Last updated
Last updated
In this guide, you’ll install the Cryptlex Enterprise Kubernetes application using . You’ll then create an Ingress Resource to route traffic from your domains to the Cryptlex Enterprise back-end services. Once you’ve set up the Ingress, you’ll install to your cluster to be able to automatically provision Let’s Encrypt TLS certificates to secure your Ingresses.
is a package manager for managing Kubernetes. Using Helm Charts with your Kubernetes provides configurability and lifecycle management to update, rollback, and delete a Kubernetes application.
A Kubernetes 1.16+ cluster with your connection configuration configured as the kubectl
default.
The Helm 3 package manager installed on your local machine.
A fully registered domain name with three available A records. This tutorial will use license-api.mycompany.com
, license-portal.mycompany.com
and releases.mycompany.com
throughout.
You will first need to install the Kubernetes-maintained using Helm.
This Service is of type LoadBalancer, and because you are deploying it to a Kubernetes cluster, the cluster will automatically create a Load Balancer, through which all external traffic will flow to the appropriate backend services.
The Nginx Ingress Helm chart uses an ingress.yaml
file for setting the configuration. You need to download this file to your local machine.
To install the Nginx Ingress Controller to your cluster, run the following commands:
You can watch the Load Balancer become available by running:
You’ve installed the Nginx Ingress maintained by the Kubernetes community. It will route HTTP and HTTPS traffic from the Load Balancer to appropriate back-end Services, configured in Ingress Resources.
You will need to create three A/CNAME records for the external IP address of the Nginx Ingress installed in the previous step. For this tutorial we will choose the following three sub-domains:
license-api.mycompany.com
for the Web API Server
license-portal.mycompany.com
for the Web Dashboard
releases.mycompany.com
for the Release Server
In order to get the external IP address you can execute the following command:
Now to create the records:
Create A/CNAME records for the above custom domains.
Point all of them to the same IP address.
To install the Cert-Manager to your cluster, run the following commands:
In this section, you will deploy the Cryptlex Enterprise Kubernetes application in your Kubernetes cluster.
Postgres database is required for storing all Cryptlex data. The Cryptlex Enterprise Kubernetes app will automatically spin up a Postgres database instance and will use the persistent volume claim for requesting the storage disk. This option may be good for staging/testing environments, but for the production environment, we recommend using a third-party Postgres database service.
The Cryptlex Enterprise Helm chart uses a values.yaml
file for setting the configuration. You need to download this file to your local machine and update this file for each environment.
Download two copies of this file and rename them to production.yaml
and staging.yaml
(or testing.yaml
, development.yaml
etc.).
You need to update this file for each environment.
After you have updated the values.yaml
(in this case production.yaml
and staging.yaml
) file for each environment, execute the following commands to install the Cryptlex Enterprise Helm chart for each environment:
Next, you need to open the dashboard in the browser, and create your Cryptlex account, which can be done at the following URL:
https://license-portal.mycompany.com/auth/signup
Please note that you can only create one Cryptlex account.
It's important that you regularly upgrade the apps installed in your Kubernetes cluster to ensure you get new security updates and bug fixes.
In order to upgrade the apps just execute the following commands:
For upgrading Cert-Manager please refer to there upgrading guide:
Go to your DNS provider’s website (e.g. or ).
To secure your Ingress Resources, you need to install the . Once installed and configured, your app will be running behind HTTPS.
The file store (AWS S3 compatible) is required for storing releases. In case you don't want to use the Cryptlex API, this service is not required.
The Cryptlex Enterprise Kubernetes app will automatically spin up a instance and will use the persistent volume claim for requesting the storage disk. This option may be good for staging/testing environments, but for the production environment, we recommend using a third-party AWS S3 compatible file store service.
Easily install Cryptlex on any cloud hosting provider using Kubernetes.