search
Ctrlk
AcademyCustomer Portal

Governance App

This article outlines the steps required to install and configure the Governance App as a containerized service within an OpenShift cluster. It includes prerequisites, Helm-based deployment instructions, environment variable configuration, and guidance for integrating the Governance App with existing application components such as UI and Job containers. Optional SSL setup guidance is also provided for secure access via Ingress or LoadBalancer.

hashtag
Prerequisites

Before beginning the installation and configuration, ensure the following system and environment prerequisites are met:

  • Memory: Minimum 2 GB RAM allocated for the Governance App container.

  • OpenShift Cluster Access:

    • Permissions to create and manage Persistent Volumes (PV) and Persistent Volume Claims (PVC).

    • Support for Azure File Share integration.

  • Tooling:

    • kubectl installed and configured to access the OpenShift cluster.

    • Helm version 3.x or higher installed on the deployment host.

hashtag
Installation Steps

  1. Prepare Helm Chart Files

    • Navigate to the Helm chart templates directory of your application.

      cd <helm-chart-root>/templates

    • Add the Governance App deployment file (gov-deploy.yaml):

      apiVersion: apps/v1
kind: Deployment
metadata:
  name: gov-deployment
  labels:
    app: gov-deployment
spec:
  {{- if not .Values.autoscaling.enabled }}
  replicas: {{ .Values.govreplicaCount }}
  {{- end }}
  selector:
    matchLabels:
      app: gov-deployment
  template:
    metadata:
      {{- with .Values.podAnnotations }}
      annotations:
      {{- toYaml . | nindent 8 }}
      {{- end }}
      labels:
        app: gov-deployment
    spec:
      {{- with .Values.imagePullSecrets }}
      imagePullSecrets:
      {{- toYaml . | nindent 8 }}
      {{- end }}
      securityContext:
        runAsNonRoot: true
        runAsUser: 1000
        runAsGroup: 1000
      containers:
        - name: {{ .Chart.Name }}
          securityContext:
            {{- toYaml .Values.securityContext | nindent 12 }}
          image: {{ .Values.image.gov_image }}
          imagePullPolicy: {{ .Values.image.pullPolicy }}
          ports:
            - name: http
              containerPort: 8081
              protocol: TCP
          env:
            - name: MYSQL_ENDPOINT
              value: {{ .Values.dbdetails.MYSQL_ENDPOINT }}
            - name: MYSQL_DB
              value: {{ .Values.dbdetails.MYSQL_DB }}
            - name: MYSQL_USER
              value: {{ .Values.dbdetails.OVALEDGE_MYSQL_USER }}
            - name: MYSQL_PASSWD
              value: {{ .Values.dbdetails.OVALEDGE_MYSQL_PASSWORD }}
            - name: keyvault_uri
              value: {{ .Values.azure_keyvault.keyvault_uri | quote }}
            - name: keyvault_tenantid
              value: {{ .Values.azure_keyvault.keyvault_tenantid | quote }}
            - name: keyvault_clientid
              value: {{ .Values.azure_keyvault.keyvault_clientid | quote }}
            - name: keyvault_client_secret
              value: {{ .Values.azure_keyvault.keyvault_client_secret | quote }}
            - name: azure_resource
              value: {{ .Values.azure_keyvault.azure_resource | quote }}
            - name: jdbcstringurl
              value: {{ .Values.azure_keyvault.keyvault_jdbcstringurl | quote }}
            - name: keyvault_mysql_username
              value: {{ .Values.azure_keyvault.keyvault_mysql_username | quote }}
            - name: keyvault_mysql_password
              value: {{ .Values.azure_keyvault.keyvault_mysql_password | quote }}
            - name: app_url
              value: {{ .Values.SAML.ENTITY_BASE_URL | quote }}
          resources:
            {{- toYaml .Values.resources | nindent 12 }}
      {{- with .Values.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
      {{- end }}

    • Add the Governance App service file (gov-service.yaml):

      apiVersion: v1
kind: Service
metadata:
  name: gov-svc
  labels:
    app: gov-deployment
spec:
  type: {{ .Values.GovApp.GOV_SVC_TYPE }}
  ports:
    - port: {{ .Values.GovApp.GOV_SVC_PORT }}
      targetPort: 8081
      protocol: TCP
      name: http
  selector:
    app: gov-deployment

    • Update values.yaml with Governance App details:

      image:
  gov_image: "<governance-image-tag>"

GovApp:
  GOV_APP_PROTOCOL: http
  GOV_APP_HOST: gov-svc
  GOV_APP_PORT: "8081"
  GOV_SVC_TYPE: ClusterIP
  GOV_SVC_PORT: "8081"

  2. Deploy Governance App

    • Run the Helm upgrade/install command to deploy Governance App into your namespace:

      helm upgrade --install governance-app <helm-chart-root> -n <namespace>

    • Verify the pods are running:

      kubectl get pods -n <namespace>

  1. Integrate with UI and Job Containers

    • Edit ui-deployment.yaml and job-deployment.yaml in your Helm chart templates.

    • Add the following environment variables under the container spec:

    • Upgrade/redeploy Helm to apply the changes.

  2. (Optional) SSL Configuration

    • For secure access, configure SSL in one of the following ways:

      • Ingress-based SSL (Recommended)

        • Create an OpenShift Route or Kubernetes Ingress.

        • Attach TLS secrets.

        • Add annotations required by your ingress controller.

      • LoadBalancer-based SSL

        • Change the service type in gov-service.yaml to LoadBalancer.

        • Configure TLS termination at the LoadBalancer level.

Copyright © 2025, OvalEdge LLC, Peachtree Corners, GA, USA.

Last updated

Was this helpful?