Install Helm Charts
The following document will guide you through the basic steps of installing Mach5 Search using Helm.
Prerequisites
- A running Kubernetes cluster
- Helm Client installed, version 3.8.0 or above (or by enabling experimental support for OCI for prior versions).
- A PostgreSQL database accessible by Mach5 Search pods
- A default ingress class with an associated ingress controller
- Access to Mach5 Artifact Registry:
To access Mach5 containers and Helm charts, you will need a Google service account. If you do not have one, please create a new service account and download the key file locally.
Once you have a Google service account, please reach out to your Mach5 contact to allow Artifact Registry access for that service account.
- Mach5 Helm registry authentication:
In order to pull the Mach5 Search Helm chart, the service account configured above will need to be authenticated with Mach5's Helm registry
https://us-central1-docker.pkg.dev
Installation
- Pull the Mach5 Search Helm chart from Artifact Registry
$ helm pull oci://us-central1-docker.pkg.dev/mach5-dev/mach5-docker-registry/mach5-search
If you need a specific version, then use the --version flag.
- Create a new namespace for Mach5 Search:
$ kubectl create namespace mach5
- Create a secret to allow access to the Mach5 Artifact Registry
$ kubectl create secret docker-registry artifact-registry --docker-server=https://us-central1-docker.pkg.dev --docker-email=<SERVICE ACCOUNT EMAIL> --docker-username=_json_key --docker-password="$(cat <SERVICE ACCOUNT JSON KEY FILE>)" --namespace mach5
Please note that the SERVICE ACCOUNT mentioned in the above command is the one that has been enabled for accessing the Mach5 Artifact Registry
- Update the default Kubernetes service account to use correct credentials while pulling images
$ kubectl patch serviceaccount default -p '{"imagePullSecrets": [{"name": "artifact-registry"}]}' --namespace mach5
- Create a
local-values.yamlfile
The contents of this file minimally be the following (with values populated appropriately for your environment):
metadatadb: name: "" host: "" port: "" sslmode: "" user: "" password: "" bigquery: projectid: "" datasetid: "" key: "" mediator: useGcpInstanceMetadata: "false" teleportcollector: useGcpInstanceMetadata: "false"
Update the values of the keys under metadatadb with the PostgreSQL database credentials. The bigquery section should contain your access details to BigQuery.
Note that the bigquery.key value should be the JSON contents of the service account key file that has Read/Write privileges to BigQuery in the specified dataset. For example:
...
key: |
{ "type": "service_account", ...
...
- Install the chart
$ helm install m5test mach5-search-<version>.tar.gz -f local-values.yaml
Verifying the installation
The charts expose an ingress route at the path /. Using a web browser, navigate to the ingress endpoint to access Mach5 Search Dashboards.
