On-premise deployment

Note: On-premise deployment is available only for users subscribed to our .

groundcover on-premise installation allows you to use groundcover in secured environments without relying on outbound connections except for authentication purposes (Auth0).

In this mode, groundcover installation includes 3 additional components:

router - the frontend microservice
grafana
postgresql - db backend for the router and grafana microservices

Load the enterprise image pull secret

Create a groundcover naåmespace (if not created by now) kubectl create ns groundcover
Load the image pull secret into the namespace kubectl create -f groundcover-enterprise-key.yml --namespace=groundcover

Create the Helm override

global:
  telemetry:
    enabled: false

saas:
  tls_skip_verify: true
  scheme: ws
  host: router-proxy
  port: 80

router:
  enabled: true
  imagePullSecrets:
  - groundcover-enterprise-key
  ingress:
    enabled: true # in case your are exposing the frontend
  ingresses:
    - name: frontend
      ingressClassName: #{lb class in case your are exposing the frontend}
      annotations:
      hosts:
        - host: #{domain}
          paths:
            - path: /
              pathType: Prefix
              port: 80

Optional: use existing PostgreSQL

Create a database on existing PostgresSQL

CREATE DATABASE grafana;
CREATE DATABASE rbac;
CREATE DATABASE kong;

Either manually or using a secret manager, create a secret in the following structure:

apiVersion: v1
kind: Secret
metadata:
  name: groundcover-postgresql
  namespace: groundcover
stringData:
  postgres-password: <password>
type: Opaque

Create/Update helm overrides file, with the following override:

global:
  postgresql:
    enabled: false
    overrideUrl: <postgres-url> #postgresql.default.svc.cluster.local:5432
    auth:
      existingSecret: groundcover-postgresql
      secretKeys:
        adminPasswordKey: postgres-password

Last updated 9 months ago