infinimesh Blog Install infinimesh platform in Kubernetes

We have built infinimesh (https://www.infinimesh.io) to run everywhere. In this blogpost we use microk8s as local installation, but any kubernetes distribution would work, too. We did installations with Canonical Multi-Cloud installations (https://www.ubuntu.com/kubernetes), as example.Okay, let's start.Installing operatorsInfinimesh is a Cloud Native Application and leverages Kubernetes Operators to install and maintain the platform. Depending on your setup, you may need to install:Infinimesh OperatorKafka Strimzi Operator (optional)KubeDB OperatorSet the default config for your clusterinfinimesh can be installed in different clusters from one console. To do so export the config you want to use, as example:export KUBECONFIG=$KUBECONFIG:~./kubeconfigInfinimesh OperatorThe following commands install the Infinimesh Kubernetes Operator into infinimesh-system.kubectl apply -f https://raw.githubusercontent.com/infinimesh/operator/master/manifests/crd.yaml kubectl apply -f https://raw.githubusercontent.com/infinimesh/operator/master/manifests/operator.yamlKubeDB Operator (optional)To provision Postgres and Redis instances, infinimesh uses KubeDB.curl -fsSL https://raw.githubusercontent.com/kubedb/cli/0.11.0/hack/deploy/kubedb.sh | bashStrimzi Kafka Operator (optional)Strimzi is a Kubernetes operator to install and maintain Kafka in a Cloud Native way. Strimzi is not required by Infinimesh. However, if you don't already have a Kafka installation, it is the recommended way to install Kafka. If you already have a Kafka Cluster, you can skip this step.Install Strimzi Kafka Operator into the namespace kafka:kubectl create namespace kafka curl -L https://github.com/strimzi/strimzi-kafka-operator/releases/download/0.11.1/strimzi-cluster-operator-0.11.1.yaml \ | sed 's/namespace: .*/namespace: kafka/' \ | kubectl -n kafka apply -f -For more details refer to https://strimzi.io/quickstarts/minikube/.NGINX Ingress ControllerFor API Servers and App, infinimesh uses Ingrees Controller. When using Minikube, enable it as addon:minikube addons enable ingressor with microk8s:microk8s.enable ingressIf you use microk8s with multipass use:multipass exec microk8s-vm -- /snap/bin/microk8s.enable ingressWhen deploy to a real cluster, follow the instructions here: (https://kubernetes.github.io/ingress-nginx/deploy/). This involves installing some manifests or a HELM chart and may vary slightly, depending on your infrastructure.TLS Certicate SetupInfinimesh requires X509 KeyPairs for the following applications:API Server gRPCAPI Server RESTMQTT BridgeApp (User Interface)To manage the certificates, infinimesh uses cert-manager. It is a Kubernetes operator to provision certificates. A typical usage is provisioning via Let's Encrypt, but infinimesh uses it for all kinds of certificates.You may serve these domains from any host/domain you want. It's just critical that you have TLS server certificates for each of them, with the used domain name. For local and development installation, certificates can be generated with openssl and self-signed. This is not recommended for producation scenarios, because other parties (e.g. users of the platform) will have to import the certificates into their trust store. This is not just inconvenient, but in most scenarios also makes the platform vulnerable to Man in the middle atacks. Thus, use self-signed certificates only local & testing environments.You need openssl for the following steps.Generate Root CA 0.1 Generate Private Keyopenssl genrsa -out ca.key 4096 openssl req -subj '/CN=infinimesh.local/O=Infinimesh' -new -x509 -sha256 -key ca.key -out ca.crt -days 3650