Skip to content

Install Janssen on GKE#

System Requirements#

The resources may be set minimally to the below:

  • 8-12 GB RAM based on the services deployed
  • 8-10 CPU cores based on the services deployed
  • 50GB hard-disk

Use the listing below for a detailed estimation of minimum required resources. The table contains the default resources recommendation per service. Depending on the use of each service the resources need may be increased or decreased.

Service CPU Unit RAM Disk Space Processor Type Required
Auth server 2.5 2.5GB N/A 64 Bit Yes
fido2 0.5 0.5GB N/A 64 Bit No
scim 1 1GB N/A 64 Bit No
config - job 0.3 0.3GB N/A 64 Bit Yes on fresh installs
persistence - job 0.3 0.3GB N/A 64 Bit Yes on fresh installs
nginx 1 1GB N/A 64 Bit Yes ALB/Istio not used
auth-key-rotation 0.3 0.3GB N/A 64 Bit No [Strongly recommended]
config-api 1 1GB N/A 64 Bit No
casa 0.5 0.5GB N/A 64 Bit No
link 0.5 1GB N/A 64 Bit No
saml 0.5 1GB N/A 64 Bit No

Releases of images are in style 1.0.0-beta.0, 1.0.0-0

Initial Setup#

  1. Enable GKE API if not enabled yet.

  2. If you are using Cloud Shell, you can skip to step 6.

  3. Install gcloud.

  4. Install kubectl using gcloud components install kubectl command.

  5. Install Helm3.

  6. Create cluster using a command such as the following example:

    gcloud container clusters create janssen-cluster --num-nodes 2 --machine-type e2-standard-4 --zone us-west1-a
    
    You can adjust num-nodes and machine-type as per your desired cluster size

  7. Create jans namespace where our resources will reside

    kubectl create namespace jans
    

Jans Installation using Helm#

  1. Install Nginx-Ingress, if you are not using Istio ingress

    helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
    helm repo add stable https://charts.helm.sh/stable
    helm repo update
    helm install nginx ingress-nginx/ingress-nginx
    
  2. Create a file named override.yaml and add changes as per your desired configuration:

    • FQDN/domain is not registered:

      Get the Loadbalancer IP:

      kubectl get svc nginx-ingress-nginx-controller --output jsonpath='{.status.loadBalancer.ingress[0].ip}'
      

      Add the following yaml snippet to your override.yaml file:

      global:
          lbIp: #Add the Loadbalance IP from the previous command
          isFqdnRegistered: false
      
    • FQDN/domain is registered:

      Add the following yaml snippet to your override.yaml file:

      global:
          lbIp: #Add the LoadBalancer IP from the previous command
          isFqdnRegistered: true
          fqdn: demoexample.jans.io #CHANGE-THIS to the FQDN used for Jans
      nginx-ingress:
        ingress:
            path: /
            hosts:
            - demoexample.jans.io #CHANGE-THIS to the FQDN used for Jans
            tls:
            - secretName: tls-certificate
              hosts:
              - demoexample.jans.io #CHANGE-THIS to the FQDN used for Jans
      
    • PostgreSQL for persistence storage

      In a production environment, a production grade PostgreSQL server should be used such as Cloud SQL

      For testing purposes, you can deploy it on the GKE cluster using the following command:

      helm install my-release --set auth.postgresPassword=Test1234#,auth.database=jans -n jans oci://registry-1.docker.io/bitnamicharts/postgresql
      

      Add the following yaml snippet to your override.yaml file:

      global:
        cnPersistenceType: sql
      config:
        configmap:
          cnSqlDbName: jans
          cnSqlDbPort: 5432
          cnSqlDbDialect: pgsql
          cnSqlDbHost: my-release-postgresql.jans.svc
          cnSqlDbUser: postgres
          cnSqlDbTimezone: UTC
          cnSqldbUserPassword: Test1234#
      
    • MySQL for persistence storage

      In a production environment, a production grade MySQL server should be used such as Cloud SQL

      For testing purposes, you can deploy it on the GKE cluster using the following command:

      helm install my-release --set auth.rootPassword=Test1234#,auth.database=jans -n jans oci://registry-1.docker.io/bitnamicharts/mysql
      

      Add the following yaml snippet to your override.yaml file:

      global:
        cnPersistenceType: sql
      config:
        configmap:
          cnSqlDbName: jans
          cnSqlDbPort: 3306
          cnSqlDbDialect: mysql
          cnSqlDbHost: my-release-mysql.jans.svc
          cnSqlDbUser: root
          cnSqlDbTimezone: UTC
          cnSqldbUserPassword: Test1234#
      

      So if your desired configuration has FQDN and MySQL, the final override.yaml file will look something like that:

      global:
        cnPersistenceType: sql
        lbIp: "" #Add the LoadBalancer IP from previous command
        isFqdnRegistered: true
        fqdn: demoexample.jans.io #CHANGE-THIS to the FQDN used for Jans
      nginx-ingress:
        ingress:
            path: /
            hosts:
            - demoexample.jans.io #CHANGE-THIS to the FQDN used for Jans
            tls:
            - secretName: tls-certificate
              hosts:
              - demoexample.jans.io #CHANGE-THIS to the FQDN used for Jans  
      config:
        configmap:
          cnSqlDbName: jans
          cnSqlDbPort: 3306
          cnSqlDbDialect: mysql
          cnSqlDbHost: my-release-mysql.jans.svc
          cnSqlDbUser: root
          cnSqlDbTimezone: UTC
          cnSqldbUserPassword: Test1234#
      
  3. Install Jans

    After finishing all the tweaks to the override.yaml file, we can use it to install jans.

    helm repo add janssen https://docs.jans.io/charts
    helm repo update
    helm install janssen janssen/janssen -n jans -f override.yaml
    

Configure Janssen#

You can use the TUI to configure Janssen components. The TUI calls the Config API to perform ad hoc configuration.


Last update: 2024-11-18
Created: 2022-05-18