Installing IDHub
Prerequisite
Decide where you would like to install IDHub.
- IDHub can be installed and run on any Cloud or local Cluster.
- For Cloud, IDHub recommends the following
Google Kubernetes Engine (GKE)
Amazon EKS
Azure Kubernetes Service (AKS)
- For self-hosted cluster, you may use
MicroK8s
(see prerequisites) orKind
Establish and Configure Private Kubernetes Cluster
- You need to establish and configure your private Kubernetes Cluster which meets the minimum system requirements. Click here to learn more.
Configure DNS record with External IP address (FQDN)
- You must configure DNS records with external IP with your DNS provider, to get your FQDN.
- The FQDN will be the URL of IDHub application.
- Please click here to get a detailed understanding of what is FQDN and how to configure.
Admin Access to Cluster
- You need to identify users that have admin access to your cluster.
- Anybody who has admin access to that cluster would be able to access the sensitive information.
Kubectl
- Install the Kubernetes CLI (
kubectl
) to interact with the cluster.- Please refer to Kubectl Installation Guide for more details
Helm
- Install Helm for managing charts and deploying applications.
- Please refer to Helm Installation Guide for more details
- IDHub is tested with the latest Helm version. However, it should also work with other Helm 3.x.x versions.
jq (Required for Scripts)
- Install
jq
for processing JSON data in scripts.- Please refer to jq Installation Guide
Install IDHub
Before installing IDHub make sure that you meet the pre-requisites and the minimum system requirements
The following sections elaborates the steps for installing IDHub in your Cluster.
Step 1: Clone IDHub App Repo
Run the following command in your terminal to Clone IDHub App Repo
git clone https://bitbucket.org/sath-inc/app.git && cd app
Step 2: CA certificate (Optional)
A Certificate Authority (CA) certificate is a digital certificate issued by a Certificate Authority that an organization controls or trusts. CA certificates are crucial for establishing secure communications in a network by verifying the identity of certificates issued under it. In the context of IDHub, a CA certificate allows you to extend your organization's trust chain, ensuring that only authorized entities can communicate securely with your IDHub instance.
You can either use a public CA certificate or generate your own custom CA certificate. The following section elaborates how you can publish your custom CA certificate and configure IDHub to use it.
- Generate a private key for your CA:
openssl genrsa -out custom-ca.key 4096
- Create a self-signed CA certificate:
openssl req -x509 -new -nodes -key custom-ca.key -sha256 -days 3650 -out custom-ca.crt \
-subj "/C=US/ST=YourState/L=YourCity/O=YourOrganization/OU=IT/CN=your-ca-domain"
Replace /C=US/ST=YourState/L=YourCity/O=YourOrganization/OU=IT/CN=your-ca-domain
with your organization's details.
- Configure IDHub to Use Custom CA Certificate
Configure IDHub to use the custom CA certificate by, adding the custom CA in the following path
scripts/certs/trusted
Step 3: Install Required Data Stores
The next step is to install the required data stores, which include:
- MongoDB
- PostgreSQL
- Kafka
- Elasticsearch
- MinIO (Recommended, but any S3-compatible storage system can be used)
Installation Command
Run the following shell script to install the data stores:
./scripts/idhub/install/installDataStores.sh <DATASTORE_NAMESPACE_PREFIX> <--single-node|--multi-node|--managed-cloud>
Namespace Prefix Requirement
<DATASTORE_NAMESPACE_PREFIX>
: Prefix for naming datastore namespaces.- Allowed Characters: Alphanumeric (letters and numbers only).
- Length Requirement: Exactly 3 characters.
- Disallowed Characters: No special characters (e.g., @, #, -, _, etc.).
- Examples of Valid Values: abc, sds, sd1.
Deployment Modes
The installation script supports the following deployment modes:
--single-node
: Applicable for MicroK8s. Installs all data stores in a single-node setup.--multi-node
: Applicable for MicroK8s. Installs data stores in a multi-node setup.--managed-cloud
: Assumes the use of managed cloud services where applicable (e.g., GKE, AKS, EKS, etc.).
- The script uses a namespace prefix as an argument and runs the installation scripts for each datastore.
- Run this script only once.
- This shell script can be executed on any Linux OS within your cluster.
- The installation script has been tested on GKE, MicroK8s and Kind and should also be compatible with Amazon EKS and Azure Kubernetes Service (AKS).
- There is one shared datastore for multiple IDHub installations, meaning a single deployment of each datastore (Elasticsearch, MongoDB, PostgreSQL, Kafka, and S3-compatible storage) serves all IDHub instances.
Step 4: Initialize and Configure Datastores for IDHub Instance
Run the following script to intialize and configure the datastores for a specified IDHub instance within a namespace. It verifies the readiness of each datastore and generates the necessary configurations.
./scripts/idhub/install/initDataStores.sh <DATASTORE_NAMESPACE_PREFIX> <IDHUB_INSTANCE> [-y]
<DATASTORE_NAMESPACE_PREFIX>
: Prefix for naming datastore namespaces.- Allowed Characters: Alphanumeric (letters and numbers only).
- Length Requirement: Exactly 3 characters.
- Disallowed Characters: No special characters (e.g., @, #, -, _, etc.).
- Examples of Valid Values: abc, sds, sd1.
<IDHUB_INSTANCE>
: The IDHub instance to configure the datastore for.- Allowed Characters: Lowercase letters (a-z), Numbers (0-9)
- Length Requirement: Must adhere to K8s namespace character limit
- Disallowed Characters: No Uppercase letters, No Special characters (e.g., _, @, /, .)
- Examples of Valid Values: abccorp, xyzcompany2
-y
: Optional flag to skip confirmation prompts.
Step 5: Load the Datastore Configuration
After configuring the IDHub instance and datastores, run the following command to apply the datastore configuration YAML to your Kubernetes namespace.
kubectl create namespace <IDHUB_INSTANCE>
kubectl -n <IDHUB_INSTANCE> apply -f ./build/k8s/<IDHUB_INSTANCE>_config.yaml
<IDHUB_INSTANCE>
: The IDHub instance to configure the datastore for.- Allowed Characters: Lowercase letters (a-z), Numbers (0-9)
- Length Requirement: Must adhere to K8s namespace character limit
- Disallowed Characters: No Uppercase letters, No Special characters (e.g., _, @, /, .)
- Examples of Valid Values: abccorp, xyzcompany2
- Replace
<IDHUB_INSTANCE>
with the namespace corresponding to your IDHub instance where the datastore configurations should be applied.
Step 6: Installation Command
To deploy IDHub using Helm, run the following command:
helm repo add sath https://repo.sath.com/repository/sath/
helm repo update
helm upgrade --install idhub sath/idhub --version 24.4.1 \
--set global.IDHUB_INSTANCE=<IDHUB_INSTANCE> \
--set global.IDHUB_FQDN=<IDHUB_FQDN> \
--set ingress.className=<INGRESS_CLASS_NAME> \
-n <NAMESPACE> --create-namespace
IDHUB_INSTANCE
- Description: The name of your IDHub instance.
- Allowed Characters: Lowercase letters (a-z), Numbers (0-9)
- Length Requirement: Must adhere to Kubernetes namespace character limits.
- Disallowed Characters: No uppercase letters, No special characters (e.g.,
_
,@
,/
,.
) - Examples of Valid Values:
abccorp
,xyzcompany2
IDHUB_FQDN
- Description: The fully qualified domain name (FQDN) for your IDHub instance.
- Note: Please click here to get a detailed understanding of what an FQDN is and how to configure it.
NAMESPACE
- Description: The Kubernetes namespace where you want to deploy the IDHub application.
INGRESS_CLASS_NAME
- Usage:
--set ingress.className=public
if MicroK8s Ingress is used. Else leave it blank.
Post install verification
Run the following command on your K8 cluster, to verify the successful installation of IDHub.
kubectl get -n <IDHUB_INSTANCE> pods
<IDHUB_INSTANCE>
<IDHUB_INSTANCE>
is the name of your IDHub instance.- Allowed Characters: Lowercase letters (a-z), Numbers (0-9)
- Length Requirement: Must adhere to K8s namespace character limit
- Disallowed Characters: No Uppercase letters, No Special characters (e.g., _, @, /, .)
- Examples of Valid Values: abccorp, xyzcompany2
The status for all the pods must be in running state, which means that IDHub has been installed successfully on your k8 cluster.
Uninstall IDHub
Uninstall IDHub Instance
Run the following command on your K8 cluster, to uninstall the IDHub instance.
helm uninstall idhub -n <IDHUB_INSTANCE>
<IDHUB_INSTANCE>
is the name of your IDHub instance.- Allowed Characters: Lowercase letters (a-z), Numbers (0-9)
- Length Requirement: Must adhere to K8s namespace character limit
- Disallowed Characters: No Uppercase letters, No Special characters (e.g., _, @, /, .)
- Examples of Valid Values: abccorp, xyzcompany2
Uninstall Data Store
Run the following command on your K8 cluster, to uninstall the Data stores
Kubectl delete <DATASTORE_NAMESPACE_PREFIX>-<datastore>
<datastore>
, <DATASTORE_NAMESPACE_PREFIX>
<datastore>
areElasticsearch
,MongoDB
,PostgreSQL
,Kafka
, andMinIO
for which you will have to run the above command separately for each one of them.<DATASTORE_NAMESPACE_PREFIX>
is the prefix that you have used to install the datastores
Login To IDHub
In order to Log in to IDHub, you will need to create a tenant. To do that, below steps are needed to be performed.
Navigate to https://[FQDN]/admin
- Replace [FQDN] with your IDHub Application URL.
- Please Click Here to get a detailed understanding of what is FQDN and how to configure.
Procure Tenant Management Admin Password
In the tenant management login page, you will asked to enter the tenant management admin password. Run the following kubectl
command to get the tenant management password:
kubectl get secret tenant-admin-user-password -o jsonpath="{.data.password}" -n <IDHUB_INSTANCE> | base64 --decode
<IDHUB_INSTANCE>
<IDHUB_INSTANCE>
is the name of your IDHub instance.- Allowed Characters: Lowercase letters (a-z), Numbers (0-9)
- Length Requirement: Must adhere to K8s namespace character limit
- Disallowed Characters: No Uppercase letters, No Special characters (e.g., _, @, /, .)
- Examples of Valid Values: abccorp, xyzcompany2
IDHub Tenant Management Page
After login, you will be shown the Tenant Management portal as you can see below.
Please click on the
Create Tenant
button in order to create your first tenant.
Register Account in IDHub
Fill out the Register form.
- The username and password entered here will be used to login to your IDHub Tenant. This should be written down and remembered.
License Activation and Validation
If you have already purchased an IDHub Subscription, you will get the license key in your email which you can enter to activate the license.
Click Here to purchase your IDHub Subscription.
Terms and Conditions
Final Step is click on the checkbox and accept the IDHub Software Customer Agreement, Acceptable Use Policy and Privacy Policy.
Review Summary, Start Installation and Login
Finally, review the summary of your account and start the installation. You will get a page, as you can see in the screenshot below. Click on the Install button to start the installation.
After installation is complete, you would be automatically redirected to your IDHub tenant login page, where you can enter the username and password (that you have entered in the register form) to login to your IDHub tenant.
The Tenant Management portal shows the list of all tenants that have been created by you. (See Screenshot below)
Under actions you can click on the Login button, which will redirect you to the Login URL for that specific tenant.