8.5 Deploy with Helm

Run the following Helm commands to complete the deployment. There are six steps, and they must be run in this order:

  • Download the SUSE Kubernetes charts repository

  • Create namespaces

  • If you are using SUSE Enterprise Storage, copy the storage secret to the UAA and SCF namespaces

  • Install UAA

  • Copy UAA secret and certificate to SCF namespace

  • Install SCF

8.5.1 Install the Kubernetes charts repository

Download the SUSE Kubernetes charts repository with Helm:

tux > helm repo add suse https://kubernetes-charts.suse.com/

You may replace the example suse name with any name. Verify with helm:

tux > helm repo list
NAME        URL                                             
stable      https://kubernetes-charts.storage.googleapis.com
local       http://127.0.0.1:8879/charts                    
suse        https://kubernetes-charts.suse.com/

List your chart names, as you will need these for some operations:

tux > helm search suse
NAME          VERSION  DESCRIPTION                                  
suse/cf       2.8.0    A Helm chart for SUSE Cloud Foundry          
suse/console  1.1.0    A Helm chart for deploying Stratos UI Console
suse/uaa      2.8.0    A Helm chart for SUSE UAA

8.5.2 Create Namespaces

Use kubectl on your host workstation to create and verify the UAA (User Account and Authentication) and SCF (SUSE Cloud Foundry) namespaces:

tux > kubectl create namespace uaa
 namespace "uaa" created
 
tux > kubectl create namespace scf
 namespace "scf" created
 
tux > kubectl get namespaces
NAME          STATUS    AGE
default       Active    27m
kube-public   Active    27m
kube-system   Active    27m
scf           Active    1m
uaa           Active    1m

8.5.3 Copy SUSE Enterprise Storage Secret

If you are using the hostpath storage class (see Section 8.2, Create hostpath Storage Class) there is no secret so skip this step.

If you are using SUSE Enterprise Storage you must copy the Ceph admin secret to the UAA and SCF namespaces:

tux > kubectl get secret ceph-secret-admin -o json --namespace default | \
sed 's/"namespace": "default"/"namespace": "uaa"/' | kubectl create -f -

tux > kubectl get secret ceph-secret-admin -o json --namespace default | \
sed 's/"namespace": "default"/"namespace": "scf"/' | kubectl create -f -

8.5.4 Install UAA

Use Helm to install the UAA (User Account and Authentication) server:

    
tux > helm install suse/uaa \
--name susecf-uaa \
--namespace uaa \
--values scf-config-values.yaml

Wait until you have a successful UAA deployment before going to the next steps, which you can monitor with the watch command. This will take time, possibly an hour or two, according to your hardware resources:

tux > watch -c 'kubectl get pods --all-namespaces'

When the status shows RUNNING for all of the UAA nodes, then proceed to the next step.

8.5.5 Install SUSE Cloud Foundry

First pass your UAA secret and certificate to SCF, then use Helm to install SUSE Cloud Foundry:

tux > SECRET=$(kubectl get pods --namespace uaa \
-o jsonpath='{.items[*].spec.containers[?(.name=="uaa")].env[?(.name=="INTERNAL_CA_CERT")].valueFrom.secretKeyRef.name}')

tux > CA_CERT="$(kubectl get secret $SECRET --namespace uaa \
-o jsonpath="{.data['internal-ca-cert']}" | base64 --decode -)"

tux > helm install suse/cf \
--name susecf-scf \
--namespace scf \
--values scf-config-values.yaml \
--set "secrets.UAA_CA_CERT=${CA_CERT}"

Now sit back and wait for the pods come online:

tux > watch -c 'kubectl get pods --all-namespaces'

When all services are running you can use the Cloud Foundry command-line interface to log in to SUSE Cloud Foundry. (See Section 2.10, Deploy SUSE Cloud Foundry.)