Deployment
Architecture
Qalita platform architecture diagram
Prerequisites
Platform
Computing power
The platform includes the Webapp with its backend. It requires little computing power.
| CPU | Memory | Usage |
|---|---|---|
| At rest | 500 Mo | 0.5 |
| In use | 2 Go | 1 |
| Optimal | 4 Go | 2 |
Storage
Storage includes :
- The relational database contains platform management data, metrics and user activity logs.
- S3 storage includes job logs and assets (pack archives).
| Usage | Postgresql | S3 |
|---|---|---|
| Minimal | 1 Go | 1 Go |
| Depends on volume of metrics and frequency of analysis | 10+ Go | 10+ Go |
Agents
Agent characteristics depend largely on the typology and volume of the source(s) for which it performs quality analyses.
| Utilization | Memory | CPU |
|---|---|---|
| Minimal | 50 Mo | 0.2 |
| Depends on source volume and analysis frequency | . | . |
I Cloud SaaS deployment
Qalita SAS offers a fully managed solution hosted on the European HDS and SecNumCloud cloud.
Architecture diagram of the Qalita platform in SaaS mode.
Contact us for more information.
II Localhost deployment
Prerequisites
To deploy locally on your computer, you will need:
- Docker
- Docker-compose
- Internet
- A valid license key 📀 Buy a license or contact us for a trial key
info
The license key allows you to connect to the docker registry and pull docker images, as well as adding information for the platform.
- Connect to the docker image repository :
docker login qalita.azurecr.io
- Create these two files:
docker-compose.yaml
version: '3'
services:
frontend:
image: qalita.azurecr.io/qalita/frontend:1.7.1
container_name: frontend
environment:
- QALITA_PUBLIC_DOC_URL=http://localhost:3001
- QALITA_PUBLIC_API_URL=http://localhost:3080
- QALITA_API_URL=http://backend:3080/api/v1
- NODE_ENV=production
- NEXT_TELEMETRY_DISABLED=1
- NEXT_WEBPACK_USEPOLLING=false
ports:
- "3002:3000"
depends_on:
- backend
- doc
backend:
image: qalita.azurecr.io/qalita/backend:1.7.1
container_name: backend
ports:
- "3080:3080"
tty: true
environment:
- POSTGRESQL_PASSWORD=*****************
- POSTGRESQL_USERNAME=qalita
- POSTGRESQL_SERVER=db
- POSTGRESQL_PORT=5432
- POSTGRESQL_DATABASE=qalitadb
- REDIS_SERVER=cache
- REDIS_PORT=6379
- REDIS_PASSWORD=
- QALITA_INIT_SLEEP=3
- QALITA_ADMIN_USERNAME=admin
- QALITA_ADMIN_PASSWORD=*****************
- QALITA_SECRET_KEY=*****************
- QALITA_ALGORITHM=HS256
- QALITA_ACCESS_TOKEN_EXPIRE_MINUTES=240
- QALITA_ENV=PROD
- QALITA_API_PORT=3080
- QALITA_API_HOST=0.0.0.0
- QALITA_FRONTEND_URL=http://localhost:3000
- QALITA_ORGANIZATION_NAME=Qalita Localhost
- QALITA_API_WORKER=4
- QALITA_S3_URL=http://s3:8333
- QALITA_S3_KEY_ID=*****************
- QALITA_S3_KEY_SECRET=*****************
depends_on:
- db
- cache
- s3
doc:
image: qalita.azurecr.io/qalita/doc:1.6.0
container_name: doc
ports:
- 3001:80
db:
image: bitnami/postgresql:15.4.0
tty: true
ports:
- "5432:5432"
container_name: db2
environment:
- POSTGRESQL_PASSWORD=*****************
- POSTGRESQL_USERNAME=qalita
- POSTGRESQL_DATABASE=qalitadb
- POSTGRESQL_PORT=5432
volumes:
- data:/bitnami/postgresql
cache:
image: redis:alpine
hostname: redis-cache
container_name: cache
ports:
- '6379:6379'
command: redis-server
volumes:
- cache:/data
s3:
image: chrislusf/seaweedfs:3.62
container_name: s3
ports:
- "8333:8333"
- "8080:8080"
- "9333:9333"
volumes:
- datas3:/data
- ./s3_config.json:/s3_config.json
command: server -dir=/data -s3 -s3.port 8333 -s3.config "/s3_config.json"
volumes:
data:
cache:
datas3:
s3_config.json
{
"identities": [
{
"name": "admin",
"credentials": [
{
"accessKey": "****************",
"secretKey": "****************"
}
],
"actions": [
"read",
"Write",
"List",
"Tagging",
"Admin"
]
},
{
"name": "reader",
"credentials": [
{
"accessKey": "****************",
"secretKey": "****************"
}
],
"actions": [
"read",
"List"
]
}
]
}
- Run docker-compose:
docker-compose up -d
III Deployment on Kubernetes
Architecture diagram of the Qalita platform deployed on Kubernetes.
Possible configurations Agents <-> Sources
Same namespace :
- Deployment with agent in same namespace
agent.enabled=true - Deployment of data sources in the same namespace
Other namespace:
- Agent deployment in another namespace
- To connect to a source in another namespace
Delocalized:
- Deploying an agent in any other environment (vm, localhost etc...)
- To connect to a source located in the same environment
Prerequisites
To deploy on a managed Kubernetes cluster, you'll need :
- A Kubernetes cluster
- A valid license key 📀 Buy a license or contact us for a trial key
- Kubernetes
1.24+ - Helm
3.0+ - Cert-Manager
1.0+
Dependencies
Qalita helm chart installation
tip
For the most up-to-date helm chart documentation: Go directly to the Artifacthub site
1. Create a namespace
Create a qalita namespace in your Kubernetes cluster.
2. Create a secret
Create a qalita-license secret in your qalita namespace, containing your license key.
3. Adding the chart Repository
helm repo add qalita https://helm.qalita.io/
helm repo update
4. Resolve dependencies
helm dependency update
5. Install
tip
You'll need to modify the values to best suit your organization. See an example values file
helm install qalita qalita/qalita -f values.yaml
6. Use it
The chart will deploy the following resources:
- QALITA App
- QALITA API
- QALITA Doc
- QALITA Postgresql Database
- QALITA Redis Cache Database
- QALITA Seaweedfs S3 Storage
With cluster.domain=example.com Creates the following endpoints:
Values
tip
You'll need to modify the values to best suit your organization. See a sample values file
Common
| Key | Type | Default | Description |
|---|---|---|---|
| cluster.issuer | string | letsencrypt-prod | Cluster Issuer for Cert-Manager, you can get your cluster issuer name by running kubectl get clusterissuer |
| cluster.domain | string | example.com | DNS Domain or Sub domain for QALITA app and api endpoints |
| cluster.name | string | local | Cluster name for QALITA app and api endpoints, it is concatenated with cluster.domain |
| dockerregistry.enabled | bool | true | Enable Private Docker Registry, qalita's container images are private, you need to setup the registry in order to pull the images |
| dockerregistry.dataSecret | string | {"auths":{"<registry-url>":{"password":"<password>", "username":"<username>"}}} | Docker Registry Secret, you need to configure it to pull the private registry images |
Frontend
| Key | Type | Default | Description |
|---|---|---|---|
| frontend.telemetryDisabled | string | 1 | Prevent NextJS framework to send telemetry data to Vercel Servers |
| frontend.webPackPolling | bool | false | Prevent webpack to update its compiled content, used only in dev mode |
| frontend.mode | string | production | The running mode of the platform, can be <DEV/PROD/DEMO> |
| frontend.image.repository | string | qalita.azurecr.io/qalita/frontend | QALITA Frontend Image Repository |
| frontend.image.tag | string | 1.5.0 | QALITA Frontend Image Tag |
| frontend.image.pullPolicy | string | Always | QALITA Frontend Image Pull Policy |
| frontend.replicaCount | int | 1 | QALITA Frontend Replica Count |
| frontend.service.type | string | ClusterIP | QALITA Frontend Service Type |
| frontend.service.targetPort | int | 3000 | QALITA Frontend Service Port |
| frontend.service.protocol | string | TCP | QALITA Frontend Service Protocol |
| frontend.ingress.enabled | bool | true | QALITA Frontend Ingress Enabled |
| frontend.ingress.tls.enabled | bool | true | QALITA Frontend Ingress TLS Enabled |
| frontend.deployment.resources.requests.cpu | string | 500m | QALITA Frontend Deployment CPU Request |
| frontend.deployment.resources.requests.memory | string | 256Mi | QALITA Frontend Deployment Memory Request |
| frontend.deployment.extraEnv | list | [] | QALITA Frontend Deployment Environment Variables, format : - name: QALITA_ENV value: "PROD" |
Backend
| Key | Type | Default | Description |
|---|---|---|---|
| backend.organization.name | string | local | Set the organization Name |
| backend.tokenExpireMinutes | int | 240 | Set the user session timeout, it is configured in the JWT exp value |
| backend.mode | string | PROD | The running mode of the platform, can be <DEV/PROD/DEMO> |
| backend.iniSleep | int | 3 | The amount of seconds the backend waits to connect to the backend database (postgresql) before retrying |
| backend.adminUsername | string | admin | The admin user name |
| backend.adminPassword | string | randAlphaNum 25 char long string | Admin Account password |
| backend.secretKey | string | randAlphaNum 512 char long string | Key seed to generate JWT Tokens |
| backend.secretKeyAlgorithm | string | HS256 | Algorithm Type used to issue JWT |
| backend.api.port | int | 3080 | Backend API exposed Port |
| backend.api.host | string | 0.0.0.0 | Ip address Backend is exposed to |
| backend.api.worker | int | 4 | Number of process bootstrapped |
| backend.image.repository | string | qalita.azurecr.io/qalita/backend | QALITA Backend Image Repository |
| backend.image.tag | string | 1.5.0 | QALITA Backend Image Tag |
| backend.image.pullPolicy | string | Always | QALITA Backend Image Pull Policy |
| backend.replicaCount | int | 1 | QALITA Backend Replica Count |
| backend.service.type | string | ClusterIP | QALITA Backend Service Type |
| backend.service.targetPort | int | 3000 | QALITA Backend Service Port |
| backend.service.protocol | string | TCP | QALITA Backend Service Protocol |
| backend.ingress.enabled | bool | true | QALITA Backend Ingress Enabled |
| backend.ingress.tls.enabled | bool | true | QALITA Backend Ingress TLS Enabled |
| backend.deployment.resources.requests.cpu | string | 500m | QALITA Backend Deployment CPU Request |
| backend.deployment.resources.requests.memory | string | 256Mi | QALITA Backend Deployment Memory Request |
| backend.deployment.extraEnv | list | [] | QALITA Backend Deployment Environment Variables, format : - name: QALITA_ENV value: "PROD" |
| backend.s3.url | string | http://seaweedfs-s3:8333 | S3 Store Url Endpoint |
| backend.s3.secretName | string | seaweedfs-s3-secret | Secret containing read / write credentials for the s3 store |
| backend.s3.admin_access_key_id | string | `` | S3 Write user access key |
| backend.s3.admin_secret_access_key | string | `` | S3 Write user secret key |
| backend.s3.read_access_key_id | string | `` | S3 read user access key |
| backend.s3.read_secret_access_key | string | `` | S3 read user secret key |
Agent
| Key | Type | Default | Description |
|---|---|---|---|
| agent.enabled | bool | false | Enabling agent deployment |
| agent.name | string | local-agent | Qalita Agent Name |
| agent.initscript | string | echo hello world | Qalita Agent init script helps add custom instructions before launching agent, can be used to mount cifs remote path or other actions |
| agent.mode | string | worker | Qalita Agent mode <job/worker> |
| agent.token | string | changeme | Qalita Agent API Token |
| agent.image.repository | string | qalita/agent | QALITA Agent Image Repository |
| agent.image.tag | string | 1.5.0 | QALITA Agent Image Tag |
| agent.image.pullPolicy | string | Always | QALITA Agent Image Pull Policy |
| agent.replicaCount | int | 1 | QALITA Agent Replica Count |
| agent.deployment.extraEnv | list | [] | QALITA Agent Deployment Environment Variables, format : - name: QALITA_ENV value: "PROD" |
| agent.deployment.resources.requests.memory | string | 256Mi | QALITA Agent Memory Request |
| agent.deployment.resources.requests.cpu | string | 200m | QALITA Agent CPU Request |
| agent.pvc.enabled | bool | false | Enable persistence for agent data |
| agent.pvc.storageSize | string | 10Gi | PVC Size for persisting data |
Documentation
| Key | Type | Default | Description |
|---|---|---|---|
| doc.image.repository | string | qalita.azurecr.io/qalita/doc | QALITA Doc Image Repository |
| doc.image.tag | string | 1.5.0 | QALITA Doc Image Tag |
| doc.image.pullPolicy | string | Always | QALITA Doc Image Pull Policy |
| doc.replicaCount | int | 1 | QALITA Doc Replica Count |
| doc.service.type | string | ClusterIP | QALITA Doc Service Type |
| doc.service.targetPort | int | 80 | QALITA Doc Service Port |
| doc.service.protocol | string | TCP | QALITA Doc Service Protocol |
| doc.ingress.enabled | bool | true | QALITA Doc Ingress Enabled |
| doc.ingress.tls.enabled | bool | true | QALITA Doc Ingress TLS Enabled |
| doc.deployment.resources.requests.cpu | string | 50m | QALITA Doc Deployment CPU Request |
| doc.deployment.resources.requests.memory | string | 50Mi | QALITA Doc Deployment Memory Request |
Database (Postgresql)
For more detailed configuration, please refer to Bitnami Postgresql Chart
| Key | Type | Default | Description |
|---|---|---|---|
| postgresql.enabled | bool | true | Enable deploy local postgresql, disable if you use external Postgresql Database |
| postgresql.image.tag | string | 15.3.0 | Postgresql Image Tag |
| postgresql.global.potgresql.auth.database | string | qalitadb | Postgresql Database Name |
| postgresql.global.potgresql.auth.username | string | qalita | Postgresql Database Username |
| postgresql.global.potgresql.auth.password | string | randAlphaNum 25 char long string | Postgresql Database Password |
| postgresql.primary.persistence.size | string | 8Gi | PVC Size for persisting data |
S3 Object Storage (Seaweedfs)
For more detailed configuration, please refer to Seaweedfs Chart
| Key | Type | Default | Description |
|---|---|---|---|
| seaweedfs.enabled | bool | true | Enable deploy local s3 file storage, disable if you use external S3 storage System |
| seaweedfs.global.imageName | string | chrislusf/seaweedfs | Seaweedfs Image Name |
| seaweedfs.global.createClusterRole | bool | true | Creates Service Accounts and Role and Role Binding for seaweedfs |
Cache (Redis)
For more detailed configuration, please refer to Truecharts Redis Chart
| Key | Type | Default | Description |
|---|---|---|---|
| redis.enabled | bool | true | Enable deploy local redis, disable if you use external Redis Database |
| redis.password | string | randAlphaNum 25 char long string | Redis Database Password |
Helm Sync
For more detailed configuration, please refer to alpine/helm
| Key | Type | Default | Description |
|---|---|---|---|
| helmSync.enabled | bool | false | Enable Helm Sync |
| helmSync.image.repository | string | alpine/helm | Helm Sync Image Repository |
| helmSync.kubeconfig | yaml | `` | Kubeconfig yaml formatted, see default values to have a template |
| helmSync.resources.requests.cpu | string | 500m | QALITA helmsync Deployment CPU Request |
| helmSync.resources.requests.memory | string | 256Mi | QALITA helmsync Deployment Memory Request |
warning
For production use, it is strongly recommended to deploy the platform on a managed Kubernetes cluster.
QALITA offers a fully managed solution hosted on the European HDS cloud and SecNumCloud.