Skip to content

Running the UI

Jump to bottom
Michael Edgar edited this page Jul 19, 2022 · 3 revisions

Prerequisites

On a Mac, use podman 4.1. The default VM size (2048Mi/1cpu) is known to be inadequate. 8192Mi/4cpus is known to work, smaller configurations untested.

Configuration

  1. Prior to running the UI, the kas-installer.env file must be configured to use the redhat_sso SSO_PROVIDER_TYPE and a client ID and secret must be set.

    SSO_PROVIDER_TYPE='redhat_sso'
REDHAT_SSO_HOSTNAME='sso.redhat.com'
REDHAT_SSO_CLIENT_ID='<client ID for ${REDHAT_SSO_HOSTNAME}>'
REDHAT_SSO_CLIENT_SECRET='<client secret for ${REDHAT_SSO_HOSTNAME}>'

  2. Next, it is recommended that custom certificates be generated and configured when running the UI. This allows you to trust a single CA (generated locally) that will be used to sign certificates for the UI itself as well as the Kafka Instance API (admin server). Certificates can be generated using the gen_certs.sh script in the project root.

    gen_certs.sh

    The certs/ca-cert.pem file may now be imported to your browser and the server certificate and key may be configured via kas-installer.env. In this example, KAS_INSTALLER_HOME contains the path to the project root.

    KAFKA_TLS_CERT="$(cat ${KAS_INSTALLER_HOME}/certs/server-cert.pem)"
KAFKA_TLS_KEY="$(cat ${KAS_INSTALLER_HOME}/certs/server-key.pem)"

    kas-fleet-manager must also be configured to use the external certificates and a custom domain name. The following configurations must be added to the kas-fleet-manager-service-template-params script in the project root (and the script made executable - `chmod +x fleet-manager-service-template-params)

    echo "ENABLE_KAFKA_EXTERNAL_CERTIFICATE='true'"
echo "ENABLE_KAFKA_CNAME_REGISTRATION='true'"

    When using a custom domain name, the kas-fleet-manager-secrets-template-params must contain an AWS access key and secret to kas-fleet-manager to interact with Route53.

    echo "ROUTE53_ACCESS_KEY='<Route53 access key>'"
echo "ROUTE53_SECRET_ACCESS_KEY='<Route53 secret access key>'"

  3. Add or update the entry for 127.0.0.1 in your /etc/hosts file to include the domain prod.foo.redhat.com.

Installation

  1. Install the UI containers 
    ./ui/install.sh

Once complete, the UI will be available on the local host, but must be accessed using https://prod.foo.redhat.com:1337/beta/application-services. If prompted for MAS-SSO credentials, both the user and password are the value of the RH_USERNAME you have configured in your kas-installer.env.

Clone this wiki locally