Getting Started
Prerequisites
Before you run the Structsure Enterprise, ensure you have the following:
- A Kubernetes deployment with at least 8 CPU and 32 GiB of memory available
- A default storage class and a minimum of 50 GiB of storage available
- The Zarf bin for your OS
- Zarf initialized with the Git server component enabled
Refer to the following guide to set up a demo environment.
Single-Node Demo Environment
This portion of the guide will briefly walk you through setting up a single-node demo environment for the Structsure Enterprise. Following these instructions will result in a single EC2 instance, running K3s, and using the local-path storage provisioner. This demo environment is not suitable for hosting production workloads, but could be used as an "edge" deployment or for development/assessment scenarios.
Deploy an EC2 Instance:
To run a single-node deployment of the Structsure Enterprise, we need an EC2 Instance with a minimum 8 CPUs, 32 GB of memory, and 50 GB of storage.
The following steps will guide you on deploying an instance via the AWS EC2 console:
- Log into the AWS console to create EC2 Instances.
Only users with permissions can access the AWS console.
Navigate to the EC2 Service.
Locate and click the "Launch instance" button.
Provide a name for your instance, such as
structsure-demo.Select Amazon Linux from the Quick Start AMI list. Note: You must select 64-bit (x86) for the architecture.
Select
t3a.2xlarge,t3.2xlarge,t2.2xlargeor any other instance with 8 vCPU and 32 GiB memory available in your Region.Click the "Create new key pair" link.
a. Name the link, e.g.,
structsure-demo.b. Ensure that "Key pair type" is RSA and "Private key file format" is .pem.
c. Click the "Create key pair" button. Store the resulting private key in a safe place.
Verify you have a proper VPC and Subnet selected.
Verify you have a proper security group selected, or alternatively create a new one allowing SSH and HTTPS inbound from your workstation.
In the Configure Storage block, set the root volume to: 50 GiB.
Click the "Launch instance" button and wait for the instance to start.
Get the Zarf Bin:
Connect to your new instance via SSH. If you need assistance, refer to the AWS documentation.
Execute the following curl commands to download the correct Zarf bin and Zarf init package.
curl -C - -LO https://github.com/zarf-dev/zarf/releases/download/v0.32.6/zarf_v0.32.6_Linux_amd64
curl -C - -LO https://github.com/zarf-dev/zarf/releases/download/v0.32.6/zarf-init-amd64-v0.32.6.tar.zstExecute the following command to install the bin on your system.
sudo install zarf_v0.32.6_Linux_amd64 /usr/local/bin/zarfExecute the following command to test the Zarf bin. It should output
v0.32.6.zarf versionInitialize Zarf by executing the following command. Note: This may take some time. Ensure you are running this command with sudo.
```bash
sudo zarf init --no-progress --confirm --components k3s,git-server
```
Deploy Structsure Enterprise
Obtain a copy of the Structsure Enterprise deployment package. This package consists of several parts and should be copied to the deployment system. The package can be deployed by issuing the following command. For a full install reference, refer to the installation-options document.
For this single node install, we will rely on nip.io for DNS. It's a convenient way to give a DNS name to any arbitrary IP address, and will allow us to focus on getting Structsure up and running quickly.
Although the nip.io service will give a DNS name to any IP address, it will not allow you to route to private IP addresses (such as those starting with 10. or 192.168.) over the public Internet. As such, if you are not able to access the EC2 instance from within the same VPC (using a VPN or another method), then this should be the public IPv4 address of the EC2 instance.
The following command assumes an EC2 instance with a private IP address of
10.32.39.24:
sudo zarf package deploy zarf-package-structsure-enterprise-amd64-v5.0.0.tar.zst.part000 --no-progress --confirm --set DOMAIN=10-32-39-24.nip.io
Accessing Structsure Enterprise Web Applications
When deployment is complete, the web applications (apps) should be accessible. The URLs for each app will be different for every deployment, as the DNS domain is either provided as an argument or auto-discovered by the installation process. You can list these hostnames by issuing the following command:
sudo kubectl get VirtualService -A
The output in the HOSTS column can be used to construct the URL simply by prepending https:// to the hostname. The HOSTS column will reflect the hostname of the EC2 instance that it is being run on.
For example, the Grafana web app can be accessed via https://grafana.10-32-39-24.nip.io, as determined by the output shown below.
NAMESPACE NAME GATEWAYS HOSTS AGE
monitoring monitoring-monitoring-kube-grafana ["istio-system/public"] ["grafana.10-32-39-24.nip.io"] 9m16s
monitoring monitoring-monitoring-kube-alertmanager ["istio-system/public"] ["alertmanager.10-32-39-24.nip.io"] 9m16s
monitoring monitoring-monitoring-kube-prometheus ["istio-system/public"] ["prometheus.10-32-39-24.nip.io"] 9m16s
neuvector neuvector-neuvector ["istio-system/public"] ["neuvector.10-32-39-24.nip.io"] 6m4s
argocd argocd-argocd-server ["istio-system/public"] ["argocd.10-32-39-24.nip.io"] 5m47s
The following sections will walk you through authenticating to each web app. It is highly recommended that you log into these immediately after deploying and update with a secure password that adheres to your organizational policy. Alternatively, you can set up Single Sign-On (SSO) for your deployment.
Grafana
The default username for Grafana is admin, and the default password is a randomly generated string stored inside the monitoring-grafana secret within the monitoring namespace.
Alertmanager
No credentials are required to access Alertmanager. To configure authentication for Alertmanager, please see the SSO configuration documentation.
Prometheus
No credentials are required to access Prometheus. To configure authentication for Prometheus, please see the SSO configuration documentation.
Argo CD
The default username for Argo CD is admin. The initial password can be obtained by executing the following command:
sudo kubectl get secret -n argocd argocd-initial-admin-secret -o go-template='{{ index .data "password" | base64decode }}'
NeuVector
Before logging into NeuVector, you will be required to accept the End User Agreement. The default username for NeuVector is admin. The password is a randomly generated string held within the neuvector-init secret inside of the neuvector namespace under the userinitcfg.yaml.users.password field for the admin user.
Uninstall
To uninstall the Structsure Enterprise, issue the following command:
sudo zarf destroy --confirm
Please note that this will remove all Structsure Enterprise managed workloads and data from your Kubernetes cluster. It will also remove any Zarf related workloads from your cluster. If you initialized K3s using Zarf, it will stop and uninstall K3s, as well.