Installation
helm upgrade --install <releasename> \ oci://registry.crosser.cloud/charts/node --version 0.4.1 \ --create-namespace -n <namespace> --values <path-to-your-values.yaml> # # If you want to use custom certificate in store you need to set the cert location with set-file option to helm # helm upgrade --install <releasename> \ oci://registry.crosser.cloud/charts/node --version 0.4.1 \ --create-namespace -n <namespace> \ --values <path-to-your-values.yaml> \ --set node.custom.certificate.enbled=true \ --set-file node.custom.certificate.file=<path-to-your-cert.crt>
Before installing a node you need to update the values.yaml file with credentials to the Crosser Docker registry and for your Crosser Node. This information can be found in Control Center on the Nodes page and the Register Nodes tab (Docker credentials are available in the advancced options section).
Configuration
The values.yaml file is divided into a node specific configuration section, and a Kubernetes deployment specific section.
Examples of a typical config files:
# values.yaml (with nodeID and accessKey) registry: host: docker.crosser.io username: username password: password node: nodeID: nodeid accessKey: accesskey expose: type: ClusterIP # values.yaml (with globalKey registration) registry: host: docker.crosser.io username: username password: password node: globalKey: enabled: true registrationKey: your-global-key # values.yaml (with ingress with basic-auth) registry: host: docker.crosser.io username: username password: password node: nodeID: nodeid accessKey: accesskey expose: ingress: enabled: true host: crossernode.domain.tld auth: enabled: true username: "edgenode" password: "edgenode" tls: enabled: true # values.yaml (with ingress and openshift edge termination) registry: host: docker.crosser.io username: username password: password node: nodeID: nodeid accessKey: accesskey expose: ingress: enabled: true host: crossernode.domain.tld tls: enabled: true openshiftEdgeTermination: true
Settings
The following table lists the configurable parameters of the node chart and their default values.
Parameter | Description | Default |
registry | Container registry credentials <br> Copy credentials from Crosser Cloud | {"email":"name@domain.tld","host":"docker.crosser.io","password":"password","username":"username"} |
node.nodeID | Copy nodeID from Crosser Cloud when you create an node | "" |
node.accessKey | Copy accessKey from Crosser Cloud when you create an node | "" |
node.globalKey.enabled | Set to true if you want to use globalKey instead of nodeID and accessKey | false |
node.globalKey.registrationKey | The global registration key you, or your administrator, generated in Crosser Cloud | "" |
node.globalKey.registrationName | Name you want to give the node (only alphanumerical characters and underscore are allowed in node names) If empty the name "Release.name" from the chart will be used | "" |
node.baseURL | URL the node will connect to | cloud.crosser.io |
node.logLevel | LogLevel options are [Information, Debug] | Information |
node.proxy | Proxy settings | {"enabled":false,"host":"http://username:password@proxy.domain.tld:8080","noproxy":""} |
node.image.repository | docker.crosser.io/crosser/edgenode | |
node.image.tag | Overrides the image tag whose default is the chart appVersion. | "" |
node.persistence.enabled | If true, use a Persistent Volume Claim, If false, use emptyDir | true |
node.persistence.resourcePolicy | Setting it to "keep" to avoid removing PVCs during a helm delete operation. Leaving it empty will delete PVCs after the chart deleted | "keep" |
node.persistence.persistentVolumeClaim.existingClaim | Use the existing PVC which must be created manually before bound, and specify the "subPath" if the PVC is shared with other components | "" |
node.persistence.persistentVolumeClaim.subPath | "" | |
node.persistence.persistentVolumeClaim.storageClass | Specify the "storageClass" used to provision the volume. Or the default StorageClass will be used(the default). Set it to "-" to disable dynamic provisioning | "" |
node.persistence.persistentVolumeClaim.accessMode | ReadWriteOnce | |
node.persistence.persistentVolumeClaim.size | 10Gi | |
node.serviceAccountName | Set the service account to be used, default if left empty | "" |
node.resources | Define resources requests and limits for single Pods.<br> Ref: https://kubernetes.io/docs/user-guide/compute-resources/ | {} |
node.securityContext | SecurityContext holds pod-level security attributes and common container settings. This defaults to non root user with uid 1000 and gid 1000. *v1.PodSecurityContext false<br> Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ | {} |
node.nodeSelector | Define which Nodes the Pods are scheduled on.<br> Ref: https://kubernetes.io/docs/user-guide/node-selection/ | {} |
node.tolerations | If specified, the pod's tolerations.<br> Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ | [] |
node.affinity | Assign custom affinity rules<br> Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ | {} |
node.podAnnotations | Additional deployment annotations | {} |
expose.type | Set the way how to expose the service. Set the type as "ClusterIP", "NodePort" or "LoadBalancer" and fill the information in the corresponding section | ClusterIP |
expose.clusterIP.annotations | Annotations on the ClusterIP service | {} |
expose.clusterIP.ports.httpPort | The service port the Node listens on when serving with HTTP/HTTPS | 9090 |
expose.clusterIP.ports.mqttPort | The service port the Node listens on when serving with MQTT | 1883 |
expose.clusterIP.ports.apiPort | The service port the Node API listens on | 9191 |
expose.nodePort.ports.httpServer.port | The service port the Node listens on when serving with HTTP/HTTPS | 9090 |
expose.nodePort.ports.httpServer.nodePort | The node port the Node listens on when serving with HTTP/HTTPS | 30002 |
expose.nodePort.ports.mqttServer.port | The service port the Node listens on when serving with MQTT | 1883 |
expose.nodePort.ports.mqttServer.nodePort | The node port the Node listens on when serving with MQTT | 30003 |
expose.nodePort.ports.apiServer.port | The service port the Node API listens on | 9191 |
expose.nodePort.ports.apiServer.nodePort | The node port the Node API listens on | 30004 |
expose.loadBalancer.IP | Set the IP if the LoadBalancer supports assigning IP | "" |
expose.loadBalancer.ports.httpPort | The service port the Node listens on when serving with HTTP/HTTPS | 9090 |
expose.loadBalancer.ports.mqttPort | The service port the Node listens on when serving with MQTT | 1883 |
expose.loadBalancer.ports.apiPort | The service port the Node API listens on | 9191 |
expose.loadBalancer.annotations | {} | |
expose.loadBalancer.sourceRanges | [] | |
expose.ingress.enabled | Ingress will only be installed when type is "ClusterIP" HTTP/HTTPS is only supported in this version | false |
expose.ingress.host | crossernode.domain.tld | |
expose.ingress.ingressClass | nginx | |
expose.ingress.annotations | {} | |
expose.ingress.auth.enabled | Enable to use Basic Authentication ! Will not work in Openshift ! | false |
expose.ingress.auth.username | Username to use for authentication | "edgenode" |
expose.ingress.auth.password | Password to use for authentication | "edgenode" |
expose.ingress.tls.enabled | false | |
expose.ingress.tls.openshiftEdgeTermination | Only set this to true if you will be installing in Openshift and want to have secured routes with edge TLS termination | false |
expose.ingress.tls.certSource | The source of the tls certificate. Set it as "auto", "secret" or "none" and fill the information in the corresponding section 1) auto: generate the tls certificate automatically 2) secret: read the tls certificate from the specified secret. The tls certificate can be generated manually or by cert manager 3) none: configure no tls certificate for the ingress. If the default tls certificate is configured in the ingress controller, choose this option | auto |
expose.ingress.tls.auto.commonName | The common name used to generate the certificate, it's necessary when the type isn't "ingress" | "" |
expose.ingress.tls.secret.secretName | The name of secret which contains keys named: "tls.crt" - the certificate "tls.key" - the private key | "" |
Search Documentation
Page Sections