Install¶

The kjournal apiserver can be deployed using you favourite continous delivery utitlities or you may build and deploy from the source code. Below you can find the steps for each of them.

Install the pre-compiled apiserver¶

A backing storage needs to be confgured in order to tell kjournal from where it can get the data. This is the longterm storage your log shippers will send data to. All installation method offer a couple of preconfigured installation templates to get started. Visit the config page for more information regarding the kjournal apiserver config. The default behaviour is elasticsearch as backing storage and it expects kjournal structured documents.

kjournalKustomizeHelm

kjournal install -n kjournal-system --with-config-template=elasticsearch-kjournal-structured

cat <<EOT >> kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- github.com/raffis/kjournal//config/default

components:
- github.com/raffis/kjournal//config/components/config-templates/elasticsearch-kjournal-structured
EOT && kustomize build | kubectl apply -f -

helm upgrade kjournal --install oci://ghcr.io/raffis/charts/kjournal --set apiserverConfig.templateName=elasticsearch-kjournal-structured

You may find addtional documentation regarding support chart values in the chart documentation here.

Warning

It is recommended to enable certmanager support on any production cluster. See bellow.

Configuration templates¶

Template name	Description
`elasticsearch-kjournal-structured`	Configures the apiserver for an elasticsearch backend. The docuements are expected to be directly compatible with the kjournal api specification.
`elasticsearch-fluentbit-simple`	Configures the apiserver for an elasticsearch backend. The fields are mapped to to a document structure which is usually created by the fluent-bit kubernetes plugin without any special configuration.
`elasticsearch-filebeat-simple`	Configures the apiserver for an elasticsearch backend. The fields are mapped to to a document structure which is usually created by the filebeat kubernetes plugin without any special configuration.

Install a specific version of the pre-compiled apiserver¶

kjournalKustomizeHelm

kjournal install -n kjournal-system --version 0.0.1

kustomize build github.com/raffis/kjournal?ref=v0.0.1//config/default | kubectl apply -f -

helm upgrade kjournal --install oci://ghcr.io/raffis/charts/kjournal --version 0.0.1

Certmanager support¶

It is recommended to enable certmanger support for setting up a trusted certificate between the kubernetes apiserver and the kjournal apiserver. By default the kuberntes apiserver trusts kjournal without validating the certificate.

kjournalHelmKustomize

kjournal install -n kjournal-system --with-certmanager

helm upgrade kjournal --install oci://ghcr.io/raffis/charts/kjournal --set certmanager.enabled=true

cat <<EOT >> kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- github.com/raffis/kjournal//config/default

components:
- github.com/raffis/kjournal//config/components/certmanager
EOT && kustomize build | kubectl apply -f -

Prometheus support¶

kjournal has support for the prometheus-operator or using prometheus scraping via annotations.

kjournalHelmKustomize

kjournal install -n kjournal-system --with-prometheus=operator/annotations

helm upgrade kjournal --install oci://ghcr.io/raffis/charts/kjournal --set serviceMonitor.enabled=true

cat <<EOT >> kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- github.com/raffis/kjournal//config/default

components:
- github.com/raffis/kjournal//config/base/components/prometheus
EOT && kustomize build | kubectl apply -f -

Verifying the artifacts¶

Binaries¶

All artifacts are checksummed and the checksum file is signed with cosign.

Download the files you want, and the checksums.txt, checksum.txt.pem and checksums.txt.sig files from the [releases][releases] page:

wget https://github.com/raffis/kjournal/releases/download/__VERSION__/checksums.txt
wget https://github.com/raffis/kjournal/releases/download/__VERSION__/checksums.txt.sig
wget https://github.com/raffis/kjournal/releases/download/__VERSION__/checksums.txt.pem

Verify the signature:

cosign verify-blob \
--cert checksums.txt.pem \
--signature checksums.txt.sig \
checksums.txt

If the signature is valid, you can then verify the SHA256 sums match with the downloaded binary:
```
sha256sum --ignore-missing -c checksums.txt
```

Container images¶

Likewise are the container images signed with cosign.

Verify the signatures:

cosign verify ghcr.io/raffis/kjournal/apiserver

Info

The .pem and .sig files are the image name:tag, replacing / and : with -.

Compile and install from source¶

Here you have two options:

If you want to contribute to the project, please follow the steps on our contributing guide.

If you just want to build from source for whatever reason, follow these steps:

clone:

git clone https://github.com/raffis/kjournal
cd kjournal

build image:

make docker-build

deploy:

make deploy

Note

make deploy uses kustomize under the hood to apply the overlay config/default with the just built image.