Skip to content

Install Gluu Flex on EKS#

System Requirements#

The resources may be set minimally to the below:

  • 8-13 GB RAM based on the services deployed
  • 8-11 CPU cores based on the services deployed
  • 50GB hard-disk

Use the listing below for a detailed estimation of the minimum required resources. The table contains the default resources recommendation per service. Depending on the use of each service the resources need may be increase or decrease.

Service CPU Unit RAM Disk Space Processor Type Required
Auth server 2.5 2.5GB N/A 64 Bit Yes
fido2 0.5 0.5GB N/A 64 Bit No
scim 1 1GB N/A 64 Bit No
config - job 0.3 0.3GB N/A 64 Bit Yes on fresh installs
persistence - job 0.3 0.3GB N/A 64 Bit Yes on fresh installs
nginx 1 1GB N/A 64 Bit Yes if ALB/Istio not used
auth-key-rotation 0.3 0.3GB N/A 64 Bit No [Strongly recommended]
config-api 1 1GB N/A 64 Bit No
casa 0.5 0.5GB N/A 64 Bit No
admin-ui 2 2GB N/A 64 Bit No
link 0.5 1GB N/A 64 Bit No
saml 0.5 1GB N/A 64 Bit No

Releases of images are in style 1.0.0-beta.0, 1.0.0-0

Initial Setup#

  1. Before initiating the setup, please obtain an SSA for Flex trial, after which you will issued a JWT.

  2. Install aws cli

  3. Configure your AWS user account using aws configure command. This makes you able to authenticate before creating the cluster. Note that this user account must have permissions to work with Amazon EKS IAM roles and service linked roles, AWS CloudFormation, and a VPC and related resources

  4. Install kubectl

  5. Install eksctl

  6. Create cluster using eksctl such as the following example:

    eksctl create cluster --name gluu-cluster --nodegroup-name gluu-nodes --node-type NODE_TYPE --nodes 2  --managed --region REGION_CODE
    You can adjust node-type and nodes number as per your desired cluster size

  7. To be able to attach volumes to your pod, you need to install the Amazon EBS CSI driver

  8. Install Helm3

  9. Create gluu namespace where our resources will reside 

    kubectl create namespace gluu

Gluu Flex Installation using Helm#

  1. Install Nginx-Ingress, if you are not using Istio ingress

    helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo add stable https://charts.helm.sh/stable
helm repo update
helm install nginx ingress-nginx/ingress-nginx

  2. Create a file named override.yaml and add changes as per your desired configuration:

    • FQDN/domain is not registered:

      Get the Loadbalancer address: 

      kubectl get svc nginx-ingress-nginx-controller --output jsonpath='{.status.loadBalancer.ingress[0].hostname}'

      Add the following yaml snippet to your override.yaml file:

      global:
    isFqdnRegistered: false
config:
    configmap:
        lbAddr: http:// #Add LB address from previous command

    • FQDN/domain is registered:

      Add the following yaml snippet to your override.yaml file:

      global:
    isFqdnRegistered: true
    fqdn: demoexample.gluu.org #CHANGE-THIS to the FQDN used for Gluu
config:
    configmap:
        lbAddr: http:// #Add LB address from previous command
nginx:
  ingress:
      enabled: true
      path: /
      hosts:
      - demoexample.gluu.org #CHANGE-THIS to the FQDN used for Gluu
      tls:
      - secretName: tls-certificate
        hosts:
        - demoexample.gluu.org #CHANGE-THIS to the FQDN used for Gluu

    • PostgreSQL for persistence storage

      In a production environment, a production grade PostgreSQL server should be used such as Amazon RDS

      For testing purposes, you can deploy it on the EKS cluster using the following command:

      helm install my-release --set auth.postgresPassword=Test1234#,auth.database=gluu -n gluu oci://registry-1.docker.io/bitnamicharts/postgresql

      Add the following yaml snippet to your override.yaml file:

      global:
  cnPersistenceType: sql
config:
  configmap:
    cnSqlDbName: gluu
    cnSqlDbPort: 5432
    cnSqlDbDialect: pgsql
    cnSqlDbHost: my-release-postgresql.gluu.svc
    cnSqlDbUser: postgres
    cnSqlDbTimezone: UTC
    cnSqldbUserPassword: Test1234#

    • MySQL for persistence storage

      In a production environment, a production grade MySQL server should be used such as Amazon RDS

      For testing purposes, you can deploy it on the EKS cluster using the following command:

      helm install my-release --set auth.rootPassword=Test1234#,auth.database=gluu -n gluu oci://registry-1.docker.io/bitnamicharts/mysql

      Add the following yaml snippet to your override.yaml file:

      global:
  cnPersistenceType: sql
config:
  configmap:
    cnSqlDbName: gluu
    cnSqlDbPort: 3306
    cnSqlDbDialect: mysql
    cnSqlDbHost: my-release-mysql.gluu.svc
    cnSqlDbUser: root
    cnSqlDbTimezone: UTC
    cnSqldbUserPassword: Test1234#

      So if your desired configuration has FQDN and MySQL, the final override.yaml file will look something like that:

      global:
  cnPersistenceType: sql
  isFqdnRegistered: true
  fqdn: demoexample.gluu.org #CHANGE-THIS to the FQDN used for Gluu
nginx-ingress:
  ingress:
      path: /
      hosts:
      - demoexample.gluu.org #CHANGE-THIS to the FQDN used for Gluu
      tls:
      - secretName: tls-certificate
        hosts:
        - demoexample.gluu.org #CHANGE-THIS to the FQDN used for Gluu  
config:
  configmap:
    lbAddr: http:// #Add LB address from previous command
    cnSqlDbName: gluu
    cnSqlDbPort: 3306
    cnSqlDbDialect: mysql
    cnSqlDbHost: my-release-mysql.gluu.svc
    cnSqlDbUser: root
    cnSqlDbTimezone: UTC
    cnSqldbUserPassword: Test1234#

  3. Install Gluu Flex

    After finishing all the tweaks to the override.yaml file, we can use it to install gluu flex.

    helm repo add gluu-flex https://docs.gluu.org/charts
helm repo update
helm install gluu gluu-flex/gluu -n gluu -f override.yaml

Configure Gluu Flex#

You can use the Janssen TUI to configure Flex components. The TUI calls the Config API to perform ad hoc configuration.

Last update: 2024-11-18
Created: 2022-09-22