OpenShift install
StackState Self-hosted
Before you start
Before you start the installation of StackState:
Check that your OpenShift environment meets the requirements
Request access credentials to pull the StackState Docker images from StackState support.
Ensure you have the OpenShift command line tools installed (
oc
)Add the StackState helm repository to the local helm client:
Install StackState
Create project
Start by creating the project where you want to install StackState. In our walkthrough we will use the namespace stackstate
:
Generate values.yaml
values.yaml
The values.yaml
file is required to deploy StackState with Helm. It contains your StackState license key, StackState Receiver API key and other important information.
The StackState values.yaml
file can be generated by running a separate Helm Chart, the stackstate/stackstate-values
chart. A sample command line is:
This command will generate a values.yaml file which contains the necessary configuration for installing the StackState Helm Chart.
The values that can be passed to this chart are:
Receiver API Key
receiverApiKey
The API key used by StackState to receive data from agents. This is a secret key that should be kept private. If you omit this, a random key will be generated for you.
Base URL
baseUrl
The <STACKSTATE_BASE_URL>
. The external URL for StackState that users and agents will use to connect. For example https://stackstate.internal
. If you haven't decided on an Ingress configuration yet, use http://localhost:8080
. This can be updated later in the generated file.
Username and password**
-u
-p
The username and password used by StackState to pull images from quay.io/stackstate repositories. For air-gapped environments these need to be the username and password for the local docker registry.
License key
license
The StackState license key.
Admin API password
adminApiPassword
The password for the admin API. Note that this API contains system maintenance functionality and should only be accessible by the maintainers of the StackState installation. If you omit this, a random password will be generated for you. If you do pass this value and it's not bcrypt hashed, the chart will hash it for you.
Default password
adminPassword
The password for the default user (admin
) to access StackState's UI. If you omit this, a random password will be generated for you. If you do pass this value and it's not bcrypt hashed, the chart will hash it for you.
Image Registry
imageRegistry
The registry where the StackState images are hosted. If not provided, the default value will be 'quay.io'
Pull Secret Username
pullSecret.username
The username used to pull images from the Docker registry where the StackState images are hosted.
Pull Secret Password
pullSecret.password
The password used to pull images from the Docker registry where the StackState images are hosted.
Create openshift-values.yaml
openshift-values.yaml
Because OpenShift has stricter security model than plain Kubernetes, all of the standard security contexts in the deployment need to be disabled.
Create a Helm values file openshift-values.yaml
with the following content and store it next to the generated values.yaml
file. This contains the values that are needed for an OpenShift deployment.
Deploy StackState with Helm
The recommended deployment of StackState is a production ready, high availability setup with many services running redundantly. If required, it's also possible to run StackState in a non-redundant setup, where each service has only a single replica. This setup is only recommended for a test environment.
For air-gapped environments follow the instructions for the air-gapped installations.
To deploy StackState in a high availability setup on OpenShift:
(Optionally) Create a
small_values.yaml
if you want to deploy a small profile setup. Add the--values small_values.yaml
flag to the command below.Deploy the latest StackState version to the
stackstate
namespace with the following command:
After the install, the StackState release should be listed in the StackState namespace and all pods should be running:
Access the StackState UI
After StackState has been deployed, you can check if all pods are up and running:
When all pods are up, you can enable a port-forward:
StackState will now be available in your browser at https://localhost:8080
. Log in with the username admin
and the default password provided in the values.yaml
file.
Next steps are
Give your co-workers access.
Manually create SecurityContextConfiguration
objects
SecurityContextConfiguration
objectsIf you can't use an administrator account to install StackState on OpenShift, ask your administrator to apply the below SecurityContextConfiguration
objects.
See also
For other configuration and management options, refer to the Kubernetes documentation - manage a StackState Kubernetes installation
Last updated