Keptn Homepage

Home / Docs / Release 0.6.2 / Reference / Keptn Quality Gates Installation using manifests (experimental)

Keptn Quality Gates Installation using manifests (experimental)

The following installation instructions provide a way to manually install Keptn Quality Gates without any installer job. Furthermore, no NGINX will be installed using these instructions.

Following these manual installation instructions is not the recommended way to install Keptn. But in case you cannot use the prepared installer because you e.g. need to exactly control what is installed in your Kubernetes cluster, the instructions can be used.

WARNING:

  • These instructions are experimental.
  • No upgrade script or instructions are provided for a manual installation of Keptn.
  • The keptn CLI command keptn configure bridge will not work with this setup.

Prerequisites

Setup Keptn Quality Gates

  1. Select the Keptn version 0.6.2:

    export KEPTNVERSION=0.6.2

  2. Apply the Keptn namespace:

    kubectl apply -f https://raw.githubusercontent.com/keptn/keptn/$KEPTNVERSION/installer/manifests/keptn/namespace.yaml

  3. Apply NATS resources:

    kubectl apply -f https://raw.githubusercontent.com/keptn/keptn/$KEPTNVERSION/installer/manifests/nats/nats-operator-prereqs.yaml
kubectl apply -f https://raw.githubusercontent.com/keptn/keptn/$KEPTNVERSION/installer/manifests/nats/nats-operator-deploy.yaml

    Please give the nats operator a few seconds to start, before applying the next manifests:

    kubectl apply -f https://raw.githubusercontent.com/keptn/keptn/$KEPTNVERSION/installer/manifests/nats/nats-cluster.yaml
kubectl apply -f https://raw.githubusercontent.com/keptn/keptn/$KEPTNVERSION/installer/manifests/keptn/rbac.yaml

  4. Install the Keptn Datastore:

    kubectl apply -f https://raw.githubusercontent.com/keptn/keptn/$KEPTNVERSION/installer/manifests/logging/namespace.yaml
kubectl apply -f https://raw.githubusercontent.com/keptn/keptn/$KEPTNVERSION/installer/manifests/logging/mongodb/pvc.yaml
kubectl apply -f https://raw.githubusercontent.com/keptn/keptn/$KEPTNVERSION/installer/manifests/logging/mongodb/deployment.yaml
kubectl apply -f https://raw.githubusercontent.com/keptn/keptn/$KEPTNVERSION/installer/manifests/logging/mongodb/svc.yaml
kubectl apply -f https://raw.githubusercontent.com/keptn/keptn/$KEPTNVERSION/installer/manifests/logging/mongodb-datastore/k8s/mongodb-datastore.yaml
kubectl apply -f https://raw.githubusercontent.com/keptn/keptn/$KEPTNVERSION/installer/manifests/logging/mongodb-datastore/mongodb-datastore-distributor.yaml

  5. Create a Keptn API-token, as explained here.

  6. Install the Keptn Core:

    kubectl apply -f https://raw.githubusercontent.com/keptn/keptn/$KEPTNVERSION/installer/manifests/keptn/core.yaml
kubectl apply -f https://raw.githubusercontent.com/keptn/keptn/$KEPTNVERSION/installer/manifests/keptn/keptn-domain-configmap.yaml

  7. Install Keptn API Gateway NGINX (Note: this has nothing to do with an ingress gateway):

    kubectl apply -f https://raw.githubusercontent.com/keptn/keptn/$KEPTNVERSION/installer/manifests/keptn/api-gateway-nginx.yaml

  8. Install Keptn Quality Gates (Control Plane):

    kubectl apply -f https://raw.githubusercontent.com/keptn/keptn/$KEPTNVERSION/installer/manifests/keptn/quality-gates.yaml

Summary of applied images

By following the DockerHub link, you will find the built image on DockerHub. The referenced Dockerfile shows how the image was built.

Access the Keptn API

In order to access the Keptn API, you can use a LoadBalancer (if provided by your cloud platform), NodePort (if the Kubernetes nodes have appropriate firewall/forwarding rules), an Ingress Object (if you have an ingress controller installed), or as a last resort a Port-forward:

Using Kubernetes service-type LoadBalancer

Expose the Keptn API via a LoadBalancer by patching the service api-gateway-nginx:

  kubectl patch svc api-gateway-nginx -n keptn -p '{"spec": {"type": "LoadBalancer"}}'

Please allow your cloud-provider a couple of seconds (up to 5 minutes) to assign you an IP address. Watch the process using

  kubectl get svc api-gateway-nginx -n keptn -w

Query the IP:

  export KEPTN_ENDPOINT=http://$(kubectl get svc api-gateway-nginx -n keptn -ojsonpath='{.status.loadBalancer.ingress[0].ip}')

or the hostname (for EKS)

  export KEPTN_ENDPOINT=http://$(kubectl get svc api-gateway-nginx -n keptn -ojsonpath='{.status.loadBalancer.ingress[0].hostname}')

Using Kubernetes service-type NodePort

Please note: For this to work, you either need to be on the same Network as your Kubernetes VM (e.g., when using K3s, Minikube, …), or in some cases (e.g., GKE) you have to set up certain firewall rules (which is beyond this documentation).

Expose the Keptn API on the node by patching the service api-gateway-nginx:

  kubectl patch svc api-gateway-nginx -n keptn -p '{"spec": {"type": "NodePort"}}'

Get the Port of api-gateway-nginx:

  API_PORT=$(kubectl get svc api-gateway-nginx -n keptn -o jsonpath='{.spec.ports[?(@.name=="http")].nodePort}')

Get the internal and external ip of current kubernetes node

  EXTERNAL_NODE_IP=$(kubectl get nodes -o jsonpath='{ $.items[0].status.addresses[?(@.type=="ExternalIP")].address }')
  INTERNAL_NODE_IP=$(kubectl get nodes -o jsonpath='{ $.items[0].status.addresses[?(@.type=="InternalIP")].address }')

Define Keptn API Endpoint (either via the internal or external IP; try both if unsure):

  # either
  export KEPTN_ENDPOINT=http://${INTERNAL_NODE_IP}:${API_PORT}/
  # or
  export KEPTN_ENDPOINT=http://${EXTERNAL_NODE_IP}:${API_PORT}/

Using a Kubernetes ingress object

Please note: The description here is very generic. Please refer to the official docs about ingress controllers for more details.

Here is a quick list of Ingress controllers that should work:

  • istio
  • nginx-ingress
  • traefik
  • cloud-provider specific ingress controllers

Ensure you have an ingress-controller has an IP address (e.g., 5.6.7.8) or domain that you can reach.

Configure the api-gateway-nginx service to use ClusterIP (NodePort and LoadBalancer might work, but that’s not the goal here):

  kubectl patch svc api-gateway-nginx -n keptn -p '{"spec": {"type": "ClusterIP"}}'

Create an ingress object for api-gateway-nginx, which might look similar to this (replace api-keptn.5-6-7-8.nip.io with your desired hostname and INSERT_INGRESS_CLASS_HERE with the ingress class you are using):

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: INSERT_INGRESS_CLASS_HERE
  name: your-api-keptn-ingress
  namespace: keptn
spec:
  rules:
  - host: api-keptn.5-6-7-8.nip.io
    http:
      paths:
      - backend:
          serviceName: api-gateway-nginx
          servicePort: 80
  - host: api.keptn
    http:
      paths:
      - backend:
          serviceName: api-gateway-nginx
          servicePort: 80

Note: The section with host: api.keptn is crucial and needs to be included for the keptn CLI 0.6.2 and before!

To verify that creating an ingress object works, execute

  kubectl describe ingress -n keptn

The output should look like this:

Name:             your-api-keptn-ingress
Namespace:        keptn
Address:          5.6.7.8
Default backend:  default-http-backend:80 (10.16.0.8:8080)
TLS:
  keptn-api-tls terminates *.5-6-7-8.nip.io
Rules:
  Host                           Path  Backends
  ----                           ----  --------
  api-keptn.5-6-7-8.nip.io  
                                    api-gateway-nginx:80 (10.16.0.27:80)
  api.keptn                      
                                    api-gateway-nginx:80 (10.16.0.27:80)

Verify that you can access the API in your Browser, e.g., by going to http://api-keptn.5-6-7-8.nip.io/swagger-ui/ or if you enabled SSL/TLS even https://api-keptn.5-6-7-8.nip.io/swagger-ui/.

Finally, store the hostname you used in the manifest:

  export KEPTN_ENDPOINT=http://api-keptn.5-6-7-8.nip.io/

Using OpenShift 3.11 built-in routes

OpenShift 3.11 ships built-in routing functionality, which allows exposing the API using

  oc create route edge api --service=api-gateway-nginx --port=http --insecure-policy='None' -n keptn
  oc create route edge api.keptn --service=api-gateway-nginx --port=http --insecure-policy='None' -n keptn --hostname=api.keptn

Note: The second route with api.keptn as a hostname is necessary for Keptn 0.6.x CLI to work.

You can then get the hostname by inspecting the route using

  oc get route -n keptn

which should look like this:

  NAME        HOST/PORT                         PATH      SERVICES            PORT      TERMINATION   WILDCARD
  api         api-keptn.1.2.3.4.nip.io                    api-gateway-nginx   http      edge/None     None
  api.keptn   api.keptn                                   api-gateway-nginx   http      edge/None     None

Set the hostname using

  KEPTN_ENDPOINT=https://$(oc get route -n keptn api -ojsonpath='{.status.ingress[0].host}')

Using a Port-forward

Make a port-forward with:

  kubectl port-forward svc/api-gateway-nginx -n keptn 8080:80

  export KEPTN_ENDPOINT=http://localhost:8080

Use the Keptn CLI

  1. Follow the Keptn CLI install instructions.

    Important: The Keptn CLI in version 0.6.2 or above is required.

  2. Authenticate your CLI

./keptn auth --endpoint=$KEPTN_ENDPOINT --api-token=$KEPTN_API_TOKEN --scheme=http

Please note: Always add the flag --scheme=http to all CLI commands. Otherwise, the CLI uses https which is not configured in this installation.

Please note: The WebSocket communications cannot be used when the API is exposed via a Port-forward. Hence, please add --suppress-websocket to all CLI commands.

Setup Quality Gates for your existing services

Now, you are able to continue with the use case as described here.

Keptn Bridge

Keptn on MicroK8s (experimental)

Built with  Heart  by Dynatrace