Kubernetes Unattended Initialization

Once pods are created in the deployment, admins must complete an initialization process to seed the system with relevant details. This can be done either using a UI-based form or, as described below, using a YAML file with secrets.

YAML Structure

Running the installation from command line will involve creating a YAML file with the following basic structural outline:

apiVersion: v1 kind: Namespace metadata: name: pyramid --- apiVersion: v1 kind: Secret metadata: name: unattended-installation namespace: pyramid stringData: json: '{}'

Note: The indented items need to be indented with a double space.

JSONData

The JSONData snippet above (in red) is where all the details of the initialization are injected into the script. All fields in the JSON string are top level without any nesting.

Notes:

  • Fields marked with * are mandatory.
  • The JSONData string should be a single line of text without line breaks.

Database Fields:

  • createDB : If "on", the installer will create the database using the supplied credentials.
  • installationType :
    • If "existing", the database server should contain an existing (previously installed) Pyramid database.
    • If "new", or any value apart from existing, a new Pyramid database schema will be created in the provided database. This is the default value.
  • dbLocation:
    • 0 - Native installation - self provided database server. This is the default value.
    • 1 - AWS RDS.
    • 2 - Azure Managed Database.
    • 3 - GCP Cloud SQL.
  • serverType* : The database server type, either SqlServer or Postgresql.
  • serverAddress* : The database server address, either an IP address or FQDN.
  • port* : The database server port number.
  • database* : The database name.
  • dbUser* : The user name for connecting the database.
  • dbPass* : The user's password.
  • enforceDbSsl : Specify "on" to enforce SSL over the database connection, or "off" otherwise. The default setting is off. This option is supported for PostgreSQL and SQL server. For more information, see Encrypting Connections.
  • dbSslRootCert : If you selected to "enforceDbSsl", the value of the field should be a base64 encoded string representing a zip file containing one or more certificates in PEM format. Note: You only need to supply certificates that are self-signed (are not publicly signed).
  • fips : If "true", enables the use of FIPS compatible encryption algorithms. The default setting is "false". Note that this necessarily disables some of the product functionality. For more information, see Encryption and FIPS.
  • firstUser* :The user name of the first Pyramid admin user.
  • firstUserPass* : The password of the first Pyramid admin user (this can be changed later from inside the app).
  • license: The text content of a Pyramid license file. Use this to seed the license key into the deployment directly. The license file can also be uploaded after installation.
  • storageType* : The preferred persistent file storage method. One of: AWSS3, AzureBlob, PersistentVolume, FTP, SFTP, or NFS.

Storage Fields:

Based on the previous storageType setting, the following additional settings are required:

FTP/SFTP/NFS

  • storageHostName* : FTP server address
  • storagePort* : FTP server port
  • storageUserName* : FTP server username
  • storagePassword* : FTP server password
  • storageFolder* : Directory

AWS-S3

  • regionId* : AWS Region Code. A full list can be found here.
  • awsAccessKeyId* : AWS Access Key ID. To use an AWS IAM role, set awsAccessKeyId: "iam" after configuring a role on AWS. In this case, you do not need to set awsSecretAccessKey.
  • awsSecretAccessKey* : AWS Secret Access Key
  • awsBucket* : AWS S3 bucket name

Azure blobs

  • azureBlobAccountName* : Azure account name
  • azureBlobAccountKey* : Azure account key
  • azureContainer* : Azure container name

Persistent Volume

  • When the storageType is PersistentVolume, you need to specify which Persistent Volume to use. Where the installation is performed using Kubernetes this is specified in the appropriate YAML file. For details, see Kubernetes Configurator.

Examples

In the examples the JSON string is broken across multiple lines to enable reading. When you create your YAML file, the JSON string should be a single line of text without line breaks.

ClosedExample Installation

Base JSON:

{ "installationType": "new", "dbLocation": 0, "serverType": "Postgresql", "serverAddress": "", "port": 5432, "createDB": "on", "database": "pyramid", "dbUser": "postgres", "dbPass": "", "enforceDbSsl": "off", "firstUser": "admin", "firstUserPass": "", "storageType": "PersistentVolume" }'

final YAML:

apiVersion: v1 kind: Namespace metadata: name: pyramid --- apiVersion: v1 kind: Secret metadata: name: unattended-installation namespace: pyramid stringData: json: '{ "installationType": "new", "dbLocation": 0, "serverType": "Postgresql", "serverAddress": "", "port": 5432, "createDB": "on", "database": "pyramid", "dbUser": "postgres", "dbPass": "", "enforceDbSsl": "off", "firstUser": "admin", "firstUserPass": "", "storageType": "PersistentVolume" }''