Install on Kubernetes

Requirements

Kubernetes v1.29+
Git repository
Image registry
OIDC / Keycloak installed
Command line tool (kubectl)

Installation resources

Talisman Platform installation resources uses Kustomize configuration management

Clone Talisman Platform installation resources:

git clone git@github.com:talismanplatform/kubernetes.git

Folders structure:

├── base # (1)!
│   ├── deployment-talisman.yaml
│   ├── deployment-reposilite.yaml
│   ├── role-binding.yaml
│   ├── role.yaml
│   ├── secret.yaml
│   ├── service-account.yaml
│   ├── service-talisman.yaml
│   ├── service-reposilite.yaml
│   └── service.yaml
└── overlays # (2)!
    ├── dev
    │   ├── .env
    │   └── kustomization.yaml
    └── test
    │   ├── .env
    │   └── kustomization.yaml
    └── prod
        ├── .env
        └── kustomization.yaml

The base folder contains the foundational Kubernetes manifests that define the core configuration for Talisman Platform
The overlay folder contains environment-specific configurations that modify or extend the base configuration to suit different deployment environments such as development, staging, or production.
Installation resources contains specific kustomize overlays for dev, test and prod environments.
```
/overlays/dev
/overlays/test
/overlays/prod
```

Installation process

graph LR
ENV[Select environment]
ENV --> VAR
subgraph VAR[.env]
    direction TB
    Registry[Configure Image registry]  ~~~ Git[Configure git]
    Git  ~~~ Keycloak[Configure Keycloak]
end
VAR --> N[Create namespace]
N --> K
subgraph K[kustomize.yaml]
    direction TB
    N1[Set namespace] ~~~ V[Set versions]
end
K --> A[Apply]

Select environment for installation, ex.: dev

For selected environment set secret values in /overlays/dev/.env file, ex.:

karavan.git.repository=http://gitea:3000/talisman/talisman.git
karavan.git.username=talisman
karavan.git.password=talisman
karavan.git.branch=main

karavan.container-image.registry=https://registry.hostname
karavan.container-image.group=talisman
karavan.container-image.registry-username=
karavan.container-image.registry-password=

karavan.keycloak.url=https://keycloak.hostname
karavan.keycloak.realm=talisman
karavan.keycloak.frontend.clientId=talisman
karavan.keycloak.backend.clientId=talisman
karavan.keycloak.backend.secret=secret

Create namespace for installation, ex: talisman-dev
```
kubectl create namespace talisman-dev 
```

Set namespace and Talisman Platform version in /overlays/dev/kustomize.yaml

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: talisman-dev

resources:
- ../../base

labels:
- includeSelectors: true
pairs:
    app.kubernetes.io/version: 4.5.0

patches:
- patch: |-
    - op: replace
    path: /spec/template/spec/containers/0/image
    value: talismancloud/talisman:4.5.0
target:
    kind: Deployment
    name: talisman
- patch: |-
    - op: replace
    path: /spec/template/spec/containers/0/env/0/value
    value: talismancloud/talisman-devmode:4.5.0
target:
    kind: Deployment
    name: talisman
- patch: |-
    - op: replace
    path: /spec/template/spec/containers/0/image
    value: talismancloud/talisman-reposilite:4.5.0
target:
    kind: Deployment
    name: reposilite

secretGenerator:
- behavior: replace
envs:
- .env
name: talisman
options:
    disableNameSuffixHash: true

Deploy Talisman Platform in selected namespace, ex.:
```
kubectl apply -k overlays/dev
```
Expose talisman service by applying Kubernetes provider specifix ingress/route configuration.

Keycloak configuration

Talisman uses OIDC for authentication and authorization. Keycloak is an open source Identity Management platform that supports OIDC. Follow the Authorization documentation to configure Keycloak for Talisman Platform.

Additional information

To generate resources without applying to kubernetes, use:
```
kustomize build overlays/dev > dev.yaml
```