Currents depends on several third-party services that are not bundled with the Helm chart. You are responsible for allocating resources, installing, and maintaining these services. During the installation process, you’ll need to provide credentials so Currents can configure these services as needed.
We provide a quick reference of how to create those services for your convenience. The documented configuration for the connected stateful services (mongo, clickhouse) are not definitive, and may not be adequate for all production setups.
This will setup a 2-node Mongo Cluster, with each being 10Gb available for storage size.
helm install community-operator community-operator --repo https://mongodb.github.io/helm-charts
kubectl create secret generic mongo-admin-password --from-literal=password=$(head -c 512 /dev/urandom | LC_ALL=C tr -cd 'a-zA-Z0-9' | head -c 32)
kubectl create secret generic mongo-currents-password --from-literal=password=$(head -c 512 /dev/urandom | LC_ALL=C tr -cd 'a-zA-Z0-9' | head -c 32)
Create the MongoDB Databases Resources file to apply
mongodb-community-resources.yaml
apiVersion: mongodbcommunity.mongodb.com/v1
kind: MongoDBCommunity
metadata:
name: mongodb
spec:
members: 2
type: ReplicaSet
version: "7.0.17"
security:
authentication:
modes: ["SCRAM"]
users:
- name: cluster-admin
db: admin
passwordSecretRef: # a reference to the secret that will be used to generate the user's password
name: mongo-admin-password
roles:
- name: clusterAdmin
db: admin
- name: userAdminAnyDatabase
db: admin
- name: dbAdminAnyDatabase
db: admin
scramCredentialsSecretName: admin-scram
- name: currents-user
db: currents
passwordSecretRef: # a reference to the secret that will be used to generate the user's password
name: mongo-currents-password
roles:
- name: dbOwner
db: currents
scramCredentialsSecretName: currents-scram
additionalMongodConfig:
storage.wiredTiger.engineConfig.journalCompressor: zlib
Apply the MongoDBCommunity Resource to create the Database
kubectl apply -f mongodb-community-resources.yaml
For ClickHouse there are several production support options:
For this guide we are going to install the open-source Altinity Kubernetes Operator for ClickHouse
Advanced configuration available at: (docs: https://github.com/Altinity/helm-charts/blob/main/charts/clickhouse/README.md )
This will setup a 1-node 1-shard ClickHouse Replicated Server (10Gb Storage)
kubectl create secret generic clickhouse-default-pass --from-literal=password=$(head -c 512 /dev/urandom | LC_ALL=C tr -cd 'a-zA-Z0-9' | head -c 32)
kubectl create secret generic clickhouse-currents-pass --from-literal=password=$(head -c 512 /dev/urandom | LC_ALL=C tr -cd 'a-zA-Z0-9' | head -c 32)
helm install clickhouse-operator altinity-clickhouse-operator --repo https://docs.altinity.com/clickhouse-operator
helm install clickhouse clickhouse --repo https://helm.altinity.com \
--set=clickhouse.defaultUser.password_secret_name=clickhouse-default-pass \
--set-json='clickhouse.users=[{"name":"currents","password_secret_name":"clickhouse-currents-pass"}]' \
--set operator.enabled=false
Follow this step if you plan to use provider (S3, Cloudflare) object storage (recommended).
Ensure you have created an Object Storage bucket for Currents in your provider.
If using S3, you can choose to setup IAM permissions for the Currents service account. If so, you can skip the rest of these steps, and setup the IAM access after installing the Helm chart.
AWS_ACCESS_KEY_ID=<replace-with-access-key-id>
AWS_SECRET_ACCESS_KEY=<replace-with-secret-access-key>
kubectl create secret generic currents-storage-user --from-literal=apiId=$AWS_ACCESS_KEY_ID --from-literal=keySecret=$AWS_SECRET_ACCESS_KEY
currents-storage-user and your Object Storage bucket later in these instructions.Install RustFS if you don’t have access to an Object Storage provider (S3, Cloudflare). You will need an additional subdomain for RustFS.
Creates a single Pod instance of RustFS with 10Gi of storage.
kubectl create secret generic currents-rustfs-user \
--from-literal=RUSTFS_ACCESS_KEY=$(head -c 512 /dev/urandom | LC_ALL=C tr -cd 'a-zA-Z0-9' | head -c 32) \
--from-literal=RUSTFS_SECRET_KEY=$(head -c 512 /dev/urandom | LC_ALL=C tr -cd 'a-zA-Z0-9' | head -c 32)
Create a RustFS values file
rustfs-helm-config.yaml
# Standalone mode for dev/test - single pod
mode:
standalone:
enabled: true
distributed:
enabled: false
# Use the secret we created for credentials
secret:
existingSecret: "currents-rustfs-user"
# Service configuration
service:
type: ClusterIP
endpoint:
port: 9000
console:
port: 9001
# Disable gateway API / TraefikService CRD creation
gatewayApi:
gatewayClass: ""
# Disable built-in ingress (we create our own for full control)
ingress:
enabled: false
# Storage configuration
storageclass:
name: "" # Uses default storage class
dataStorageSize: "10Gi"
logStorageSize: "256Mi"
# Resource limits
resources:
limits:
cpu: "500m"
memory: "512Mi"
requests:
cpu: "100m"
memory: "128Mi"
helm install rustfs rustfs --repo https://charts.rustfs.com -f rustfs-helm-config.yaml
Create an Ingress Resource to expose the RustFS S3 API
Be sure to customize the following:
alb.ingress.kubernetes.io/certificate-arnspec.ingressClassNamespec.rules[0].hostrustfs-eks-ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-rustfs
annotations:
# Set to 'internet-facing' to expose to the public
alb.ingress.kubernetes.io/scheme: internal
alb.ingress.kubernetes.io/group.name: currents
# Set the ARN to a resource managed by AWS Certificate Manager
alb.ingress.kubernetes.io/certificate-arn: "arn:aws:acm:"
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/backend-protocol: HTTP
alb.ingress.kubernetes.io/healthcheck-protocol: HTTP
alb.ingress.kubernetes.io/healthcheck-path: /health
alb.ingress.kubernetes.io/success-codes: '200'
spec:
ingressClassName: alb-currents
rules:
# Set the storage DNS name
- host: storage.eks.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: rustfs
port:
number: 9000
kubectl apply -f rustfs-eks-ingress.yaml
Create the currents bucket by applying a Job that uses mc (MinIO client)
rustfs-create-bucket-job.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: rustfs-create-bucket
spec:
ttlSecondsAfterFinished: 300
template:
spec:
restartPolicy: Never
containers:
- name: mc
image: minio/mc:latest
env:
- name: RUSTFS_ACCESS_KEY
valueFrom:
secretKeyRef:
name: currents-rustfs-user
key: RUSTFS_ACCESS_KEY
- name: RUSTFS_SECRET_KEY
valueFrom:
secretKeyRef:
name: currents-rustfs-user
key: RUSTFS_SECRET_KEY
command:
- /bin/sh
- -c
- |
mc alias set rustfs http://rustfs-svc:9000 $RUSTFS_ACCESS_KEY $RUSTFS_SECRET_KEY
mc mb --ignore-existing rustfs/currents
kubectl apply -f rustfs-create-bucket-job.yaml
kubectl wait --for=condition=complete job/rustfs-create-bucket --timeout=60s
For sending outgoing emails like Automated reports.
SMTP_USERNAME=<replace-with-smtp-username>
SMTP_PASSWORD=<replace-with-smtp-password>
kubectl create secret generic currents-email-smtp --from-literal=username=$SMTP_USERNAME --from-literal=password=$SMTP_PASSWORD
currents-email-smtp and your SMTP host later in these instructions.openssl genrsa -out gitlab-key.pem 2048
kubectl create secret generic currents-gitlab-key --from-file=gitlab-key.pem
currents-gitlab-key later in these instructions.