Install Semarchy xDM on Kubernetes

You can install Semarchy xDM into a Kubernetes cluster using a Helm chart.

Prerequisites and requirements

You will need the following to install Semarchy xDM on Kubernetes using a Helm chart.

  • A Kubernetes cluster and appropriate access rights: ensure you have a functional Kubernetes cluster set up, whether on premises or with a cloud provider like AWS, Azure, or GCP. Confirm you have the necessary permissions and access rights to deploy resources to the Kubernetes cluster.

  • Helm installed: install Helm, the Kubernetes package manager, on your local machine or the machine from which you plan to deploy the Helm chart. For more information, see the official Helm documentation.

  • (Optional) SSL certificate: if enabling SSL, ensure you have a domain and necessary configurations for certificate issuance.

    The Helm chart integrates with LetsEncrypt to generate signed certificates automatically using the HTTP01 solver.

Architecture

xDM generic Kubernetes cluster architecture

The default configuration establishes a high-availability setup, featuring one active node and multiple passive nodes, as per xDM high-availability terminology.

The ingress exposes a single IP address externally. Ensure to register two DNS names against this address—​one for the active service and another for the passive service.

Installation steps

To install the Helm chart for your xDM application on Kubernetes, the recommended approach is to pull the chart from a chart repository (i.e., an endpoint that the Helm client can register and query for updates).

  1. Access the Helm chart and related resources on GitHub.

  2. Install the CustomResourceDefinition (CRD) resources required by cert-manager.

    kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.2/cert-manager.crds.yaml

  3. Add the chart repository to retrieve the Helm chart.

    # helm repo add <repository name> <repository URL>
helm repo add semarchy https://github.com/semarchy/helm-charts

  4. Install the xDM Helm chart, adjusting the parameters according to your configuration.

    helm install --<helm-chart-release-name> <chart-name> <flags>
# Enable cert-manager for the installation
--set "cert-manager.enabled"=true \
# Set the email for ACME registration
--set acme_registration_email=<your-email@domain.com> \
# Configure DNS
--set active_host_name=<your-active-host-name> \
--set passive_host_name=<your-passive-host-name> \
# Set the setup token (this is a one-time value used when prpvisioning the cluster)
--set semarchy_setup_token=<my_secret_token> \
# Set the database users and configuration
    # For PostgreSQL
xdm_repository_driver: org.postgresql.Driver
xdm_repository_url: jdbc:postgresql://<cluster-ip-address>:<cluster-port>/semarchy_repository
    # For SQL Server
# xdm_repository_driver: com.microsoft.sqlserver.jdbc.SQLServerDriver
# xdm_repository_url: jdbc:sqlserver://localhost:1433;databaseName=REPOSITORY
    # For Oracle Database
# xdm_repository_driver: oracle.jdbc.OracleDriver
# xdm_repository_url: jdbc:oracle:thin:@localhost:1521:XE
# xdm_repository_ro_cnxn_init_sql: ALTER SESSION SET CURRENT_SCHEMA = repository_user
--set xdm_repository_username=semarchy_repository \
--set xdm_repository_password=semarchy_repository \
--set xdm_repository_ro_username=semarchy_repository_ro \
--set xdm_repository_ro_password=semarchy_repository_ro

  5. Retrieve the ingress IP address.

    kubectl get ingress xdm-ingress -n dev
Security considerations

The provided Helm chart leverages Kubernetes Secrets in the deployment of xDM to manage sensitive information securely, with the option to enhance security through integration with external secrets management tools.