On-premise deployment

Note: On-premise deployment is available only for users subscribed to our Enterprise plan.

groundcover on-premise installation allows you to use groundcover in secured environments without relying on outbound connections except for authentication purposes (Auth0).

In this mode, groundcover installation includes 3 additional components:

router - the frontend microservice
grafana
postgresql - db backend for the router and grafana microservices

Load the enterprise image pull secret

Upon subscribing to Enterprise plan, you should receive a groundcover-enterprise-key Kubernetes Secret Object.
Create a groundcover naåmespace (if not created by now) kubectl create ns groundcover
Load the image pull secret into the namespace kubectl create -f groundcover-enterprise-key.yml --namespace=groundcover

Create the Helm override

global:
  telemetry:
    enabled: false

saas:
  tls_skip_verify: true
  scheme: ws
  host: router-proxy
  port: 80

router:
  enabled: true
  imagePullSecrets:
  - groundcover-enterprise-key
  ingress:
    enabled: true # in case your are exposing the frontend
  ingresses:
    - name: frontend
      ingressClassName: #{lb class in case your are exposing the frontend}
      annotations:
      hosts:
        - host: #{domain}
          paths:
            - path: /
              pathType: Prefix
              port: 80

Optional: use existing PostgreSQL

Create a database on existing PostgresSQL

CREATE DATABASE grafana;
CREATE DATABASE rbac;
CREATE DATABASE kong;

Either manually or using a secret manager, create a secret in the following structure:

apiVersion: v1
kind: Secret
metadata:
  name: groundcover-postgresql
  namespace: groundcover
stringData:
  postgres-password: <password>
type: Opaque

Create/Update helm overrides file, with the following override:

global:
  postgresql:
    enabled: false
    overrideUrl: <postgres-url> #postgresql.default.svc.cluster.local:5432
    auth:
      existingSecret: groundcover-postgresql
      secretKeys:
        adminPasswordKey: postgres-password

Last updated 3 months ago

global: telemetry: enabled: false saas: tls_skip_verify: true scheme: ws host: router-proxy port: 80 router: enabled: true imagePullSecrets: - groundcover-enterprise-key ingress: enabled: true # in case your are exposing the frontend ingresses: - name: frontend ingressClassName: #{lb class in case your are exposing the frontend} annotations: hosts: - host: #{domain} paths: - path: / pathType: Prefix port: 80

global: postgresql: enabled: false overrideUrl: <postgres-url> #postgresql.default.svc.cluster.local:5432 auth: existingSecret: groundcover-postgresql secretKeys: adminPasswordKey: postgres-password