Installing IDHub
Prerequisite
Decide where you would like to install IDHub.
- IDHub can be installed and run on any Cloud or local Cluster.
- For Cloud, IDHub recommends the following
Google Kubernetes Engine (GKE)Amazon EKSAzure Kubernetes Service (AKS)
- For local, you may use
KIND (Kubernetes IN Docker)orMicroK8s
Establish and Configure Private Kubernetes Cluster
- You need to establish and configure your private Kubernetes Cluster which meets the minimum system requirements. Click here to learn more.
Configure DNS record with External IP address (FQDN)
- You must configure DNS records with external IP with your DNS provider, to get your FQDN.
- The FQDN will be the URL of IDHub application.
- Please click here to get a detailed understanding of what is FQDN and how to configure.
Admin Access to Cluster
- You need to identify users that have admin access to your cluster.
- Anybody who has admin access to that cluster would be able to access the sensitive information.
Kubectl
- Install the Kubernetes CLI (
kubectl) to interact with the cluster.- Please refer to Kubectl Installation Guide for more details
Helm
- Install Helm for managing charts and deploying applications.
- Please refer to Helm Installation Guide for more details
- IDHub is tested with the latest Helm version. However, it should also work with other Helm 3.x.x versions.
jq (Required for Scripts)
- Install
jqfor processing JSON data in scripts.- Please refer to jq Installation Guide
Additional Prerequisite for KIND
If you decide to use KIND (Kubernetes IN Docker) for installing IDHub, in addition to the above, the following pre-requisites must also be met.
Linux OS with Docker Support
- Make sure that the OS is a Linux distribution (e.g., Ubuntu, Debian, Fedora, or RHEL) that supports Docker Engine.
Docker Engine
- Install Docker to run Kubernetes clusters in Docker containers.
- Please refer to Docker Installation Guide for more details.
Kind
- Install Kind to create and manage Kubernetes clusters.
- Please refer to Kind Installation Guide for more details
Cloud Provider Kind
- Simulates cloud-provider functionality, enabling testing of features like LoadBalancers.
- Please refer to Cloud Provider Kind Installation Guide for more details.
- Optionally install Go if using Cloud Provider Kind for advanced features.
- Please refer to Go Installation Guide for more details
Install IDHub
Before installing IDHub make sure that you meet the pre-requisites, additional prerequisites for KIND (If using KIND) and the minimum system requirements
The following sections elaborates the steps for installing IDHub in your Cluster.
Step 1: Clone IDHub App Repo
Run the following command in your terminal to Clone IDHub App Repo
git clone https://bitbucket.org/sath-inc/app.git && cd app
Step 2: CA certificate (Optional)
A Certificate Authority (CA) certificate is a digital certificate issued by a Certificate Authority that an organization controls or trusts. CA certificates are crucial for establishing secure communications in a network by verifying the identity of certificates issued under it. In the context of IDHub, a CA certificate allows you to extend your organization's trust chain, ensuring that only authorized entities can communicate securely with your IDHub instance.
You can either use a public CA certificate or generate your own custom CA certificate. The following section elaborates how you can publish your custom CA certificate and configure IDHub to use it.
- Generate a private key for your CA:
openssl genrsa -out custom-ca.key 4096
- Create a self-signed CA certificate:
openssl req -x509 -new -nodes -key custom-ca.key -sha256 -days 3650 -out custom-ca.crt \
-subj "/C=US/ST=YourState/L=YourCity/O=YourOrganization/OU=IT/CN=your-ca-domain"
Replace /C=US/ST=YourState/L=YourCity/O=YourOrganization/OU=IT/CN=your-ca-domain with your organization's details.
- Configure IDHub to Use Custom CA Certificate
Configure IDHub to use the custom CA certificate by, adding the custom CA in the following path
src/main/helm/idhub/certs/trusted
Step 3: Install Required Data Stores
The next step is to install the required data stores which are: Elasticsearch, MongoDB, PostgreSQL, Kafka, and MinIO (We recommend MinIO, but you can use any S3 compatible storage system) in a specified namespace.
Run the following shell script to install the data stores:
./src/main/scripts/idhub/install/installDataStores.sh <DATASTORE_NAMESPACE_PREFIX>
<DATASTORE_NAMESPACE_PREFIX><DATASTORE_NAMESPACE_PREFIX>is a prefix for naming datastore namespaces.- In the above command replace
<DATASTORE_NAMESPACE_PREFIX>with any 3 or above character word
- The above script uses a namespace prefix as an argument and runs installation scripts for each datastore.
- You need to run this script only once.
- This shell script can be run in any linux OS in your cluster.
- This installation data store script is tested with GKE and Kind (local kubernetes cluster). But this should be compatible with Amazon EKS and Azure Kubernetes Service (AKS) as well.
- There is one shared data store for multiple IDHub installations, which means having one application each for ElasticSearch, MongoDB, PostgreSQL, Kafka and S3 compatible storage.
Step 4: Initialize and Configure Datastores for IDHub Instance
Run the following script to intialize and configure the datastores for a specified IDHub instance within a namespace. It verifies the readiness of each datastore and generates the necessary configurations.
./src/main/scripts/idhub/install/initDataStores.sh <DATASTORE_NAMESPACE_PREFIX> <IDHUB_INSTANCE> [-y]
<DATASTORE_NAMESPACE_PREFIX>: Prefix for naming datastore namespaces.<IDHUB_INSTANCE>: The IDHub instance to configure the datastores for.-y: Optional flag to skip confirmation prompts.
Step 5: Load the Datastore Configuration
After configuring the IDHub instance and datastores, run the following command to apply the datastore configuration YAML to your Kubernetes namespace.
kubectl create namespace <IDHUB_INSTANCE>
kubectl -n <IDHUB_INSTANCE> apply -f ./build/k8s/<IDHUB_INSTANCE>_config.yaml
<IDHUB_INSTANCE>: Replace <IDHUB_INSTANCE> with the namespace corresponding to your IDHub instance where the datastore configurations should be applied.
Step 6: Install IDHub Chart
Once the datastores are configured, install IDHub using the following helm commands.
helm repo add sath https://repo.sath.com/repository/sath/
helm upgrade --install idhub sath/idhub --version 24.4.0 --set global.IDHUB_INSTANCE=<IDHUB_INSTANCE> --set global.IDHUB_FQDN=<IDHUB_FQDN> -n <NAMESPACE> --create-namespace
<IDHUB_INSTANCE>: The name of your IDHub instance.<IDHUB_FQDN>: The fully qualified domain name (FQDN) for your IDHub instance.- Please click here to get a detailed understanding of what is FQDN and how to configure.
<NAMESPACE>: The Kubernetes namespace where you want to deploy the IDHub application.
Post install verification
Run the following command on your K8 cluster, to verify the successful installation of IDHub.
kubectl get -n <IDHUB_INSTANCE> pods
<IDHUB_INSTANCE><IDHUB_INSTANCE> is the name of your IDHub instance.
The status for all the pods must be in running state, which means that IDHub has been installed successfully on your k8 cluster.
Uninstall IDHub
Uninstall IDHub Instance
Run the following command on your K8 cluster, to uninstall the IDHub instance.
helm uninstall idhub -n <IDHUB_INSTANCE>
<IDHUB_INSTANCE> is the name of your IDHub instance.
Uninstall Data Store
Run the following command on your K8 cluster, to uninstall the Data stores
Kubectl delete <DATASTORE_NAMESPACE_PREFIX>-<datastore>
<datastore>, <DATASTORE_NAMESPACE_PREFIX><datastore>areElasticsearch,MongoDB,PostgreSQL,Kafka, andMinIOfor which you will have to run the above command separately for each one of them.<DATASTORE_NAMESPACE_PREFIX>is the prefix that you have used to install the datastores
Login To IDHub
In order to Log in to IDHub, you will need to create a tenant. To do that, below steps are needed to be performed.
Navigate to https://[FQDN]/admin
- Replace [FQDN] with your IDHub Application URL.
- Please Click Here to get a detailed understanding of what is FQDN and how to configure.
Procure Tenant Management Admin Password
In the tenant management login page, you will asked to enter the tenant management admin password. Run the following kubectl command to get the tenant management password:
kubectl get secret tenant-admin-user-password -o jsonpath="{.data.password}" -n <IDHUB_INSTANCE> | base64 --decode
<IDHUB_INSTANCE><IDHUB_INSTANCE> is the name of your IDHub instance.
IDHub Tenant Management Page
After login, you will be shown the Tenant Management portal as you can see below.
Please click on the Create Tenant button in order to create your first tenant.
Register Account in IDHub
Fill out the Register form.
- The username and password entered here will be used to login to your IDHub Tenant. This should be written down and remembered.
License Activation and Validation
If you have already purchased an IDHub Subscription, you will get the license key in your email which you can enter to activate the license.
Click Here to purchase your IDHub Subscription.
Terms and Conditions
Final Step is click on the checkbox and accept the IDHub Software Customer Agreement, Acceptable Use Policy and Privacy Policy.
Review Summary, Start Installation and Login
Finally, review the summary of your account and start the installation. You will get a page, as you can see in the screenshot below. Click on the Install button to start the installation.
After installation is complete, you would be automatically redirected to your IDHub tenant login page, where you can enter the username and password (that you have entered in the register form) to login to your IDHub tenant.
The Tenant Management portal shows the list of all tenants that have been created by you. (See Screenshot below)
Under actions you can click on the Login button, which will redirect you to the Login URL for that specific tenant.