Cloud Installation
This tutorial shows you how to install Horizon
on the cloud provider of your choice, and shows you some details you should be aware of.
Prerequisites
Before you begin, make sure you have the following:
- A Kubernetes cluster, whose nodes we can connect to using
ssh
. - The
kubectl
command-line tool installed and configured to connect to your cluster. - The
helm
command-line tool installed and configured to connect to your cluster.
Prepare
- Check your Kubernetes version, and make sure it is in the range of
1.19.3
to1.24.7
. - Check if Kubernetes has a default storage class. If it doesn't, you should set a default storage class.
- Check if the default storage class has a capacity limit and make sure that a minimum of 20Gi capacity is requested when creating a persistent volume.
- Check if these's an ingress controller in your cluster. If not, you should install one. Please refer to Ingress Controller Installation for more details.
Install Horizon
Installing by script is not recommended in production environment. We will install Horizon manually in this tutorial.
Install by Helm
Firstly, add the Horizon repository to Helm:
helm repo add horizoncd https://horizoncd.github.io/helm-charts
Then, install Horizon:
helm install horizon horizoncd/horizon --namespace horizoncd --create-namespace --set tags.minimal=false,tags.full=true
In Alibaba Cloud
or Tencent Cloud
, its default storage class requiring that PV created should have a minimum of 20Gi capacity. So you need set all the storage
to 20Gi
before installing Horizon.
helm install horizon horizoncd/horizon --namespace horizoncd --create-namespace --set tags.minimal=false,tags.full=true \
--set mysql.primary.persistence.size=20Gi \
--set gitlab.persistence.size=20Gi \
--set harbor.persistence.persistentVolumeClaim.databse.size=20Gi \
--set harbor.persistence.persistentVolumeClaim.jobservice.size=20Gi \
--set minio.persistence.size=20Gi \
--set harbor.persistence.persistentVolumeClaim.database.size=20Gi
If your cluster couldn't access docker hub, you could use our mirror registry to pull the images.
helm install horizon horizoncd/horizon --namespace horizoncd --create-namespace --set tags.minimal=false,tags.full=true \
-f https://raw.githubusercontent.com/horizoncd/helm-charts/main/horizon-cn-values.yaml
The tags.minimal
and tags.full
are used to control which components will be installed. In production environment, installing all components is recommended. So you should set tags.minimal=false
and tags.full=true
.
In production environment, you should use a net-based storage class for MySQL
and GitLab
. Otherwise, the data will be lost when the pod is rescheduled to another node. Or you cloud just deploy MySQL
and GitLab
on a dedicated machine.
Registry
Domain
Installation will bring up a registry service, which is used to store the images of the applications. The registry service is based on Harbor.
Horizon will push the image of the application to the registry service. When deploying a new application instance, Kubernetes will pull the image of the application from the registry service. So Kubernetes' CRI should be able to resolve the registry service's domain name. There's two ways to do this.
Edit Resolv.conf
If you are using CoreDNS
as the DNS server, you can edit the resolv.conf
file of the host machine to add the registry service's domain name for all kubernetes nodes.
# On Kubernetes Nodes
DNS_IP=`kubectl get service -n kube-system kube-dns -o jsonpath='{.spec.clusterIP}'`
echo "nameserver $DNS_IP" | tee /etc/resolv.conf
Edit Hosts
You could also edit the /etc/hosts
file of all kubernetes nodes to add the registry service's domain name.
# On Kubernetes Nodes
SVC_IP=`kubectl get services -n horizoncd horizon-registry -ojsonpath="{.spec.clusterIP}"`
echo "$SVC_IP horizon-registry.horizoncd.svc.cluster.local" | tee -a /etc/hosts
Insecure
The bundled Harbor uses a self-signed certificate. When Kubernetes runtime tries to pull the image from the registry service, it will fail because of the certificate. So you should tells the runtime using the insecure registry
to make the registry service use an insecure connection.
Docker
# On Kubernetes Nodes
echo '{
"insecure-registries" : ["horizon-registry.horizoncd.svc.cluster.local"]
}' | tee /etc/docker/daemon.json
systemctl restart docker
Containerd
# On Kubernetes Nodes
echo '[plugins."io.containerd.grpc.v1.cri".registry.configs."horizon-registry.horizoncd.svc.cluster.local".tls]
insecure_skip_verify = true' | tee -a /etc/containerd/config.toml
systemctl restart containerd
If you have any questions about Horizon, you could contact us directly. Contact information can be found in the github repository.
Horizon Domain
Horizon use ingress to expose the service. So you should set a domain name for Horizon. You can set it by --set ingress.hosts[0]=<horizon-domain>
.
helm install horizon horizon/horizon --namespace horizoncd --create-namespace --set tags.minimal=false,tags.full=true \
--set ingress.hosts[0]=<horizon-domain> \
--set argo-cd.server.ingress.hosts[0]=<argocd-domain> \
--set gitlab.ingress.hosts[0]=<gitlab-domain> \
--set gitlab.config.GITLAB_HOST=<gitlab-domain>
After setting the domain name, you should access Horizon by http://<horizon-domain>
, then follow the How to Deploy Your First Workload tutorial to make further operations.