kubernetes-helm.md

Installing the Private Packagist Self-Hosted Helm chart in an existing Kubernetes cluster

The Private Packagist Self-Hosted Helm chart allows you to install Private Packagist in an existing Kubernetes cluster, to instead install Private Packagist Self-Hosted without an existing Kubernetes cluster, follow this guide.

General requirements

1. A Kubernetes cluster v1.23 or newer
2. Your username and password to log in to the Helm registry on registry.replicated.com. You can find your credentials in your Private Packagist account at https://packagist.com. Don't have one yet? Sign up for a free trial license!
3. One (sub-)domain to operate the web interface, e.g. packagist.myintranet.com
4. One (sub-)domain to operate the composer repository, e.g. repo.packagist.myintranet.com or packagist-repo.myintranet.com
5. An SSL certificate valid for both chosen domains
6. An SMTP server or a GMail account for Private Packagist Self-Hosted to send email
7. If your firewall restricts external connections then the following domains must be accessible from the server:

• index.docker.io
• cdn.auth0.com
• *.docker.io
• *.docker.com
• replicated.app
• proxy.replicated.com
• registry.replicated.com
• Please also consult the list in the Replicated documentation.

Installation

Private Packagist Self-Hosted requires PostgreSQL, Redis, and blob storage to store application data and Composer packages. You can either use the built-in options that come with the Helm chart or use your own PostgreSQL, Redis, and blob storage. For blob storage, we currently support Azure Blob Storage, Google Cloud Storage, AWS S3, and other S3-compatible storage solutions.

Please note that if you choose to use the built-in solution then each of the storage requires one or more volumes using dynamic volume provision to allocate storage for the different Pods. Configure the Storage Class in the values.yaml under global.storageClass.

Annotated configuration

To install the Private Packagist Self-Hosted Helm Chart configure values based on your setup, store them in a YAML file, e.g. values.yaml, and then run the commands below.

HELM_CHART_VALUES_FILE

Login to the Helm registry and install the chart

Make sure you replace YOUR_USERNAME, YOUR_PASSWORD, values.yaml, and VERSION with your values before running the commands. You can find the latest Private Packagist version on our changelog page.

helm registry login registry.replicated.com --username YOUR_USERNAME --password YOUR_PASSWORD
helm install -f values.yaml private-packagist oci://registry.replicated.com/privatepackagistkots/private-packagist --version VERSION

Verify that the helm chart is deployed by running kubectl get pods and verifying that the repo, ui, and worker pods are running. You should then be able to access the web interface by opening the configured domain in the browser, e.g. https://packagist.myintranet.com.

Authentication Setup

Within Private Packagist Self-Hosted, you now need to set up at least one user authentication method. You have the choice between authentication with email addresses and passwords and several OAuth integrations with third-party services. We provide integrations with on-premises versions of GitHub, Bitbucket, GitLab, or their public services on github.com, bitbucket.org, or gitlab.com. Follow the instructions to create the respective required identifiers, tokens, and secrets.

• GitHub (Enterprise) Integration Setup
• Bitbucket.org Integration Setup
• Bitbucket Data Center / Server Integration Setup
• GitLab Integration Setup
• Authentication with Email Addresses and Passwords.

Selecting Admins

After setting up an integration, you can log in through the top menu. Register an account and pick a username.

The first user is granted admin permissions automatically. You can grant admin permissions to more users in the admin panel.

Switching to Production Mode

Edit your values.yaml to disable the Setup Mode.

• Change application.setupMode.enabled in the values.yaml
• Apply the changes in your cluster with helm upgrade
• Restart the ui deployment to apply the changes in the application kubectl rollout restart deployment ui

That’s it! Private Packagist Self-Hosted is now ready to be used! You’ll find all further information in the web interface.

Database and storage with dynamic volumes

Private Packagist Self-Hosted will set up PostgreSQL, Redis, and MinIO to store application data and Composer packages. Each of them requires one or more volumes using dynamic volume provision to allocate storage for the different Pods. Configure the Storage Class in the values.yaml under global.storageClass.

Alternatively, you can configure Private Packagist Self-Hosted to use your own PostgreSQL, Redis, and blob storage. For blob storage, we currently support Azure Blob Storage, Google Cloud Storage, AWS S3, and other S3-compatible storage solutions. You can configure the blob storage in the values.yaml under storage.type.

Security

The Private Packagist Self-Hosted application expects that TLS termination happens at or before the Ingress level. All traffic within the cluster is unencrypted.

Ensure your Kubernetes network plugin encrypts connections between pods to avoid potential security issues.

Backups

The Private Packagist Self-Hosted application integrates with Velero, a tool to back up and restore your Kubernetes cluster resources and persistent volumes. Private Packagist Self-Hosted provides annotations to help back up and restore the application with Velero.

If you are using your own backup solution, we recommend making regular backups of PostgreSQL, Redis, and the used blob storage.