I have following suggestions for Helm Chart installation tutorial:
1) After installing Kubernetes via Snap tutorial suggests issuing command
sudo chown -f -R $USER ~/.kube
Immediately after installation folder .kube does not exist - neither in sudo user home directory, nor in /root directory. Therefore this command does nothing. The folder appears after several minutes - supposedly after enabling Kubernetes features (dns dashboard etc).
2) In section Storage configuration tutorial instructs to create folder for mysql sudo mkdir -p /mnt/otk/mysql/, but does not mention creation of three other folders which are used in configuration yamls:
/mnt/otk/cms-public-uploads//mnt/otk/frontend-html//mnt/otk/es/
3) Helm tutorial omits information, that contents of 'cms-public-uploads.zip' need to be unzipped to /mnt/otk/cms-public-uploads/ as in Kubernetes tutorial.
4 a) Values.yaml does not contain option for setting password for termdb and discussiondb. The password is hardcoded into _toolkit_helpers.tpl_
There should be an option to set this password via values.yaml.
4 b) Also it would be more convenient to see database names and database user names in values.yaml and not in _toolkit_helpers.tpl_.
4 c) Values.yaml contains only setting for database ROOT_PASSWORD. Because there is no setting in values.yaml for termdb and discussiondb credentials it looks like all databases will be using user root for connections (which is not true). I'd suggest either moving configuration of server names, database names, database ports, database users and their passwords to values.yaml, or at least adding comment in values.yaml, that those settings are configured in _toolkit_helpers.tpl_.
5) Section Toolkit Deployment. Running helm install fails with error that Helm can not find Kubernetes config file. I had to set environment variable with the path manually:
export KUBECONFIG=/var/snap/microk8s/current/credentials/client.config
Only then helm install ran successfully.
This variable needs to be set before every helm udate command too.
6) As helm upgrade command is mentioned, it would be helpful to explain, how to create new version of Helm Chart tgz file. Does only version number in tgz file name must be updated? Does appVersion and version in Chart.yaml need to be updated also?
7) Helm Chart tutorial ends after successful Helm deployment, but there are more steps to make the Toolkit functional - there should be a link to Keycloak configuration which is described in Kubernetes tutorial.
8 a) There is no information in Helm Chart tutorial, how to add certificates (neither automatically by Lets encrypt nor manually using commercially issued CA).
8 b) Kubernetes instruction on how to add certificates are not working for Helm Chart.
How to add certificates issued by CA. Kubernetes tutorial mentions creating namespace "otk" before deployment and running kubectl -n otk create secret tls tls-secret --cert=lki.crt --key=-lki.key.
But in case of Helm Chart deployment helm install fails if the namespace "otk" already exists.
What are correct steps for Helm? My steps were to not create namespace "otk", just deploy with helm install and then run kubectl -n otk create secret tls tls-secret --cert=lki.crt --key=-lki.key
9) As both Kubernetes and Helm Chart deployments use subdomains for Keycloak and Strapi, tutorials should contain warning, that wildcard certificates issued for main domain (.example.com) do not cover sub sub domains (auth.otk.example.com). Wildcard certificate for main Federm node subdomain is needed (.otk.example.com). Or one can use multidomain certificate listing all domains (auth.otk.example.com, strapi.otk.example.com, otk.example.com).
10) Accessing Kubernetes Dashboard is blocked by browser after SSL certificate is manually added, as Kubernetes Dashboard still uses self signed one (i.e. by default it does not use manually added certificates). It would be useful to add instruction, how to make Kubernetes Dashboard use the same certificates as other endpoints.
I have following suggestions for Helm Chart installation tutorial:
1) After installing Kubernetes via Snap tutorial suggests issuing command
sudo chown -f -R $USER ~/.kubeImmediately after installation folder.kubedoes not exist - neither in sudo user home directory, nor in /root directory. Therefore this command does nothing. The folder appears after several minutes - supposedly after enabling Kubernetes features (dns dashboard etc).2) In section Storage configuration tutorial instructs to create folder for mysql
sudo mkdir -p /mnt/otk/mysql/, but does not mention creation of three other folders which are used in configuration yamls:/mnt/otk/cms-public-uploads//mnt/otk/frontend-html//mnt/otk/es/3) Helm tutorial omits information, that contents of 'cms-public-uploads.zip' need to be unzipped to
/mnt/otk/cms-public-uploads/as in Kubernetes tutorial.4 a) Values.yaml does not contain option for setting password for termdb and discussiondb. The password is hardcoded into
_toolkit_helpers.tpl_There should be an option to set this password via values.yaml. 4 b) Also it would be more convenient to see database names and database user names in values.yaml and not in_toolkit_helpers.tpl_. 4 c) Values.yaml contains only setting for database ROOT_PASSWORD. Because there is no setting in values.yaml for termdb and discussiondb credentials it looks like all databases will be using user root for connections (which is not true). I'd suggest either moving configuration of server names, database names, database ports, database users and their passwords to values.yaml, or at least adding comment in values.yaml, that those settings are configured in_toolkit_helpers.tpl_.5) Section Toolkit Deployment. Running
helm installfails with error that Helm can not find Kubernetes config file. I had to set environment variable with the path manually:export KUBECONFIG=/var/snap/microk8s/current/credentials/client.configOnly thenhelm installran successfully. This variable needs to be set before everyhelm udatecommand too.6) As
helm upgradecommand is mentioned, it would be helpful to explain, how to create new version of Helm Chart tgz file. Does only version number in tgz file name must be updated? DoesappVersionandversionin Chart.yaml need to be updated also?7) Helm Chart tutorial ends after successful Helm deployment, but there are more steps to make the Toolkit functional - there should be a link to Keycloak configuration which is described in Kubernetes tutorial.
8 a) There is no information in Helm Chart tutorial, how to add certificates (neither automatically by Lets encrypt nor manually using commercially issued CA).
8 b) Kubernetes instruction on how to add certificates are not working for Helm Chart. How to add certificates issued by CA. Kubernetes tutorial mentions creating namespace "otk" before deployment and running
kubectl -n otk create secret tls tls-secret --cert=lki.crt --key=-lki.key. But in case of Helm Chart deploymenthelm installfails if the namespace "otk" already exists. What are correct steps for Helm? My steps were to not create namespace "otk", just deploy withhelm installand then runkubectl -n otk create secret tls tls-secret --cert=lki.crt --key=-lki.key9) As both Kubernetes and Helm Chart deployments use subdomains for Keycloak and Strapi, tutorials should contain warning, that wildcard certificates issued for main domain (.example.com) do not cover sub sub domains (auth.otk.example.com). Wildcard certificate for main Federm node subdomain is needed (.otk.example.com). Or one can use multidomain certificate listing all domains (auth.otk.example.com, strapi.otk.example.com, otk.example.com).
10) Accessing Kubernetes Dashboard is blocked by browser after SSL certificate is manually added, as Kubernetes Dashboard still uses self signed one (i.e. by default it does not use manually added certificates). It would be useful to add instruction, how to make Kubernetes Dashboard use the same certificates as other endpoints.