agility-docs

Install AGILITY on Kubernetes

Architecture

AGILITY components are divided in three groups:

AGILITY Operator manages agility components synchronizing with the AGILITY Central site.

image

Prerequisites

Before installing AGILITY, make sure you have the following prerequisites:

Please ensure that you have fulfilled all these prerequisites before moving on to the next step.

Helm Charts Download

Contact customer support to determine the version of AGILITY to deploy.

mkdir -p agility-charts && cd agility-charts
export AGILITY_VERSION=3.90.7

Store the B-Yond License on a temporary directory

export BYOND_LICENSE_PATH="/tmp/license.token"
vi ${BYOND_LICENSE_PATH}

Verify curl, jq and helm are available on your laptop (UNIX command)

red='\033[0;31m'
green='\033[0;32m'
clear='\033[0m'
if ! command -v curl 2>&1 > /dev/null; then echo -e "${red}curl...........................ERROR. Please install it before continuing${clear}"; else echo -e "${green}curl...........................OK${clear}"; fi; if ! command -v jq 2>&1 > /dev/null; then echo -e "${red}jq.............................ERROR. Please install it before continuing${clear}"; else echo -e "${green}jq.............................OK${clear}"; fi; if ! command -v helm 2>&1 > /dev/null; then echo -e "${red}helm...........................ERROR. Please install it before continuing${clear}"; else echo -e "${green}helm...........................OK${clear}"; fi

Ensure curl, jq and helm binaries meet the required version.

Obtain a valid token from the B-Yond License:

if cat ${BYOND_LICENSE_PATH} | base64 --decode > /dev/null 2>&1; then
  export TOKEN=$(curl --silent --location --request POST "https://agility-central.b-yond.com/ao/auth/realms/agility/protocol/openid-connect/token" \
    --header 'Content-Type: application/x-www-form-urlencoded' \
    --header "Authorization: Basic $(cat ${BYOND_LICENSE_PATH} | tr -d '\n')" \
    --data-urlencode 'grant_type=client_credentials' | jq -r '.access_token')
  if [[ -z "${TOKEN}" ]]; then echo -e "ERROR: Issues getting token from agility-central.b-yond.com"; fi
else
  export TOKEN=$(cat ${BYOND_LICENSE_PATH})
fi

From the TOKEN, obtain the necessary credentials

export OCI_USERNAME=$(echo ${TOKEN} | jq -rR 'split(".") | .[1] | gsub("-"; "+") | gsub("_"; "/") | gsub("%3D"; "=") | @base64d | fromjson | .imagePullSecret | fromjson | .auths."iad.ocir.io" | .username')
export OCI_AUTH_TOKEN=$(echo ${TOKEN} | jq -rR 'split(".") | .[1] | gsub("-"; "+") | gsub("_"; "/") | gsub("%3D"; "=") | @base64d | fromjson | .imagePullSecret | fromjson | .auths."iad.ocir.io" | .password')
export OCI_EMAIL=$(echo ${TOKEN} | jq -rR 'split(".") | .[1] | gsub("-"; "+") | gsub("_"; "/") | gsub("%3D"; "=") | @base64d | fromjson | .imagePullSecret | fromjson | .auths."iad.ocir.io" | .email')

Pull the charts:

rm -rf {agility-system,agility-services,agility}

helm registry login -u "${OCI_USERNAME}" -p "${OCI_AUTH_TOKEN}" iad.ocir.io

helm pull --untar --untardir ./ --version "${AGILITY_VERSION}" oci://iad.ocir.io/idhyugs3p9e3/agility/helm-charts/agility-system
helm pull --untar --untardir ./ --version "${AGILITY_VERSION}" oci://iad.ocir.io/idhyugs3p9e3/agility/helm-charts/agility-services
helm pull --untar --untardir ./ --version "${AGILITY_VERSION}" oci://iad.ocir.io/idhyugs3p9e3/agility/helm-charts/agility

[Optional] Test environment

Before starting with the installation, you can test your environment by creating a Pod with a PersistentVolumeClaim

  1. Create an ephemeral namespace

     kubectl create namespace agility-test
    
  2. Create the imagePullSecret to pull images from the B-Yond Container registry:

     kubectl --namespace agility-test create secret docker-registry byond-container-registry-credential \
     --docker-server=iad.ocir.io \
     --docker-username="${OCI_USERNAME}" \
     --docker-password="${OCI_AUTH_TOKEN}" \
     --docker-email="${OCI_EMAIL}"
    
  3. Create the PersistentVolumeClaim and Pod definitions

     cat <<EOF | kubectl apply -f -
     ---
     apiVersion: v1
     kind: PersistentVolumeClaim
     metadata:
       name: agility-claim
       namespace: agility-test
     spec:
       accessModes:
         - ReadWriteOnce
       resources:
         requests:
           storage: 5Gi
     ---
     apiVersion: v1
     kind: Pod
     metadata:
       name: agility-app
       namespace: agility-test
     spec:
       imagePullSecrets:
         - name: byond-container-registry-credential
       containers:
         - name: app
           image: iad.ocir.io/idhyugs3p9e3/agility/bitnami/bitnami-shell:${AGILITY_VERSION}
           command: ["/bin/sh"]
           args: ["-c", "while true; do echo $(date -u) >> /data/out; sleep 5; done"]
           volumeMounts:
             - name: persistent-storage
               mountPath: /data
       volumes:
         - name: persistent-storage
           persistentVolumeClaim:
             claimName: agility-claim
     EOF
    
  4. Ensure Pod and PVC are created successfully

  5. Remove namespace

     kubectl delete namespace agility-test
    

Deploy agility-system

This component deploys the Kubernetes operators that are required for AGILITY installation:

To deploy the agility-system chart, follow these steps:

  1. Create the imagePullSecret to pull images from the B-Yond Container registry:

     kubectl --namespace kube-system create secret docker-registry byond-container-registry-credential \
     --docker-server=iad.ocir.io \
     --docker-username="${OCI_USERNAME}" \
     --docker-password="${OCI_AUTH_TOKEN}" \
     --docker-email="${OCI_EMAIL}"
    
  2. Run the Helm command to deploy agility-system:

     helm --namespace kube-system upgrade --install --create-namespace agility-system ./agility-system
    

Deploy agility-services

The agility-services deployment includes the following components:

To deploy the agility-services chart, follow these steps:

  1. Create the target namespace (throughout this document is assumed to be agility)

     kubectl create namespace agility
    
  2. Create the imagePullSecret docker secret to pull images.

     kubectl --namespace agility create secret docker-registry byond-container-registry-credential \
     --docker-server=iad.ocir.io \
     --docker-username="${OCI_USERNAME}" \
     --docker-password="${OCI_AUTH_TOKEN}" \
     --docker-email="${OCI_EMAIL}"
    
  3. Create the MinIO admin secret (ensure you backup this value):

    ℹ️ root-password must be at least 8 characters long.

     kubectl --namespace agility create secret generic agility-s3 \
         --from-literal=root-user=admin --from-literal=root-password=changeit
    
  4. Create the Keycloak admin secret (ensure you backup this value):

     kubectl --namespace agility create secret generic agility-keycloak \
         --from-literal=admin-password=changeit
    
  5. Create the B-Yond license secret:

     kubectl --namespace agility create secret generic agility-operator \
         --from-file="license.token"=${BYOND_LICENSE_PATH}
    
  6. Run the Helm command to deploy agility-services:

     helm --namespace agility upgrade --install --create-namespace agility-services ./agility-services
    
  7. Wait until all Pods are in Running or Completed state and all Running items show all expected containers running under READY column.

    The following is an example:

     kubectl --namespace agility get pods
     NAME                                             READY   STATUS      RESTARTS   AGE
     agility-db-pgbouncer-6f8f46b455-84wxb            2/2     Running     0          3m57s
     agility-operator-767c6c46d7-dmv5z                2/2     Running     0          3m57s
     agility-db-repo-host-0                           2/2     Running     0          3m57s
     agility-minio-5db49f56b7-p2x5l                   1/1     Running     0          3m57s
     agility-minio-provisioning-tst4n                 0/1     Completed   0          3m57s
     agility-kafka-zookeeper-0                        1/1     Running     0          3m53s
     agility-kafka-zookeeper-1                        1/1     Running     0          3m53s
     agility-kafka-zookeeper-2                        1/1     Running     0          3m53s
     agility-keycloak-0                               1/1     Running     0          3m57s
     agility-kafka-kafka-0                            1/1     Running     0          3m10s
     agility-kafka-entity-operator-5fd5c57bf5-kff4p   3/3     Running     0          2m43s
     agility-db-backup-wzwk-5j4mg                     0/1     Completed   0          3m27s
     agility-kafka-kafka-exporter-864646c49d-bx88r    1/1     Running     0          2m20s
     agility-kafka-ui-85b94b6b7d-5sb6l                1/1     Running     0          3m57s
     agility-db-a1-l7ct-0                             5/5     Running     0          3m57s
    

Deploy AGILITY

To deploy the AGILITY application chart, follow these steps:

  1. Run the Helm command to deploy AGILITY:

     helm --namespace agility upgrade --install --create-namespace agility ./agility
    
  2. Wait until all Pods are in Running or Completed state and all Running items show all expected containers running under READY column.

    The following is an example:

     kubectl --namespace agility get pods
     NAME                                             READY   STATUS      RESTARTS       AGE
     agility-db-pgbouncer-6f8f46b455-84wxb            2/2     Running     0              8m47s
     agility-operator-767c6c46d7-dmv5z                2/2     Running     0              8m47s
     agility-db-repo-host-0                           2/2     Running     0              8m47s
     agility-minio-5db49f56b7-p2x5l                   1/1     Running     0              8m47s
     agility-minio-provisioning-tst4n                 0/1     Completed   0              8m47s
     agility-kafka-zookeeper-0                        1/1     Running     0              8m43s
     agility-kafka-zookeeper-1                        1/1     Running     0              8m43s
     agility-kafka-zookeeper-2                        1/1     Running     0              8m43s
     agility-keycloak-0                               1/1     Running     0              8m47s
     agility-kafka-kafka-0                            1/1     Running     0              8m
     agility-kafka-entity-operator-5fd5c57bf5-kff4p   3/3     Running     0              7m33s
     agility-db-backup-wzwk-5j4mg                     0/1     Completed   0              8m17s
     agility-kafka-kafka-exporter-864646c49d-bx88r    1/1     Running     0              7m10s
     agility-kafka-ui-85b94b6b7d-5sb6l                1/1     Running     0              8m47s
     agility-proxy-redis-cb9fdbc49-w7wsg              1/1     Running     0              2m5s
     agility-autoloader-worker-59bd5f9575-gp6j6       1/1     Running     1 (105s ago)   2m5s
     agility-autoloader-server-d77c7c97d-6262g        1/1     Running     0              2m5s
     agility-data-pipeline-774f4c7b4c-p79hl           1/1     Running     0              2m5s
     agility-ui-cube-api-b9976d6b8-ktztq              1/1     Running     0              2m5s
     agility-proxy-6f57c54898-rnrjx                   2/2     Running     0              2m5s
     agility-ui-6d8dc8d4fb-8w6xx                      2/2     Running     0              2m5s
     agility-db-a1-l7ct-0                             5/5     Running     0              8m47s
     agility-backend-7ff9c6b48c-5kjcb                 1/1     Running     0              2m5s
    
  3. Once AGILITY is deployed, you can connect to the UI using port-forwarding:

     export HTTP_SERVICE_PORT=$(kubectl get --namespace agility -o jsonpath="{.spec.ports[?(@.name=='http')].port}" services agility)
    
     kubectl port-forward --namespace agility svc/agility 3000:${HTTP_SERVICE_PORT}
    
  4. Access AGILITY in your browser at http://localhost:3000/cv/

    • username: agility-admin@b-yond.com
    • password: agility-admin@b-yond.com

    ℹ️ The default password must be modified on first login.

    To stop the port-forwarding process, press Ctrl+C in the terminal where you executed the command.

Expose AGILITY

To make AGILITY accessible from outside the cluster, various options can be used to expose the agility ClusterIP Kubernetes service. You can leverage the following Kubernetes constructs that align with your predefined guidelines. This includes:

Consider your specific network infrastructure, cloud provider capabilities, and security requirements when choosing the appropriate method to expose AGILITY. More information can be found on the Expose AGILITY document.

External access

Agility requires access to specific public endpoints for proper operation. Details about these endpoints and their configuration are available in the External Access document.

Uninstall

By following these steps, you will successfully uninstall the AGILITY deployment and associated resources:

  1. Delete the Helm charts at the namespace level:

     helm --namespace agility delete agility --wait
     helm --namespace agility delete agility-services --wait
    
  2. Remove namespace

     kubectl delete namespace agility
    
  3. Note: If you have no plans to install another instance of AGILITY, you can also remove the agility-system Helm release in the kube-system namespace:

helm --namespace kube-system delete agility-system --wait

kubectl --namespace kube-system delete secret byond-container-registry-credential