Skip to content

bejaku-hno/diz-in-a-box

BranchesTags
 
 

Repository files navigation

diz-in-a-box

OpenSSF Scorecard

DIZ in a box.

Installation

Prerequisites

Steps

Install K3S Cluster

curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION=v1.26.1+k3s1 sh -

# optional: modify the kube config to allow running kubectl commands as a non-root user
# alternatively, prefix each kubectl and helm command with `sudo`
mkdir ~/.kube
sudo k3s kubectl config view --raw > ~/.kube/config
chmod 600 ~/.kube/config

kubectl get nodes

# create a namespace to isolate the installation
export DIZBOX_NAMESPACE_NAME=bzkf-dizbox
kubectl create namespace ${DIZBOX_NAMESPACE_NAME} --dry-run=client -o yaml | kubectl apply -f -
kubectl config set-context --current --namespace=${DIZBOX_NAMESPACE_NAME}
Air-gapped

Download the air-gapped installer and move it to the deployment machine:

curl -L -O https://github.com/bzkf/diz-in-a-box/releases/download/v1.5.11/air-gapped-installer.tgz

Run the following steps on the deployment machine.

Extract the archive:

tar xvzf ./air-gapped-installer.tgz

Prepare the images directory and k3s binary:

mkdir -p /var/lib/rancher/k3s/agent/images/
cp ./dist/air-gapped/k3s/k3s-airgap-images-amd64.tar /var/lib/rancher/k3s/agent/images/

cp ./dist/air-gapped/bin/k3s /usr/local/bin/k3s

Run the install script:

chmod +x ./dist/air-gapped/bin/install.sh
INSTALL_K3S_SKIP_DOWNLOAD=true ./dist/air-gapped/bin/install.sh

Run the script to import all required images:

chmod +x ./dist/air-gapped/bin/import-images-into-k3s.sh
IMAGE_FOLDER=./dist/air-gapped/images ./dist/air-gapped/bin/import-images-into-k3s.sh

Install Strimzi Operator and Kafka

helm upgrade --install --wait --timeout=10m --version=1.5.11 prerequisites oci://ghcr.io/bzkf/diz-in-a-box/charts/prerequisites

kubectl apply -f k8s/kafka-cluster.yaml
kubectl wait kafka/bzkf-dizbox-cluster --for=condition=Ready --timeout=300s

# Optionally install KafkaBridge
kubectl apply -f k8s/kafka-bridge.yaml
kubectl wait kafkabridge/bzkf-dizbox-bridge --for=condition=Ready --timeout=300s

kubectl get all -A

Install DIZ-in-a-box

helm upgrade --install --wait --timeout=10m --version=1.5.11 diz-in-a-box oci://ghcr.io/bzkf/diz-in-a-box/charts/diz-in-a-box

# test the installation
helm test diz-in-a-box

kubectl wait deployment/diz-in-a-box-stream-processors-onkoadt-to-fhir --for=condition=Available --timeout=300s
kubectl wait deployment/diz-in-a-box-stream-processors-fhir-to-server --for=condition=Available --timeout=300s

TODOs

  • https://docs.k3s.io/security/hardening-guide
  • set ACL for KafkaUsers to relevant topics
  • hardening: change existing passwords; show how to add existing secrets via kubectl. kubectl create secret generic --from-literal='GPAS__AUTH__BASIC__PASSWORD=test' gpas-basic-auth

About

DIZ in a Box

Resources

Readme

License

AGPL-3.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 75.1%
  • Shell 14.5%
  • Dockerfile 5.9%
  • Mustache 4.5%