Installing Crosser Control Center On-premise

This guide describes how to install Crosser Control Center on your own infrastructure, either on premise or in your own cloud account.

Introduction

The Crosser Control Center consists of several microservices, each deployed as its own container inside a Kubernetes cluster. There are also database and storage services residing outside the Kubernetes cluster, that are used by these services. Some services can run inside the cluster for test setups, but needs to run outside the cluster for high-availability production setups (see the 'External' column in the services table below).

The following table provides a short summary of each service:

Name	Required	External	Description
Ingress controller	Yes	No
Services manager	Yes	No
K8s API	Yes	No
Edgedirector	Yes	No	Back-end service for Crosser Control Cloud
IoT	Yes	No	Front-end service for 'old' UI pages (will be depreciated)
IPA	Yes	No	Front-end service for 'new' UI pages
Analyzer	Yes	No	Dependency manager for packages used by modules
Module registry	Yes	No	Repository for all modules used in Flows and by Nodes. Acts as a cache for the external nuget.org repository, where external dependencies are fetched.
Admin	Yes	No	Administration service for organization management. Only used by Crosser and partners, not accessible for end-users
Node manager	No	No	Sandbox manager
External requester	No	No	Makes external requests (over HTTP) when using the test tool in the Universal Connector wizard
Redis	Yes	For HA	Redis cache used by the Edgedirector service
Analyzer cache	Yes	No	Redis cache used by the Analyzer service
InfluxDB	Yes	For HA	Timeseries database used to store status information and metrics from Nodes
Database	Yes	For HA	Database that holds all configuration data, including accounts, users, nodes, flows, credentials...
Blob storage	Yes	Yes	Storage for resources and other large objects

Installation

Requirements

Kubernetes cluster version > 1.21
- All Kubernetes platform are supported like: Google Kubernetes Engine, Azure Kubernetes Service, Amazon EKS and Minikube.
Crosser Control Center needs persistence and ingress support in the Kubernetes cluster

With a Kubernetes cluster available and Helm installed, we can install Crosser Control Center in the Kubernetes cluster using the Crosser Helm chart.

Initialize a Helm chart configuration file

Helm charts contain templates that can be rendered to the Kubernetes resources to be installed. A user of a Helm chart can override the chart’s default values to influence how the templates render.

In this step we will initialize a chart configuration file for you to adjust your installation of Crosser Control Cloud. We will name and refer to it as config.yaml going forward.

Introduction to YAML

If you haven’t worked with YAML before, investing some minutes learning about it will likely be worth your time.

As of version 1.0.0, you don’t need any configuration to get started so you can just create a config.yaml file with some helpful comments.

In case you are working from a terminal and are unsure how to create this file, you can try with vi config.yaml or try our simple config (see attachements).

  # This file can update the Crosser Cloud Helm chart's default configuration values.
  #
  # For reference see the configuration reference and default values, but make
  # sure to refer to the Helm chart version of interest to you!
  #
  # Introduction to YAML:     https://www.youtube.com/watch?v=cdLNKUoMc6c
  # Chart config reference:   https://urltodocs/setup/configuration-reference/
  #

Install Crosser Control Center

Make Helm aware of the Crosser Control Center Helm chart repository so you can install the Crosser Control Center chart from it without having to use a long URL name.

helm repo add --username <username> --password <password> crosser-cloud https://registry.crosser.io/chartrepo/cloud
helm repo update

where:

<username> and <password> refers to the chart credentials you will get from Crosser when you have an On-premise contract.

This should show output like:

Hang tight while we grab the latest from your chart repositories...
...Skip local chart repository
...Successfully got an update from the "stable" chart repository
...Successfully got an update from the "crosser-cloud" chart repository
Update Complete. ⎈ Happy Helming!⎈

Now install the chart configured by your config.yaml by running this command from the directory that contains your config.yaml:
```
helm upgrade --cleanup-on-fail \
  --install <helm-release-name> crosser-cloud/crosser-cloud \
  --namespace <k8s-namespace> \
  --create-namespace \
  --version=<chart-version> \
  --values config.yaml \
  --timeout 3600s
```
where:
- <helm-release-name> refers to a Helm release name, an identifier used to differentiate chart installations. You need it when you are changing or deleting the configuration of this chart installation. If your Kubernetes cluster will contain multiple Crosser Control Centers make sure to differentiate them. You can list your Helm releases with helm list.
- <k8s-namespace> refers to a Kubernetes namespace, an identifier used to group Kubernetes resources, in this case all Kubernetes resources associated with the Crosser Cloud chart. You’ll need the namespace identifier for performing any commands with kubectl.
- This step may take a moment, during which time there will be no output to your terminal. Crosser Control Center is being installed in the background.
- If you get a release named <helm-release-name> already exists error, then you should delete the release by running helm delete <helm-release-name>. Then reinstall by repeating this step. If it persists, also do kubectl delete namespace <k8s-namespace> and try again.
- In general, if something goes wrong with the install step, delete the Helm release by running helm delete <helm-release-name> before re-running the install command.
- If you’re pulling from a large Docker image you may get a Error: timed out waiting for the condition error, add a --timeout=<number-of-minutes>m parameter to the helm command.
- The --version parameter corresponds to the version of the Helm chart, not the version of Crosser Control Center. Each version of the Crosser Control Center Helm chart is paired with a specific version of Crosser Control Center. E.g., 0.11.1 of the Helm chart runs Crosser Control Center 1.3.0. For a list of which Crosser Control Center version is installed in each version of the Crosser Control Center Helm Chart, see the release notes.
While Step 2 is running, you can see the pods being created by entering in a different terminal:
```
kubectl get pod --namespace <k8s-namespace>
```
To remain sane we recommend that you enable autocompletion for kubectl (follow the kubectl installation instructions for your platform to find the shell autocompletion instructions)
and set a default value for the --namespace flag:
```
kubectl config set-context $(kubectl config current-context) --namespace <k8s-namespace>
```

Wait for the edgedirector pod to enter the Running state and jobs pod to enter the Done state.

NAME                                                              READY   STATUS    RESTARTS        AGE
analyzer-fb896ff8f-ppwbc                                          1/1     Running   0               40s
edbridge-7f45cfc4dc-f67cq                                         1/1     Running   0               40s
edgedirector-d8d685d9c-w8n6s                                      1/1     Running   0               39s
iiot-54497456f9-6wsjj                                             1/1     Running   0               20s
.........................

When Step 2 is done the output should show something like this.

Release "<helm-release-name>" does not exist. Installing it now.
NAME: <helm-release-name>
LAST DEPLOYED: Wed Dec  10 23:49:21 2022
NAMESPACE: <k8s-namespace>
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
The Crosser Cloud has been installed.

Cloud:
    http://crossercloud.domain.tld

Moduleregistry:
    http://crossercloud-module.domain.tld

Now you can use Crosser Control Center, enter the URL for the Cloud in to a browser. Crosser Control Center is running with a default admin user that you configured in your config.yaml
Congratulations! Now that you have basic Crosser Control Center running.
If you for example wants to run Crosser Control Center in High Availability you can read how in the Customization Guide section.

Upgrading Crosser Control Center

This section covers best-practices in upgrading your Crosser Control Center deployment via updates to the Helm Chart.

Upgrading from one version of the Helm Chart to the next should be as seamless as possible, and generally shouldn’t require major changes to your deployment. Check the release notes for each release to find out if there are any breaking changes in the newest version.

For additional help, feel free to reach out to us.

Before upgrading

These steps are critical before performing an upgrade.

Always backup your database!
Review the release notes for incompatible changes and upgrade instructions.
Update your configuration accordingly.
If you are planning an upgrade of a critical major installation, we recommend you test the upgrade out on a staging cluster first before applying it to production.

Upgrading

After modifying your config.yaml file according to the release notes, you will need to run the upgrade commands. To find , run:

helm list --namespace <k8s-namespace>

Make sure to test the upgrade on a staging environment before doing the upgrade on a production system!

To run the upgrade:

helm upgrade --cleanup-on-fail \
   <helm-release-name> crosser-cloud/crosser-cloud \
   --version=<chart-version> \
   --values config.yaml \
   --namespace <k8s-namespace> \
   --timeout 3600s

For example, to upgrade to version 1.0.1 with a helm release name of staging in the k8s namespace of crosser-cloud:

helm upgrade --cleanup-on-fail \
  staging crosser-cloud/crosser-cloud \
  --version=1.0.1 \
  --values config.yaml \
  --namespace crosser-cloud
  --timeout 3600s

Troubleshooting

If the upgrade is failing on a test system, you can try deleting the helm chart using:

helm delete <helm-release-name> --namespace <k8s-namespace>

helm list –namespace may be used to find zzz.

Customization Guide

Customizing your Deployment

The Helm chart used to install your Crosser Control Center deployment has a lot of options for you to tweak. For a semi-complete reference list of the options, see the Configuration Reference section below.

Applying configuration changes

The general method to modify your Kubernetes deployment is to:

Make a change to your config.yaml.

Run a helm upgrade:

helm upgrade --cleanup-on-fail \
  <helm-release-name> crosser-cloud/crosser-cloud \
  --namespace <k8s-namespace> \
  --version=<chart-version> \
  --values config.yaml

Note that helm list should display <YOUR_RELEASE_NAME> if you forgot it.

Verify that all pods entered the Running state after the upgrade completed.
```
kubectl get pod --namespace <k8s-namespace>
```

For information about the many things you can customize with changes to your Helm chart through values provided to its templates through config.yaml, see the customization-guide.

Deploy with High Availability

This page contains instructions how to customize Crosser Control Center in High Availability. For a list of all the configurable Helm chart options, see the Configuration Reference section below. Edit your config.yaml or try our sample HA config (see attachments).

Requirements

Access to blobstorage/shared filesystem
- S3 Blobstorage
- Azure Blobstorage
- Multiwrite filesystem (nfs)
External PostgreSQL with HA
External Redis with HA

External PostgreSQL with HA

If you don’t have an PostgreSQL with HA available we will provide you with some links how to install.

External Redis with HA

If you don’t have an Redis cluster available we will provide you with some links how to install.

Configuration

Configure container replicas

Add this to your config.yaml file

iiot:
  replicas: 3
ipa:
  replicas: 3
analyzer:
  replicas: 3

Configure storage for Edgedirector

The edgedirector container need storage that can be accessible from multiple containers. The supported types are S3 blobstorage, Azure blobstorage and PVC ReadWriteMany. Below you find howto configure them in your config.yaml.

S3 Blobstorage

Add this to your config.yaml file and fill in your settings

edgedirector:
  replicas: 3
  config:
    blobStorage:
      type: s3
      s3:
        accessKey: "<access-key>"
        accessKeyId: "<access-key-id>"
        region: "<region>"
        bucket: "<bucket>"
        serverURL: "<server-url>"

Azure Blobstorage

Add this to your config.yaml file and fill in your settings

edgedirector:
  replicas: 3
  config:
    blobStorage:
      azure:
        serverURL: "<server-url>"
        sasQueryString: "<your-sas-querystring>"
        edgenodeContainer: "<storage-container-for-windows-node>"
        resourceContainer: "<storage-container-for-resources>"

PVC ReadWriteMany

Add this to your config.yaml file and fill in your settings

edgedirector:
  replicas: 3
  config:
    blobStorage:
      type: local
      local:
        path: "resources"
        persistence:
          enabled: true
          persistentVolumeClaim:
            existingClaim: ""
            storageClass: ""
            subPath: ""
            accessMode: ReadWriteMany
            size: 10Gi

Deploy a High Availability Setup

Now you can deploy Crosser Control Center

helm upgrade --cleanup-on-fail \
    --install <helm-release-name> crosser-cloud/crosser-cloud \
    --namespace <k8s-namespace> \
    --create-namespace \
    --version=<chart-version> \
    --values config.yaml \
    --timeout 3600s

Customizing External Services

This page contains instructions for common ways to use external services instead of internals for Crosser Control Center. For a list of all the configurable Helm chart options, see the Configuration Reference section below.

External PostgreSQL

If you don’t have PostgreSQL available we will provide you with some links how to install.

Add this to your config.yaml file and fill in your settings:

# External Database server (PostgreSQL)
#
database:
  config:
    # Enable connection pooling
    poolingEnabled: true
    # The maximum number of connections in the idle connection pool.
    maxPoolSize: 30
  external: # +doc-gen:break
    host: ""
    port: "5432"
    username: ""
    password: ""
    database:
      cloud: "edgedirector"
      moduleregistry: "baget"
    # "disable" - No SSL
    # "require" - Always SSL (skip verification)
    # "verify" - Always SSL (verify that the certificate presented by the
    # server was signed by a trusted CA)
    sslMode: "disable"

External Redis

If you don’t have Redis available we will provide you with some links how to install.

Add this to your config.yaml file and fill in your settings:

# External Redis Configuration
#
redis:
  external:
    addr: ""
    password: ""
    sslMode: true
    abortConnect: false

External InfluxDB

If you don’t have Influx available we will provide you with some links how to install.

Add this to your config.yaml file and fill in your settings:

# External Influx Configuration
#
influx:
  external:
    addr: "http://localdomain.tld:8086"
    username: "edgedirector"
    password: ""
    database: "edgedirector"

Configuration Reference

The Crosser Control Center Helm chart is configurable by values in your config.yaml. In this way, you can customize your installation.

Below is a description of many but not all of the configurable values for the Helm chart. To see all configurable options, inspect their default values defined here.

For more guided information about some specific things you can do with modifications to the helm chart, see the Customization Guide.

Configuration parameters

The following table lists the configurable parameters of the crosser-cloud chart and their default values.

Parameter	Description	Default	Reference
nameOverride	Provide a name in place of crosser-cloud for app: labels	""
namespaceOverride	Override the deployment namespace	""
fullnameOverride	Provide a name to substitute for the full names of resources	""
global.imagePullSecrets	Secrets to be used when pulling images	{"email":"name@domain.tld","enabled":true,"password":"password","registry":"registry.crosser.io","username":"username"}	Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
global.disconnected	Disconnected installation	true	Ref: https://docs.cloud.crosser.io/opc/disconnected
edgedirector.config.organization	Default organization and user/pass	{"email":"admin@example.com","orgName":"Examle","password":"admin12345"}
edgedirector.config.email	Email settings for alerts and notifications	{"password":"","port":587,"senderMail":"","senderName":"Crosser Cloud","server":"","useSSL":true,"username":""}
edgedirector.config.slack	Slack integration to see exceptions (serilog sink)	{"webhookURL":""}
edgedirector.config.blobStorage.type	Set the type as “s3”, “azure” or local and fill the information in the corresponding section	local
edgedirector.config.blobStorage.s3	S3 compatible blobstorage (AWS S3, Minio…)	{"accessKey":"","accessKeyId":"","bucket":"","region":"us-east-1","serverURL":""}
edgedirector.config.blobStorage.azure	Azure Blobstorage	{"edgenodeContainer":"","resourceContainer":"","sasQueryString":"","serverURL":""}
edgedirector.config.blobStorage.local	Local storage	{"path":"resources","persistence":{"enabled":true,"persistentVolumeClaim":{"accessMode":"ReadWriteOnce","existingClaim":"","size":"10Gi","storageClass":"","subPath":""}}}
edgedirector.image.repository	Docker repository to pull the image from	registry.crosser.io/cloud/edgedirector
edgedirector.image.tag	Image tag to use	2022.09.01
edgedirector.image.pullPolicy	Policy for kubernetes to use when pulling images	IfNotPresent	Ref: https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy
edgedirector.serviceAccountName	Service account for EdgeDirector to use.	""	Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ set the service account to be used, default if left empty
edgedirector.replicas	Size is the expected size of the edgedirector cluster. The controller will eventually make the size of the running cluster equal to the expected size. You will need to use storage that can be accessed by multiple containers	1
edgedirector.resources	Define resources requests and limits for single Pods.	{}	Ref: https://kubernetes.io/docs/user-guide/compute-resources/
edgedirector.securityContext	SecurityContext holds pod-level security attributes and common container settings. This defaults to non root user with uid 1000 and gid 1000. *v1.PodSecurityContext false	{}	Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
edgedirector.nodeSelector	Define which Nodes the Pods are scheduled on.	{}	Ref: https://kubernetes.io/docs/user-guide/node-selection/
edgedirector.tolerations	If specified, the pod’s tolerations.	[]	Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
edgedirector.affinity	Assign custom affinity rules to the EdgeDirector instance	{}	Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
edgedirector.annotations	Annotations for EdgeDirector	{}
database.config	Database configuration options	{"maxPoolSize":30,"poolingEnabled":true}
database.initalize.run	Populate DB with default values and modules	true
database.initalize.image.repository	Docker repository to pull the image from	registry.crosser.io/cloud/database-tool
database.initalize.image.tag	Image tag to use	2022.09.01
database.initalize.image.pullPolicy	Policy for kubernetes to use when pulling images	Always	Ref: https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy
database.type	if external Database is used, set “type” to “external” and fill the connection informations in “external” section	internal
database.internal.image.repository	Docker repository to pull the image from	registry.crosser.io/cloud/pgsql-db
database.internal.image.tag	Image tag to use	2022.09.01
database.internal.image.pullPolicy	Policy for kubernetes to use when pulling images	IfNotPresent	Ref: https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy
database.internal.password	The initial superuser username/password for internal database	"changeit"
database.internal.serviceAccountName	Service account for Database to use.	""	Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ set the service account to be used, default if left empty
database.internal.replicas	Size is the expected size of the Redis cluster. The controller will eventually make the size of the running cluster equal to the expected size.	1
database.internal.resources	Define resources requests and limits for single Pods.	{}	Ref: https://kubernetes.io/docs/user-guide/compute-resources/
database.internal.securityContext	SecurityContext holds pod-level security attributes and common container settings. This defaults to non root user with uid 1000 and gid 1000. *v1.PodSecurityContext false	{}	Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
database.internal.nodeSelector	Define which Nodes the Pods are scheduled on.	{}	Ref: https://kubernetes.io/docs/user-guide/node-selection/
database.internal.tolerations	If specified, the pod’s tolerations.	[]	Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
database.internal.affinity	Assign custom affinity rules to the Redis instance	{}	Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
database.internal.annotations	Annotations for Redis	{}
database.internal.persistence	Persistence storage for Redis	{"enabled":true,"persistentVolumeClaim":{"accessMode":"ReadWriteOnce","existingClaim":"","size":"10Gi","storageClass":"","subPath":""}}
database.external	External Database server (PostgreSQL)	{"database":{"cloud":"edgedirector","moduleregistry":"baget"},"host":"","password":"","port":"5432","sslMode":"disable","username":""}
redis.type	if external Redis is used, set “type” to “external” and fill the connection informations in “external” section	internal
redis.internal.image.repository	Docker repository to pull the image from	registry.crosser.io/cloud/redis
redis.internal.image.tag	Image tag to use	2022.09.01
redis.internal.image.pullPolicy	Policy for kubernetes to use when pulling images	IfNotPresent	Ref: https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy
redis.internal.serviceAccountName	Service account for Redis to use.	""	Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ set the service account to be used, default if left empty
redis.internal.replicas	Size is the expected size of the Redis cluster. The controller will eventually make the size of the running cluster equal to the expected size.	1
redis.internal.resources	Define resources requests and limits for single Pods.	{}	Ref: https://kubernetes.io/docs/user-guide/compute-resources/
redis.internal.securityContext	SecurityContext holds pod-level security attributes and common container settings. This defaults to non root user with uid 1000 and gid 1000. *v1.PodSecurityContext false	{}	Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
redis.internal.nodeSelector	Define which Nodes the Pods are scheduled on.	{}	Ref: https://kubernetes.io/docs/user-guide/node-selection/
redis.internal.tolerations	If specified, the pod’s tolerations.	[]	Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
redis.internal.affinity	Assign custom affinity rules to the Redis instance	{}	Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
redis.internal.annotations	Annotations for Redis	{}
redis.internal.persistence	Persistence storage for Redis	{"enabled":true,"persistentVolumeClaim":{"accessMode":"ReadWriteOnce","existingClaim":"","size":"1Gi","storageClass":"","subPath":""}}
redis.external	External Redis Configuration	{"abortConnect":false,"addr":"","password":"","sslMode":true}
influx.type	if external Influx is used, set “type” to “external” and fill the connection informations in “external” section	internal
influx.internal.image.repository	Docker repository to pull the image from	registry.crosser.io/cloud/influxdb
influx.internal.image.tag	Image tag to use	2022.09.01
influx.internal.image.pullPolicy	Policy for kubernetes to use when pulling images	IfNotPresent	Ref: https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy
influx.internal.password	Password for internal redis	"changeit"
influx.internal.serviceAccountName	Service account for Influx to use.	""	Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ set the service account to be used, default if left empty
influx.internal.replicas	Size is the expected size of the Influx cluster. The controller will eventually make the size of the running cluster equal to the expected size.	1
influx.internal.resources	Define resources requests and limits for single Pods.	{}	Ref: https://kubernetes.io/docs/user-guide/compute-resources/
influx.internal.securityContext	SecurityContext holds pod-level security attributes and common container settings. This defaults to non root user with uid 1000 and gid 1000. *v1.PodSecurityContext false	{}	Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
influx.internal.nodeSelector	Define which Nodes the Pods are scheduled on.	{}	Ref: https://kubernetes.io/docs/user-guide/node-selection/
influx.internal.tolerations	If specified, the pod’s tolerations.	[]	Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
influx.internal.affinity	Assign custom affinity rules to the Influx instance	{}	Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
influx.internal.annotations	Annotations for Influx	{}
influx.internal.persistence	Persistence storage for Influx	{"enabled":true,"persistentVolumeClaim":{"accessMode":"ReadWriteOnce","existingClaim":"","size":"5Gi","storageClass":"","subPath":""}}
influx.external	External Influx Configuration	{"addr":"http://localdomain.tld:8086","database":"edgedirector","password":"","username":"edgedirector"}
moduleregistry.initalize.run	Add modules to registry	true
moduleregistry.initalize.image.repository	Docker repository to pull the image from	registry.crosser.io/cloud/module-tool
moduleregistry.initalize.image.tag	Image tag to use	2022.09.01
moduleregistry.initalize.image.pullPolicy	Policy for kubernetes to use when pulling images	Always	Ref: https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy
moduleregistry.image.repository	Docker repository to pull the image from	registry.crosser.io/cloud/baget
moduleregistry.image.tag	Image tag to use	2022.09.01
moduleregistry.image.pullPolicy	Policy for kubernetes to use when pulling images	IfNotPresent	Ref: https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy
moduleregistry.serviceAccountName	Service account for Module Registry to use.	""	Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ set the service account to be used, default if left empty
moduleregistry.resources	Define resources requests and limits for single Pods.	{}	Ref: https://kubernetes.io/docs/user-guide/compute-resources/
moduleregistry.securityContext	SecurityContext holds pod-level security attributes and common container settings. This defaults to non root user with uid 1000 and gid 1000. *v1.PodSecurityContext false	{}	Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
moduleregistry.nodeSelector	Define which Nodes the Pods are scheduled on.	{}	Ref: https://kubernetes.io/docs/user-guide/node-selection/
moduleregistry.tolerations	If specified, the pod’s tolerations.	[]	Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
moduleregistry.affinity	Assign custom affinity rules to the Module Registry instance	{}	Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
moduleregistry.annotations	Annotations for Module Registry	{}
moduleregistry.persistence	Persistence storage for Module Registry	{"enabled":true,"persistentVolumeClaim":{"accessMode":"ReadWriteOnce","existingClaim":"","size":"200Gi","storageClass":"","subPath":""}}
externalrequester.image.repository	Docker repository to pull the image from	registry.crosser.io/cloud/edexternalrequester
externalrequester.image.tag	Image tag to use	2022.09.01
externalrequester.image.pullPolicy	Policy for kubernetes to use when pulling images	IfNotPresent	Ref: https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy
externalrequester.serviceAccountName	Service account for Externalrequester to use.	""	Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ set the service account to be used, default if left empty
externalrequester.replicas	Size is the expected size of the externalrequester cluster. The controller will eventually make the size of the running cluster equal to the expected size.	1
externalrequester.resources	Define resources requests and limits for single Pods.	{}	Ref: https://kubernetes.io/docs/user-guide/compute-resources/
externalrequester.securityContext	SecurityContext holds pod-level security attributes and common container settings. This defaults to non root user with uid 1000 and gid 1000. *v1.PodSecurityContext false	{}	Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
externalrequester.nodeSelector	Define which Nodes the Pods are scheduled on.	{}	Ref: https://kubernetes.io/docs/user-guide/node-selection/
externalrequester.tolerations	If specified, the pod’s tolerations.	[]	Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
externalrequester.affinity	Assign custom affinity rules to the Externalrequester instance	{}	Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
externalrequester.annotations	Annotations for Externalrequester	{}
ipa.image.repository	Docker repository to pull the image from	registry.crosser.io/cloud/ipa
ipa.image.tag	Image tag to use	2022.09.01
ipa.image.pullPolicy	Policy for kubernetes to use when pulling images	IfNotPresent	Ref: https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy
ipa.serviceAccountName	Service account for IPA to use.	""	Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ set the service account to be used, default if left empty
ipa.replicas	Size is the expected size of the IPA cluster. The controller will eventually make the size of the running cluster equal to the expected size.	1
ipa.resources	Define resources requests and limits for single Pods.	{}	Ref: https://kubernetes.io/docs/user-guide/compute-resources/
ipa.securityContext	SecurityContext holds pod-level security attributes and common container settings. This defaults to non root user with uid 1000 and gid 1000. *v1.PodSecurityContext false	{}	Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
ipa.nodeSelector	Define which Nodes the Pods are scheduled on.	{}	Ref: https://kubernetes.io/docs/user-guide/node-selection/
ipa.tolerations	If specified, the pod’s tolerations.	[]	Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
ipa.affinity	Assign custom affinity rules to the IPA instance	{}	Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
ipa.annotations	Annotations for IPA	{}
iiot.image.repository	Docker repository to pull the image from	registry.crosser.io/cloud/edgedirectorui
iiot.image.tag	Image tag to use	2022.09.01
iiot.image.pullPolicy	Policy for kubernetes to use when pulling images	IfNotPresent	Ref: https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy
iiot.serviceAccountName	Service account for IIoT to use.	""	Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ set the service account to be used, default if left empty
iiot.replicas	Size is the expected size of the IIoT cluster. The controller will eventually make the size of the running cluster equal to the expected size.	1
iiot.resources	Define resources requests and limits for single Pods.	{}	Ref: https://kubernetes.io/docs/user-guide/compute-resources/
iiot.securityContext	SecurityContext holds pod-level security attributes and common container settings. This defaults to non root user with uid 1000 and gid 1000. *v1.PodSecurityContext false	{}	Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
iiot.nodeSelector	Define which Nodes the Pods are scheduled on.	{}	Ref: https://kubernetes.io/docs/user-guide/node-selection/
iiot.tolerations	If specified, the pod’s tolerations.	[]	Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
iiot.affinity	Assign custom affinity rules to the IIoT instance	{}	Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
iiot.annotations	Annotations for IIoT	{}
admin.image.repository	Docker repository to pull the image from	registry.crosser.io/cloud/edgedirectoradminui
admin.image.tag	Image tag to use	2022.09.01
admin.image.pullPolicy	Policy for kubernetes to use when pulling images	IfNotPresent	Ref: https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy
admin.serviceAccountName	Service account for Admin to use.	""	Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ set the service account to be used, default if left empty
admin.replicas	Size is the expected size of the Admin cluster. The controller will eventually make the size of the running cluster equal to the expected size.	1
admin.resources	Define resources requests and limits for single Pods.	{}	Ref: https://kubernetes.io/docs/user-guide/compute-resources/
admin.securityContext	SecurityContext holds pod-level security attributes and common container settings. This defaults to non root user with uid 1000 and gid 1000. *v1.PodSecurityContext false	{}	Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
admin.nodeSelector	Define which Nodes the Pods are scheduled on.	{}	Ref: https://kubernetes.io/docs/user-guide/node-selection/
admin.tolerations	If specified, the pod’s tolerations.	[]	Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
admin.affinity	Assign custom affinity rules to the Admin instance	{}	Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
admin.annotations	Annotations for Admin	{}
analyzer.image.repository	Docker repository to pull the image from	registry.crosser.io/cloud/packageanalyzer
analyzer.image.tag	Image tag to use	2022.09.01
analyzer.image.pullPolicy	Policy for kubernetes to use when pulling images	IfNotPresent	Ref: https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy
analyzer.serviceAccountName	Service account for Analyzer to use.	""	Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ set the service account to be used, default if left empty
analyzer.replicas	Size is the expected size of the Analyzer cluster. The controller will eventually make the size of the running cluster equal to the expected size.	1
analyzer.resources	Define resources requests and limits for single Pods.	{}	Ref: https://kubernetes.io/docs/user-guide/compute-resources/
analyzer.securityContext	SecurityContext holds pod-level security attributes and common container settings. This defaults to non root user with uid 1000 and gid 1000. *v1.PodSecurityContext false	{}	Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
analyzer.nodeSelector	Define which Nodes the Pods are scheduled on.	{}	Ref: https://kubernetes.io/docs/user-guide/node-selection/
analyzer.tolerations	If specified, the pod’s tolerations.	[]	Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
analyzer.affinity	Assign custom affinity rules to the Analyzer instance	{}	Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
analyzer.annotations	Annotations for Analyzer	{}
analyzerCache.image.repository	Docker repository to pull the image from	registry.crosser.io/cloud/redis
analyzerCache.image.tag	Image tag to use	2022.09.01
analyzerCache.image.pullPolicy	Policy for kubernetes to use when pulling images	IfNotPresent	Ref: https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy
analyzerCache.serviceAccountName	Service account for Analyzer Cache to use.	""	Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ set the service account to be used, default if left empty
analyzerCache.resources	Define resources requests and limits for single Pods.	{}	Ref: https://kubernetes.io/docs/user-guide/compute-resources/
analyzerCache.securityContext	SecurityContext holds pod-level security attributes and common container settings. This defaults to non root user with uid 1000 and gid 1000. *v1.PodSecurityContext false	{}	Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
analyzerCache.nodeSelector	Define which Nodes the Pods are scheduled on.	{}	Ref: https://kubernetes.io/docs/user-guide/node-selection/
analyzerCache.tolerations	If specified, the pod’s tolerations.	[]	Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
analyzerCache.affinity	Assign custom affinity rules to the Analyzer Cache instance	{}	Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
analyzerCache.annotations	Annotations for Analyzer Cache	{}
nodemanager.enabled	Enable installation of Node Manager	false
nodemanager.config	Node Manager configuration options	{"auth":{"password":"changeit","username":"manager"},"edgenode":{"image":"/proxy/crosser/edgenode"},"namespace":{"hosted":"hosted-nodes","sandbox":"sandboxes"},"nodeSelector":{"hosted":{},"sandbox":{}}}
nodemanager.image.repository	Docker repository to pull the image from	registry.crosser.io/cloud/crossernodes
nodemanager.image.tag	Image tag to use	2022.09.01
nodemanager.image.pullPolicy	Policy for kubernetes to use when pulling images	IfNotPresent	Ref: https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy
nodemanager.serviceAccountName	Service account for Node Manager to use.	""	Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ set the service account to be used, default “nodemanager” if left empty
nodemanager.replicas	Size is the expected size of the Node Manager cluster. The controller will eventually make the size of the running cluster equal to the expected size.	1
nodemanager.resources	Define resources requests and limits for single Pods.	{"limits":{"cpu":"300m","memory":"256Mi"},"requests":{"cpu":"100m","memory":"64Mi"}}	Ref: https://kubernetes.io/docs/user-guide/compute-resources/
nodemanager.securityContext	SecurityContext holds pod-level security attributes and common container settings. This defaults to non root user with uid 1000 and gid 1000. *v1.PodSecurityContext false	{}	Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
nodemanager.nodeSelector	Define which Nodes the Pods are scheduled on.	{}	Ref: https://kubernetes.io/docs/user-guide/node-selection/
nodemanager.tolerations	If specified, the pod’s tolerations.	[]	Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
nodemanager.affinity	Assign custom affinity rules to the Node Manager instance	{}	Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
nodemanager.annotations	Annotations for Node Manager	{}
ingress.cloud.enabled	If true, Cloud Ingress will be created	true
ingress.cloud.host		crossercloud.domain.tld
ingress.cloud.ingressClass		nginx
ingress.cloud.annotations		{}
ingress.cloud.tls.enabled		false
ingress.cloud.tls.certSource	The source of the tls certificate. Set it as “auto”, “secret” or “none” and fill the information in the corresponding section 1) auto: generate the tls certificate automatically 2) secret: read the tls certificate from the specified secret. The tls certificate can be generated manually or by cert manager 3) none: configure no tls certificate for the ingress. If the default tls certificate is configured in the ingress controller, choose this option	auto
ingress.cloud.tls.auto.commonName	The common name used to generate the certificate, it’s necessary when the type isn’t “ingress”	""
ingress.cloud.tls.secret.secretName	The name of secret which contains keys named: “tls.crt” - the certificate “tls.key” - the private key	""
ingress.module.enabled	If true, Module Registry Ingress will be created	true
ingress.module.host		crossercloud-module.domain.tld
ingress.module.ingressClass		nginx
ingress.module.annotations		{}
ingress.module.tls.enabled		false
ingress.module.tls.certSource	The source of the tls certificate. Set it as “auto”, “secret” or “none” and fill the information in the corresponding section 1) auto: generate the tls certificate automatically 2) secret: read the tls certificate from the specified secret. The tls certificate can be generated manually or by cert manager 3) none: configure no tls certificate for the ingress. If the default tls certificate is configured in the ingress controller, choose this option	auto
ingress.module.tls.auto.commonName	The common name used to generate the certificate, it’s necessary when the type isn’t “ingress”	""
ingress.module.tls.secret.secretName	The name of secret which contains keys named: “tls.crt” - the certificate “tls.key” - the private key	""

Sample config.yaml file

### Crosser Cloud config that runs all services internally and fully disconnected but without High-Availability
### You can enable more replicas on the following applications.
# edgedirector:
#   replicas: 3
# iiot:
#   replicas: 3
# ipa:
#   replicas: 3
# analyzer:
#   replicas: 3
# admin:
#   replicas: 3
## Used for non-production environments.
global:
  imagePullSecrets:
    enabled: true
    registry: registry.crosser.io
    username: <your-username>
    password: <your-password>
    email: <your-email>
  disconnected: true
edgedirector:
  config:
    organization:
      email: "admin@example.com"
      orgName: "Crosser"
      password: "changeit"
    email:
      server: ""
      port: 587
      useSSL: true
      username: ""
      password: ""
      senderMail: ""
      senderName: "Crosser Cloud"
    blobStorage:
      type: local
      local:
        persistence:
          enabled: true
          persistentVolumeClaim:
            existingClaim: ""
            storageClass: ""
            subPath: ""
            accessMode: ReadWriteOnce
            size: 10Gi
database:
  type: internal
  internal:
    password: "changeit"
    persistence:
      enabled: true
      persistentVolumeClaim:
        existingClaim: ""
        storageClass: ""
        subPath: ""
        accessMode: ReadWriteOnce
        size: 10Gi
redis:
  type: internal
  internal:
    persistence:
      enabled: true
      persistentVolumeClaim:
        existingClaim: ""
        storageClass: ""
        subPath: ""
        accessMode: ReadWriteOnce
        size: 1Gi
influx:
  type: internal
  internal:
    password: "changeit"
    persistence:
      enabled: true
      persistentVolumeClaim:
        existingClaim: ""
        storageClass: ""
        subPath: ""
        accessMode: ReadWriteOnce
        size: 5Gi
moduleregistry:
  persistence:
    enabled: true
    persistentVolumeClaim:
      existingClaim: ""
      storageClass: ""
      subPath: ""
      accessMode: ReadWriteOnce
      size: 200Gi
ingress:
  cloud:
    enabled: true
    host: crosser-cloud.domain.tld
    tls:
      enabled: false
  module:
    enabled: true
    host: crosser-module-registry.domain.tld
    tls:
      enabled: false

Related Articles
Installing Nodes with Kubernetes
This article describes how to install Crosser Nodes on a Kubernetes cluster. Requirements Before you start make sure you have the following dependencies ready and working: Helm > 3 Installation To simplify the setup Crosser provides a Helm chart, ...
Introducing Crosser Control Center and a new Flow Studio
Release Note Crosser Control Center Feb 2, 2023 Introducing Crosser Control Center With this release we are introducing some brand changes that gradually will be implemented across all documentation, illustrations and marketing materials. The main ...
Crosser Terminology
Crosser Terminology - our lingo Crosser Cloud – the web service that is used to design the processing flows to run in Crosser Nodes. Crosser Cloud is hosted by us. This is where you log-in, create and manage all components of the Crosser Platform. ...
Crosser Node 2.5.2
Crosser Node 2.5.2 December 7, 2021 Upgraded software to use .NET 6.0 .NET 6.0 is an LTS release, previously .NET 5.0 was used. In general the upgrade is around improved performance and you can read all about it here Recommendations Using Environment ...
Monitoring the Crosser Node
Introduction Once you have your first flows deployed, you might think about how to integrate the Crosser Node and Flows into your existing monitoring solution. In this article we describe what options you have and how to utilize provided interfaces ...

Installing Crosser Control Center On-premise

Installing Crosser Control Center On-premise

Introduction

Installation

Initialize a Helm chart configuration file

Introduction to YAML

Install Crosser Control Center

Upgrading Crosser Control Center

Before upgrading

Upgrading

Troubleshooting

Customization Guide

Customizing your Deployment

Applying configuration changes

Deploy with High Availability

Requirements

External PostgreSQL with HA

External Redis with HA

Configuration

Configure container replicas

Configure storage for Edgedirector

S3 Blobstorage

Azure Blobstorage

PVC ReadWriteMany

Deploy a High Availability Setup

Customizing External Services

External PostgreSQL

External Redis

External InfluxDB

Configuration Reference

Configuration parameters

Sample config.yaml file

Related Articles

Installing Nodes with Kubernetes

Introducing Crosser Control Center and a new Flow Studio

Crosser Terminology

Crosser Node 2.5.2

Monitoring the Crosser Node