Installation

Concepts overview

In Kubernetes, applications are deployed onto Pods, which represents a running version of a containerized application. Pods are grouped by Deployments, which represent a set of Pods running the same application. For instance, should you need to run Stream in high availability mode, your deployment will contain 3 pods or more. Applications running in Pods are made accessible by a Service, which grants a set of Pods an IP address (which can either be internal to the cluster or accessible on the public Internet through a Load Balancer).

The recommended way of installing on Stream is through the Stream’s Helm Chart. Helm is a package manager for Kubernetes that will generate Kubernetes resources necessary to deploy Stream onto your cluster. The official Helm Chart will generate a deployment of one or more Pods running Stream on your cluster.

Setting up Helm repository

Now that the application secrets are configured, add the EverTrust Helm repository to your machine:

$ helm repo add evertrust https://repo.evertrust.io/repository/charts

Verify that you have access to the Chart :

$ helm search repo evertrust/stream
NAME                       	CHART VERSION	APP VERSION	DESCRIPTION
evertrust/stream          	0.1.3        	1.1.1      	EverTrust Stream Helm chart

Configuring the namespace

For isolation purposes, we strongly recommend that you create a dedicated namespace for Stream:

$ kubectl create namespace stream

The namespace should be empty. In order to run Stream, you’ll need to create two secrets in that namespace:

  • A data secret containing your Stream license file and keyset.

  • An image pull secret, allowing Kubernetes to authenticate to the EverTrust’s container repository

Creating the application secrets

You should have both a license file (most probably named stream.lic) and a keyset for your Stream installation.

To generate a keyset, download our keyset utility onto a secure environment that has access to your cluster. Extract the archive and run the binary that matches your architecture. For instance :

$ ./tinkey-darwin-arm64 generate-keyset --out=keyset.json

Then, create a Kubernetes secret containing both files into the Stream namespace :

$ kubectl create secret generic stream-data \
 --from-file=license="<path to your license file>" \
 --from-file=keyset="<path to your keyset file>" \
 --namespace stream

Creating the image pull secret

Next, you should configure Kubernetes to authenticate to the EverTrust repository using your credentials. They are necessary to pull the Stream docker image, you should have received them upon purchase. Get your username and password and create the secret:

$ kubectl create secret docker-registry evertrust-registry \
 --docker-server=registry.evertrust.io \
 --docker-username="<your username>" \
 --docker-password="<your password>" \
 --namespace stream

Configuring the chart

You’ll next need to override the defaults values.yaml file of the Helm Chart to reference the secrets that we’ve created. We’ll provide a minimal configuration for demonstration purposes, but please do follow our production setup guide before deploying for production.

Create a override-values.yaml file somewhere and paste this into the file:

image:
  pullSecrets:
    - evertrust-registry

license:
  secretName: stream-data
  secretKey: license

keyset:
  secretName: stream-data
  secretKey: keyset

To finish Stream’s installation, simply run the following command:

$ helm install stream evertrust/stream -f override-values.yaml -n stream

Please allow a few minutes for the Stream instance to boot up. You are now ready to go on with the First login. This instance will allow you to test out if Stream is working correctly on your cluster. However, this installation is not production-ready. Follow our Production checklist to make sure your instance is fit to run in your production environemnt.