Please note the code snippets in this section reuses the environment variables you set up when progressing through the tutorial, including the optional step of installing Minio. Please make sure you correctly define them or adapt the snippet to your specific use case.
The Mender server deployment requires generating keys that are used for user and
device authentication. The following snippet uses openssl
to generate the
required keys:
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:3072 | openssl rsa -out device_auth.key
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:3072 | openssl rsa -out useradm.key
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:3072 | openssl rsa -out device_auth.key
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:3072 | openssl rsa -out useradm.key
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:3072 | openssl rsa -out tenantadm.key
Before installing the Mender Server on the Kubernetes cluster using the Mender Helm chart, add the Mender Helm Chart repository:
helm repo add mender https://charts.mender.io
helm repo update
You can now install the Mender Server running:
export MENDER_SERVER_DOMAIN="mender.example.com"
export MENDER_SERVER_URL="https://${MENDER_SERVER_DOMAIN}"
cat >mender-3.3.2.yml <<EOF
global:
enterprise: false
mongodb:
URL: "mongodb://root:${MONGODB_ROOT_PASSWORD}@mongodb-0.mongodb-headless.default.svc.cluster.local:27017,mongodb-1.mongodb-headless.default.svc.cluster.local:27017"
nats:
URL: "nats://nats:4222"
s3:
AWS_URI: "https://${MINIO_DOMAIN_NAME}"
AWS_BUCKET: "mender-artifact-storage"
AWS_ACCESS_KEY_ID: "${MINIO_ACCESS_KEY}"
AWS_SECRET_ACCESS_KEY: "${MINIO_SECRET_KEY}"
url: "${MENDER_SERVER_URL}"
api_gateway:
env:
SSL: false
device_auth:
certs:
key: |-
$(cat device_auth.key | sed -e 's/^/ /g')
useradm:
certs:
key: |-
$(cat useradm.key | sed -e 's/^/ /g')
EOF
helm upgrade --install mender mender/mender --version 3.3.2 -f mender-3.3.2.yml
The following deployment requires access to the Mender Enterprise Container Registry. Please email contact@mender.io to receive an evaluation account.
export MENDER_REGISTRY_USERNAME="replace-with-your-username"
export MENDER_REGISTRY_PASSWORD="replace-with-your-password"
export MENDER_SERVER_URL="https://${MENDER_SERVER_DOMAIN}"
cat >mender-3.3.2.yml <<EOF
global:
enterprise: true
image:
username: "${MENDER_REGISTRY_USERNAME}"
password: "${MENDER_REGISTRY_PASSWORD}"
mongodb:
URL: "mongodb://root:${MONGODB_ROOT_PASSWORD}@mongodb-0.mongodb-headless.default.svc.cluster.local:27017,mongodb-1.mongodb-headless.default.svc.cluster.local:27017"
nats:
URL: "nats://nats:4222"
s3:
AWS_URI: "https://${MINIO_DOMAIN_NAME}"
AWS_BUCKET: "mender-artifact-storage"
AWS_ACCESS_KEY_ID: "${MINIO_ACCESS_KEY}"
AWS_SECRET_ACCESS_KEY: "${MINIO_SECRET_KEY}"
url: "${MENDER_SERVER_URL}"
api_gateway:
env:
SSL: false
device_auth:
certs:
key: |-
$(cat device_auth.key | sed -e 's/^/ /g')
tenantadm:
certs:
key: |-
$(cat tenantadm.key | sed -e 's/^/ /g')
useradm:
certs:
key: |-
$(cat useradm.key | sed -e 's/^/ /g')
EOF
helm upgrade --install mender mender/mender --version 3.3.2 -f mender-3.3.2.yml
To store the Mender artifacts in an AWS S3 bucket instead of relying on a Minio service, update
the examples above as follows:
global:
s3:
AWS_URI: "https://<name-of-your-bucket>.s3.<your-aws-region>.amazonaws.com"
AWS_BUCKET: "<name-of-your-bucket>"
AWS_REGION: "<your-aws-region>"
AWS_ACCESS_KEY_ID: "<your-access-key-id>"
AWS_SECRET_ACCESS_KEY: "<your-secret-access-key>"
AWS_FORCE_PATH_STYLE: "false"
You must configure an Ingress or a Load Balancer to expose the Mender Server outside the Kubernetes cluster.
For example, to expose the Mender Server with an Ingress, run:
cat >mender-ingress.yml <<EOF
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: mender-ingress
annotations:
cert-manager.io/issuer: "letsencrypt"
spec:
tls:
- hosts:
- ${MENDER_SERVER_DOMAIN}
secretName: mender-ingress-tls
rules:
- host: "${MENDER_SERVER_DOMAIN}"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: mender-api-gateway
port:
number: 80
EOF
kubectl apply -f mender-ingress.yml
Create the initial user using the useradm
pod:
USERADM_POD=$(kubectl get pod -l 'app.kubernetes.io/name=useradm' -o name | head -1)
kubectl exec $USERADM_POD -- useradm create-user --username "demo@mender.io" --password "demodemo"
Create the administrator user using the tenantadm
pod:
TENANTADM_POD=$(kubectl get pod -l 'app.kubernetes.io/name=tenantadm' -o name | head -1)
TENANT_ID=$(kubectl exec $TENANTADM_POD tenantadm create-org --name demo --username "admin@mender.io" --password "adminadmin" --plan enterprise)
You can create additional users from the command line of the useradm
pod:
USERADM_POD=$(kubectl get pod -l 'app.kubernetes.io/name=useradm' -o name | head -1)
kubectl exec $USERADM_POD -- useradm-enterprise create-user --username "demo@mender.io" --password "demodemo" --tenant-id $TENANT_ID
To use a pre-release (master) version of the backend, please refer to the Development section of the documentation.
© 2023 Northern.tech AS