Manual Installation

Manual Installation

Requirements

Before deploying this service into a Kubernetes cluster you will first need

  • A Kubernetes cluster
  • A Cassandra cluster
  • A Kafka cluster
  • A Zookeeper cluster (requirement of Kafka)
  • A registry key provided by GrafanaLabs to access the docker repository us.gcr.io/metrictank-gcr/hosted-metrics-api

It is expected that your Kubernetes cluster has an IngressController configured so that Ingress resources created will be exposed correctly.

GCR Secret

To get access to the the HM-API docker image a GCR Key is required. If you don’t have that key yet, please contact us to get one.

  • Add the registry key to kubernetes place the registry key in grafanalabs-keyfile.json. Then run
kubectl -n metrictank create secret docker-registry metrictank-gcr --docker-server=https://us.gcr.io --docker-username=_json_key --docker-password="$(cat grafanalabs-keyfile.json)" --docker-email=<email address>

SSL Certificate

Add the default SSL certificate. It is recommended to use a wildcard cert so that 1 certificate can be used for all deployments in the cluster

Assuming that you have a key.pem and cert.pem you can run the following script to create the certificate in Kubernetes

#!/bin/bash

NAMESPACE=${NAMESPACE:-metrictank}
CERT_NAME=${CERTNAME:-hosted-metrics-cert}

## add SSL cert
echo "
apiVersion: v1
kind: Secret
metadata:
  name: $CERTNAME
  namespace: $NAMESPACE
data:
  tls.crt: `base64 -w 0 ./crt.pem`
  tls.key: `base64 -w 0 ./key.pem`
" | kubectl create -f -

Deploy HM-API

Deploy the hosted-metrics-api Kubernetes resources

DC=DC1
DOMAIN=tsdb.yourcompany.com
USER=apiuser
PASS=apipass
sed -e "s/{DOMAIN}/$DOMAIN/g" -e "s/{USER}/$USER/g" -e "s/{PASS}/$PASS/g" -e "s/{DC}/$DC/g" k8s.yaml.tmp | kubectl -n metrictank create -f -

This will deploy the service and expose it at the address “api.tsdb.yourcompany.com” protected with BasicAuth using the username apiuser with the password apipass

Running HM-API outside of Kubernetes

When running HM-API outside a Kubernetes cluster it can be authenticated against the API of the Kubernetes cluster where it should deploy its instances by using the -kubeconfig parameter. This still requires the SSL Certificate to present on the cluster, but the GCR secret is not necessary. For example:

hosted-metrics-api -kubeconfig=~/.kube/config ...