We are excited to announce the release of the official Helm chart for Mender 2.5.
Prerequisites
- Kubernetes 1.12+
- Helm 2.11+ or Helm 3.0-beta3+
The version of helm
used in this tutorial is 3. If you are using helm
version 2, please adapt the helm install
commands accordingly.
Installing the dependencies
Before proceeding with the installation of Mender, we need to install its dependencies if not already available outside of your Kubernetes cluster. Mender uses a MongoDB server as primary storage engine, and S3 or, optionally, a MINIO server to store the artifacts.
MongoDB
You can install MongoDB using the bitnami Helm chart:
$ helm repo add bitnami https://charts.bitnami.com/bitnami
$ helm repo update
$ helm install mongodb --set "auth.enabled=false" bitnami/mongodb
MINIO
You can install MINIO using the official Helm chart:
$ helm repo add minio https://helm.min.io/
$ helm repo update
$ helm install minio minio/minio --version 6.0.5 --set "accessKey=myaccesskey,secretKey=mysecretkey"
Replace myaccesskey
and mysecretkey
with two randomly generated strings, and take note of them as you'll have to enter them in the values.yaml
file we'll use when installing the Mender chart.
Verify the services
You can now verify the MongoDB and MINIO installations:
$ helm list
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
minio default 1 2020-09-28 15:50:47.184129 +0200 CEST deployed minio-6.0.5 master
mongodb default 1 2020-09-28 15:50:37.711659 +0200 CEST deployed mongodb-9.2.1 4.4.1
Please, also verify the two corresponding pods are up and running:
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
minio-5896b4f56f-26sgq 1/1 Running 0 76s
mongodb-688b7bdb9d-47dk6 1/1 Running 0 86s
Generating the HTTPS certificate and the private keys
Before installing Mender, we need to generate the certificate used by the API gateway to terminate the HTTPS traffic, as well as the private keys used by the device-auth
, tenantadm
(enterprise-only) and useradm
services.
If you don't have ready-to-use HTTPS certificate and Diffie-Hellman parameters, you can generate your dhparam.pem
, certificate.crt
and private.key
for api-gareway
using openssl
:
$ openssl dhparam -out dhparam.pem 2048
$ openssl req -x509 -sha256 -nodes -days 3650 -newkey ec:<(openssl ecparam -name prime256v1) -keyout private.key -out certificate.crt -subj /CN="your.host.name"
You can generate the RSA private keys for device-auth
, tenantadm
(enterprise-only) and useradm
using openssl
:
$ for key in device-auth tenantadm useradm; do \
openssl genpkey -algorithm RSA -out ${key}.key -pkeyopt rsa_keygen_bits:3072; \
openssl rsa -in ${key}.key -out ${key}_converted.key; \
mv ${key}_converted.key ${key}.key; \
done
Installing the Chart
We are now ready to proceed with the installation of the Mender server.
The chart is available in our official Helm repository, which you can add running the following commands:
$ helm repo add mender https://charts.mender.io
"mender" has been added to your repositories
$ helm repo update
Hang tight while we grab the latest from your chart repositories...
...
...Successfully got an update from the "mender" chart repository
...
Update Complete. ⎈ Happy Helming!⎈
To install the Enterprise version of the Mender server, create the values.yaml
file containing the credentials to access our private Docker registry registry.mender.io
, the X509 certificate and the private keys generated before.
Remember also to replace the values for MongoDB and S3 based on your setup.
global:
image:
username: <your_user>
password: <your_password>
mongodb:
URL: mongodb://mongodb
s3:
AWS_URI: http://minio:9000
AWS_BUCKET: mender-artifacts
AWS_ACCESS_KEY_ID: myaccesskey
AWS_SECRET_ACCESS_KEY: mysecretkey
api_gateway:
certs:
dhparam: |- LS0... cert: |- -----BEGIN CERTIFICATE----- MIIFcjCCBFq... -----END RSA PRIVATE KEY----- key: |- -----BEGIN PRIVATE KEY----- MIIEvgIBADA... -----END RSA PRIVATE KEY-----
device_auth:
certs:
key: |- -----BEGIN RSA PRIVATE KEY----- MIIEvgIBADA... -----END RSA PRIVATE KEY-----
tenantadm:
certs:
key: |- -----BEGIN RSA PRIVATE KEY----- MIIEvgIBADA... -----END RSA PRIVATE KEY-----
useradm:
certs:
key: |- -----BEGIN RSA PRIVATE KEY----- MIIEvgIBADA... -----END RSA PRIVATE KEY-----
If you are installing the Open Source version of Mender, create the values.yaml
file as follows:
lobal:
enterprise: false
multitenancy: false
mongodb:
URL: mongodb://mongodb
s3:
AWS_URI: http://minio:9000
AWS_BUCKET: mender-artifacts
AWS_ACCESS_KEY_ID: myaccesskey
AWS_SECRET_ACCESS_KEY: mysecretkey
api_gateway:
certs:
dhparam: |- LS0... cert: |- -----BEGIN CERTIFICATE----- MIIFcjCCBFq... -----END RSA PRIVATE KEY----- key: |- -----BEGIN PRIVATE KEY----- MIIEvgIBADA... -----END RSA PRIVATE KEY-----
deployments:
image:
registry: docker.io
repository: mendersoftware/deployments
device_auth:
certs:
key: |- -----BEGIN RSA PRIVATE KEY----- MIIEvgIBADA... -----END RSA PRIVATE KEY-----
inventory:
image:
registry: docker.io
repository: mendersoftware/inventory
useradm:
image:
registry: docker.io
repository: mendersoftware/useradm
certs:
key: |- -----BEGIN RSA PRIVATE KEY----- MIIEvgIBADA... -----END RSA PRIVATE KEY-----
workflows:
image:
registry: docker.io
repository: mendersoftware/workflows
Please refer to the complete list of parameters for further customization and configuration.
Proceed now with the installation of the Helm chart, running:
$ helm install mender mender/mender -f values.yaml
NAME: mender
LAST DEPLOYED: Mon Sep 28 16:10:36 2020
NAMESPACE: default
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
Mender v2.5.0 has been deployed!
Thank you for using Mender.
Release name: mender
Verify the Helm chart installation completed successfully:
$ helm list
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
mender default 1 2020-09-28 16:10:36.76924 +0200 CEST deployed mender-2.5.0 2.5.0
...
Please, also verify the list of running pods:
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
api-gateway-dc89c448d-6zhqq 1/1 Running 0 36s
create-artifact-worker-755dc87f68-b9xkh 1/1 Running 0 36s
deployments-754c5cbb98-w2n9l 1/1 Running 0 36s
device-auth-7857d5c4ff-v7tp2 1/1 Running 0 36s
gui-6c6858fb8f-qkqdt 1/1 Running 0 36s
inventory-54fc8ccdb-mwdpn 1/1 Running 0 36s
minio-5896b4f56f-26sgq 1/1 Running 0 20m
mongodb-688b7bdb9d-47dk6 1/1 Running 0 20m
useradm-5fb9d766f5-cp8ph 1/1 Running 0 36s
workflows-server-7846bb9498-7ktqj 1/1 Running 0 36s
workflows-worker-5777b6cc7d-smhlw 1/1 Running 0 36s
Create a tenant and a user from the command line
Enterprise version
You can create a tenant from the command line of the tenantadm
pod; the value printed is the newly generated tenant ID:
$ tenantadm create-org --name demo --username "admin@mender.io" --password "adminadmin" --plan enterprise
5dcd71624143b30050e63bed
You can create additional users from the command line of the useradm
pod:
$ useradm create-user --username "demo@mender.io" --password "demodemo" --tenant-id "5dcd71624143b30050e63bed"
187b8101-4431-500f-88da-54709f51f2e6
Open Source version
If you are running the Open Source version of Mender, you don't have the tenantadm
service running. You can create users directly in the useradm
pod:
$ useradm create-user --username "demo@mender.io" --password "demodemo"
187b8101-4431-500f-88da-54709f51f2e6
Test the service through the GUI
You can access the Mender UI port-forwarding the mender-api-gateway
Kubernetes service as follows:
$ kubectl port-forward service/mender-api-gateway 443:443
Open your browser and point it to the Mender UI.
Links
- Complete list of parameters
- Mender Helm chart source repository
Recent articles
Challenges in complying with the EU Cyber Resilience Act (CRA)
An overview of EU Cyber Resilience Act (CRA) compliance
The scope of EU Cyber Resilience Act (CRA) compliance
Learn why leading companies choose Mender
Discover how Mender empowers both you and your customers with secure and reliable over-the-air updates for IoT devices. Focus on your product, and benefit from specialized OTA expertise and best practices.