3.4. HelmChart Installation

You may want to choose an HelmChart installation if you are using the Kubernetes Container Platform to deploy your applications and you are familiar with HelmCharts.

3.4.1. Prerequisites

Please make sure that you provide the following prerequisites:

  1. a valid licence file is needed (get it at speedgain.com)

  2. a Kubernetes Container Platform accessible via kubectl and helm terminal command

  3. 4 CPU Cores, 16GB RAM and at least 100GB to store data

  4. a modern web-browser

3.4.2. Services

One service can’t be run on its own. It has to be executed in a compose with 6 other services (all available on Docker-Hub and via ITGAIN download portal: itgain.sharefile.eu ). The list of all 7 images:

  1. Speedgain TimescaleDB - as the repository to store all performance metrics

  2. Speedgain Collector - the core component to pull metrics

  3. Speedgain Service - rest api service

  4. Speedgain MCP Server - Model Context Protocol Server to connect Speedgain with AI Agents

  5. Speedgain Frontend - web-frontend

  6. Speedgain Grafana - delivering all needed dashboards

  7. NginX - as reverse proxy

3.4.3. Helm Chart Installation for both Openshift and native Helm (online and offline)

  1. Add persistent volume claims (optional - will be created if not existing)

    1. Provide a persistent volume claim called "s4dbs-postgres-pv-claim" to persist the collected performance data. The size depends on the databases to be monitored. A good value is 100 GB.

    2. Openshift Example

      apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: s4dbs-postgres-pv-claim
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 100Gi

    3. AKS Example

      apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: s4dbs-postgres-pv-claim
  annotations:
    "helm.sh/resource-policy": "keep"
spec:
  accessModes:
    - ReadWriteOnce
  storageClassName: "managed-csi"
  resources:
    requests:
      storage: 100G

  2. add and deploy the Speedgain for Databases helm chart repository via a for Openshift or b for native helm or c download chart and deploy manually. During deployment a loadbalancer will be added to open the reverse proxy to ip ranges outside of the cluster.

    1. Openshift add Helm Chart Repo yaml

      1. add Helm Chart repository

        apiVersion: helm.openshift.io/v1beta1
kind: HelmChartRepository
metadata:
  name: itgainchartsrepo
spec:
  connectionConfig:
    url: 'https://itgain.github.io/charts/'
  name: itgainchartsrepo

      2. Deploy S4DBs via Helm Chart Repository in OpenShift Developer Interface and adjust values (readme is provided during deployment)

    2. native helm

      1. native helm add repo command

        helm repo add itgainchartsrepo https://itgain.github.io/charts/

      2. update local helm repository

        helm repo update

      3. deploy via native helm command

        helm install s4dbs itgainchartsrepo/s4dbs

    3. manuall / offline deployment

      1. Download the Speedgain HelmChart file. Copy and extract the file to your file system.

      2. Review the provided [s4dbs-values-yaml-helmchart]

      3. Verify that the docker images can be accessed in your Kubernetes cluster. If you do not have direct access to Docker-Hub, download images from our download portal and transfer to the docker repository used by your Kubernetes Cluster via

        docker load --input s4dbs_<version>_linux_<amd64/arm64>_all_images.tgz

      4. Install the HelmChart via

        helm install s4dbschart .

    4. Open Web Frontend to change settings and to upload licence file

      1. get the donated ip adress of the loadbalancer

        kubectl describe service --namespace s4dbs-test1 s4dbs-reverse-service

      2. Open URL in Browser http://12.34.56.78/ (change to ip adress from one step before in field "LoadBalancer Ingress")

      3. open the menu in the upper left corner

      4. select configuration and enter admin/admin to login

      5. upload licence file in "maintenance" section

      6. click menu button again

      7. click on account settings and enter current password again (admin)

      8. enter new password for admin login (s4dbs only - grafana has a uniqe different password)

3.4.4. Customization Options

For customization options, please review the Docker Compose installation section.

3.4.5. Security Context Settings

Under certain conditions it is necessary to configure the Security Context. Such condition could be the migration from an older Speedgain release to a newer one where we upgrade the PostgreSQL and TimeScale version too. Such database upgrades can require extended filesystem privileges on top of the regular security configuration. You will find more details in the kubernetes documentation: kubernetes - pod config - security context. We currently support the following Security Context Settings in the values.yaml file.

FileSystem Group

In the values.yaml you will find in the s4dbsPostgresqlDeployment - Block the variable fs_group:

...
  s4dbsPostgresDeployment:
    image: ...
    ...
    fs_group: -1
...

The default value is -1 what means, there is no Security Context configured. If you put in an integer value greather than -1, the Security Context will be applied to the PostgreSQL deployment and the value is used for Filesystem Group settings. This means the user executing the database process will put in the operating system group with the ID set by fs_group.

Example

Setting fs_group: 999 will produce the following:

      securityContext:
        fsGroup: 999

This will put the main user inside of the container into group 999 for filesystem actions.

3.4.6. Setup SSL encryption

Above Speedgain version 2.1.0 the HelmChart introduces a configuration templete for easy and fast SSL / HTTPS enablement. Configuration is only done via Helms value.yaml file. Everything else is controlled by Helms template engine.

Theses configurations have to be made before you start the installation with helm! Before you start make sure you have a .crt and a .key SSL certificate file!

In the values.yaml file you will find the section for configuring the s4dbs_reverse pod:

s4dbsReverseDeployment:
  ...
  protocol: HTTP
  publicPort: 80
  ...
  sslCertManual: false # set to true if you want to configure SSL certificates manually ...
  sslCertKey: | # insert key certificate in the line below ...

  sslCertFullchain: | # insert fullchain certificate(s) in the line below ...

#### end-of-section ####

You have to edit only the 4 respectively 3 variables shown above:

If you want to insert the SSL certificate and key inside of the value.yaml:

  • set protocol to the value HTTPS

  • set publicPort to 443 - what is the default port for HTTPS

  • in the blank line below the variable sslCertKey copy the content of your .key SSL certificate file

  • in the blank line below the variable sslCertFullchain copy the content of your .crt SSL certificate file

If you want to load SSL certificate and key from a file manually into your Kubernetes:

  • set protocol to the value HTTPS

  • set publicPort to 443 - what is the default port for HTTPS

  • set sslCertManual to true - you specify that you will create a TLS Secret manually

Note

  • For sslCertKey and sslCertFullchain make sure that you maintain a proper indent of the complete content.

  • If you set sslCertManual to true you can omit the content of sslCertKey and sslCertFullchain.

Example:

s4dbsReverseDeployment:
  ...
  protocol: HTTPS
  publicPort: 443
  ...
  sslCertManual: false # set to true if you want to configure SSL certificates manually ...
  sslCertKey: | # insert key certificate in the line below
    -----BEGIN PRIVATE KEY-----
    #### key certificate content ####
    -----END PRIVATE KEY-----
  sslCertFullchain: | # insert fullchain certificate(s) in the line below
    -----BEGIN CERTIFICATE-----
    #### key certificate content ####
    -----END CERTIFICATE-----
    -----BEGIN CERTIFICATE-----
    #### key certificate content ####
    -----END CERTIFICATE-----

Or

s4dbsReverseDeployment:
  ...
  protocol: HTTPS
  publicPort: 443
  ...
  sslCertManual: true # set to true if you want to configure SSL certificates manually ...
  sslCertKey: | # insert key certificate in the line below

  sslCertFullchain: | # insert fullchain certificate(s) in the line below

You can test your changes by execute a HelmChart install dry-run:

helm install --dry-run s4dbschart . | less

Check the generated s4dbs-secrets.yaml output if your added SSL certificate files are correctly shown with an uniform indent. The TLS-Secret is of course only included if you didn’t switch sslCertManual to true. Next you should check the generated s4dbs-reverse.yaml near the end of the dry-run output. It should state in the probes sections "httpGet" with "scheme: HTTPS" .

Now install the HelmChart for example:

helm install s4dbschart .

or reinstall it via the commands

helm uninstall s4dbschart
helm install s4dbschart .

3.4.7. Speedgain values configuration file values.yaml

# Default values for s4dbs.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.

# frontendConfigMode should not be changed unless you are advised to by support team
frontendConfigMode: false

### START * not needed if frontendConfigMode set to false ###
# serverHostname is the public available dns / server name - e.g. route in an openshift
serverHostname: localhost ##enter dns name of route here (will be created later) ##

# servicePort is the public service /rest-api port for the frontend to redirect correctly - change to 8080 (port of reverse proxy) if not using a route or ingress up front s4dbs
servicePort: 80

# serverProtokol depends on your configmap for reverse proxy / nginx
serverProtokol: http

# grafanaPort is the public grafana port for the frontend to redirect correctly - change to 8080/grafana (port of reverse proxy) if not using a route or ingress up front s4dbs
grafanaPort: 80/grafana

### END * not needed if frontendConfigMode set to false ###

# pdb is the overall repository (aka pdb) configuration
pdb:
  pdbDbName: speedgain
  pdbHost: s4dbs-postgres-service
  pdbPort: 5432
  pdbUser: postgres

# s4dbsCollectorDeployment defines collector image and varas
s4dbsCollectorDeployment:
  image: docker.io/itgainis/s4dbs_collector:2.2.0
  replicas: 1
  spgLogLevel: INFO
  requests_memory: "2Gi"
  requests_cpu: "0.5"
  limits_memory: "8Gi"
  limits_cpu: "4"

# s4dbsPostgresDeployment defines timescale image and varas
s4dbsPostgresDeployment:
  image: docker.io/itgainis/s4dbs_timescaledb:2.2.0
  persistentVolumeClaimName: s4dbs-postgres-pv-claim
  persistentVolumeClaimSize: 100G
  storageClassName: something            # change to map you storage provider, like managed-csi on AZURE or thin on OpenShift
  postgres_initdb_args: ""               # set for example to "--wal-segsize=XYZ" if you changed WAL segment size in your S4DBs V1.8.2 PDB - important for migration to V2.0.0
  postgres_options: max_connections=200  # override with your custom configuration parameters
  requests_memory: "1Gi"
  requests_cpu: "1"
  limits_memory: "16Gi"
  limits_cpu: "8"
  fs_group: -1                # defines the fsGroup within the SecurityContext config of the s4dbs_postgres pod. Set it to -1 to disable securityContext settings. Set it to a positive value to set the fsGroup ID.

# s4dbsServiceDeployment defines service image and varas
s4dbsServiceDeployment:
  image: docker.io/itgainis/s4dbs_service:2.2.0
  port: 8080
  requests_memory: "256Mi"
  requests_cpu: "0.5"
  limits_memory: "4Gi"
  limits_cpu: "2"

# s4dbsServiceDeployment defines service image and varas
s4dbsMcpDeployment:
  image: docker.io/itgainis/s4dbs_mcp:2.2.0
  port: 8000
  s4dbsUrl: http://s4dbs-service-service:8080/Speedgain_for_Databases_Service/speedgain
  s4dbsUser: "admin"
  requests_memory: "256Mi"
  requests_cpu: "0.5"
  limits_memory: "4Gi"
  limits_cpu: "2"

# s4dbsGrafanaDeployment defines grafana image and varas
s4dbsGrafanaDeployment:
  image: docker.io/itgainis/s4dbs_grafana:2.2.0
  port: 3000
  anonymousLogin: false
  requests_memory: "256Mi"
  requests_cpu: "0.5"
  limits_memory: "2Gi"
  limits_cpu: "2"

# s4dbsFrontendDeployment defines frontend image and varas
s4dbsFrontendDeployment:
  image: docker.io/itgainis/s4dbs_frontend:2.2.0
  port: 8080
  requests_memory: "128Mi"
  requests_cpu: "0.5"
  limits_memory: "2Gi"
  limits_cpu: "1"

# s4dbsReverseDeployment defines reverse proxy image and varas
s4dbsReverseDeployment:
  enabled: true #set to false if you want to use own reverse proxy / ingress nginx
  external_traffic_service_type: LoadBalancer # set to Load Balancer, ClusterIP or NodePort to specify remote access type
  image: docker.io/nginx:1.29.7-alpine
  port: 8080
  protocol: HTTP #Controls if HTTP or SSL/HTTPS communication is to use. Basically: set this to HTTPS if publicPort is 443. Using SSL/HTTPS without setting protocol to HTTPS will cause probes to fail!
  publicPort: 80 #Recommendation is port 80 for HTTP or 443 for HTTPS communication.
  requests_memory: "256Mi"
  requests_cpu: "0.5"
  limits_memory: "2Gi"
  limits_cpu: "1"
  sslCertManual: false # set to true if you want to configure SSL certificates manually instead inserting them below. See https://speedgain.info/_kubernetes_installation.html#_setup_ssl_encryption for the commandline instruction.
  sslCertKey: | # insert key certificate in the line below - Necessary for SSL/HTTPS communication!

  sslCertFullchain: | # insert fullchain certificate(s) in the line below - Necessary for SSL/HTTPS communication!

3.4.8. Speedgain HelmChart file

Download-link https://speedgain.info/Speedgain_for_Databases_Helmchart_V2.2.0.tar.gz

← Previous: Kubernetes Installation | ↑ Up: Installation | ⌂ Home: Speedgain for Databases | Next: OpenShift Installation →