Huddo Boards for Kubernetes and IBM Cloud Private¶
Deploying Huddo Boards into Kubernetes -or- IBM Cloud Private for on-premise environments
Prerequisites¶
- Kubernetes is installed and running
- WebSphere environment with Web Server (or another reverse proxy)
- kubectl is installed
- helm is installed
- SMTP gateway setup for email notifications if required
- Quay.io - Red Hat account setup with access to the Huddo Boards repository. Please send your account details to support@huddo.com if you do not already have this.
-
kubectl configured
Instructions Kubernetes copy ~/kube/.config
from the Kubernetes master server to the same location locally(backup any existing local config)IBM Cloud Private - Open ICP Console- Go to Admin
(top right)- ClickConfig Client
- Copy the contents shown- Open your command line / terminal- Paste the commands copied earlier and press enter
SSL / Network¶
Kubernetes for on-premise environments requires a reverse proxy to route traffic. There are a number of different ways this reverse proxy can be configured and Huddo Boards aims to match whatever you already have in place. Some examples of network routing:
New domain | Path on existing domain | |
---|---|---|
Example of BOARDS_URL |
boards.example.com |
example.com/boards |
Example of API_URL |
api.example.com |
example.com/api-boards |
Requirement | 1. Reverse proxy able to match any current domains as well as the new one for Huddo Boards (either by using SNI or a compatible certificate for all domains).2. Certificate coverage for the 2 domains. | Ability to proxy the 2 paths |
Certificate Resolution | a) in your proxy and forward the unencrypted traffic to kubernetes-OR-b) forward the encrypted traffic and perform the certificate resolution in kubernetes (described in config below). | All certificate resolution on the proxy server |
Notes | IBM HTTP WebServer supports only one certificate. You must have a Wildcard certificate to cover all of your domains including the new Boards domains (ie *.example.com). | Additional config required to make Boards webfront handle redirects, details below. |
For Connections Header | Additional WebSphere application must be installed | - |
Please decide on which configuration will suit your environment best and the corresponding BOARDS_URL
& API_URL
. These values will then be used in the following documentation.
For more details on configuring an IBM HTTP WebServer as reverse proxy, please see here
OAuth¶
Huddo Boards currently supports the following oAuth providers for authentication and integration: HCL Connections (on premise), IBM Connections Cloud and Microsoft Office 365.
You will need to setup an OAuth application with one (or more) of these providers for Huddo Boards to function. please refer to the following documentation:
Provider | Registration / Documentation | Callback URL |
---|---|---|
HCL Connections (on premise) |
Huddo instructions | https://[BOARDS_URL]/auth/connections/callback |
Microsoft Office 365 | Azure app registrations | https://[BOARDS_URL]/auth/msgraph/callback |
Google Console | https://[BOARDS_URL]/auth/google/callback |
|
https://[BOARDS_URL]/auth/linkedin/callback |
||
Facebook developer centre | https://[BOARDS_URL]/auth/facebook/callback |
Huddo Boards namespace¶
kubectl create namespace boards
Database & Storage¶
Huddo Boards requires a Mongo database and an S3 file storage. If you already have equivalent services already then you can use your existing details in the config below, otherwise you may follow our instructions to deploy one or both of these services as follows:
Note: these tasks are very similar to each other and can be performed simultaneously
Secrets¶
-
Follow this guide to get access to our images in Quay.io
-
SSL certificate details
Only perform this step if you need to resolve certificates in kubernetes
kubectl create secret tls huddoboards-domain-secret --key </path/to/keyfile> --cert </path/to/certificate> --namespace=boards
Configuration¶
Download our config file and update all example values as required. Details as below.
Kubernetes Variables:
Key | Description |
---|---|
global.env.APP_URI |
https://[BOARDS_URL] |
global.env.MONGO_USER |
MongoDB userIf using our storage above you may leave this commented out |
global.env.MONGO_PASSWORD |
MongoDB passwordIf using our storage above you may leave this commented out |
global.env.MONGO_HOST |
MongoDB hostIf using our storage above you may leave the default |
global.env.MONGO_PARAMS |
MongoDB request parametersIf using our storage above you may leave the default |
global.env.S3_ENDPOINT |
S3 URLIf using our storage above you may leave the default |
global.env.S3_ACCESS_KEY |
S3 Access KeyIf using our storage above you may leave the default |
global.env.S3_SECRET_KEY |
S3 Secret KeyIf using our storage above you may leave the default |
webfront.ingress.hosts |
[BOARDS_URL] (no protocol) |
core.ingress.hosts |
[API_URL] (no protocol, e.g. api.huddoboards.com) |
Boards Variables:
Follow instructions on this page
Deploy Boards Chart¶
Install the Boards services via our Helm chart
helm upgrade huddo-boards https://docs.huddo.com/assets/config/kubernetes/huddo-boards-1.0.0.tgz -i -f ./boards.yaml --namespace boards --recreate-pods
Note:
--recreate-pods
ensures all images are up to date. This will cause downtime.
Proxy Config¶
Connections On Premise - update WAS config¶
in the linked document you should use the IP of your kubernetes manager and the http port for your ingress (32080 if you have component pack installed)
Please follow these instructions
Connections Cloud or Microsoft Office 365¶
Add a reverse proxy entry in your network that resolves your certificates and forwards your 2 domains to the IP of the kubernetes manager and the http port for your ingress. If any assistance is required
HCL Connections integrations¶
- Header (Note: only required if Boards is hosted on a different domain to Connections)
- Apps Menu
- Widgets
- Migrate your Activities to Boards