On-premise deployment
groundcover on-premise installation allows you to use groundcover in secured environments without relying on outbound connections except for authentication purposes (Auth0).
In this mode, groundcover installation includes 3 additional components:
router- the frontend microservicegrafanapostgresql- db backend for the router and grafana microservices
Load the enterprise image pull secret
Upon subscribing to Enterprise plan, you should receive a
groundcover-enterprise-keyKubernetes Secret Object.Create a groundcover naåmespace (if not created by now)
kubectl create ns groundcoverLoad the image pull secret into the namespace
kubectl create -f groundcover-enterprise-key.yml --namespace=groundcover
Create the Helm override
global:
telemetry:
enabled: false
saas:
tls_skip_verify: true
scheme: ws
host: router-proxy
port: 80
router:
enabled: true
imagePullSecrets:
- groundcover-enterprise-key
ingress:
enabled: true # in case your are exposing the frontend
ingresses:
- name: frontend
ingressClassName: #{lb class in case your are exposing the frontend}
annotations:
hosts:
- host: #{domain}
paths:
- path: /
pathType: Prefix
port: 80Optional: use existing PostgreSQL
Create a database on existing PostgresSQL
CREATE DATABASE grafana;
CREATE DATABASE rbac;
CREATE DATABASE kong;Either manually or using a secret manager, create a secret in the following structure:
apiVersion: v1
kind: Secret
metadata:
name: groundcover-postgresql
namespace: groundcover
stringData:
postgres-password: <password>
type: OpaqueCreate/Update helm overrides file, with the following override:
global:
postgresql:
enabled: false
overrideUrl: <postgres-url> #postgresql.default.svc.cluster.local:5432
auth:
existingSecret: groundcover-postgresql
secretKeys:
adminPasswordKey: postgres-passwordLast updated