Guides

Install GIS Cloud Suite - K3S

This guide is used for quickly deploying GIS Cloud Suite on K3S by single machine. GIS Cloud Suite with K3S package is based on K3S. The introduce of K3S please refer to K3S Official Website.

All the packages introduced below can be downloaded from the link:

Requirement

  1. Linux operating system(Recommend to use Ubuntu 18.04 or Ubuntu 16.04).
  2. supermap-giscloudsuite-with-k3s-11.0.0-linux-x64.tar.gz package.
  3. System Requirements:

    • Number of processors: 4 cores+
    • Memory: 8 GB+
    • Disk: 80 GB+
    • The built-in environments need extra resources
  4. Images preparation(If you use Alibaba Cloud registry, skip this step. For specific methods, please refer to the “Combined Image Instructions” in the “Combined Image Packages” directory of the link)

    • supermap-imanager-for-kubernetes-registry-all-11.0.0-linux-x64.tar.gz
    • supermap-imanager-for-kubernetes-images-bigdata-11.0.0-linux-x64.tar.gz
    • supermap-imanager-for-kubernetes-images-machinelearning-11.0.0-linux-x64.tar.gz

Install Image Registry

If you install GIS Cloud Suite on the extranet, skip this step and set Alibaba cloud registry.

Before installing the image registry, execute the command docker version to make sure you have installed Docker.

  1. Put the image package in any directory and unzip(If the name of your package is not the same as below, replace the package name in the command to your package name):

    tar -zxf supermap-imanager-for-kubernetes-registry-all-11.0.0-linux-x64.tar.gz
  2. Enter the directory that you unzipped:

    cd supermap-imanager-for-kubernetes-registry-all-11.0.0-linux-x64
  3. Install image repository:

    chmod +x startup.sh  && ./startup.sh
  4. Verify. Execute the following command, if no error prompts, you have successful installed image registry. Replace the {ip} below by the actual IP of your machine.

    docker pull {ip}:5000/supermap/scratch:latest-amd64

    If you install registry on ARM, change the image tag ‘latest-amd64’ to ‘latest-arm64’.

Install GIS Cloud Suite

You need to open the port of “deploy_keycloak_port”(the port is 32221 by default), “deploy_gateway_port”(the port is 32222 by default), “deploy_bslicense_ui_port”(the port is 32223 by default) in the values.yaml file, and open the port 6443, 8443, 2049(open when using NFS for data storage), 8080, and 9100. If you use Alibaba Cloud ECS Server, add the ports to safety group rules. What is more, please make sure the port 3307 and 9183 is available.

Execute all the following commands by root permission:

  1. Unzip(If the name of your package is not the same as below, replace the package name in the command to your package name):

    tar -zxf supermap-giscloudsuite-with-k3s-11.0.0-linux-x64.tar.gz
  2. Enter the ‘supermap-giscloudsuite-with-k3s-11.0.0-linux-x64’ directory, and execute:

    vi values.yaml

    Modify the values.yaml file:

    Notes:

    1. The following configuration could only be set before starting, if you need any change, please execute ‘./startup.sh’ after modifying.
    2. The configuration have default values, do not delete any configuration when modifying.
    3. The “Required” variables need to be modified by your actual environment. The “Optional” variables can keep in default, please do not delete the default values.
     # Required. The GIS Cloud Suite image registry address, used for pulling images. The address is Alibaba cloud registry by default: registry.cn-beijing.aliyuncs.com. If you install GIS Cloud Suite on the extranet, keep in default.
     # If you install GIS Cloud Suite on the intranet, please refer to Install GIS Cloud Suite Image Registry above to install the registry, and fill the blank by the format <IP>:5000. Replace <IP> by the machine IP which you were installed registry on, for example, 192.168.17.110:5000.
     deploy_registry: registry.cn-beijing.aliyuncs.com
    
     # Required. The IP of the K3s installation machine. For example, 192.168.17.110. 
     deploy_kubernetes_public_ip:
    
     # Required. The administrator account name, used for logging GIS Cloud Suite, the account name is admin by default. It is recommended to modify the account name before executing "./startup.sh".
     deploy_ispeco_user_name: user_admin
    
     # Optional. Your NFS Server address, NFS Server is used for storing the data of GIS Cloud Suite, recommended to set, the address could be IP or domain name. For example: 192.168.17.150.
     # If you are going to configure NFS Server, please install NFS Client on your machine first.
     deploy_nfs_server:
    
     # Optional. The path of NFS server, the default path is /. If you do not configure a NFS, the default data volume is hostPath, located on /opt/giscloudsuite directory.
     deploy_nfs_path: /
    
     # Optional. The URL of K3s master node. The value is https://kubernetes.default.svc by default, keep in default.
     deploy_kubernetes_master_url: https://kubernetes.default.svc
    
     # Optional. The service protocol of image repository,fills in [http|https], the value is http by default. If you use the image registry that installed by SuperMap image package, change the value to http.
     deploy_registry_protocol: https
    
     # Optional. The name of your StorageClass, used for storing the data of GIS Cloud Suite. StorageClass and NFS Server(deploy_nfs_server) are used for storing GIS Cloud Suite data, if you configured both of them, the data will be stored in NFS Server.
     deploy_storage_class_name:
    
     # Optional. The K3s namespace, the value is giscloudsuite by default, you can define a name by your requirement.
     deploy_namespace: giscloudsuite
    
     # Optional. The service protocol of GIS Cloud Suite,fills in [http|https], the value is http by default.
     deploy_service_protocol: http
    
     # Optional. The image pull policy, choose one of these:[Always|Never|IfNotPresent], the value is IfNotPresent by default.
     # Always: Pull the latest images from registry.
     # Never: Use local images and nerver pull the images from registry.
     # IfNotPresent: Use local images first. If local images are unavailable, pull the images from registry.
     deploy_image_pull_policy: IfNotPresent
    
     # Optional. The image pull secret, used for identity authentication when pulling private images. You need to create a resource with the same name as the Secret in the namespace of Kubernetes. Please refer GIS Cloud Suite > Appendix > FAQ Question 12 to see how to create the resource.
     deploy_image_pull_secret:
    
     # Optional. The name of namespace which stores images in registry, the default name is 'supermap', you can define the name by the requirement.
     deploy_image_namespace: supermap
    
     # Optional. The service type of Keycloak, fills in [NodePort|LoadBalancer], generally keep in default. 
     deploy_keycloak_service_type: NodePort
    
     # Optional. The number of CPUs of a service in GIS Cloud Suite, the number is 1 by default.
     deploy_cpu_limit: 1
    
     # Optional. The memory of a service in GIS Cloud Suite, the memory should be larger than or equal to 4Gi, the memory is 4Gi by default.
     deploy_memory_limit: 4Gi
    
     # Optional. The image tag of iserver_gisapplication.
     deploy_gis_app_tag: 11.0.0-amd64
    
     # Optional. The port of Keycloak UI, select the range between 30000-32767, except 31234, the default is 32221. If you define a port, make sure the port is different to others port setting.
     deploy_keycloak_port: 32221
    
     # Optional. The port of GIS Cloud Suite UI, select the range between 30000-32767, except 31234, the default is 32222. If you define a port, make sure the port is different to others port setting.
     deploy_gateway_port: 32222
    
     # Optional. The port of license center, select the range between 30000-32767, except 31234, the default is 32223. If you define a port, make sure the port is different to others port setting.
     deploy_bslicense_ui_port: 32223
    
     # Optional. Whether to disable iPortal, fills in [true|false], the value is true by default.
     # true: Disable iPortal.
     # false: Do not disable iPortal
     deploy_disable_iportal: true
    
     # Optional. Whether the license center is going to disable local storage, fills in [true|false], the value is false by default. When the value is true, you must configure either deploy_nfs_server or default_storage_class_name.
     # true: License center do not use local storage.
     # false: License center use local storage.
     deploy_disable_bslicense_local_volume: false
    
     # Optional. HBase capability optimization, fills in [true|false]. If you would not use HBase environment, keep in default. If you want to optimize built-in HBase, set the value to true, and see Question 15 in GIS Cloud Suite > Appendix > FAQ to create PV.
     deploy_disable_hbase_nfs_volume: false
    
     # Optional. The Kubernetes node IP which is mapped by GIS Cloud Suite domain name(the IP that configured in DNS Server), required to configure if your GIS Cloud Suite has a domain name. The value is using the first Kubernetes node IP by default.
     deploy_domain_ip:
    
     # Optional. The domain name of GIS Cloud Suite, for example, imanager.iservergateway.com. Visit GIS Cloud Suite by IP:PORT if you do not configure domain name.
     deploy_gateway_domain:
    
     # Optional. The directory which to store the certificate of GIS Cloud Suite domain name. Take effect only if configured GIS Cloud Suite domain name(deploy_gateway_domain). The directory of certificate should be the same as values.yaml file. Fill in the relative path. such as: gateway/tls.crt.
     deploy_gateway_certificate_path:
    
     # Optional. The directory which to store the private key of GIS Cloud Suite domain name. Take effect only if configured GIS Cloud Suite domain name(deploy_gateway_domain). The directory of private key should be the same as values.yaml file. Fill in the relative path, such as: gateway/tls.key.
     deploy_gateway_private_key_path:
    
     # Optional. The domain name of Keycloak, such as: imanager.keycloak.com. Visit Keycloak by IP:PORT if you do not configure a domain name.
     deploy_keycloak_domain:
    
     # Optional. The directory which to store the certificate of Keycloak domain name. Take effect only if configured GIS Cloud Suite domain name(deploy_gateway_domain).  The directory of the certificate should be the same as values.yaml file. Fill in the relative path, such as: keycloak/tls.crt.
     deploy_keycloak_certificate_path:
    
     # Optional. The directory which to store the private key of Keycloak domain name. Take effect only if configured GIS Cloud Suite domain name(deploy_gateway_domain). The directory of the private key should be the same as values.yaml file. Fill in the relative path, such as: keycloak/tls.key.
     deploy_keycloak_private_key_path:
    
     # Optional. The time zone of the system. Fill in the relative path in the directory /usr/share/zoneinfo/, such as Asia/Shanghai and America/New_York.
     deploy_timezone: Asia/Shanghai
    
     # Optional. Disable metrics server or not, metrics server is used for monitoring the resources of Kubernetes, fills in [true|false]. The value is false by default.
     # true: Disable the metrics server.
     # false: Do not disable metrics server.
     deploy_disable_metrics_server: false
    
     # Optional. Enable asynchronous function in Serverless environment or not, fills in [true|false], the value is blank by default. Enable to take effect only if the system is with a Dapr environment.
     # true: Enable asynchronous function.
     # false: Disable asynchronous function.
     # If you do not fill the value, the system will fill the value automatically.
     deploy_async_function_enabled:
    
     # Optional. Enable synchronous function in Serverless environment or not, fills in [true|false], the value is blank by default. Enable to take effect only if the system is with a Knative environment.
     # true: Enable synchronous function.
     # false: Disable synchronous function.
     # If you do not fill the value, the system will fill the value automatically.
     deploy_sync_function_enabled:

    Notes:

    1. The password used by default is Supermap123, please modify it in time.
    2. Using the same password for long is the main reason for password cracking. In an environment with extremely high security requirements, the default administrator password should be modified and updated regularly.
    3. If the password is too simple, it may be decrypted and brute-forced by malicious users who will steal important information and resources, posing security risks. Please try to update your password as complex as possible.

    Save and quit the file.

  3. Install:

    Execute all the commands with root permission:

    chmod +x startup.sh && ./startup.sh

    When you execute startup.sh script, the registry address and protocol will update automatically. The system will ask you to confirm the IP, the IP can be accessed from outside.

    After installing, visit the GIS Cloud Suite UI by http://{ip}:32222, visit the SuperMap License Center UI by http://{ip}:32223. {ip}: the IP of K3S machine. If the value of deploy_service_protocol is https, the access address should be https://{ip}:32222 and https://{ip}:32223.

    Refer to the settings of values.yaml file to see the username and password.

  4. Activate License

    Visit the SuperMap License Center UI, click on Update on the License Center page, and follow the Operation Steps to activate the license (If you do not have the license, please apply the trial license on SuperMap official website).

    activatelicense

    Check the License Status after activating the license.

    licensestatus1

Appendix

  1. Adds or modifies http registry to K3S

    Edit ‘/var/lib/rancher/K3S/agent/etc/containerd/config.toml.tmpl’

    If the file is not existing, execute the command:

    cp /var/lib/rancher/K3S/agent/etc/containerd/config.toml /var/lib/rancher/K3S/agent/etc/containerd/config.toml.tmpl

    Find the variable ‘plugins.cri.registry’, and modify it by the actual value(replace registry.ispeco.com by your address)

    [plugins.cri.registry]
     [plugins.cri.registry.mirrors]
       [plugins.cri.registry.mirrors."registry.ispeco.com"]
         endpoint = ["http://registry.ispeco.com"]

    If you have multiple registries, you can continue to add ‘plugins.cri.registry.mirrors.xxx’. Here we use 192.168.17.150:5001 registry as an example.

    [plugins.cri.registry]
     [plugins.cri.registry.mirrors]
       [plugins.cri.registry.mirrors."registry.ispeco.com"]
         endpoint = ["http://registry.ispeco.com"]
       [plugins.cri.registry.mirrors."192.168.17.150:5001"]
         endpoint = ["http://192.168.17.150:5001"]

    Restart K3S after modifying.

    systemctl restart K3S
  2. If you want to delete GIS Cloud Suite environment, execute:

    chmod +x shutdown.sh && ./shutdown.sh

    If you want to completely delete GIS Cloud Suite environment, execute:

    chmod +x shutdown.sh && ./shutdown.sh -v

    If you want to redeploy GIS Cloud Suite environment, please Uninstall K3S environment after executing the above commands.

  3. Uninstall K3S environment.

    Execute the following command under the directory of system task to uninstall K3S environment, this command will delete all the related data, includes images and configurations.

    K3S-uninstall.sh
  4. The access addresses of the basic services({ip}: the IP of K3S machine):

    Service Address
    GIS Cloud Suite http://{ip}:32222 or https://{ip}:32222
    SuperMap License Center http://{ip}:32223 or https://{ip}:32223