Helm chart (Kubernetes) - Online

Introduction

This document aims to explain how to install Exastro Platform and/or Exastro IT Automation on Kubernetes.

Features

This method allows the user to install Exastro IT Automation with the highest level of availability and service.

For a more simple installation for testing and temporary usage, we recommend the Docker Compose version.

Prerequisites

• Client requirements

  The following describes confirmed compatible client application as well as their versions.

  Table 1 Client requirements

  Application	Version
  Helm	v3.9.x
  kubectl	1.23

• Deploy environment

  The following describes confirmed compatible operation systems as well as their versions.

  Table 2 Hardware requirements (minimum requirements)

  Resource type	Required resource
  CPU	2 Cores (3.0 GHz, x86_64)
  Memory	4GB
  Storage (Container image size)	10GB
  Kubernetes (Container image size)	1.23 or later

  Table 3 Hardware requirements (Recommended requirements)

  Resource type	Required resource
  CPU	4 Cores (3.0 GHz, x86_64)
  Memory	16GB
  Storage (Container image size)	120GB
  Kubernetes (Container image size)	1.23 or later

  Warning

  The required resources for the minimum configuration are for Exastro IT Automation’s core functions. Additional resources will be required if you are planning to deploy external systems, such as GitLab and Ansible Automation Platform.

  Users will have to prepare an additional storage area if they wish to persist databases or files.

  The storage space is only an estimate and varies based on the user’s needs. Make sure to take that into account when securing storage space.

• Communication Protocols

  • The client must be able to access the deploying container environment.

  • The user will need 2 ports. One for the Platform administrator and one for normal users.

  • The user must be able to connect to Docker Hub in order to acquire the container image from the container environment.

• External components

  • MariaDB or MySQL server

  • Must be able to create Gitlab accounts and repositories.

  Warning

  If the user is construcing the GitLab environment on the same cluster, the GitLab’s minimum system requirements changes in order to support the additional load.

  If the user is construcing the Database environment on the same cluster, the Database’s minimum system requirements changes in order to support the additional load.

Preparation

Register Helm repository

The Exastro system is constructed by the following 2 applications.

All the Exastro tools exists on the same Helm repository.

• Shared Platform (Exastro Platform)

• Exastro IT Automation

Repository
https://exastro-suite.github.io/exastro-helm/

Listing 1 Cmmand

# Register Exastro system's Helm repository.
helm repo add exastro https://exastro-suite.github.io/exastro-helm/ --namespace exastro
# Update repository information
helm repo update

Fetch default setting values

The following command outputs the values.yaml default values. This makes it easier to manage the input parameters.

Listing 2 Command

helm show values exastro/exastro > exastro.yaml

exastro.yaml

Listing 3 exastro.yaml

# Default values for Exastro.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
global:
  itaGlobalDefinition:
    config:
      DEFAULT_LANGUAGE: "ja"
      LANGUAGE: "en"
      TZ: "Asia/Tokyo"
    secret:
      ENCRYPT_KEY: ""
    persistence:
      enabled: true
      accessMode: ReadWriteMany
      size: 10Gi
      volumeType: hostPath # e.g.) hostPath or AKS
      storageClass: "-" # e.g.) azurefile or - (None)
      # matchLabels:
      #   release: "stable"
      # matchExpressions:
      #   - {key: environment, operator: In, values: [dev]}
  itaDatabaseDefinition:
    config:
      DB_VENDOR: "mariadb"
      DB_HOST: "mariadb"
      DB_PORT: "3306"
      DB_DATABASE: "ITA_DB"
    secret:
      DB_ADMIN_USER: "root"
      DB_ADMIN_PASSWORD: "Ch@ngeMeDBAdm"
      DB_USER: "ITA_USER"
      DB_PASSWORD: "Ch@ngeMeITADB"
  pfGlobalDefinition:
    config:
      DEFAULT_LANGUAGE: "ja"
      LANGUAGE: "en"
      TZ: "Asia/Tokyo"
    secret:
      ENCRYPT_KEY: ""
  pfAuditLogDefinition:
    name: pf-auditlog
    persistence:
      enabled: false
      reinstall: false
      accessMode: ReadWriteMany
      size: 10Gi
      volumeType: hostPath # e.g.) hostPath or AKS
      storageClass: "-" # e.g.) azurefile or - (None)
      # matchLabels:
      #   release: "stable"
      # matchExpressions:
      #   - {key: environment, operator: In, values: [dev]}
  pfDatabaseDefinition:
    config:
      DB_VENDOR: "mariadb"
      DB_HOST: "mariadb"
      DB_PORT: "3306"
      DB_DATABASE: "platform"
    secret:
      DB_ADMIN_USER: "root"
      DB_ADMIN_PASSWORD: "Ch@ngeMeDBAdm"
      DB_USER: "pf-user"
      DB_PASSWORD: "Ch@ngeMePFDB"
  keycloakDefinition:
    secret:
      SYSTEM_ADMIN: "admin"
      SYSTEM_ADMIN_PASSWORD: "Ch@ngeMeKCAdm"
      KEYCLOAK_DB_USER: "keycloak"
      KEYCLOAK_DB_PASSWORD: "Ch@ngeMeKCADB"
  gitlabDefinition:
    config:
      GITLAB_PROTOCOL: "http"
      GITLAB_HOST: "" # "gitlab" if use container.
      GITLAB_PORT: "8080"
    secret:
      GITLAB_ROOT_PASSWORD: "Ch@ngeMeGL"
      GITLAB_ROOT_TOKEN: "change-this-token"
  mongoDefinition:
    config:
      MONGO_PROTOCOL: "http"
      MONGO_HOST: "mongo" # "mongo" if use container.
      MONGO_PORT: "27017"
    secret:
      MONGO_ADMIN_USER: "admin"
      MONGO_ADMIN_PASSWORD: "Ch@ngeMeMGAdm"

exastro-it-automation:
  ita-api-admin:
    replicaCount: 1
    image:
      repository: "docker.io/exastro/exastro-it-automation-api-admin"
      tag: ""
      pullPolicy: IfNotPresent
    extraEnv:
      PLATFORM_API_HOST: "platform-api"
      PLATFORM_API_PORT: "8000"

  ita-api-organization:
    replicaCount: 1
    image:
      repository: "docker.io/exastro/exastro-it-automation-api-organization"
      tag: ""
      pullPolicy: IfNotPresent
    extraEnv:
      PLATFORM_API_HOST: "platform-api"
      PLATFORM_API_PORT: "8000"

  ita-api-oase-receiver:
    replicaCount: 1
    image:
      repository: "docker.io/exastro/exastro-it-automation-api-oase-receiver"
      tag: ""
      pullPolicy: IfNotPresent
    extraEnv:
      LISTEN_PORT: "8000"
      PLATFORM_API_HOST: "platform-api"
      PLATFORM_API_PORT: "8000"

  ita-api-ansible-execution-receiver:
    replicaCount: 1
    image:
      repository: "docker.io/exastro/exastro-it-automation-api-ansible-execution-receiver"
      tag: ""
      pullPolicy: IfNotPresent
    extraEnv:
      LISTEN_PORT: "8000"
      PLATFORM_API_HOST: "platform-api"
      PLATFORM_API_PORT: "8000"

  ita-by-ansible-execute:
    replicaCount: 1
    image:
      repository: "docker.io/exastro/exastro-it-automation-by-ansible-execute"
      tag: ""
      pullPolicy: IfNotPresent
    extraEnv:
      EXECUTE_INTERVAL: "3"
      ANSIBLE_AGENT_IMAGE: "docker.io/exastro/exastro-it-automation-by-ansible-agent"
      ANSIBLE_AGENT_IMAGE_TAG: ""
      PLATFORM_API_HOST: "platform-api"
      PLATFORM_API_PORT: "8000"
    serviceAccount:
      create: false
      name: "ita-by-ansible-execute-sa"

  ita-by-ansible-legacy-role-vars-listup:
    replicaCount: 1
    extraEnv:
      EXECUTE_INTERVAL: "10"
      PLATFORM_API_HOST: "platform-api"
      PLATFORM_API_PORT: "8000"
    image:
      repository: "docker.io/exastro/exastro-it-automation-by-ansible-legacy-role-vars-listup"
      tag: ""
      pullPolicy: IfNotPresent

  ita-by-ansible-legacy-vars-listup:
    replicaCount: 1
    extraEnv:
      EXECUTE_INTERVAL: "10"
      PLATFORM_API_HOST: "platform-api"
      PLATFORM_API_PORT: "8000"
    image:
      repository: "docker.io/exastro/exastro-it-automation-by-ansible-legacy-vars-listup"
      tag: ""
      pullPolicy: IfNotPresent

  ita-by-ansible-pioneer-vars-listup:
    replicaCount: 1
    extraEnv:
      EXECUTE_INTERVAL: "10"
      PLATFORM_API_HOST: "platform-api"
      PLATFORM_API_PORT: "8000"
    image:
      repository: "docker.io/exastro/exastro-it-automation-by-ansible-pioneer-vars-listup"
      tag: ""
      pullPolicy: IfNotPresent

  ita-by-ansible-towermaster-sync:
    replicaCount: 1
    extraEnv:
      EXECUTE_INTERVAL: "10"
      PLATFORM_API_HOST: "platform-api"
      PLATFORM_API_PORT: "8000"
    image:
      repository: "docker.io/exastro/exastro-it-automation-by-ansible-towermaster-sync"
      tag: ""
      pullPolicy: IfNotPresent

  ita-by-cicd-for-iac:
    replicaCount: 1
    extraEnv:
      EXECUTE_INTERVAL: "10"
      PLATFORM_API_HOST: "platform-api"
      PLATFORM_API_PORT: "8000"
    image:
      repository: "docker.io/exastro/exastro-it-automation-by-cicd-for-iac"
      tag: ""
      pullPolicy: IfNotPresent

  ita-by-collector:
    replicaCount: 1
    extraEnv:
      EXECUTE_INTERVAL: "10"
      PLATFORM_API_HOST: "platform-api"
      PLATFORM_API_PORT: "8000"
    image:
      repository: "docker.io/exastro/exastro-it-automation-by-collector"
      tag: ""
      pullPolicy: IfNotPresent

  ita-by-conductor-regularly:
    replicaCount: 1
    extraEnv:
      EXECUTE_INTERVAL: "10"
      PLATFORM_API_HOST: "platform-api"
      PLATFORM_API_PORT: "8000"
    image:
      repository: "docker.io/exastro/exastro-it-automation-by-conductor-regularly"
      tag: ""
      pullPolicy: IfNotPresent

  ita-by-conductor-synchronize:
    replicaCount: 1
    extraEnv:
      EXECUTE_INTERVAL: "3"
      PLATFORM_API_HOST: "platform-api"
      PLATFORM_API_PORT: "8000"
    image:
      repository: "docker.io/exastro/exastro-it-automation-by-conductor-synchronize"
      tag: ""
      pullPolicy: IfNotPresent

  ita-by-excel-export-import:
    replicaCount: 1
    extraEnv:
      EXECUTE_INTERVAL: "10"
      PLATFORM_API_HOST: "platform-api"
      PLATFORM_API_PORT: "8000"
    image:
      repository: "docker.io/exastro/exastro-it-automation-by-excel-export-import"
      tag: ""
      pullPolicy: IfNotPresent

  ita-by-execinstance-dataautoclean:
    replicaCount: 1
    extraEnv:
      EXECUTE_INTERVAL: "10"
      PLATFORM_API_HOST: "platform-api"
      PLATFORM_API_PORT: "8000"
    image:
      repository: "docker.io/exastro/exastro-it-automation-by-execinstance-dataautoclean"
      tag: ""
      pullPolicy: IfNotPresent

  ita-by-file-autoclean:
    replicaCount: 1
    extraEnv:
      EXECUTE_INTERVAL: "10"
      PLATFORM_API_HOST: "platform-api"
      PLATFORM_API_PORT: "8000"
    image:
      repository: "docker.io/exastro/exastro-it-automation-by-file-autoclean"
      tag: ""
      pullPolicy: IfNotPresent

  ita-by-hostgroup-split:
    replicaCount: 1
    extraEnv:
      EXECUTE_INTERVAL: "10"
      PLATFORM_API_HOST: "platform-api"
      PLATFORM_API_PORT: "8000"
    image:
      repository: "docker.io/exastro/exastro-it-automation-by-hostgroup-split"
      tag: ""
      pullPolicy: IfNotPresent

  ita-by-menu-create:
    replicaCount: 1
    extraEnv:
      EXECUTE_INTERVAL: "10"
      PLATFORM_API_HOST: "platform-api"
      PLATFORM_API_PORT: "8000"
    image:
      repository: "docker.io/exastro/exastro-it-automation-by-menu-create"
      tag: ""
      pullPolicy: IfNotPresent

  ita-by-menu-export-import:
    replicaCount: 1
    extraEnv:
      EXECUTE_INTERVAL: "10"
      PLATFORM_API_HOST: "platform-api"
      PLATFORM_API_PORT: "8000"
    image:
      repository: "docker.io/exastro/exastro-it-automation-by-menu-export-import"
      tag: ""
      pullPolicy: IfNotPresent

  ita-by-oase-conclusion:
    replicaCount: 1
    extraEnv:
      EXECUTE_INTERVAL: "10"
      PLATFORM_API_HOST: "platform-api"
      PLATFORM_API_PORT: "8000"
    image:
      repository: "docker.io/exastro/exastro-it-automation-by-oase-conclusion"
      tag: ""
      pullPolicy: IfNotPresent

  ita-by-terraform-cli-execute:
    replicaCount: 1
    extraEnv:
      EXECUTE_INTERVAL: "3"
      PLATFORM_API_HOST: "platform-api"
      PLATFORM_API_PORT: "8000"
    image:
      repository: "docker.io/exastro/exastro-it-automation-by-terraform-cli-execute"
      tag: ""
      pullPolicy: IfNotPresent

  ita-by-terraform-cli-vars-listup:
    replicaCount: 1
    extraEnv:
      EXECUTE_INTERVAL: "10"
      PLATFORM_API_HOST: "platform-api"
      PLATFORM_API_PORT: "8000"
    image:
      repository: "docker.io/exastro/exastro-it-automation-by-terraform-cli-vars-listup"
      tag: ""
      pullPolicy: IfNotPresent

  ita-by-terraform-cloud-ep-execute:
    replicaCount: 1
    extraEnv:
      EXECUTE_INTERVAL: "3"
      PLATFORM_API_HOST: "platform-api"
      PLATFORM_API_PORT: "8000"
    image:
      repository: "docker.io/exastro/exastro-it-automation-by-terraform-cloud-ep-execute"
      tag: ""
      pullPolicy: IfNotPresent

  ita-by-terraform-cloud-ep-vars-listup:
    replicaCount: 1
    extraEnv:
      EXECUTE_INTERVAL: "10"
      PLATFORM_API_HOST: "platform-api"
      PLATFORM_API_PORT: "8000"
    image:
      repository: "docker.io/exastro/exastro-it-automation-by-terraform-cloud-ep-vars-listup"
      tag: ""
      pullPolicy: IfNotPresent

  ita-web-server:
    replicaCount: 1
    image:
      repository: "docker.io/exastro/exastro-it-automation-web-server"
      tag: ""
      pullPolicy: IfNotPresent

  ita-migration:
    extraEnv:
      PLATFORM_API_HOST: "platform-api"
      PLATFORM_API_PORT: "8000"
    image:
      repository: "docker.io/exastro/exastro-it-automation-migration"
      tag: ""
      pullPolicy: IfNotPresent

exastro-platform:
  platform-api:
    image:
      repository: "docker.io/exastro/exastro-platform-api"
      tag: ""

  platform-auth:
    extraEnv:
      # Please set the URL to access
      EXTERNAL_URL: ""
      EXTERNAL_URL_MNG: ""
    ingress:
      enabled: true
      hosts:
        - host: exastro-suite.example.local
          paths:
            - path: /
              pathType: Prefix
              backend: "http"
        - host: exastro-suite-mng.example.local
          paths:
            - path: /
              pathType: Prefix
              backend: "httpMng"
      tls: []
        # - secretName: chart-example-tls
        #   hosts:
        #     - chart-example.local
      secrets: []
        # - name: chart-example-tls
        #   certificate: |-
        #     -----BEGIN CERTIFICATE-----
        #     ...
        #     -----END CERTIFICATE-----
        #   key: |-
        #     -----BEGIN PRIVATE KEY-----
        #     ...
        #     -----END PRIVATE KEY-----
    service:
      type: ClusterIP
      # http:
      #   nodePort: 30080
      # httpMng:
      #   nodePort: 30081
    image:
      repository: "docker.io/exastro/exastro-platform-auth"
      tag: ""

  platform-job:
    extraEnv:
      # LOG_LEVEL: "INFO"
      # SUB_PROCESS_TERMINATE_REQUEST_SECONDS: "1800"
      # SUB_PROCESS_ACCEPTABLE: "2"
      # SUB_PROCESS_MAX_JOBS: "10"
      # SUB_PROCESS_WATCH_INTERVAL_SECONDS: "1.0"
      # SUB_PROCESS_DB_RECONNECT_INTERVAL_SECONDS: "60"
      # SUB_PROCESS_DB_HEALTH_CHECK_INTERVAL_SECONDS: "5"
      # SUB_PROCESS_MAX_CANCEL_TIMEOUT: "10"
      # JOB_STATUS_WATCH_INTERVAL_SECONDS: "1.0"
      # JOB_CANCEL_TIMEOUT_SECONDS: "5.0"
      # JOB_NOTIFICATION_TIMEOUT_SECONDS: "20"
      # JOB_NOTIFICATION_TEAMS_CONNECTION_TIMEOUT: "3.0"
      # JOB_NOTIFICATION_TEAMS_READ_TIMEOUT: "10.0"
      # JOB_NOTIFICATION_SMTP_TIMEOUT: "10.0"
      # JOB_NOTIFICATION_SMTPS_SSL_VERIFY_ENABLED: "TRUE"
      # JOB_FORCE_UPDATE_STATUS_TIMEOUT_SECONDS: "60"
      # JOB_FORCE_UPDATE_STATUS_INTERVAL_SECONDS: "180"
      # JOB_FORCE_UPDATE_STATUS_PROGRASS_SECONDS: "600"
    image:
      repository: "docker.io/exastro/exastro-platform-job"
      tag: ""

  platform-migration:
    image:
      repository: "docker.io/exastro/exastro-platform-migration"
      tag: ""

  platform-web:
    image:
      repository: "docker.io/exastro/exastro-platform-web"
      tag: ""

  mariadb:
    enabled: true
    image:
      repository: "docker.io/mariadb"
      tag: "10.11"
      pullPolicy: IfNotPresent
    imagePullSecrets: []
    persistence:
      enabled: true
      accessMode: ReadWriteOnce
      size: 20Gi
      storageClass: "-" # e.g.) azurefile or - (None)
      matchLabels:
        name: pv-database
      matchExpressions:
        # - {key: name, operator: In, values: [pv-database]}
    dbSetup:
      dbConfInfo:
        name: mysql-server-conf-config
        customCnf: |-
          [mysqld]
          character-set-server=utf8mb4
          collation-server=utf8mb4_bin
          secure_file_priv=/tmp
          lower_case_table_names=1
          [client]
          default-character-set=utf8mb4
    resources:
      requests:
        memory: "256Mi"
        cpu: "1m"
      limits:
        memory: "2Gi"
        cpu: "4"

  keycloak:
    enabled: true
    image:
      repository: "docker.io/exastro/keycloak"
      tag: ""
      pullPolicy: IfNotPresent
    extraEnv:
      # If you use Azure MySQL, add options like below
      # KC_DB_URL_PROPERTIES: "?useSSL=false"
    resources: {}
      # requests:
      #   memory: "256Mi"
      #   cpu: "1m"
      # limits:
      #   memory: "2Gi"
      #   cpu: "4"

  gitlab:
    enabled: false
    extraEnv:
      GITLAB_OMNIBUS_CONFIG: |
        postgresql['shared_buffers'] = "2048MB"
        postgresql['work_mem'] = "128MB"
        postgresql['maintenance_work_mem'] = "128MB"
        postgresql['effective_cache_size'] = "128MB"
        postgresql['checkpoint_segments'] = 16
        postgresql['checkpoint_timeout'] = "10min"
        external_url 'http://gitlab:40080'
        nginx['listen_port'] = 40080
        gitlab_rails['initial_root_password'] = "${GITLAB_ROOT_PASSWORD:-}"
        gitlab_rails['registry_enabled'] = false;
        gitlab_rails['db_prepared_statements'] = false;
        gitlab_rails['monitoring_whitelist'] = ['0.0.0.0/0']
        # gitlab_rails['env'] = {'MALLOC_CONF' => 'dirty_decay_ms:1000,muzzy_decay_ms:1000'}
        # puma['worker_processes'] = 0
        prometheus_monitoring['enable'] = false
        # sidekiq['max_concurrency'] = 10
        # gitaly['env'] = {'MALLOC_CONF' => 'dirty_decay_ms:1000,muzzy_decay_ms:1000', 'GITALY_COMMAND_SPAWN_MAX_PARALLEL' => '2'}
      GITLAB_POST_RECONFIGURE_SCRIPT: |
        while ! curl -sfI -o /dev/null http://localhost:40080/-/readiness;
        do
        echo "GitLab service is not ready."
        sleep 1
        done
        echo "GitLab service started normally"
        curl -Ssf -H "PRIVATE-TOKEN: ${GITLAB_ROOT_TOKEN:-}" "http://localhost:40080/api/v4/version" || (
          gitlab-rails runner "token = User.find_by_username('root').personal_access_tokens.create(scopes: [:api, :write_repository, :sudo], name: 'exastro system token'); token.set_token('${GITLAB_ROOT_TOKEN:-}'); token.save!"
        )
        echo "GitLab post reconfigure script ended."
    image:
      repository: "docker.io/gitlab/gitlab-ce"
      tag: "15.11.13-ce.0"
      pullPolicy: IfNotPresent
      # Overrides the image tag whose default is the chart appVersion.
    persistence:
      enabled: true
      volumeName: pv-gitlab
      accessMode: ReadWriteMany
      size: 20Gi
      storageClass: "-" # e.g.) azurefile or - (None)
      matchLabels:
        name: pv-gitlab
      matchExpressions:
        # - {key: name, operator: In, values: [pv-gitlab]}
    resources: {}
      # requests:
      #   memory: "4Gi"
      #   cpu: "4"
      # limits:
      #   memory: "8Gi"
      #   cpu: "8"
    service:
      type: ClusterIP
      name: gitlab
      port: 40080
      # nodePort: 30082

  mongo:
    enabled: true
    image:
      repository: "docker.io/mongo"
      pullPolicy: IfNotPresent
      # Overrides the image tag whose default is the chart appVersion.
      tag: "6.0"
    persistence:
      enabled: true
      accessMode: ReadWriteOnce
      size: 20Gi
      storageClass: "-" # e.g.) azurefile, local-path or - (None)
      matchLabels:
        # release: "pv-mongo"
      matchExpressions:
        # - {key: name, operator: In, values: [pv-mongo]}
    dbSetup:
      dbConfInfo:
        name: mongo-server-conf-config
        customCnf: |
          systemLog:
            verbosity: 0
            # destination: file
            # path: /root/logs/mongod.log
            timeStampFormat: iso8601-utc
          # storage:
          #   directoryPerDB: true
          #   dbPath: /root/data
          #   engine: wiredTiger
          #   wiredTiger:
          #     engineConfig:
          #       cacheSizeGB: 1
          #   journal:
          #     enabled: true
          # processManagement:
          #   fork: true
          # net:
          #   port: 27017
          #   bindIp: 0.0.0.0
          # security:
          #   authorization: enabled
    resources: {}
      # requests:
      #   memory: "4Gi"
      #   cpu: "4"
      # limits:
      #   memory: "8Gi"
      #   cpu: "4"
    affinity:
      podAntiAffinity:
        requiredDuringSchedulingIgnoredDuringExecution:
        - labelSelector:
            matchExpressions:
            - key: name
              operator: In
              values:
              - mongo
          topologyKey: kubernetes.io/hostname

In the next section, the manual will explain how to set the correct parameters to exastro.yaml needed to install Exastro.

Service publish settings

There are 3 main methods to publish Exastro.

• Ingress

• LoadBalancer

• NodePort

Note

There are different methods other than the ones introduced in this manual. We recommend that the users uses one that fits their environment.

Parameters

See the following for what parameters can be used.

Table 4 Exastro Platform authentication optional settings

Parameters	Description	Change	Default Value / Available Options
exastro-platform.platform-auth.extraEnv.EXTERNAL_URL	Exastro Platform Endpoint’s public URL This setting must be configured when service connection failures occur due to discrepancies between the Exastro endpoint and the public URL caused by reverse proxies or PAT (Port Address Translation).	Enabled	Public endpoint URL (http[s]://your-exastro.domain:port)
exastro-platform.platform-auth.extraEnv.EXTERNAL_URL_MNG	Public URL of the Exastro Platform Management Console endpoint This setting is required when a mismatch occurs between the Exastro endpoint and the public URL due to reverse proxies or PAT (Port Address Translation), which can lead to service connection failures.	Enabled	Public endpoint URL (http[s]://your-exastro.domain:port)
exastro-platform.platform-auth.extraEnv.AUDIT_LOG_ENABLED	Enable audit log output	Enabled	True (Default): Output False: Do not output
exastro-platform.platform-auth.extraEnv.AUDIT_LOG_PATH	Audit log file name (file path)	Enabled	exastro-audit.log (Default)
exastro-platform.platform-auth.extraEnv.AUDIT_LOG_FILE_MAX_BYTE	You can specify the maximum size (in bytes) of the audit log file.	Enabled	100000000 (Default)
exastro-platform.platform-auth.extraEnv.AUDIT_LOG_BACKUP_COUNT	Number of backup audit log files When the audit log file exceeds the specified maximum size (in bytes), backup files are created with the original file name appended by a ‘.’ and a number, up to the specified backup count.	Enabled	30 (Default)
exastro-platform.platform-auth.ingress.enabled	Whether to use Ingress in the Exastro Platform	Enabled	true (Default): Deploy an Ingress Controller to enable access to the Exastro Platform. false : Do not deploy the Ingress Controller.
exastro-platform.platform-auth.ingress.hosts[0].host	Hostname or FQDN of the Exastro Platform Management Console endpoint DNS record registration is required separately	Enabled (When using Ingress)	“exastro-suite.example.local”
exastro-platform.platform-auth.ingress.hosts[0].paths[0].path	Rules for the Management Console endpoint path in Exastro Platform	Disabled	“/”
exastro-platform.platform-auth.ingress.hosts[0].paths[0].pathType	Path match condition for the Exastro Platform Management Console endpoint	Disabled	“Prefix”
exastro-platform.platform-auth.ingress.hosts[0].paths[0].backend	Exastro Platform Management Console service name	Disabled	“http”
exastro-platform.platform-auth.ingress.hosts[1].host	Exastro Platform endpoint hostname or FQDN A DNS record must be registered separately	Enabled (When using Ingress)	“exastro-suite-mng.example.local”
exastro-platform.platform-auth.ingress.hosts[1].paths[0].path	Endpoint path rules for Exastro Platform	Disabled	“/”
exastro-platform.platform-auth.ingress.hosts[1].paths[0].pathType	Exastro Platform endpoint path match condition	Disabled	“Prefix”
exastro-platform.platform-auth.ingress.hosts[1].paths[0].backend	Exastro Platform endpoint service name	Disabled	“httpMng”
exastro-platform.platform-auth.ingress.tls[0].secretName	Name of the Kubernetes secret storing the SSL/TLS certificate for the public Exastro Platform endpoint	Enabled (When using Ingress)	Any string
exastro-platform.platform-auth.ingress.tls[0].hosts	Hostname or FQDN for the Exastro Platform public endpoint using SSL/TLS	Enabled (When using Ingress)	Any string
exastro-platform.platform-auth.ingress.secrets[0].name	Name of the Kubernetes secret that stores the SSL/TLS certificate for the Exastro Platform public endpoint	Enabled (When using Ingress)	Any string
exastro-platform.platform-auth.ingress.secrets[0].certificate	Value of the certificate file used for the SSL/TLS certificate of the Exastro Platform public endpoint	Enabled (When using Ingress)	Example of a certificate file value —–BEGIN CERTIFICATE—– … —–END CERTIFICATE—–
exastro-platform.platform-auth.ingress.secrets[0].key	Value of the key file used for the SSL/TLS certificate of the Exastro Platform public endpoint	Enabled (When using Ingress)	Example of a key file value —–BEGIN PRIVATE KEY—– … —–END PRIVATE KEY—–
exastro-platform.platform-auth.service.type	Exastro Platform service type	Enabled	ClusterIP (Default): Select when using an Ingress Controller LoadBalancer : Select when using a LoadBalancer NodePort : Select when using NodePort
exastro-platform.platform-auth.service.http.nodePort	Service public port number for Exastro Platform	Enabled (When using NodePort)	“30080”
exastro-platform.platform-auth.service.httpMng.nodePort	Exastro Platform system administration public port number	Enabled (When using NodePort)	“30081”
exastro-platform.platform-auth.image.repository	“Container image repository name	Disabled	“docker.io/exastro/exastro-platform-auth”
exastro-platform.platform-auth.image.tag	Container image tag	Disabled	“”

Setting example

This sections displays examples of the settings for publishing the service.

IngressLoadBalancerNodePort

• Features

The service can be published if Ingress Controller is usable through Public clouds or other means.

This method requires the user to construct a loadBalancer within the cluster and comes with benefits and merits if the user wants to be able to operate it themselves.

• Setting example

The service is published using DNS by registering the Service domain information to Ingress.

For checking Domain names in Azure, see Azure Kubernetes Service.

Specify the annotations required by the Cloud provider.

The following example uses AKS’s Ingress Controller.

Listing 4 exastro.yaml

--- /home/runner/work/exastro-it-automation-docs/exastro-it-automation-docs/workspace/src/en/2.6/installation/literal_includes/exastro.yaml
+++ /home/runner/work/exastro-it-automation-docs/exastro-it-automation-docs/workspace/src/en/2.6/installation/literal_includes/exastro_ingress_setting.yaml
@@ -377,17 +377,26 @@
   platform-auth:
     extraEnv:
       # Please set the URL to access
-      EXTERNAL_URL: ""
-      EXTERNAL_URL_MNG: ""
+      EXTERNAL_URL: "http://exastro-suite.xxxxxxxxxxxxxxxxxx.japaneast.aksapp.io"
+      EXTERNAL_URL_MNG: "http://exastro-suite-mng.xxxxxxxxxxxxxxxxxx.japaneast.aksapp.io"
     ingress:
       enabled: true
+      annotations:
+        kubernetes.io/ingress.class: addon-http-application-routing
+        nginx.ingress.kubernetes.io/proxy-body-size: "0"
+        nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
+        nginx.ingress.kubernetes.io/proxy-buffer-size: 256k
+        nginx.ingress.kubernetes.io/server-snippet: |
+          client_header_buffer_size 100k;
+          large_client_header_buffers 4 100k;
+
       hosts:
-        - host: exastro-suite.example.local
+        - host: exastro-suite.xxxxxxxxxxxxxxxxxx.japaneast.aksapp.io
           paths:
             - path: /
               pathType: Prefix
               backend: "http"
-        - host: exastro-suite-mng.example.local
+        - host: exastro-suite-mng.xxxxxxxxxxxxxxxxxx.japaneast.aksapp.io
           paths:
             - path: /
               pathType: Prefix

※ Make sure to configure max time-out time (seconds) for processes where large amount of files might be uploaded.

Listing 5 ingress - annotations

nginx.ingress.kubernetes.io/proxy-read-timeout: "300"

※ If HTTPS connectivity is activated while using Ingress, the following settings must be configured.

Listing 6 exastro.yaml

 platform-auth:
   extraEnv:
     # Please set the URL to access
  -      EXTERNAL_URL: "http://exastro-suite.xxxxxxxxxxxxxxxxxx.japaneast.aksapp.io"
  -      EXTERNAL_URL_MNG: "http://exastro-suite-mng.xxxxxxxxxxxxxxxxxx.japaneast.aksapp.io"
  +      EXTERNAL_URL: "https://exastro-suite.xxxxxxxxxxxxxxxxxx.japaneast.aksapp.io"
  +      EXTERNAL_URL_MNG: "https://exastro-suite-mng.xxxxxxxxxxxxxxxxxx.japaneast.aksapp.io"
       ingress:
         enabled: true
         annotations:
           kubernetes.io/ingress.class: addon-http-application-routing
           nginx.ingress.kubernetes.io/proxy-body-size: "0"
           nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
           nginx.ingress.kubernetes.io/proxy-buffer-size: 256k
           nginx.ingress.kubernetes.io/server-snippet: |
             client_header_buffer_size 100k;
             large_client_header_buffers 4 100k;
         hosts:
           - host: exastro-suite.xxxxxxxxxxxxxxxxxx.japaneast.aksapp.io
             paths:
               - path: /
                 pathType: Prefix
                 backend: "http"
           - host: exastro-suite-mng.xxxxxxxxxxxxxxxxxx.japaneast.aksapp.io
             paths:
               - path: /
                 pathType: Prefix
                 backend: "httpMng"
  -      tls: []
  +      tls:
  +        - secretName: exastro-suite-tls
  +          hosts:
  +            - exastro-suite.xxxxxxxxxxxxxxxxxx.japaneast.aksapp.io
  +            - exastro-suite-mng.xxxxxxxxxxxxxxxxxx.japaneast.aksapp.io
  -      secrets: []
  +      secrets:
  +        - name: exastro-suite-tls
  +          certificate: |-
  +            -----BEGIN CERTIFICATE-----
  +            ...
  +            -----END CERTIFICATE-----
  +          key: |-
  +            -----BEGIN PRIVATE KEY-----
  +            ...
  +            -----END PRIVATE KEY-----

Database link

In order to use the Exastro service, the user will need a database for managing CMDB and Organizations.

This document will describe 3 different setting methods when using databases.

• External database

• Database container

External databaseDatabase container

• Features

If the user is using external databases, make sure to follow the contents below when installing.

This uses a database external to the Kubernetes cluster.

As the database is not on the Kubernetes cluster, it will have to be managed seperately from the environment.

Warning

If constructing multiple ITA environments, make sure to unify the “lower_case_table_names” settings.

※If the settings are not unified, the “Menu export/import function might not work properly.

• Setting example

Configure the required connection information in order to operate the external database.

Warning

The DB management user specified with DB_ADMIN_USER and MONGO_ADMIN_USER must have permission to create databases and users.

Warning

Authorization information can be all plaintext(Base64 encoding not required).

Warning

All certification information can be written in plaintext (no need for base64 encoding).

1. Exastro IT Automation database settings

   Configure the database’s connection information.

   Table 5 Optional Parameters for Common Settings (Exastro IT Automation Database)

   Parameters	Description	Change	Default Value / Available Options
   global.itaDatabaseDefinition.name	Definition Name for Exastro IT Automation Database	Disabled	“ita-database”
   global.itaDatabaseDefinition.enabled	Enable or Disable the Definition for the Exastro IT Automation Database	Disabled	true
   global.itaDatabaseDefinition.config.DB_VENDOR	Database Used by Exastro IT Automation Database	Enabled (When Using an External Database)	"mariadb" (Default): Use MariaDB "mysql": Use MySQL
   global.itaDatabaseDefinition.config.DB_HOST	Database to Be Used for Exastro IT Automation By default, the containers deployed within the same Kubernetes cluster are specified. If you use a database outside the cluster, configuration is required.	Enabled (When Using an External Database)	“mariadb”
   global.itaDatabaseDefinition.config.DB_PORT	TCP Port Number Used for the Exastro IT Automation Database	Enabled (When Using an External Database)	“3306”
   global.itaDatabaseDefinition.config.DB_DATABASE	Database Name Used for the Exastro IT Automation Database	Enabled (When Using an External Database)	“platform”
   global.itaDatabaseDefinition.secret.DB_ADMIN_USER	Database Username with Administrative Privileges for Exastro IT Automation Database	Required	Database Username with Administrative Privileges
   global.itaDatabaseDefinition.secret.DB_ADMIN_PASSWORD	Password (Unencoded) for Database User with Administrative Privileges Used by Exastro IT Automation	Required	Password for the Database User with Administrative Privileges
   global.itaDatabaseDefinition.secret.DB_USER	Database Username to Be Created for the Exastro IT Automation Database The specified database user will be created.	Required	Arbitrary string
   global.itaDatabaseDefinition.secret.DB_PASSWORD	Password (Unencoded) for Database User to Be Created for Exastro IT Automation Database	Required	Arbitrary string

   Listing 9 exastro.yaml

   --- /home/runner/work/exastro-it-automation-docs/exastro-it-automation-docs/workspace/src/en/2.6/installation/literal_includes/exastro.yaml
   +++ /home/runner/work/exastro-it-automation-docs/exastro-it-automation-docs/workspace/src/en/2.6/installation/literal_includes/exastro_ita_database.yaml
   @@ -21,13 +21,13 @@
          #   - {key: environment, operator: In, values: [dev]}
      itaDatabaseDefinition:
        config:
   -      DB_VENDOR: "mariadb"
   -      DB_HOST: "mariadb"
   -      DB_PORT: "3306"
   +      DB_VENDOR: "mariadb"                # mariadb or mysql
   +      DB_HOST: "your.database.endpoint"   # データベースのエンドポイント
   +      DB_PORT: "3306"                     # データベース接続ポート
          DB_DATABASE: "ITA_DB"
        secret:
   -      DB_ADMIN_USER: "root"
   -      DB_ADMIN_PASSWORD: "Ch@ngeMeDBAdm"
   +      DB_ADMIN_USER: "your-admin-account"       # データベースの管理権限を持つユーザー
   +      DB_ADMIN_PASSWORD: "your-admin-password"  # データベースの管理権限を持つユーザーのパスワード
          DB_USER: "ITA_USER"
          DB_PASSWORD: "Ch@ngeMeITADB"
      pfGlobalDefinition:
   

2. Exastro platform database settings

   Configure database’s connection information.

   Table 6 Database Configuration Options for Exastro Common Platform

   Parameters	Description	Change	Default Value / Available Options
   global.pfDatabaseDefinition.name	Definition name for the authentication functionality database	Disabled	“pf-database”
   global.pfDatabaseDefinition.enabled	Flag to enable or disable the authentication database definition	Disabled	true
   global.pfDatabaseDefinition.config.DB_VENDOR	Database engine used by the authentication functionality database	Enabled (When using an external database outside the cluster)	"mariadb" (Default): Use MariaDB "mysql": Use MySQL
   global.pfDatabaseDefinition.config.DB_HOST	Database engine used by the authentication functionality database By default, it specifies a container deployed within the same Kubernetes cluster. If using an external database outside the cluster, configuration is required.	Enabled (When using an external database outside the cluster)	“mariadb”
   global.pfDatabaseDefinition.config.DB_PORT	TCP port number used by the authentication functionality database	Enabled (When using an external database outside the cluster)	“3306”
   global.pfDatabaseDefinition.config.DB_DATABASE	Database name used by the authentication functionality database	Enabled (When using an external database outside the cluster)	“platform”
   global.pfDatabaseDefinition.secret.DB_ADMIN_USER	Database username with administrative privileges used by the authentication functionality	Required	Database username with administrative privileges
   global.pfDatabaseDefinition.secret.DB_ADMIN_PASSWORD	Plaintext password for the database user with administrative privileges used by the authentication functionality database	Required	Password for the database user with administrative privileges
   global.pfDatabaseDefinition.secret.DB_USER	Database username to be created for the authentication function The specified DB user will be created.	Required	Any string
   global.pfDatabaseDefinition.secret.DB_PASSWORD	Password for the database user to be created for the authentication function (without encoding)	Required	Any string

   Listing 10 exastro.yaml

   --- /home/runner/work/exastro-it-automation-docs/exastro-it-automation-docs/workspace/src/en/2.6/installation/literal_includes/exastro.yaml
   +++ /home/runner/work/exastro-it-automation-docs/exastro-it-automation-docs/workspace/src/en/2.6/installation/literal_includes/exastro_pf_database.yaml
   @@ -52,13 +52,13 @@
          #   - {key: environment, operator: In, values: [dev]}
      pfDatabaseDefinition:
        config:
   -      DB_VENDOR: "mariadb"
   -      DB_HOST: "mariadb"
   -      DB_PORT: "3306"
   +      DB_VENDOR: "mariadb"                # mariadb or mysql
   +      DB_HOST: "your.database.endpoint"   # データベースのエンドポイント
   +      DB_PORT: "3306"                     # データベース接続ポート
          DB_DATABASE: "platform"
        secret:
   -      DB_ADMIN_USER: "root"
   -      DB_ADMIN_PASSWORD: "Ch@ngeMeDBAdm"
   +      DB_ADMIN_USER: "your-admin-account"      # データベースの管理者ユーザー
   +      DB_ADMIN_PASSWORD: "your-admin-password" # データベースの管理者ユーザのパスワード
          DB_USER: "pf-user"
          DB_PASSWORD: "Ch@ngeMePFDB"
      keycloakDefinition:
   

3. OASE database settings

   Configure OASE database’s connection information (Not required if not using OASE).

   Warning

   If using MongoDB user and databases through “Automatic payout, make sure to specify MONGO_HOST.

   The MONGO_ADMIN_USER must have permission to create and delete users and databases (root or role with same permissions).

   If the user doesnt have said permissions, the user must soecify “Python connection string”.

   If the user is not using Automatic payout, MONGO_HOST does not need to be specified.

   Table 7 Exastro OASE Database Configuration Parameters

   Parameters	Description	Change	Default Value / Available Options
   global.mongoDefinition.config.MONGO_PROTOCOL	Protocol used for the OASE database	Enabled	“http”
   global.mongoDefinition.config.MONGO_HOST	Database used by OASE By default, it specifies a container deployed within the same Kubernetes cluster. If using an external database outside the cluster, configuration is required. If automatic provisioning is not used, specify “” (an empty string).	Enabled (When using an external database outside the cluster)	“mongo”
   global.mongoDefinition.config.MONGO_PORT	TCP port number used by the OASE database	Enabled (When using an external database outside the cluster)	“27017”
   global.mongoDefinition.secret.MONGO_ADMIN_USER	Admin database username used by OASE	Required	Database username with administrative privileges
   global.mongoDefinition.secret.DB_ADMIN_PASSWORD	Plaintext password for the DB user with administrative privileges used by OASE	Required	Password for the database user with administrative privileges

   Listing 11 exastro.yaml

   --- /home/runner/work/exastro-it-automation-docs/exastro-it-automation-docs/workspace/src/en/2.6/installation/literal_includes/exastro.yaml
   +++ /home/runner/work/exastro-it-automation-docs/exastro-it-automation-docs/workspace/src/en/2.6/installation/literal_includes/exastro_mongo_database.yaml
   @@ -77,12 +77,12 @@
          GITLAB_ROOT_TOKEN: "change-this-token"
      mongoDefinition:
        config:
   -      MONGO_PROTOCOL: "http"
   -      MONGO_HOST: "mongo" # "mongo" if use container.
   -      MONGO_PORT: "27017"
   +      MONGO_PROTOCOL: "your.protocol"        # http or https
   +      MONGO_HOST: "your.database.endpoint"   # OASE用データベースのエンドポイント
   +      MONGO_PORT: "your.port"                # OASE用データベース接続ポート
        secret:
   -      MONGO_ADMIN_USER: "admin"
   -      MONGO_ADMIN_PASSWORD: "Ch@ngeMeMGAdm"
   +      MONGO_ADMIN_USER: "your-admin-account"      # OASE用データベースの管理者ユーザ
   +      MONGO_ADMIN_PASSWORD: "your-admin-password" # OASE用データベースの管理者ユーザのパスワード
    
    exastro-it-automation:
      ita-api-admin:
   @@ -621,3 +621,4 @@
                  - mongo
              topologyKey: kubernetes.io/hostname
    
   +
   

4. Deactivating database containers

   Configure the database container so it does not start.

   Table 8 Optional Parameters for Common Settings (Exastro Shared Database)

   Parameters	Description	Change	Default Value / Available Options
   global.databaseDefinition.name	Definition Name of the Exastro Shared Database	Disabled	“mariadb”
   global.databaseDefinition.enabled	Enablement of the Exastro Shared Database Definition	Disabled	true
   global.databaseDefinition.secret.MARIADB_ROOT_PASSWORD	Password to set for the root account of the Exastro Shared Database (plain text)	Required	Arbitrary string
   global.databaseDefinition.persistence.enabled	Enable flag for data persistence of the Exastro Shared Database	Enabled	"true" (Default): Persist the data "false": Do not persist the data
   global.databaseDefinition.persistence.reinstall	Whether to initialize the data area during reinstallation	Enabled (When data is persisted)	"true" (Default): Initialize (delete) the data "false": Do not initialize (delete) the data
   global.databaseDefinition.persistence.accessMode	Specify the access mode for the persistent volume	Disabled	“ReadWriteOnce”
   global.databaseDefinition.persistence.size	Disk size of the persistent volume	Enabled (When data persistence is enabled)	“20Gi”
   global.databaseDefinition.persistence.volumeType	Volume type of the persistent volume	Enabled (Currently disabled)	"hostPath" (Default): Store data on Kubernetes cluster nodes (not recommended) "AKS": Use the storage class provided by AKS
   global.databaseDefinition.persistence.storageClass	Specify the storage class to use for the persistent volume	Enabled (When data persistence is enabled)	"-" (Default): Do not specify a storage class. Storage Class Name: Specify the name of the storage class provided by the cloud provider.

   Listing 12 exastro.yaml

   --- /home/runner/work/exastro-it-automation-docs/exastro-it-automation-docs/workspace/src/en/2.6/installation/literal_includes/exastro.yaml
   +++ /home/runner/work/exastro-it-automation-docs/exastro-it-automation-docs/workspace/src/en/2.6/installation/literal_includes/exastro_database_disabled.yaml
   @@ -451,7 +451,7 @@
          tag: ""
    
      mariadb:
   -    enabled: true
   +    enabled: false
        image:
          repository: "docker.io/mariadb"
          tag: "10.11"
   

   Configure the MongoDB database container so it does not start.(Not required if not using OASE)

   Table 9 MongoDB container options parameters

   Parameters	Description	Change	Default Value / Available Options
   exastro-platform.mongo.enabled	MongoDB Whether to deploy the container	Enabled	true (Default): Deploy the MongoDB container. false : Do not deploy the MongoDB container.
   exastro-platform.mongo.image.repository	Container image repository name	Disabled	“mongo”
   exastro-platform.mongo.image.pullPolicy	Image Pull Policy	Enabled	IfNotPresent (Default): Pull the container image only if it is not already present (imagePullPolicy: IfNotPresent) Always: Always pull the container image None: Do not pull the container image
   exastro-platform.mongo.image.tag	Container image tag	Disabled	“6.0”
   exastro-platform.mongo.persistence.enabled	Flag to enable data persistence for the shared Exastro database	Enabled	true (Default): Persist data false: Do not persist data
   exastro-platform.mongo.persistence.reinstall	Whether to initialize the data volume upon reinstallation	Disabled	true : Initialize (the data volume) false (Default): Do not initialize (delete) data
   exastro-platform.mongo.persistence.accessMode	Specify the access mode for the persistent volume	Disabled	“ReadWriteOnce”
   exastro-platform.mongo.persistence.size	Disk capacity of the persistent volume	Enabled (During data persistence)	“20Gi”
   exastro-platform.mongo.persistence.storageClass	Specify the storage class to use for the persistent volume	Enabled (During data persistence)	- (Default): Do not specify a storage class Storage class name: Specify the storage class name provided by the cloud provider (or other infrastructure)
   exastro-platform.mongo.persistence.matchLabels.name	Specify the name of the persistent volume to use	Disabled	“comment out”
   exastro-platform.mongo.resources.requests.memory	Memory request	Enabled	“256Mi”
   exastro-platform.mongo.resources.requests.cpu	CPU request	Enabled	“1m”
   exastro-platform.mongo.resources.limits.memory	Memory upper limit	Enabled	“2Gi”
   exastro-platform.mongo.resources.limits.cpu	CPU upper limit	Enabled	“4”

   Listing 13 exastro.yaml

   --- /home/runner/work/exastro-it-automation-docs/exastro-it-automation-docs/workspace/src/en/2.6/installation/literal_includes/exastro.yaml
   +++ /home/runner/work/exastro-it-automation-docs/exastro-it-automation-docs/workspace/src/en/2.6/installation/literal_includes/exastro_mongodb_disabled.yaml
   @@ -563,7 +563,7 @@
          # nodePort: 30082
    
      mongo:
   -    enabled: true
   +    enabled: false
        image:
          repository: "docker.io/mongo"
          pullPolicy: IfNotPresent
   @@ -621,3 +621,4 @@
                  - mongo
              topologyKey: kubernetes.io/hostname
    
   +
   

App DB user settings

Configure DB users in for applications in Exastro.

Setting example

Configure DB users for each of the following.

• Exastro IT Automation

• Exastro platform

• Keycloak

Warning

Authorization information can be all plaintext(Base64 encoding not required).

1. Configure Exastro IT Automation database

   Configure DB user that will be used and created by applications.

Table 17 Optional Parameters for Common Settings (Exastro IT Automation Database)

Parameters	Description	Change	Default Value / Available Options
global.itaDatabaseDefinition.name	Definition Name for Exastro IT Automation Database	Disabled	“ita-database”
global.itaDatabaseDefinition.enabled	Enable or Disable the Definition for the Exastro IT Automation Database	Disabled	true
global.itaDatabaseDefinition.config.DB_VENDOR	Database Used by Exastro IT Automation Database	Enabled (When Using an External Database)	"mariadb" (Default): Use MariaDB "mysql": Use MySQL
global.itaDatabaseDefinition.config.DB_HOST	Database to Be Used for Exastro IT Automation By default, the containers deployed within the same Kubernetes cluster are specified. If you use a database outside the cluster, configuration is required.	Enabled (When Using an External Database)	“mariadb”
global.itaDatabaseDefinition.config.DB_PORT	TCP Port Number Used for the Exastro IT Automation Database	Enabled (When Using an External Database)	“3306”
global.itaDatabaseDefinition.config.DB_DATABASE	Database Name Used for the Exastro IT Automation Database	Enabled (When Using an External Database)	“platform”
global.itaDatabaseDefinition.secret.DB_ADMIN_USER	Database Username with Administrative Privileges for Exastro IT Automation Database	Required	Database Username with Administrative Privileges
global.itaDatabaseDefinition.secret.DB_ADMIN_PASSWORD	Password (Unencoded) for Database User with Administrative Privileges Used by Exastro IT Automation	Required	Password for the Database User with Administrative Privileges
global.itaDatabaseDefinition.secret.DB_USER	Database Username to Be Created for the Exastro IT Automation Database The specified database user will be created.	Required	Arbitrary string
global.itaDatabaseDefinition.secret.DB_PASSWORD	Password (Unencoded) for Database User to Be Created for Exastro IT Automation Database	Required	Arbitrary string

Listing 21 exastro.yaml

--- /home/runner/work/exastro-it-automation-docs/exastro-it-automation-docs/workspace/src/en/2.6/installation/literal_includes/exastro.yaml
+++ /home/runner/work/exastro-it-automation-docs/exastro-it-automation-docs/workspace/src/en/2.6/installation/literal_includes/exastro_db_user_ita.yaml
@@ -28,8 +28,8 @@
     secret:
       DB_ADMIN_USER: "root"
       DB_ADMIN_PASSWORD: "Ch@ngeMeDBAdm"
-      DB_USER: "ITA_USER"
-      DB_PASSWORD: "Ch@ngeMeITADB"
+      DB_USER: "ita-db-user"                # Exastro IT Automation のアプリが使うDBユーザー
+      DB_PASSWORD: "ita-db-user-password"   # Exastro IT Automation のアプリが使うDBユーザーのパスワード
   pfGlobalDefinition:
     config:
       DEFAULT_LANGUAGE: "ja"

2. Configure Keycloak database

   Configure DB user that will be used and created by applications.

Table 18 Common Settings (Optional Parameters)

Parameters	Description	Change	Default Value / Available Options
global.keycloakDefinition.name	Keycloak Alias	Disabled	keycloak
global.keycloakDefinition.enabled	Keycloak Definition	Disabled	true
global.keycloakDefinition.config.API_KEYCLOAK_PROTOCOL	Keycloak API Endpoint Protocol	Disabled	“http”
global.keycloakDefinition.config.API_KEYCLOAK_HOST	Keycloak API Endpoint Host Name or FQDN	Disabled	“keycloak”
global.keycloakDefinition.config.API_KEYCLOAK_PORT	Keycloak API Endpoint Port Number	Disabled	“8080”
global.keycloakDefinition.config.KEYCLOAK_PROTOCOL	Keycloak Endpoint Protocol	Disabled	“http”
global.keycloakDefinition.config.KEYCLOAK_HOST	Keycloak Endpoint Host Name or FQDN	Disabled	“keycloak”
global.keycloakDefinition.config.KEYCLOAK_PORT	Keycloak API Endpoint Port Number	Disabled	“8080”
global.keycloakDefinition.config.KEYCLOAK_MASTER_REALM	Keycloak Master Realm Name	Disabled	“master”
global.keycloakDefinition.config.KEYCLOAK_DB_DATABASE	Keycloak Database Name	Disabled	“keycloak”
global.keycloakDefinition.secret.SYSTEM_ADMIN	Specify the username with administrative privileges in the Keycloak master realm. The specified Keycloak user will be created. Change From KEYCLOAK_USER to SYSTEM_ADMIN	Required	Any string
global.keycloakDefinition.secret.SYSTEM_ADMIN_PASSWORD	Password to be set for the user with administrative privileges in the Keycloak master realm (not encoded). Change From KEYCLOAK_PASSWORD to SYSTEM_ADMIN_PASSWORD	Required	Any string
global.keycloakDefinition.secret.KEYCLOAK_DB_USER	The database user used by Keycloak. The specified database user will be created.	Required	Any string
global.keycloakDefinition.secret.KEYCLOAK_DB_PASSWORD	Plaintext password for the database user used by Keycloak	Required	Any string

Listing 22 exastro.yaml

--- /home/runner/work/exastro-it-automation-docs/exastro-it-automation-docs/workspace/src/en/2.6/installation/literal_includes/exastro.yaml
+++ /home/runner/work/exastro-it-automation-docs/exastro-it-automation-docs/workspace/src/en/2.6/installation/literal_includes/exastro_db_user_keycloak.yaml
@@ -65,8 +65,8 @@
     secret:
       SYSTEM_ADMIN: "admin"
       SYSTEM_ADMIN_PASSWORD: "Ch@ngeMeKCAdm"
-      KEYCLOAK_DB_USER: "keycloak"
-      KEYCLOAK_DB_PASSWORD: "Ch@ngeMeKCADB"
+      KEYCLOAK_DB_USER: "keycloak-db-user"               # Keycloak が使うDBユーザー
+      KEYCLOAK_DB_PASSWORD: "keycloak-db-user-password"  # Keycloak が使うDBユーザーのパスワード
   gitlabDefinition:
     config:
       GITLAB_PROTOCOL: "http"

3. Configure Exastro platform database

   Configure DB user that will be used and created by applications.

Table 19 Database Configuration Options for Exastro Common Platform

Parameters	Description	Change	Default Value / Available Options
global.pfDatabaseDefinition.name	Definition name for the authentication functionality database	Disabled	“pf-database”
global.pfDatabaseDefinition.enabled	Flag to enable or disable the authentication database definition	Disabled	true
global.pfDatabaseDefinition.config.DB_VENDOR	Database engine used by the authentication functionality database	Enabled (When using an external database outside the cluster)	"mariadb" (Default): Use MariaDB "mysql": Use MySQL
global.pfDatabaseDefinition.config.DB_HOST	Database engine used by the authentication functionality database By default, it specifies a container deployed within the same Kubernetes cluster. If using an external database outside the cluster, configuration is required.	Enabled (When using an external database outside the cluster)	“mariadb”
global.pfDatabaseDefinition.config.DB_PORT	TCP port number used by the authentication functionality database	Enabled (When using an external database outside the cluster)	“3306”
global.pfDatabaseDefinition.config.DB_DATABASE	Database name used by the authentication functionality database	Enabled (When using an external database outside the cluster)	“platform”
global.pfDatabaseDefinition.secret.DB_ADMIN_USER	Database username with administrative privileges used by the authentication functionality	Required	Database username with administrative privileges
global.pfDatabaseDefinition.secret.DB_ADMIN_PASSWORD	Plaintext password for the database user with administrative privileges used by the authentication functionality database	Required	Password for the database user with administrative privileges
global.pfDatabaseDefinition.secret.DB_USER	Database username to be created for the authentication function The specified DB user will be created.	Required	Any string
global.pfDatabaseDefinition.secret.DB_PASSWORD	Password for the database user to be created for the authentication function (without encoding)	Required	Any string

Listing 23 exastro.yaml

--- /home/runner/work/exastro-it-automation-docs/exastro-it-automation-docs/workspace/src/en/2.6/installation/literal_includes/exastro.yaml
+++ /home/runner/work/exastro-it-automation-docs/exastro-it-automation-docs/workspace/src/en/2.6/installation/literal_includes/exastro_db_user_pf.yaml
@@ -59,8 +59,8 @@
     secret:
       DB_ADMIN_USER: "root"
       DB_ADMIN_PASSWORD: "Ch@ngeMeDBAdm"
-      DB_USER: "pf-user"
-      DB_PASSWORD: "Ch@ngeMePFDB"
+      DB_USER: "pf-db-user"           # Exastro 共通基盤が使うDBユーザー
+      DB_PASSWORD: "pf-db-password"   # Exastro 共通基盤が使うDBユーザーのパスワード
   keycloakDefinition:
     secret:
       SYSTEM_ADMIN: "admin"

GitLab link settings

Configure connection information in order to link with GitLab.

• External Gitlab

• GitLab container

Table 20 Optional Parameters for Common Settings (GitLab)

Parameters	Description	Change	Default Value / Available Options
global.gitlabDefinition.name	GitLab Definition Name	Disabled	gitlab
global.gitlabDefinition.enabled	Enable or Disable GitLab Definition	Disabled	true
global.gitlabDefinition.config.GITLAB_PROTOCOL	Protocol for GitLab Endpoint	Enabled	http
global.gitlabDefinition.config.GITLAB_HOST	Hostname or FQDN for GitLab Endpoint	Enabled	gitlab
global.gitlabDefinition.config.GITLAB_PORT	Port Number of GitLab Endpoint	Enabled	80
global.gitlabDefinition.secret.GITLAB_ROOT_PASSWORD	User Password for GitLab Root Privileged Account	Required	Any string (8 characters or more; predictable words are not allowed)
global.gitlabDefinition.secret.GITLAB_ROOT_TOKEN	Access Token for GitLab Root Privileged Account	Required	Access Token (Plain Text)

Warning

The GITLAB_ROOT_TOKEN needs a token that contains permissions for the following:

・api

・write_repository

・sudo

The following is an example of GitLab link configurations.

Listing 24 exastro.yaml

--- /home/runner/work/exastro-it-automation-docs/exastro-it-automation-docs/workspace/src/en/2.6/installation/literal_includes/exastro.yaml
+++ /home/runner/work/exastro-it-automation-docs/exastro-it-automation-docs/workspace/src/en/2.6/installation/literal_includes/exastro_gitlab_setting.yaml
@@ -69,12 +69,12 @@
       KEYCLOAK_DB_PASSWORD: "Ch@ngeMeKCADB"
   gitlabDefinition:
     config:
-      GITLAB_PROTOCOL: "http"
-      GITLAB_HOST: "" # "gitlab" if use container.
-      GITLAB_PORT: "8080"
+      GITLAB_PROTOCOL: "接続プロトコル http or https"
+      GITLAB_HOST: "your.gitlab.endpoint" # 起動する Gitalb コンテナの公開時のURL。AAPから接続できる必要がある。
+      GITLAB_PORT: "30082"                # 起動する Gitalb コンテナの公開時のポート番号
     secret:
-      GITLAB_ROOT_PASSWORD: "Ch@ngeMeGL"
-      GITLAB_ROOT_TOKEN: "change-this-token"
+      GITLAB_ROOT_PASSWORD: "GitLabのRoot権限をユーザーパスワード"
+      GITLAB_ROOT_TOKEN: "GitLabのRoot権限を持ったトークン"
   mongoDefinition:
     config:
       MONGO_PROTOCOL: "http"

Proxy settings

Configure the following information when running Exastro under a Proxy environment.

Warning

Available with Exastro IT Automation version 2.4 or later and Exastro Platform version 1.8.1 or later.

This setting is required when using IdP integration in a proxy environment.

This setting does not apply to other features.

Table 21 Optional parameters for common settings (Proxy configuration)

Parameters	Description	Change	Default Value / Available Options
global.proxyDefinition.name	Proxy definition name	Disabled	proxy-global
global.proxyDefinition.enabled	Proxy definition usage	Enabled	false
global.proxyDefinition.config.HTTP_PROXY	Proxy definition: HTTP_PROXY setting	Enabled	""
global.proxyDefinition.config.HTTPS_PROXY	Proxy definition: HTTP_PROXY setting	Enabled	""
global.proxyDefinition.config.NO_PROXY	Proxy definition: NO_PROXY setting Only modify this if additional configuration is required.	Enabled	“127.0.0.1,localhost,platform-auth,platform-api,ita-api-admin,ita-api-organization,ita-api-oase-receiver”

Create Exastro system admin

Configure the infomation that will be used to create the Exastro system admin when setting up Keycloak.

Table 22 Common Settings (Optional Parameters)

Parameters	Description	Change	Default Value / Available Options
global.keycloakDefinition.name	Keycloak Alias	Disabled	keycloak
global.keycloakDefinition.enabled	Keycloak Definition	Disabled	true
global.keycloakDefinition.config.API_KEYCLOAK_PROTOCOL	Keycloak API Endpoint Protocol	Disabled	“http”
global.keycloakDefinition.config.API_KEYCLOAK_HOST	Keycloak API Endpoint Host Name or FQDN	Disabled	“keycloak”
global.keycloakDefinition.config.API_KEYCLOAK_PORT	Keycloak API Endpoint Port Number	Disabled	“8080”
global.keycloakDefinition.config.KEYCLOAK_PROTOCOL	Keycloak Endpoint Protocol	Disabled	“http”
global.keycloakDefinition.config.KEYCLOAK_HOST	Keycloak Endpoint Host Name or FQDN	Disabled	“keycloak”
global.keycloakDefinition.config.KEYCLOAK_PORT	Keycloak API Endpoint Port Number	Disabled	“8080”
global.keycloakDefinition.config.KEYCLOAK_MASTER_REALM	Keycloak Master Realm Name	Disabled	“master”
global.keycloakDefinition.config.KEYCLOAK_DB_DATABASE	Keycloak Database Name	Disabled	“keycloak”
global.keycloakDefinition.secret.SYSTEM_ADMIN	Specify the username with administrative privileges in the Keycloak master realm. The specified Keycloak user will be created. Change From KEYCLOAK_USER to SYSTEM_ADMIN	Required	Any string
global.keycloakDefinition.secret.SYSTEM_ADMIN_PASSWORD	Password to be set for the user with administrative privileges in the Keycloak master realm (not encoded). Change From KEYCLOAK_PASSWORD to SYSTEM_ADMIN_PASSWORD	Required	Any string
global.keycloakDefinition.secret.KEYCLOAK_DB_USER	The database user used by Keycloak. The specified database user will be created.	Required	Any string
global.keycloakDefinition.secret.KEYCLOAK_DB_PASSWORD	Plaintext password for the database user used by Keycloak	Required	Any string

Listing 25 exastro.yaml

--- /home/runner/work/exastro-it-automation-docs/exastro-it-automation-docs/workspace/src/en/2.6/installation/literal_includes/exastro.yaml
+++ /home/runner/work/exastro-it-automation-docs/exastro-it-automation-docs/workspace/src/en/2.6/installation/literal_includes/exastro_usercreate_system_manager.yaml
@@ -63,8 +63,8 @@
       DB_PASSWORD: "Ch@ngeMePFDB"
   keycloakDefinition:
     secret:
-      SYSTEM_ADMIN: "admin"
-      SYSTEM_ADMIN_PASSWORD: "Ch@ngeMeKCAdm"
+      SYSTEM_ADMIN: "admin"                     # Exastro システムのシステム管理者のユーザー名
+      SYSTEM_ADMIN_PASSWORD: "admin-password"   # Exastro システムのシステム管理者のユーザーパスワード
       KEYCLOAK_DB_USER: "keycloak"
       KEYCLOAK_DB_PASSWORD: "Ch@ngeMeKCADB"
   gitlabDefinition:

Configure Persistent volume

In order to persist databases( for container within clusters) and files, the user will have to configure a persistent volume.

For more information regarding persistent volumes, see Persistent Volumes - Kubernetes.

This document describes 2 persisting methods for the following:

Note

If outputting monitoring logs to a persistent volume, a persistent volume must be configured.

• Managed disk

• Kubernetes note directory

Managed diskKubernetes node directory

• Features

Storage construction and maintenance is not required if the user is using a storage service provided by a public cloud.

• Setting example

If the user is using storage from Azure, the user can persist data by defining StorageClass as shown below.

For more information, see Storage options for applications in Azure Kubernetes Service (AKS).

apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: exastro-suite-azurefile-csi-nfs
provisioner: file.csi.azure.com
allowVolumeExpansion: true
parameters:
  protocol: nfs
mountOptions:
  - nconnect=8

caption:

storage-class-exastro-suite.yaml

linenos:

Listing 26 exastro.yaml

  itaGlobalDefinition:
    persistence:
      enabled: true
      accessMode: ReadWriteMany
      size: 10Gi
      volumeType: hostPath # e.g.) hostPath or AKS
-      storageClass: "-" # e.g.) azurefile or - (None)
+      storageClass: "azurefile" # e.g.) azurefile or - (None)

※ The following has been configured in Database link.

Listing 27 exastro.yaml

  databaseDefinition:
    persistence:
      enabled: true
      reinstall: false
      accessMode: ReadWriteOnce
      size: 20Gi
      volumeType: hostPath # e.g.) hostPath or AKS
-      storageClass: "-" # e.g.) azurefile or - (None)
+      storageClass: "exastro-suite-azurefile-csi-nfs" # e.g.) azurefile or - (None)

※ Configure the following in order to output monitoring logs to a persistent volume.

Listing 28 exastro.yaml

  pfAuditLogDefinition:
    name: pf-auditlog
    persistence:
-      enabled: false
+      enabled: true
      reinstall: false
      accessMode: ReadWriteMany
      size: 10Gi
      volumeType: hostPath # e.g.) hostPath or AKS
-      storageClass: "-" # e.g.) azurefile or - (None)
+      storageClass: "exastro-suite-azurefile-csi-nfs" # e.g.) azurefile or - (None)

Install

Note

If the installation fails, follow Uninstall and try reinstalling.

Create Persistent volumes

Apply the manifest file created in Configure Persistent volume and create persistent volume.

# pv-database.yaml
kubectl apply -f pv-database.yaml

# pv-ita-common.yaml
kubectl apply -f pv-ita-common.yaml

# pv-mongo.yaml ※Not required if not using OASE
kubectl apply -f pv-mongo.yaml

# pv-gitlab.yaml ※Not required if using external GitLab
kubectl apply -f pv-gitlab.yaml

# pv-pf-auditlog.yaml ※Not required 監査ログを永続ボリュームに出力しない場合は設定不要
kubectl apply -f pv-pf-auditlog.yaml

# 確認
kubectl get pv

NAME            CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS      CLAIM                                  STORAGECLASS   REASON   AGE
pv-database     20Gi       RWO            Retain           Available                                                                  6s
pv-gitlab       20Gi       RWX            Retain           Available                                                                  5s
pv-ita-common   10Gi       RWX            Retain           Available                                                                  6s
pv-mongo        20Gi       RWO            Retain           Available   exastro/volume-mongo-storage-mongo-0                           5s

Install

See the exastro-helm site <https://github.com/exastro-suite/exastro-helm> for more information regarding the Helm and Application versions.

Table 23 Helm chart and application version

Chart Version	Exastro Version	Exastro IT Automation	Exastro Platform	Release scenario
1.0.2	2.1.0	2.0.3	1.4.0	Exastro IT Automation Version 2.0 GA Release
...	...	...	...	...
1.1.x	2.2.x	2.1.x	1.x.0	Exastro IT Automation Version 2.1 GA Release (Scheduled)

The access method changes depending on which publication method was used during installation.

This section describes the methods for Ingress, LoadBalancer and NodePort.

IngressLoadBalancerNodePort

Follow the steps below and start installing.

1. Use Helm command to install on Kubernetes environment.

   Listing 35 Command

   helm upgrade exastro exastro/exastro --install \
     --namespace exastro --create-namespace \
     --values exastro.yaml
   

   Listing 36 Output results

   NAME: exastro
   LAST DEPLOYED: Sat Jan 28 15:00:02 2023
   NAMESPACE: exastro
   STATUS: deployed
   REVISION: 1
   TEST SUITE: None
   NOTES:
   Exastro install completion!
   
   1. Execute the following command and wait until the pod becomes "Running" or "Completed":
   
     # NOTE: You can also append "-w" to the command or wait until the state changes with "watch command"
   
     kubectl get pods --namespace exastro
   
   2. Get the ENCRYPT_KEY by running these commands:
   
     # Exastro IT Automation ENCRYPT_KEY
     kubectl get secret ita-secret-ita-global --namespace exastro -o jsonpath='{.data.ENCRYPT_KEY}' | base64 -d
   
     # Exastro Platform ENCRYPT_KEY
     kubectl get secret platform-secret-pf-global --namespace exastro -o jsonpath='{.data.ENCRYPT_KEY}' | base64 -d
   
     !!! Please save the output ENCRYPT_KEY carefully. !!!
   
   3. Run the following command to get the application URL and go to the URL or go to the displayed URL:
     *************************
     * Service Console       *
     *************************
     http://exastro-suite.example.local/
   
     *************************
     * Administrator Console *
     *************************
     http://exastro-suite-mng.example.local/auth/
   
   
   # Note: You can display this note again by executing the following command.
   

   Use the output results from the last step for the following steps.
2. Check install status
   Use the command below to check whether the installation and service startup have finished.
   Listing 37 Command

   # Retrieve the list of Pods
   kubectl get po --namespace exastro
   

   If the system has started successfully, ita-migration-xxx and platform-migration-xxx will show as Completed, and all other pods will be in the Running state.

   Note: It may take a few minutes for the system to start up completely.
   Listing 38 Output

   NAME                                                      READY   STATUS      RESTARTS   AGE
   ita-api-admin-6b8567596d-rgjms                            1/1     Running     0          7h40m
   ita-api-oase-receiver-6b74bdff6-zmcrw                     1/1     Running     0          7h40m
   ita-api-organization-559d7d8f89-ptphh                     1/1     Running     0          7h40m
   ita-by-ansible-execute-5dc444c999-w6gmr                   1/1     Running     0          7h40m
   ita-by-ansible-legacy-role-vars-listup-6d8f98895f-bvjgn   1/1     Running     0          7h40m
   ita-by-ansible-legacy-vars-listup-6ccd997cf-hvkzq         1/1     Running     0          7h40m
   ita-by-ansible-pioneer-vars-listup-6cfcfd4479-8bqst       1/1     Running     0          7h40m
   ita-by-ansible-towermaster-sync-6759486f8f-wrbbp          1/1     Running     0          7h40m
   ita-by-cicd-for-iac-7b75cc56f5-rrrvg                      1/1     Running     0          7h40m
   ita-by-collector-7748d54f59-8j5r2                         1/1     Running     0          7h40m
   ita-by-conductor-regularly-779ff79775-xnt29               1/1     Running     0          7h40m
   ita-by-conductor-synchronize-5d5485479-5df54              1/1     Running     0          7h40m
   ita-by-excel-export-import-6f84f97dcf-hlm4h               1/1     Running     0          7h40m
   ita-by-hostgroup-split-59b698f479-cxggd                   1/1     Running     0          7h40m
   ita-by-menu-create-796bdc9c75-l79zq                       1/1     Running     0          7h40m
   ita-by-menu-export-import-849d796bb5-5mpw2                1/1     Running     0          7h40m
   ita-by-oase-conclusion-b484595d7-kssv4                    1/1     Running     0          7h40m
   ita-by-terraform-cli-execute-769d874d7-sknn6              1/1     Running     0          7h40m
   ita-by-terraform-cli-vars-listup-7f589cdddc-g5xz6         1/1     Running     0          7h40m
   ita-by-terraform-cloud-ep-execute-7f8b6d87cc-kfmfv        1/1     Running     0          7h40m
   ita-by-terraform-cloud-ep-vars-listup-6cccbd4899-6frcn    1/1     Running     0          7h40m
   ita-migration-1-3-6-lydz                                  0/1     Completed   0          7h40m
   ita-web-server-b4cd4cdf8-wkx78                            1/1     Running     0          7h40m
   keycloak-0                                                1/1     Running     0          7h40m
   mariadb-778786f7d-ss4cq                                   1/1     Running     0          7h40m
   mongo-0                                                   1/1     Running     0          7h40m
   platform-api-ffb78f578-svd5t                              1/1     Running     0          7h40m
   platform-auth-75895d784-9hhxw                             1/1     Running     0          7h40m
   platform-job-864c47d4f-8vvvq                              1/1     Running     0          7h40m
   platform-migration-1-8-0-rjwr                             0/1     Completed   0          7h40m
   platform-web-6644884657-dmwp6                             1/1     Running     0          7h40m
   

3. Backup encrypt key

   All sensitive information, such as passwords and authentication credentials in the Exastro system, is encrypted.

   Be sure to back up the encryption key obtained below and store it securely.

   Danger

   If you lose the encryption key, it will not be possible to decrypt the data during system recovery from backup.
   Listing 39 Command

   # Exastro IT Automation ENCRYPT_KEY
   kubectl get secret ita-secret-ita-global --namespace exastro -o jsonpath='{.data.ENCRYPT_KEY}' | base64 -d
   

   Listing 40 Output Results

   JnIoXzJtPic2MXFqRl1yI1chMj8hWzQrNypmVn41Pk8=
   

   Listing 41 Command

   # Exastro Platform ENCRYPT_KEY
   kubectl get secret platform-secret-pf-global --namespace exastro -o jsonpath='{.data.ENCRYPT_KEY}' | base64 -d
   

   Listing 42 Output Results

   bHFZe2VEVVM2PmFeQDMqNG4oZT4lTlglLjJJekxBTHE=
   

4. Check connection

   Follow the output results and access the Administrator Console URL.

   The following is an example. Please change the host name with the one set in Service publish settings.
   Listing 43 Output results(Example)

   *************************
   * Service Console       *
   *************************
   http://exastro-suite.example.local/
   
   *************************
   * Administrator Console *
   *************************
   http://exastro-suite-mng.example.local/auth/
   

   Table 24 Connection check URL

   Managment console

   http://exastro-suite-mng.example.local/auth/

Log in to Managment console

If the page belows is displayed, select Administration Console and log in.

The Login ID and password are the KEYCLOAK_USER and KEYCLOAK_PASSWORD registered in Create Exastro system admin.

Open the Keycloak managment page.

Update

This section describes how to update the Exastro system.

Update preparation

Warning

We recommend that back up the data before updating.

Update Helm repository

Update the Exastro system’s Helm repository.

Check the version before updating.

Listing 64 Command

# Check Repository information
helm search repo exastro

Listing 65 Run results

helm search repo exastro
NAME                            CHART VERSION   APP VERSION     DESCRIPTION
exastro/exastro                 1.0.0           2.0.3           A Helm chart for Exastro. Exastro is an Open So...
exastro/exastro-it-automation   1.2.0           2.0.3           A Helm chart for Exastro IT Automation. Exastro...
exastro/exastro-platform        1.5.0           1.4.0           A Helm chart for Exastro Platform. Exastro Plat...

Update the Helm repository.

Listing 66 Command

# Update Repository information
helm repo update

Check that it has been updated to the latest version.

Listing 67 Command

# Check Repository information
helm search repo exastro

Listing 68 Run results

helm search repo exastro
NAME                            CHART VERSION   APP VERSION     DESCRIPTION
exastro/exastro                 1.0.1           2.1.0           A Helm chart for Exastro. Exastro is an Open So...
exastro/exastro-it-automation   1.2.0           2.0.3           A Helm chart for Exastro IT Automation. Exastro...
exastro/exastro-platform        1.5.0           1.4.0           A Helm chart for Exastro Platform. Exastro Plat...

Check default setting values and update data

Check the updated default values.

Compare the exastro.yaml file pre and post update.

Listing 69 Command

diff -u exastro.yaml <(helm show values exastro/exastro)

Listing 70 Run results

exastro-platform:
  platform-api:
    image:
      repository: "exastro/exastro-platform-api"
       tag: ""

  platform-auth:
+    extraEnv:
+      # Please set the URL to access
+      EXTERNAL_URL: ""
+      EXTERNAL_URL_MNG: ""
    ingress:
      enabled: true
      hosts:
        - host: exastro-suite.example.local
          paths:

Update setting values

Warning

Both the username and password must be the same as before updating the system.

After comparing the default setting values, add any desired items and setting values before updating.

If no setting value update is needed, skip this step.

E.g. In the example below, exastro-platform.platform-auth.extraEnv is added, meaning that the corresponding setting items and values in exastro.yaml must be added.

Listing 71 Run results

exastro-platform:
  platform-api:
    image:
      repository: "exastro/exastro-platform-api"
       tag: ""

  platform-auth:
+    extraEnv:
+      # Please set the URL to access
+      EXTERNAL_URL: ""
+      EXTERNAL_URL_MNG: ""
    ingress:
      enabled: true
      hosts:
        - host: exastro-suite.example.local
          paths:

Specify Encryption key

Specify the encryption key backed up.

Listing 72 exastro.yaml

--- /home/runner/work/exastro-it-automation-docs/exastro-it-automation-docs/workspace/src/en/2.6/installation/literal_includes/exastro.yaml
+++ /home/runner/work/exastro-it-automation-docs/exastro-it-automation-docs/workspace/src/en/2.6/installation/literal_includes/update_exastro.yaml
@@ -8,7 +8,7 @@
       LANGUAGE: "en"
       TZ: "Asia/Tokyo"
     secret:
-      ENCRYPT_KEY: ""
+      ENCRYPT_KEY: "JnIoXzJtPic2MXFqRl1yI1chMj8hWzQrNypmVn41Pk8="
     persistence:
       enabled: true
       accessMode: ReadWriteMany
@@ -36,7 +36,7 @@
       LANGUAGE: "en"
       TZ: "Asia/Tokyo"
     secret:
-      ENCRYPT_KEY: ""
+      ENCRYPT_KEY: "bHFZe2VEVVM2PmFeQDMqNG4oZT4lTlglLjJJekxBTHE="
   pfAuditLogDefinition:
     name: pf-auditlog
     persistence:
@@ -621,3 +621,4 @@
               - mongo
           topologyKey: kubernetes.io/hostname
 
+

Update

Warning

If updating from version 2.2.1 or before to 2.3.0 or later, the user must perform Uninstall’s Delete persistent volumes and then re-run Install.

Danger

Do not run Deleting Persistent data.

Deleting persistent data will delete all data before the update.

Stop service

1. Checking the number of running Pods

   Check the number of running Pods before starting the operation and record their status.
   Listing 73 Command

   kubectl get deploy,statefulset -o jsonpath='{range .items[*]}{@.metadata.name}:{@.spec.replicas}{"\n"}' -n exastro
   

   Listing 74 Execution result

   ita-api-admin:1
   ita-api-oase-receiver:1
   ita-api-organization:1
   ita-by-ansible-execute:1
   ita-by-ansible-legacy-role-vars-listup:1
   ita-by-ansible-legacy-vars-listup:1
   ita-by-ansible-pioneer-vars-listup:1
   ita-by-ansible-towermaster-sync:1
   ita-by-cicd-for-iac:1
   ita-by-collector:1
   ita-by-conductor-regularly:1
   ita-by-conductor-synchronize:1
   ita-by-excel-export-import:1
   ita-by-hostgroup-split:1
   ita-by-menu-create:1
   ita-by-menu-export-import:1
   ita-by-oase-conclusion:1
   ita-by-terraform-cli-execute:1
   ita-by-terraform-cli-vars-listup:1
   ita-by-terraform-cloud-ep-execute:1
   ita-by-terraform-cloud-ep-vars-listup:1
   ita-web-server:1
   mariadb:1
   platform-api:1
   platform-auth:1
   platform-job:1
   platform-web:1
   keycloak:1
   mongo:1
   :
   

   The service names and replica counts of each Deployment and StatefulSet are displayed.

   Warning

   The displayed services vary depending on the version.

2. Application shutdown

   Scale the Pods of the application (platform-auth) down to zero to restrict access.
   Listing 75 Command

   kubectl scale deploy,statefulset -n exastro --replicas=0 --all=true
   

   Listing 76 Execution result

   deployment.apps/ita-api-admin scaled
   deployment.apps/ita-api-oase-receiver scaled
   deployment.apps/ita-api-organization scaled
   deployment.apps/ita-by-ansible-execute scaled
   deployment.apps/ita-by-ansible-legacy-role-vars-listup scaled
   deployment.apps/ita-by-ansible-legacy-vars-listup scaled
   deployment.apps/ita-by-ansible-pioneer-vars-listup scaled
   deployment.apps/ita-by-ansible-towermaster-sync scaled
   deployment.apps/ita-by-cicd-for-iac scaled
   deployment.apps/ita-by-collector scaled
   deployment.apps/ita-by-conductor-regularly scaled
   deployment.apps/ita-by-conductor-synchronize scaled
   deployment.apps/ita-by-excel-export-import scaled
   deployment.apps/ita-by-hostgroup-split scaled
   deployment.apps/ita-by-menu-create scaled
   deployment.apps/ita-by-menu-export-import scaled
   deployment.apps/ita-by-oase-conclusion scaled
   deployment.apps/ita-by-terraform-cli-execute scaled
   deployment.apps/ita-by-terraform-cli-vars-listup scaled
   deployment.apps/ita-by-terraform-cloud-ep-execute scaled
   deployment.apps/ita-by-terraform-cloud-ep-vars-listup scaled
   deployment.apps/ita-web-server scaled
   deployment.apps/mariadb scaled
   deployment.apps/platform-api scaled
   deployment.apps/platform-auth scaled
   deployment.apps/platform-job scaled
   deployment.apps/platform-web scaled
   statefulset.apps/keycloak scaled
   statefulset.apps/mongo scaled
   

   Warning

   The displayed services vary depending on the version.

3. Checking the number of running Pods

   Check that all targeted Pods have been scaled down to zero.
   Listing 77 Command

   kubectl get deploy,statefulset -n exastro
   

   Listing 78 Execution result

   NAME                                                     READY   UP-TO-DATE   AVAILABLE   AGE
   deployment.apps/ita-api-admin                            0/0     0            0           26h
   deployment.apps/ita-api-oase-receiver                    0/0     0            0           26h
   deployment.apps/ita-api-organization                     0/0     0            0           26h
   deployment.apps/ita-by-ansible-execute                   0/0     0            0           26h
   deployment.apps/ita-by-ansible-legacy-role-vars-listup   0/0     0            0           26h
   deployment.apps/ita-by-ansible-legacy-vars-listup        0/0     0            0           26h
   deployment.apps/ita-by-ansible-pioneer-vars-listup       0/0     0            0           26h
   deployment.apps/ita-by-ansible-towermaster-sync          0/0     0            0           26h
   deployment.apps/ita-by-cicd-for-iac                      0/0     0            0           26h
   deployment.apps/ita-by-collector                         0/0     0            0           26h
   deployment.apps/ita-by-conductor-regularly               0/0     0            0           26h
   deployment.apps/ita-by-conductor-synchronize             0/0     0            0           26h
   deployment.apps/ita-by-excel-export-import               0/0     0            0           26h
   deployment.apps/ita-by-hostgroup-split                   0/0     0            0           26h
   deployment.apps/ita-by-menu-create                       0/0     0            0           26h
   deployment.apps/ita-by-menu-export-import                0/0     0            0           26h
   deployment.apps/ita-by-oase-conclusion                   0/0     0            0           26h
   deployment.apps/ita-by-terraform-cli-execute             0/0     0            0           26h
   deployment.apps/ita-by-terraform-cli-vars-listup         0/0     0            0           26h
   deployment.apps/ita-by-terraform-cloud-ep-execute        0/0     0            0           26h
   deployment.apps/ita-by-terraform-cloud-ep-vars-listup    0/0     0            0           26h
   deployment.apps/ita-web-server                           0/0     0            0           26h
   deployment.apps/mariadb                                  0/0     0            0           26h
   deployment.apps/platform-api                             0/0     0            0           26h
   deployment.apps/platform-auth                            0/0     0            0           26h
   deployment.apps/platform-job                             0/0     0            0           26h
   deployment.apps/platform-web                             0/0     0            0           26h
   
   NAME                        READY   AGE
   statefulset.apps/keycloak   0/0     25h
   statefulset.apps/mongo      0/0     26h
   

   Warning

   The displayed services vary depending on the version.

Start Update

Start the update.

Listing 79 Command

helm upgrade exastro exastro/exastro --install \
  --namespace exastro --create-namespace \
  --values exastro.yaml

Listing 80 Output results

NAME: exastro
LAST DEPLOYED: Sat Jan 28 15:00:02 2023
NAMESPACE: exastro
STATUS: deployed
REVISION: 2
TEST SUITE: None
NOTES:
Exastro install completion!

1. Execute the following command and wait until the pod becomes "Running" or "Completed":

  # NOTE: You can also append "-w" to the command or wait until the state changes with "watch command"

  kubectl get pods --namespace exastro

2. Get the ENCRYPT_KEY by running these commands:

  # Exastro IT Automation ENCRYPT_KEY
  kubectl get secret ita-secret-ita-global --namespace exastro -o jsonpath='{.data.ENCRYPT_KEY}' | base64 -d

  # Exastro Platform ENCRYPT_KEY
  kubectl get secret platform-secret-pf-global --namespace exastro -o jsonpath='{.data.ENCRYPT_KEY}' | base64 -d

  !!! Please save the output ENCRYPT_KEY carefully. !!!

3. Run the following command to get the application URL and go to the URL or go to the displayed URL:
  *************************
  * Service Console       *
  *************************
  http://exastro-suite.example.local/

  *************************
  * Administrator Console *
  *************************
  http://exastro-suite-mng.example.local/auth/


  # Note: You can display this note again by executing the following command.

Restart service

※ The replicas specified in exastro.yaml will be re-started. There is therefore no need to restart them manually.

Move on to Confirm Update status..

1. Service resumption

   Restore the number of Pods for each Deployment to the values recorded at the time of service shutdown.
   Listing 81 Command

   kubectl scale deploy,statefulset -n exastro --replicas=1 --all=true
   

   To resume with individually specified replica counts, use the following command.

   Enter the service name that was confirmed when the service was stopped.
   Listing 82 Command

   kubectl scale deployment [Service Name] -n exastro --replicas=[replicas数]
   

   For version 2.4.0 and later, use the following commands to resume the services ‘keycloak’ and ‘mongodb’.
   Listing 83 Command

   kubectl scale statefulset [Service Name] -n exastro --replicas=[replicas数]
   

   Tip

   To specify multiple service names, separate them using commas.

2. Check the number of running Pods

   Verify that the number of target Pods started above has been restored and all are in the READY state.
   Listing 84 Command

   kubectl get deploy,statefulset -n exastro
   

   Listing 85 Execution result

   NAME                                                     READY   UP-TO-DATE   AVAILABLE   AGE
   deployment.apps/ita-api-admin                            1/1     1            1           26h
   deployment.apps/ita-api-oase-receiver                    1/1     1            1           26h
   deployment.apps/ita-api-organization                     1/1     1            1           26h
   deployment.apps/ita-by-ansible-execute                   1/1     1            1           26h
   deployment.apps/ita-by-ansible-legacy-role-vars-listup   1/1     1            1           26h
   deployment.apps/ita-by-ansible-legacy-vars-listup        1/1     1            1           26h
   deployment.apps/ita-by-ansible-pioneer-vars-listup       1/1     1            1           26h
   deployment.apps/ita-by-ansible-towermaster-sync          1/1     1            1           26h
   deployment.apps/ita-by-cicd-for-iac                      1/1     1            1           26h
   deployment.apps/ita-by-collector                         1/1     1            1           26h
   deployment.apps/ita-by-conductor-regularly               1/1     1            1           26h
   deployment.apps/ita-by-conductor-synchronize             1/1     1            1           26h
   deployment.apps/ita-by-excel-export-import               1/1     1            1           26h
   deployment.apps/ita-by-hostgroup-split                   1/1     1            1           26h
   deployment.apps/ita-by-menu-create                       1/1     1            1           26h
   deployment.apps/ita-by-menu-export-import                1/1     1            1           26h
   deployment.apps/ita-by-oase-conclusion                   1/1     1            1           26h
   deployment.apps/ita-by-terraform-cli-execute             1/1     1            1           26h
   deployment.apps/ita-by-terraform-cli-vars-listup         1/1     1            1           26h
   deployment.apps/ita-by-terraform-cloud-ep-execute        1/1     1            1           26h
   deployment.apps/ita-by-terraform-cloud-ep-vars-listup    1/1     1            1           26h
   deployment.apps/ita-web-server                           1/1     1            1           26h
   deployment.apps/mariadb                                  1/1     1            1           26h
   deployment.apps/platform-api                             1/1     1            1           26h
   deployment.apps/platform-auth                            1/1     1            1           26h
   deployment.apps/platform-job                             1/1     1            1           26h
   deployment.apps/platform-web                             1/1     1            1           26h
   
   NAME                        READY   AGE
   statefulset.apps/keycloak   1/1     26h
   statefulset.apps/mongo      1/1     26h
   

   Warning

   The displayed services vary depending on the version.

Confirm Update status.

Use the command below to check whether the installation and service startup have finished.

Listing 86 Command

# Retrieve the list of Pods
kubectl get po --namespace exastro

If the system has started successfully, ita-migration-xxx and platform-migration-xxx will show as Completed, and all other pods will be in the Running state.

Note: It may take a few minutes for the system to start up completely.

Listing 87 Output

NAME                                                      READY   STATUS      RESTARTS   AGE
ita-api-admin-6b8567596d-rgjms                            1/1     Running     0          7h40m
ita-api-oase-receiver-6b74bdff6-zmcrw                     1/1     Running     0          7h40m
ita-api-organization-559d7d8f89-ptphh                     1/1     Running     0          7h40m
ita-by-ansible-execute-5dc444c999-w6gmr                   1/1     Running     0          7h40m
ita-by-ansible-legacy-role-vars-listup-6d8f98895f-bvjgn   1/1     Running     0          7h40m
ita-by-ansible-legacy-vars-listup-6ccd997cf-hvkzq         1/1     Running     0          7h40m
ita-by-ansible-pioneer-vars-listup-6cfcfd4479-8bqst       1/1     Running     0          7h40m
ita-by-ansible-towermaster-sync-6759486f8f-wrbbp          1/1     Running     0          7h40m
ita-by-cicd-for-iac-7b75cc56f5-rrrvg                      1/1     Running     0          7h40m
ita-by-collector-7748d54f59-8j5r2                         1/1     Running     0          7h40m
ita-by-conductor-regularly-779ff79775-xnt29               1/1     Running     0          7h40m
ita-by-conductor-synchronize-5d5485479-5df54              1/1     Running     0          7h40m
ita-by-excel-export-import-6f84f97dcf-hlm4h               1/1     Running     0          7h40m
ita-by-hostgroup-split-59b698f479-cxggd                   1/1     Running     0          7h40m
ita-by-menu-create-796bdc9c75-l79zq                       1/1     Running     0          7h40m
ita-by-menu-export-import-849d796bb5-5mpw2                1/1     Running     0          7h40m
ita-by-oase-conclusion-b484595d7-kssv4                    1/1     Running     0          7h40m
ita-by-terraform-cli-execute-769d874d7-sknn6              1/1     Running     0          7h40m
ita-by-terraform-cli-vars-listup-7f589cdddc-g5xz6         1/1     Running     0          7h40m
ita-by-terraform-cloud-ep-execute-7f8b6d87cc-kfmfv        1/1     Running     0          7h40m
ita-by-terraform-cloud-ep-vars-listup-6cccbd4899-6frcn    1/1     Running     0          7h40m
ita-migration-1-3-6-lydz                                  0/1     Completed   0          7h40m
ita-web-server-b4cd4cdf8-wkx78                            1/1     Running     0          7h40m
keycloak-0                                                1/1     Running     0          7h40m
mariadb-778786f7d-ss4cq                                   1/1     Running     0          7h40m
mongo-0                                                   1/1     Running     0          7h40m
platform-api-ffb78f578-svd5t                              1/1     Running     0          7h40m
platform-auth-75895d784-9hhxw                             1/1     Running     0          7h40m
platform-job-864c47d4f-8vvvq                              1/1     Running     0          7h40m
platform-migration-1-8-0-rjwr                             0/1     Completed   0          7h40m
platform-web-6644884657-dmwp6                             1/1     Running     0          7h40m

Uninstall

This section explains how to uninstall Exastro.

Uninstall preparation

Warning

We recommend that back up the data before uninstalling.

Uninstall

Start Uninstall

Start the uninstall process.

Listing 88 Command

helm uninstall exastro --namespace exastro

Listing 89 Output results

release "exastro" uninstalled

Delete persistent volumes

This section describes how to delete data if a persistent volume(PV) has been created on Kubernetes using hostPath.

If using external databases (managed databases included), make sure to delete environmental data as well.

For Databases

Listing 90 Command

kubectl delete pv pv-database

Listing 91 Execution results

persistentvolume "pv-database" deleted

For Files

Listing 92 Command

kubectl delete pv pv-ita-common

Listing 93 Execution results

persistentvolume "pv-ita-common" deleted

For OASE

Listing 94 Command

kubectl delete pv pv-mongo

Listing 95 Execution results

persistentvolume "pv-mongo" deleted

Listing 96 Command

kubectl delete pvc volume-mongo-storage-mongo-0 --namespace exastro

Listing 97 Execution results

persistentvolumeclaim "volume-mongo-storage-mongo-0" deleted

For GitLab

Listing 98 Command

kubectl delete pv pv-gitlab

Listing 99 Execution results

persistentvolume "pv-gitlab" deleted

For Monitoring log files

Listing 100 Command

kubectl delete pv pv-auditlog

Listing 101 Execution results

persistentvolume "pv-auditlog" deleted

Deleting Persistent data

Log in to the Kubernetes Control node and delete the data.

For Databases

The following command is an example where the hostPath is specified to /var/data/exastro-suite/exastro-platform/database when the Persistent Volume was created.

Listing 102 Command

# Log in to control node that has persistent data
ssh user@contol.node.example

# Delete persistent data
sudo rm -rf /var/data/exastro-suite/exastro-platform/database

For Files

The following command is an example where the hostPath is specified to /var/data/exastro-suite/exastro-it-automation/ita-common when the Persistent Volume was created.

Listing 103 Command

# Log in to control node that has persistent data
ssh user@contol.node.example

# Delete persistent data
sudo rm -rf /var/data/exastro-suite/exastro-it-automation/ita-common

For OASE

The following command is an example where the hostPath is specified to /var/data/exastro-suite/exastro-platform/mongo when the Persistent Volume was created.

Listing 104 Command

# Log in to control node that has persistent data
ssh user@contol.node.example

# Delete persistent data
sudo rm -rf /var/data/exastro-suite/exastro-platform/mongo

For GitLab

The following command is an example where the hostPath is specified to /var/data/exastro-suite/exastro-platform/gitlab when the Persistent Volume was created.

Listing 105 Command

# Log in to control node that has persistent data
ssh user@contol.node.example

# Delete persistent data
sudo rm -rf /var/data/exastro-suite/exastro-platform/gitlab

For Monitoring log files

The following command is an example where the hostPath is specified to /var/log/exastro when the Persistent Volume was created.

Listing 106 Command

# Log in to control node that has persistent data
ssh user@contol.node.example

# Delete persistent data
sudo rm -rf /var/log/exastro