Deployment

All Kaa services, including WD, are distributed as Helm charts. You can run these charts using Kubernetes.

Installing WD chart on Kubernetes

Preparation

These steps should be done once for your entire Kaa cluster in Kubernetes.

  1. Install Kubernetes.

  2. Install Helm client and Tiller server.

  3. Create a Kaa license secret (remember to put in your Kaa license key file contents and password):

     export HISTCONTROL=ignorespace # Prevent saving your key password in the shell history; note the leading space in the next line
      cat << EOF > /tmp/kaa-licence.yaml
     apiVersion: v1
     data:
       file: < your licence key file contents, base64-encoded >
       password: < your licence key password >
     kind: Secret
     metadata:
       name: license
       type: Opaque
     EOF
     kubectl create -f /tmp/kaa-licence.yaml
    
  4. Specify the image pull secret for the official KaaIoT docker registry. To define this secret, use your KaaID credentials:

     export HISTCONTROL=ignorespace  # Prevent saving your credentials in the shell history; note the leading space in the next line
      export KAAID_EMAIL=<your KaaID email, eg. bob@example.com> KAAID_PASSWORD=<your KaaID password>
     kubectl create secret docker-registry kaaid --docker-server=hub.kaaiot.net --docker-username=$KAAID_EMAIL --docker-email=$KAAID_EMAIL --docker-password=$KAAID_PASSWORD
    
  5. If you want to enable API security in your Kaa cluster (recommended), you should create an auth server backend secret for the service to be able to request PAT tokens.

     export HISTCONTROL=ignorespace # Prevent saving your client ID amd secret in the shell history; note the leading space in the next line
      cat << EOF > /tmp/keycloak-backend-secret.yaml
     apiVersion: v1
     data:
       client-id: < your client-id, base64-encoded >
       client-secret: < your client-secret, base64-encoded >
     kind: Secret
     metadata:
       name: "keycloak-backend"
       labels:
         app.kubernetes.io/name: "kaa-name"
         helm.sh/chart: "kaa-chart-version"
         app.kubernetes.io/instance: "kaa-instance-name"
         app.kubernetes.io/managed-by: "release-service-name"
     EOF
     kubectl create -f /tmp/keycloak-backend-secret.yaml
    
  6. Add the KaaIoT Helm repository:

     helm repo add kaa-museum https://museum.kaaiot.net/
    

Installation

Once you have completed the preparation steps, everything is ready for deploying WD on your Kubernetes cluster. To deploy the service, run the following command (observe the reference to the previously created license secret):

helm install --set global.license.secretName=license kaa-museum/wd --name kaa-wd

Check that pods are running:

kubectl get pods

Once the service initialization is complete, you should observe the output similar to the below:

NAME                                          READY   STATUS             RESTARTS   AGE
...
kaa-wd                                       1/1     Running            0          2m
...

Chart Requirements

Repository Name Version
@stable nats 2.0.6

Chart Values

Key Type Default Description
affinity object {}  
analytics.enabled bool false  
analytics.siteId string ""  
analytics.url string ""  
annotations.deployment object {}  
annotations.pod object {}  
config string "info:\n favicon: /img/fav-public-demo.png\n logo:\n main: \"\"\n secondary: \"\"\n theme: night\n title: \"Kaa\"\n" Content for the service config map, automatically mounted as a config file into the pod.
env object {} Defines the environment variables that Kubernetes passes to the service replica.
extraInitContainers list []  
extraPodSpecs.automountServiceAccountToken bool false  
extraVolumeMounts list []  
extraVolumes list [] Defines extra volumes and mounts.
fullnameOverride string ""  
global.hosts.kaaDomain string "" Kaa Platform host.
global.image.pullSecrets list [] List of image pull secret names. Each must be defined as a record with the name field. Overrides image.pullSecrets.
global.kaaIngress.enabled bool false  
global.kaaIngress.tls object {}  
global.keycloak.backendSecretName string "" Name of the backend auth server secret, which must contain base64-encoded client-id and client-secret. Required.
global.keycloak.baseURL string ""  
global.keycloak.enabled string "" Enables API security using the auth provider. Overrides keycloak.enabled.
global.keycloak.frontendSecretName string ""  
global.keycloak.realm string "" Auth provider realm. Required.
global.license.secretName string "" Name of the license secret, which must contain two base64-encoded fields: file (license file contents in PKCS #12) and password. Overrides license.secretName.
global.nats.url string "" NATS URL. Overrides nats.url.
global.tekton.enabled string "true" Enables Tekton integration. When disabled, the service will expect Kaa application configs to be defined in the config map. Overrides tekton.enabled.
global.tekton.url string "http://-tekton" Tekton URL. Overrides tekton.url.
image.pullPolicy string "Always" Docker image pull policy.
image.pullSecrets list [] List of image pull secret names. Each must be defined as a record with the name field.
image.repository string "hub.kaaiot.net/core/service/wd/wd" Docker image repository image URL.
image.tag string "" Docker image tag version to pull and run.
ingress.annotations object {}  
ingress.enabled bool false  
ingress.hosts[0].host string "chart-example.local"  
ingress.hosts[0].paths list []  
ingress.tls list []  
keycloak.config string "enabled: true\ninitialLoginPage:\n copyright: 'Powered by the Kaa IoT Platform, 2019 KaaIoT Technologies, LLC'\n header: Welcome to the KaaIoT building management system\n show: true\n subheader: Please log in to continue.\n terms:\n - link: 'https://www.kaaiot.io/terms-of-use'\n name: Terms of Use.\n - link: 'https://www.kaaiot.io/privacy-policy'\n name: Privacy Policy.\n - link: 'https://www.kaaiot.io/cookies-policy'\n name: Cookies Policy.\n"  
keycloak.enabled string "" Enables API security using the auth provider. Overrides global.keycloak.enabled.
license.secretName string "" Name of the license secret, which must contain two base64-encoded fields: file (license file contents in PKCS #12) and password.
metadata.component string "frontend"  
metadata.partOf string "kaa"  
nameOverride string ""  
nats.auth.enabled bool false  
nats.enabled bool true Enables NATS dependency. For detailed info refer https://github.com/helm/charts/tree/master/stable/nats.
nats.url string "nats://-nats-client:4222" NATS URL.
nats.urlOverride string "" NATS URL. Overrides global.nats.url and nats.url.
nodeSelector object {}  
probes.enabled bool true Enables liveness, readiness, and startup probes for containers.
probes.liveness.initialDelaySeconds int 30  
probes.liveness.periodSeconds int 3  
probes.readiness.initialDelaySeconds int 15  
probes.readiness.periodSeconds int 1  
replicaCount int 1 The number of service instance replicas to run.
resources object {}  
securityContext object {}  
service.externalIPs list []  
service.loadBalancerIP string ""  
service.port int 80  
service.type string "ClusterIP"  
tekton.enabled string "false" Enables Tekton integration. When disabled, the service will expect Kaa application configs to be defined in config.
tekton.url string "http://-tekton" Tekton URL.
tekton.urlOverride string "" Tekton URL. Overrides global.tekton.url and tekton.url.
tolerations list []  
updateStrategy.type string "RollingUpdate" Deployment update strategy.
waitContainers.enabled bool true Wait for dependency services.
waitContainers.timeout int 300 Wait timeout for dependency services in seconds.

The keys with no description are standard Kubernetes values. Refer to the official Kubernetes documentation for more information on these.

Environment variables

The table below summarizes the variables supported by the WD Docker image and provides default values along with descriptions.

Variable name Default value Description
INSTANCE_NAME wd Service instance name.
KAA_SECURITY_ENABLED “true” or “false” Enable / disable security
KAA_SECURITY_REALM realm Keycloak realm. Required if security is enabled
KAA_SECURITY_BASE_URL https://keycloak Keycloak base url. Required if security is enabled
KAA_LICENSE_CERT_PATH /run/license/license.p12 Path to the Kaa platform license certificate file in PKCS #12 format.
KAA_LICENSE_CERT_PASSWORD   License certificate password. Required.
OAUTH2_CLIENT_ID   Keycloak client ID. Required.
OAUTH2_AUDIENCE   Keycloak audience. Required.
SOLUTION_CONFIG_SOURCE SERVICE_CONFIG Solution configurations source. Possible values: SERVICE_CONFIG - solution configs are provided along the service configs; CONFIG_SERVICE - solution configs must be retrieved from Config service.
CONFIG_SERVICE_BASE_URL http://tekton Config service base URL.
CONFIG_SERVICE_INSTANCE_NAME tekton Config service instance name.
NATS_URLS nats://nats:4222 Comma separated list of NATS URLs.
KAA_REDIS_URL   Redis connection url e.g. redis://localhost:6379
KAA_SESSION_SECRET   Session secret key
KAA_GA_ID   Google analytics tracking ID
KAA_HOTJAR_ID   Hotjar analytics tracking ID
KAA_HOTJAR_SNIPPET_VERSION   Hotjar analytics tracking snippet version
KAA_SUPPORT_CHART_URL   URL for live chat application to embed
KAA_HTTP_TRANSPORT_BASE_URL   HTTP transport url
KAA_HTTPS_TRANSPORT_BASE_URL   HTTPS transport url
KAA_PLAIN_MQTT_BASE_URL   MQTT transport url
KAA_MQTT_TLS_BASE_URL   MQTTS transport url
KAA_MQTT_WS_BASE_URL   Websocket transport url
KAA_MQTT_WSS_BASE_URL   Websocket TLS transport url