((((((((((((((((((%                             %#(((((((((((((((((
(((((((((((((((%%%%%%                                 #%(((((((((((((((((
((((((((((((((%%                                         %%(((((((((((((((,
((((((((((((%%%#%                                     %   %%(((((((((((((((
((((((((((((%.                      %                 %     #((((((((((((((
(((((((((((%%                        %               %%*     %(((((((((((((
#(###(###(#%%                      %%%    %%        %%%      #%%#(###(###(#
###########%%%%%   /%%%%%%%%%%%%%       %%       %%%%%         ,%%#######
###############%%       %%%%%%        %%%    %%%%%%%%             %%#####
  ################%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   %%               %%##
  ################%%        %%%%%%%%%%%%%%%%%      %%%%               %
    ##############%#        %%   (%%%%%%%           %%%%%%
    #############%     %%%%%                      %%%%%%%%%%%
      ###########%       %%%%%%%%%%%            %%%%%%%%%
        #########%%     %%            %%%%%%%%%%%%%%%#
          ########%%   %%                  %%%%%%%%%
              ######%% %%                      %%%%%%
                ####%%%                        %%%%%  %
                      %%                         %%%%

After that install the actual Database for Direktiv:

kubectl apply -f https://raw.githubusercontent.com/direktiv/direktiv/main/kubernetes/install/db/basic.yaml

This creates a 1GB database and should be sufficient for a POC. Wait till all pods in the Postgres namespace are up and running:

# kubectl get pods -n postgres
NAME                         READY   STATUS    RESTARTS   AGE
direktiv-backup-6qjs-fd9g2   1/1     Running   0          15s
direktiv-instance1-wp2g-0    3/3     Running   0          105s
direktiv-repo-host-0         1/1     Running   0          104s
pgo-8659687c97-bsqcq         1/1     Running   0          13m

Install Knative

The following steps install Knative:

Add the Knative operator:

$ kubectl apply -f https://github.com/knative/operator/releases/download/knative-v1.9.4/operator.yaml

Install the knative serving components:

$ kubectl create ns knative-serving
$ kubectl apply -f https://raw.githubusercontent.com/direktiv/direktiv/main/kubernetes/install/knative/basic.yaml

Direktiv supports Contour as network component. Install Contour:

$ kubectl apply --filename https://github.com/knative/net-contour/releases/download/knative-v1.9.3/contour.yaml

Delete Contour External:

$ kubectl delete namespace contour-external

Install Direktiv

Create a file with the database information if no external database will be used:

$ echo "database:
  host: \"$(kubectl get secrets -n postgres direktiv-pguser-direktiv -o 'go-template={{index .data "host"}}' | base64 --decode)\"
  port: $(kubectl get secrets -n postgres direktiv-pguser-direktiv -o 'go-template={{index .data "port"}}' | base64 --decode)
  user: \"$(kubectl get secrets -n postgres direktiv-pguser-direktiv -o 'go-template={{index .data "user"}}' | base64 --decode)\"
  password: \"$(kubectl get secrets -n postgres direktiv-pguser-direktiv -o 'go-template={{index .data "password"}}' | base64 --decode)\"
  name: \"$(kubectl get secrets -n postgres direktiv-pguser-direktiv -o 'go-template={{index .data "dbname"}}' | base64 --decode)\"
  sslmode: require" > direktiv.yaml

Add an API key to the direktiv.yaml file:

echo 'apikey: "12345"' >> direktiv.yaml

The following output is an example of the direktiv.yaml file:

# cat direktiv.yaml 
database:
  host: "direktiv-primary.postgres.svc"
  port: 5432
  user: "direktiv"
  password: ";Pr<}[^SegXWXM/1qO07cktl"
  name: "direktiv"
  sslmode: require
ingress-nginx:
  install: false
apikey: "12345"

Install direktiv:

$ helm install -f direktiv.yaml -n direktiv direktiv direktiv/direktiv

The instance is available at the IP show under “External-IP” from this command:

$ kubectl -n direktiv get services direktiv-ingress-nginx-controller --output jsonpath='{.status.loadBalancer.ingress[0].ip}'

The login is the configured API key.