Installing Resoto with Kubernetes
Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications.
Prerequisites
Installing Resoto
Prepare ArangoDB Database
If you don't have ArangoDB, you can use the operator to install it. See more info here.
You can use the following commands to install the database:
$ helm repo add arangodb https://arangodb.github.io/kube-arangodb
$ helm repo update
$ helm install kube-arangodb-crd arangodb/kube-arangodb-crd
$ helm install kube-arangodb arangodb/kube-arangodb
$ kubectl apply -f - <<EOF
apiVersion: "database.arangodb.com/v1alpha"
kind: "ArangoDeployment"
metadata:
name: "single-server"
spec:
mode: Single
tls:
caSecretName: None
EOF
note
These instructions were tested with version 1.2.8 of the operator.
Wait until the ArangoDB deployment is ready. You can check the conditions in the status to see that it is ready:
$ kubectl wait --for=condition=ready arangodeployment/single-server
Create Helm Values File
resotocore:
graphdb:
server: http://single-server:8529
This is the minimum configuration, which points to an empty ArangoDB database with default username and password.
The installation will create a separate database and password and secure the database installation with a generated password. You can find the generated database password in the secret arango-user.
See values.yaml for a list of configurable values.
Install Helm Chart
Clone the someengineering/resoto repository:
$ git clone https://github.com/someengineering/resoto
Next, install Resoto using Helm:
$ helm install resoto ./resoto/kubernetes/chart --set image.tag=null -f resoto-values.yaml
And just like that, you have Resoto running in Kubernetes! A collect run will begin automatically. This first collect usually takes less than 3 minutes.
Launching the Resoto Command-Line Interface
The resh command is used to interact with resotocore.
To access the Resoto Shell interface, simply execute:
$ kubectl exec -it service/resoto-resotocore -- resh
Configuring Resoto
Once the Core is running, all component configuration can be edited using the config edit command inside Resoto Shell.
Additionally, configuration properties can be overridden using the overrides section in the resoto-values.yaml file (see values.yaml for reference).
Please refer to Configuring Resoto for details.
Performing Searches
Once Resoto has completed its first collect run, you can try performing some searches.
Configure Cloud Credentials (optional)
Some cloud providers like GCP provide a file to access resources. This file needs to be passed to the worker. You can use Helm values resotoworker.volumes, and resotoworker.volumeMounts to inject credentials and their configuration to resotoworker.
$ kubectl -n resoto create secret generic resoto-auth \
--from-file=GOOGLE_APPLICATION_CREDENTIALS=<PATH TO SERVICE ACCOUNT JSON CREDS>
You would provide these values for resotoworker as file:
resotoworker:
volumeMounts:
- mountPath: /etc/tokens/
name: auth-secret
volumes:
- name: auth-secret
secret:
secretName: resoto-auth
items:
- key: GOOGLE_APPLICATION_CREDENTIALS
path: gcp-service-account.json
Other providers like AWS provide environment variables to gain access, which can also be passed to the worker.
$ kubectl -n resoto create secret generic resoto-auth \
--from-literal=AWS_ACCESS_KEY_ID=<YOUR ACCESS KEY ID> \
--from-literal=AWS_SECRET_ACCESS_KEY=<YOUR ACCESS KEY>
resotoworker:
extraEnv:
- name: AWS_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: resoto-auth
key: AWS_ACCESS_KEY_ID
- name: AWS_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: resoto-auth
key: AWS_SECRET_ACCESS_KEY