Steps:
Push TM docker images to our Safi repos
Download the vaultctl bundle and push
Install confluent kafka
Install the required storage class
Prepare values.yaml
Install vault-operator
Run the vaultctl installer as a pod
Install vault components
Verification
1. Push TM docker images to our Safi repos
2. Download the vaultctl bundle and push
The signed artifact URL will be shared by TM usually.
Run this pipeline
3. Install Confluent Kafka:
Install operator
Install zookeeper and kafka
4. Install the required storage class:
kctx gke_safi-env-tangled-tms_asia-southeast1_safi-tangled-tms k create ns tm-vault kns tm-vault
Create storage classes by using below Yaml file content
allowVolumeExpansion: true apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: annotations: name: fast-encrypted parameters: type: pd-ssd provisioner: kubernetes.io/gce-pd reclaimPolicy: Delete volumeBindingMode: WaitForFirstConsumer
allowVolumeExpansion: true apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: annotations: name: general-encrypted parameters: replication-type: none type: pd-balanced provisioner: pd.csi.storage.gke.io reclaimPolicy: Delete volumeBindingMode: WaitForFirstConsumer
5. Prepare values.yaml:
Find the sample values.yaml file for 4.5.1
Note: Always keep the updated file here, if you modify any values in values.yaml file
6. Install vault-operator:
https://github.com/SafiBank/SaFiMono/tree/main/devops/argocd/environments/tangled/tms/vault-operator
7. Run the vaultctl installer as a pod:
kctx gke_safi-env-tangled-tms_asia-southeast1_safi-tangled-tms k create ns tm-system kns tm-system k run vaultctl --image=asia-southeast1-docker.pkg.dev/safi-repos/safi-tm/vautlctl-tangled:4.5.1 -- sleep 6d
k exec -it vaultctl -- bash # Run the below commands inside the pods kubectl create ns tm-system kubectl create ns tm-monitoring kubectl create ns istio-system kubectl create ns webhook-operator kubectl create ns tm-vault kubectl label ns tm-vault --overwrite istio-annotation-tm-webhook-tm-vault=enabled kubectl label ns tm-vault --overwrite istio.io/rev=1.15.3 exit
Copy release vault-4.5.1.release (can you found inside the zip) and values.yaml inside vaultctl
pod
k cp values.yaml vaultctl:/app/values.yaml k cp vault-4.5.1.release vaultctl:/app/vault-4.5.1.release
8. Run the vaultctl installer as a pod:
k exec -it vaultctl -- bash # Run the below commands inside the pod vaultctl install webhook-operator -v values.yaml -r vault-4.5.1.release vaultctl install vault-core -v values.yaml -r vault-4.5.1.release # observability not required if integration done with Safi monitoring platform vaultctl install observability -v values.yaml -r vault-4.5.1.release
9. Verification:
Login ops tms - https://ops.tms.tangled.safibank.online/
You should able to see below screen
Attachments:
4.5.1-values-tangled.yaml (application/x-yaml)
4.5.1-values-tangled.yaml (application/x-yaml)
image-20230207-030800.png (image/png)