Helm Chart Deployment steps for Trusted Workload Placement - Control Plane Usecase

A collection of helm charts for Trusted Workload Placement - Control Plane Usecase

• Getting Started
  • Pre-requisites
  • Support Details
  • Use Case Helm Charts
  • Installing isecl-helm charts
    • Update values.yaml for Use Case chart deployments
    • Use Case charts Deployment
    • Setup task workflow

Deployment diagram

Getting Started

Below steps guide in the process for installing isecl-helm charts on a kubernetes cluster.

Pre-requisites

• Non Managed Kubernetes Cluster up and running
• Helm 3 installed

  curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3
  chmod 700 get_helm.sh
  ./get_helm.sh
  

• For building container images Refer here for instructions

• Setup NFS, Refer instructions for setting up and configuring NFS Server

Support Details

Kubernetes	Details
Cluster OS	RedHat Enterprise Linux 8.x Ubuntu 20.04
Distributions	Any non-managed K8s cluster
Versions	v1.23
Storage	NFS
Container Runtime	CRI-O

Use Case Helm Charts

Use case	Helm Charts
Trusted-Workload-Placement Control-Plane	cms aas hvs nats

Installing isecl-helm charts

• Add the chart repository shell script helm repo add isecl-helm https://intel-secl.github.io/helm-charts helm repo update

• To find list of available charts shell script helm search repo --versions

Usecase based chart deployment (using umbrella charts)

Update values.yaml for Use Case chart deployments

Some assumptions before updating the values.yaml are as follows:

• The images are built on the build machine and images are pushed to a registry tagged with release_version(e.g:v5.1.0) as version for each image
• The NFS server setup is done either using sample script instructions or by the user itself
• The K8s non-managed cluster is up and running
• Helm 3 is installed

The helm chart support Nodeports for services to support ingress model, enable the ingress by setting the value ingress enabled to true in values.yaml file.

Update the hvsUrl, cmsUrl and aasUrl under global section according to the conifgured model. e.g For ingress. hvsUrl: https://hvs.isecl.com/hvs/v2 For Nodeport, hvsUrl: https://<controlplane-hosntam/IP>:30443/hvs/v2

Use Case charts Deployment

```shell script export VERSION=5.1.0 helm pull isecl-helm/Trusted-Workload-Placement-Control-Plane –version $VERSION && tar -xzf Trusted-Workload-Placement-Control-Plane-$VERSION.tgz Trusted-Workload-Placement-Control-Plane/values.yaml helm install isecl-helm/Trusted-Workload-Placement-Control-Plane --version $VERSION -f Trusted-Workload-Placement-Control-Plane/values.yaml --create-namespace -n

> **Note:** If using a separate .kubeconfig file, ensure to provide the path using `--kubeconfig <.kubeconfig path>`


## Setup task workflow.
* Refer [instructions](/helm-charts/docs/setup-task-workflow.html) for running service specific setup tasks

To uninstall a chart
```shell script
helm uninstall <release-name> -n <namespace>

To list all the helm chart deployments shell script helm list -A

Cleanup steps that needs to be done for a fresh deployment

• Uninstall all the chart deployments
• Cleanup the data at NFS mount
• Remove all objects(secrets, rbac, clusterrole, service account) related namespace related to deployment kubectl delete ns <namespace>.

Note:

Before redeploying any of the chart please check the pv and pvc of corresponding deployments are removed. Suppose
if you want to redeploy aas, make sure that aas-logs-pv, aas-logs-pvc, aas-config-pv, aas-config-pvc, aas-db-pv, aas-db-pvc, aas-base-pvc are removed successfully.
Command: ```kubectl get pvc -n <namespace>``` && ```kubectl get pv -n <namespace>```