# Governance App This article outlines the steps required to install and configure the Governance App as a containerized service within an OpenShift cluster. It includes prerequisites, Helm-based deployment instructions, environment variable configuration, and guidance for integrating the Governance App with existing application components such as UI and Job containers. Optional SSL setup guidance is also provided for secure access via Ingress or LoadBalancer. ## Prerequisites Before beginning the installation and configuration, ensure the following system and environment prerequisites are met: * **Memory**: Minimum 2 GB RAM allocated for the Governance App container. * **OpenShift Cluster Access**: * Permissions to create and manage Persistent Volumes (PV) and Persistent Volume Claims (PVC). * Support for Azure File Share integration. * **Tooling**: * `kubectl` installed and configured to access the OpenShift cluster. * `Helm` version 3.x or higher installed on the deployment host. ## Installation Steps 1. Prepare Helm Chart Files * Navigate to the **Helm chart templates directory** of your application. ```bash cd /templates ``` * Add the **Governance App deployment file** (`gov-deploy.yaml`): ```yaml apiVersion: apps/v1 kind: Deployment metadata: name: gov-deployment labels: app: gov-deployment spec: {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.govreplicaCount }} {{- end }} selector: matchLabels: app: gov-deployment template: metadata: {{- with .Values.podAnnotations }} annotations: {{- toYaml . | nindent 8 }} {{- end }} labels: app: gov-deployment spec: {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} securityContext: runAsNonRoot: true runAsUser: 1000 runAsGroup: 1000 containers: - name: {{ .Chart.Name }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} image: {{ .Values.image.gov_image }} imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - name: http containerPort: 8081 protocol: TCP env: - name: MYSQL_ENDPOINT value: {{ .Values.dbdetails.MYSQL_ENDPOINT }} - name: MYSQL_DB value: {{ .Values.dbdetails.MYSQL_DB }} - name: MYSQL_USER value: {{ .Values.dbdetails.OVALEDGE_MYSQL_USER }} - name: MYSQL_PASSWD value: {{ .Values.dbdetails.OVALEDGE_MYSQL_PASSWORD }} - name: keyvault_uri value: {{ .Values.azure_keyvault.keyvault_uri | quote }} - name: keyvault_tenantid value: {{ .Values.azure_keyvault.keyvault_tenantid | quote }} - name: keyvault_clientid value: {{ .Values.azure_keyvault.keyvault_clientid | quote }} - name: keyvault_client_secret value: {{ .Values.azure_keyvault.keyvault_client_secret | quote }} - name: azure_resource value: {{ .Values.azure_keyvault.azure_resource | quote }} - name: jdbcstringurl value: {{ .Values.azure_keyvault.keyvault_jdbcstringurl | quote }} - name: keyvault_mysql_username value: {{ .Values.azure_keyvault.keyvault_mysql_username | quote }} - name: keyvault_mysql_password value: {{ .Values.azure_keyvault.keyvault_mysql_password | quote }} - name: app_url value: {{ .Values.SAML.ENTITY_BASE_URL | quote }} resources: {{- toYaml .Values.resources | nindent 12 }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} ``` * Add the **Governance App service file** (`gov-service.yaml`): ```yaml apiVersion: v1 kind: Service metadata: name: gov-svc labels: app: gov-deployment spec: type: {{ .Values.GovApp.GOV_SVC_TYPE }} ports: - port: {{ .Values.GovApp.GOV_SVC_PORT }} targetPort: 8081 protocol: TCP name: http selector: app: gov-deployment ``` * Update `values.yaml` with Governance App details: ```yaml image: gov_image: "" GovApp: GOV_APP_PROTOCOL: http GOV_APP_HOST: gov-svc GOV_APP_PORT: "8081" GOV_SVC_TYPE: ClusterIP GOV_SVC_PORT: "8081" ``` 2. **Deploy Governance App** * Run the Helm upgrade/install command to deploy Governance App into your namespace: ```bash helm upgrade --install governance-app -n ``` * Verify the pods are running: ```bash kubectl get pods -n ``` 3. **Integrate with UI and Job Containers** * Edit `ui-deployment.yaml` and `job-deployment.yaml` in your Helm chart templates. * Add the following environment variables under the container spec: ```yaml - name: GOV_APP_PROTOCOL value: {{ .Values.GovApp.GOV_APP_PROTOCOL | quote }} - name: GOV_APP_HOST value: {{ .Values.GovApp.GOV_APP_HOST | quote }} - name: GOV_APP_PORT value: {{ .Values.GovApp.GOV_APP_PORT | quote }} ``` * Upgrade/redeploy Helm to apply the changes. 4. **(Optional) SSL Configuration** * For secure access, configure SSL in one of the following ways: * **Ingress-based SSL (Recommended)** * Create an OpenShift Route or Kubernetes Ingress. * Attach TLS secrets. * Add annotations required by your ingress controller. * **LoadBalancer-based SSL** * Change the service type in `gov-service.yaml` to `LoadBalancer`. * Configure TLS termination at the LoadBalancer level. *** Copyright © 2025, OvalEdge LLC, Peachtree Corners, GA, USA. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.ovaledge.com/release8.1/deployment-and-maintenance/installation/governance-app.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.