VPC Deployment Installation

Install Validio on customer VPC.

The Validio application is distributed as a Helm chart. The Helm chart is installable on managed Kubernetes clusters.

Validio is available for the following cloud providers:

  • Google Cloud Platform (GCP): GKE.
  • Amazon Web Services (AWS): EKS.
  • Microsoft Azure: AKS.

Prerequisites

📘

Note

Installing Validio on Customer VPC requires knowledge of:

  • Kubernetes: how to install, configure, and monitor resources on AWS, GCP or Azure.
  • Helm: how to install and configure helm charts on Kubernetes.

1. Access to docker images using a JSON file provided by Validio. For more information,contact us.

2. Configure a Kubernetes cluster on GCP, AWS or Azure. Considering the following:

  1. All nodes must be in the same AWS availability zone, GCP zone or Azure zone.
  2. Persistent volume provisioning enabled, to create Kubernetes PVC resources.
  3. We also recommended a configured load balance or ingress controller, such as:
    1. GCP Ingress Controller
    2. AWS Load Balancer Controller
    3. AKS Application routing add-on

3. Install the following:


Installation

Complete the following steps to install your VOC deployment. Also, you can refer to VPC Deployment Examples.

1. Create namespace

Create the namespace you want to use for your configuration. In our examples, we use validio.

kubectl create namespace validio

2. Add the docker-registry secret

Create a Kubernetes Secret to pull the docker images required by the helm chart. This requires the JSON file provided by Validio.

First, set the VALIDIO_SECRET environment variable to point to your JSON file:

export VALIDIO_SECRET=/home/user/Downloads/validio-secret.json

Then, add the Kubernetes Secret:

kubectl -n validio create secret docker-registry artifact-registry --docker-server=https://europe-docker.pkg.dev --docker-username=_json_key --docker-password="$(cat ${VALIDIO_SECRET})" 

3. Install the helm chart

📘

The helm chart installation requires the validio-values.yaml file. For details, refer to configuration and examples.

helm install validio oci://europe-docker.pkg.dev/validio-platform-prod/charts/validio --version [your-validio-version] --namespace validio --values validio-values.yaml

4. Configure the validio-values.yaml file

The Helm chart supports the following keys in the validio-values.yaml file:

KeyDefault valueDescription
meilisearch.resources.*nilResources for Meilisearch service. Suggested values: memory 1000Mi, cpu 200m.
meilisearch.storage.capacitynilStorage capacity for Meilisearch service. Suggested value: 10Gi
meilisearch.storage.classnilStorage class for Meilisearch service. For example, premium-rwo for GCP and gp2 for AWS. Leave empty to use cloud provider default.
otel-collector.config.customernilName of Customer, decide this value together with Validio
otel-collector.env.http_proxynilSet proxy forHTTP requests
otel-collector.env.https_proxynilSet proxy forHTTPS requests
postgres.resources.*nilResources for Postgres service . Suggested values: memory 4Gi and cpu 1000m.
postgres.storage.capacitynilStorage capacity for Postgres service. Suggested value: 50Gi.
postgres.storage.classnilStorage class for Postgres service. For example, premium-rwo for GCP and gp2 for AWS. Leave empty to use cloud provider default.
redis.resources.*nilResources for Postgres service. Suggested values: memory 500Mi and cpu 200m.
redis.storage.capacitynilStorage capacity for Redis service. Suggested values: 20Gi.
redis.storage.classnilStorage class for Redis service. For example, premium-rwo for GCP and gp2 for AWS. Leave empty to use cloud provider default.
seastar.env.http_proxynilSet proxy forHTTP requests, will be used by Sentry
seastar.env.https_proxynilSet proxy forHTTPS requests, will be used by Sentry
seastar.probes.*nilControl the Kubernetes Readiness and Liveness probes.
seastar.resources.*nilResources for Seastar service . Suggested values: memory 1000Mi, cpu 200m.
surface.env.http_proxynilSet proxy forHTTP requests, will be used by Sentry
surface.env.https_proxynilSet proxy forHTTPS requests, will be used by Sentry
surface.ingress.enabledfalseSet to true to enable Kubernetes ingress. Note: This requires an ingress controller and that all ingress parameters are set accordingly.
surface.ingress.hostnilThe ingress hostname. Note: You must also set a DNS name.
surface.ingress.path/Set the ingress path.
surface.ingress.pathTypePrefixSet the Ingress path type.
surface.ingress.annotationsnilSet the ingress annotations.
surface.ingress.managedCertfalseCreate a ManagedCertificate resource for the ingress. Note: For GCP only.
surface.ingress.tls.enablefalseEnable Ingress TLS, required for use in Azure with cert-manager
surface.probes.*nilControl the Kubernetes Readiness and Liveness probes.
surface.resources.*nilResources for Surface service. Suggested values: memory 1000Mi, cpu 200m.
tags.metricsnilSet to true to enable metrics collection using OpenTelemetry Collector
ve.diver.certificate.enabledfalseSet to true to enable custom self signed certificates for outbound communication
ve.diver.certificate.contentnilSelf-signed certificate content, including header and footer.
ve.diver.env.http_proxynilSet proxy for HTTP requests when sending notifications to Slack, Microsoft Teams, and Webhook.
ve.diver.env.https_proxynilSet proxy for HTTPS requests when sending notifications to Slack, Microsoft Teams, and Webhook.
ve.diver.probes.*nilControl the Kubernetes Readiness and Liveness probes.
ve.diver.resources.*nilResources for Diver service. Suggested values: memory 500Mi, cpu 200m.
ve.ingress.probes.*nilControl the Kubernetes Readiness and Liveness probes.
ve.ingress.resources.*nilResources for Ingress service. Suggested vlaues: memory 1000Mi, cpu 500m. Note: This is not a Kubernetes ingress parameter.
ve.ingress.cache.size1GiLocal disk cache for Ingress service. Will be allocated on the host where the pod runs.
ve.pipelines.probes.*nilControl the Kubernetes Readiness and Liveness probes.
ve.pipelines.resources.*nilResources for Pipelines service. Suggested values: memory 2Gi, cpu 1000m.
ve.pipelines.cache.size1GiLocal disk cache for Pipelines service. Will be allocated on the host where the pod runs.

If the default value is false or true, the value type is bool. For all others, the value type is String.

All <service>.resources.* keys supports both CPU and Memory resources, specified only as <service>.resource.*.

Available keys for each service:

<service>:
  resources:
    limits:
      cpu: <value>
      memory: <value>
    requests:
      cpu: <value>
      memory: <value>
📘

Note

The following are memory and CPU recommendations:

  • Set a limit for memory use with <service>.resources.limits.memory.
  • Only set requests for CPU resources with <service>.resources.requests.cpu.

For more information, refer to Kubernetes resources documentation.

If you have special requirements for Kuberneres pod placements, like using affinity, tolerations or nodeSelector that is possible on all our services. Here is an example of how it would be done:

<service>:
  nodeSelector:
    <label>: "<value>"
  tolerations:
    - key: <key>
      operator: Equal
      value: "<value>"
      effect: NoSchedule

Most services also supports controlling the Kubernetes Liveness and Readiness probes. They are specified above in the table as <service>.probes.*. Available keys are listed below, note that they are enabled by default and the commented values are the default values, so no need to make any changes if you are happy with the default values.

<service>:
  probes:
    liveness:
      enabled: true
      # failureThreshold: 3
      # initialDelaySeconds: 0
      # periodSeconds: 10
      # successThreshold: 1
      # terminationGracePeriodSeconds: 30
      # timeoutSeconds: 1
    readiness:
      enabled: true
      # failureThreshold: 3
      # initialDelaySeconds: 0
      # periodSeconds: 10
      # successThreshold: 1
      # terminationGracePeriodSeconds: 30
      # timeoutSeconds: 1

Sign in to the Validio platform

The first time you sign in to the Validio platform, you must use the admin credentials created in the Kubernetes Secret.

🚧

Caution

Do not change or update anything in the Kubernetes Secret. You can change the password in the Validio platform.

kubectl -n validio get secrets validio-postgres -o=jsonpath='{.data.validio_app_auth_password}' | base64 -d ; echo

Access your Validio platform:

In your browser, navigate to the hostname specified in the surface.ingress.host key. For example, https://validio.example.com/

If you did not configure an ingress, use port-forward to forward the Validio platform to your localhost:

kubectl -n validio port-forward svc/validio-surface 8889

Then, you can find it on http://localhost:8889/