1. Edit the ../../helm/connect/values.yaml and set the values as listed in the following table.
-
Some settings in the values.yaml are not documented and it is not recommended to change them unless working with EcoSys Support.
-
The table uses a notation to describe the settings inside the yaml file using a hierarchy. For example, see the following section of the values.yaml file
When describing the url settings under the database section, the following table will use the hierarchy database.url.
Key |
Setting |
types |
Defines the types of deployments and services node affinity. These settings should not be edited. |
deployment.id |
This setting in the values.yaml file will automatically be updated to the DEPLOYMENT_ID from the env.sh script when the installation scripts are executed. This value should not be manually changed in the values.yaml file. |
deployment.target |
This setting in the values.yaml file will automatically be updated to the DEPLOYMENT_TARGET from the env.sh script when the installation scripts are executed. This value should not be manually changed in the values.yaml file. |
deployment.size |
This setting in the values.yaml file will automatically be updated to the SIZE from the env.sh script when the installation scripts are executed. This value should not be manually changed in the values.yaml file. |
deployment.production |
This setting in the values.yaml file will automatically be updated to the PRODUCTION from the env.sh script when the installation scripts are executed. This value should not be manually changed in the values.yaml file. |
imagePullSecrets |
Variable to store the secret that is used by the deployment. The value in the values.yaml must match the setting in the env.sh Default: regcred |
database.type |
Database type for the Connect configuration DB Supported values: sql server oracle |
database.version |
Database version for the Connect configuration DB For oracle - 12.2.x | 18.3.x | 19.3.x | 19.6.x | 19.7.x For sql server - 'Blank' |
database.url |
Connection string for the Connect configuration DB For oracle - jdbc:oracle:thin:@<host>:<port>/<SID> For sql server - jdbc:sqlserver://<host>:<port>;database=<dbname> |
database.username |
Connect database username Default: ecuser |
dispatcher.config.name |
Name of the configuration file that contains the dispatcher settings. The file must have the .properties extension but the setting should not specify it.
Default: connectDispatcher |
dispatcher.config.label |
Can be used to override the branch in GIT that the dispatcher uses for configuration. If not set, the value from configServer.label is used |
dispatcher.security.ecosysUrl |
The URL to the EcoSys Instance that Connect will be launched from Example: https://ecosys-host:port/ecosys |
dispatcher.security.jwksUrl |
The JWKS URL for token verification, provided by OAuth token Provider such as Okta or Keycloak |
dispatcher.security.tokenScope |
The Token Scope for the token provide |
agent.workQueueName |
The Connect Queue that the agent will listen to work on. Default: connectQueue |
agent.config.name |
Name of the configuration file that contains the agent settings. The file must have the .properties extension but the setting should not specify it.
Default: connectAgent |
agent.config.label |
Can be used to override the branch in GIT that the agent uses for configuration. If not set, the value from configServer.label is used. |
datastore.isNative |
Controls if a local Mongo DB is used as the datastore by the Agent. Currently, only the local Mongo DB is supported as the datastore Default: true |
datastore.url |
Not currently supported |
datastore.dbUsername |
The username to access the Data Store When isNative=true, this is the user that will be created in the local datastore when the datastore is provisioned. This is a username the installer sets. |
datastore.dbBackupUsername |
The backup username to access the Data Store When isNative=true, this is the user that will be created in the local datastore when the datastore is provisioned. This is a username the installer sets. |
logagent.config.name |
Name of the configuration file that contains the logagent settings. The file must have the .properties extension but the setting should not specify it. Example: The property file is connectLogAgent.properties, the setting is set to connectLogAgent Default: connectLogAgent |
logagent.label |
Can be used to override the branch in GIT that the logagent uses for configuration. If not set, the value from configServer.label is used. |
logstore.isNative |
Controls if a local Mongo DB is used as the datastore by the LogAgent. Currently, only the local Mongo DB is supported as the datastore for the Log Store Default: true |
logstore.url |
Not currently supported |
logstore.dbUsername |
The username to access the Log Store When isNative=true, this is the user that will be created in the local Log Store when it is provisioned. This is a username the installer sets. |
logstore.dbBackupUsername |
The backup username to access the Log Store When isNative=true, this is the user that will be created in the local datastore when the datastore is provisioned. This is a username the installer sets. |
amq.systemEncPassword |
During the installation of amq, a ‘system’ user will be created. The amq.systemEncPassword is required to set the password for this user. The password needs to be encrypted in the ‘amq’ format using the Encrypt Password screen in EcoSys. For more information on how to encrypt the password, see Encrypting Passwords |
amq.ecuser.encPassword |
During the installation of amq, a ‘ecuser user will be created. The amq.ecuser.encPassword
is required to set the password for this user. For more information on how to encrypt the password, see Encrypting Passwords |
amq.ecuser.ciphertext |
This is the same password used in the amq.ecuser.encPassword but encrypted for Connect. The password needs to be encrypted in the ‘Connect’ format using the Encrypt Password screen in EcoSys. For more information on how to encrypt the password, see Encrypting Passwords |
amq.ecdebugEncPassword |
During the installation of amq, a ‘ecdebug’ user will be created. The amq.encdebugEncPassword is required to set the password for this user. The password needs to be encrypted in the ‘amq’ format using the Encrypt Password screen in EcoSys. For more information on how to encrypt the password, see Encrypting Passwords |
configServer.label |
Sets what branch from GIT to use to retrieve the configuration files from For example, If the files are in main, this would be set to main. If the files are in a branch called Test, this would be set to Test |
configServer.username |
Username to be created when the config server is deployed. This is a username the installer sets. |
configServer.gitUri |
The connection string to the GIT Repository containing the Connect Properties files |
configServer.gitUserName |
The username to use to connect to the GIT Repository |
configTopicName |
This name is used to create a Topic in the Service Bus that is used for configuration updates |
azureApplicationInsights.connectionString |
Azure Application Insights connection string It is optional for on-prem customers |
servicebus.connectionString |
Azure Service Bus connection string Not currently supported |
host.name |
The FQDN that will be used to access connect Example: Connect.company.com |
host.ip |
The IP address of the Ingress Gateway that is running in the Kubernetes Cluster The FQDN for the hostname should resolve to this IP. To determine the IP of the Ingress Gateway, Create the cluster and install istio and then run the command ‘kubectl get services -n istio-system’ The External IP displayed on the istio-ingressgateway is the IP to be used for Host IP |
hostAliases |
The hostAliases section is used to insert entries into the hosts files of the containers. This is done for machines that the cluster (cluster that does not have proper DNS entries on your network) needs to access. Each entry requires an ‘alias’ and ‘ip’ setting. Example : alias: machineNoDNS.company.com IP: 1.2.3.4 |
tls.enable |
Enables secure communication, default is true |
istioNameSpace |
The namespace that Istio was installed into. Default: istio-system |
timeZone |
Used to set the time zone in each container using Jave TimeZone IDs |
For each component there are few sections with mem/cpu settings, it is not recommended to change these setting unless working with Hexagon support. The appropriate settings are used based on the production type, deployment target, and production setting.
2. After editing the settings, If you are using TLS, copy your TLS certificate and Key files into the helm/connect/config directory.
The certificate must be in a file named tls.crt and the key must be in a file named tls.key.
3. Run the ‘./install-connect.sh <parameters>’ to install the Connect Platform. The
following are the required parameters:
-
<config-server-password> - the password used when the Config Server user is created.
-
<git-password> - the Git password that the Config Server will use
-
<database-password> - the database password that Connect will use
-
<activemq-encryption-passphrase> - the passphrase that ActiveMQ uses for Password-based Encryption
-
<ecosys-passphrase> - the passphrase that EcoSys uses for Password-based Encryption
-
<connect-passphrase> - the passphrase that Connect will use for Password-based Encryption
-
<logstore-db-password> - the password used when creating the admin user for the LogStore
-
<logstore-backup-password> - the password used when creating the backup user for LogStore
-
If a parameter has an empty or blank value, use "" as the parameter.
-
Most EcoSys installations do not have an explicit ecosys-passphrase. In such case, the parameter for the installation must be set to "".
-
When the install-connect.sh completes it will display a message of ‘STATUS: deployed’.
-
The script deploys Connect into the Kubernetes Cluster.
-
4. To determine if Connect has started successfully, run kubectl get deployments -n <CONNECT_NAMESPACE>
There should be a total of 5 deployments – logstore, config-server, amq, logagent, and dispatchers, each having 1/1 in the READY column.
It can take several minutes for Connect to initialize and completely start.
5. If the deployment status is not correct, run ‘kubectl get pods -n <CONNECT_NAMESPACE>’ to check the status of the pods.
There should be 5 pods – amq, config-server, dispatcher, logagent, and logstore. All 5 pods start at the same time. The dispatcher and logagent require the config-server to be successfully running before they can complete a startup. The dispatcher and logagent will fail initially and will automatically restart. They will successfully start up once they can connect to the config-server.
If the pods fail to start, additional log information can be found by running the following:
kubectl logs <POD ID> -n <CONNECT_NAMESPACE> or
kubectl describe pod <POD ID> -n <CONNECT_NAMESPACE>
The <CONNECT_NAMESPACE> is the value set for CONNECT_NAMESPACE in the env.sh file.