Skip to content

Install on Kubernetes

Talisman

Requirements

  1. Kubernetes v1.29+
  2. Git repository
  3. Image registry
  4. OIDC / Keycloak installed
  5. Command line tool (kubectl)

Installation resources

  1. Talisman Platform installation resources uses Kustomize configuration management

  2. Clone Talisman Platform installation resources:

    git clone git@github.com:talismanplatform/kubernetes.git
    

  3. Folders structure:

├── base # (1)!
│   ├── deployment-talisman.yaml
│   ├── deployment-reposilite.yaml
│   ├── role-binding.yaml
│   ├── role.yaml
│   ├── secret.yaml
│   ├── service-account.yaml
│   ├── service-talisman.yaml
│   ├── service-reposilite.yaml
│   └── service.yaml
└── overlays # (2)!
    ├── dev
    │   ├── .env
    │   └── kustomization.yaml
    └── test
    │   ├── .env
    │   └── kustomization.yaml
    └── prod
        ├── .env
        └── kustomization.yaml
  1. The base folder contains the foundational Kubernetes manifests that define the core configuration for Talisman Platform

  2. The overlay folder contains environment-specific configurations that modify or extend the base configuration to suit different deployment environments such as development, staging, or production.

  3. Installation resources contains specific kustomize overlays for dev, test and prod environments.

    /overlays/dev
    /overlays/test
    /overlays/prod
    

Installation process

graph LR
ENV[Select environment]
ENV --> VAR
subgraph VAR[.env]
    direction TB
    Registry[Configure Image registry]  ~~~ Git[Configure git]
    Git  ~~~ Keycloak[Configure Keycloak]
end
VAR --> N[Create namespace]
N --> K
subgraph K[kustomize.yaml]
    direction TB
    N1[Set namespace] ~~~ V[Set versions]
end
K --> A[Apply]
  1. Select environment for installation, ex.: dev

  2. For selected environment set secret values in /overlays/dev/.env file, ex.:

    karavan.git.repository=http://gitea:3000/talisman/talisman.git
    karavan.git.username=talisman
    karavan.git.password=talisman
    karavan.git.branch=main
    
    karavan.container-image.registry=https://registry.hostname
    karavan.container-image.group=talisman
    karavan.container-image.registry-username=
    karavan.container-image.registry-password=
    
    karavan.keycloak.url=https://keycloak.hostname
    karavan.keycloak.realm=talisman
    karavan.keycloak.frontend.clientId=talisman
    karavan.keycloak.backend.clientId=talisman
    karavan.keycloak.backend.secret=secret
    
  3. Create namespace for installation, ex: talisman-dev

    kubectl create namespace talisman-dev 
    

  4. Set namespace and Talisman Platform version in /overlays/dev/kustomize.yaml

    apiVersion: kustomize.config.k8s.io/v1beta1
    kind: Kustomization
    namespace: talisman-dev
    
    resources:
    - ../../base
    
    labels:
    - includeSelectors: true
    pairs:
        app.kubernetes.io/version: 4.5.0
    
    patches:
    - patch: |-
        - op: replace
        path: /spec/template/spec/containers/0/image
        value: talismancloud/talisman:4.5.0
    target:
        kind: Deployment
        name: talisman
    - patch: |-
        - op: replace
        path: /spec/template/spec/containers/0/env/0/value
        value: talismancloud/talisman-devmode:4.5.0
    target:
        kind: Deployment
        name: talisman
    - patch: |-
        - op: replace
        path: /spec/template/spec/containers/0/image
        value: talismancloud/talisman-reposilite:4.5.0
    target:
        kind: Deployment
        name: reposilite
    
    secretGenerator:
    - behavior: replace
    envs:
    - .env
    name: talisman
    options:
        disableNameSuffixHash: true
    

  5. Deploy Talisman Platform in selected namespace, ex.:

    kubectl apply -k overlays/dev
    

  6. Expose talisman service by applying Kubernetes provider specifix ingress/route configuration.

Keycloak configuration

Talisman uses OIDC for authentication and authorization. Keycloak is an open source Identity Management platform that supports OIDC. Follow the Authorization documentation to configure Keycloak for Talisman Platform.

Additional information

  1. To generate resources without applying to kubernetes, use:
    kustomize build overlays/dev > dev.yaml