Skip to main content
Version: 13.x (Current)

Getting Started

With this guide you will:

  • Configure and install a Basic configuration of the Helm Chart
  • Log-in for the first time to the Console
  • Create your first company

Required tools

Required information

To install Mia-Platform Console make sure you meet the necessary installation requirements, you can find all the information you may need in the Self-Hosted installation requirements documentation page.

Before to start make sure you have addressed the following requirements:

RequirementExample
Console and CMS URLsConsole: https://console.your-domain
CMS: https://console-cms.your-domain
OAuth2 application BaseURL, ClientID, ClientSecretOkta example
MongoDB connection string for a user with readWrite permission and dbAdmin permission for console DBHow to create an Atlas MongoDB cluster
How to create an Atlas MongoDB user
Redis host and portredis.default.svc.cluster.local:6379
Private docker registry host and portyour-repo-hostname:port
Private docker registry credentialsservicesImagePullSecrets: [MiaSecretName, CustomerSecretName, ...]
Mia-Platform Docker and Helm repo credentialsAsk to your Mia-Platform contact person

Step 1 - Configuring the Helm Chart

  1. Following this example create a new values.yaml file
  2. Create an empty bash file and paste the following code
rsaPrivateKeyId=$(openssl rand -hex 24)
rsaPrivateKeyPass=$(openssl rand -hex 128)
clientIdSalt=$(openssl rand -hex 256)

ssh-keygen -t rsa -b 4096 -m PEM -f private.key -N "$rsaPrivateKeyPass" > /dev/null
rsaPrivateKeyBase64=$(base64 < private.key)
rm private.key private.key.pub

tokenPassphrase=$(openssl rand -hex 128)
jwtTokenPrivateKeyPassword=$(openssl rand -hex 128)
ssh-keygen -t rsa -b 4096 -m PEM -f private.key -N "$jwtTokenPrivateKeyPassword" > /dev/null
jwtTokenPrivateKeyBase64=$(base64 < private.key)
jwtTokenPrivateKeyKid=$(uuidgen | tr '[:upper:]' '[:lower:]')
rm private.key private.key.pub

masterKey=$(LC_CTYPE=ALL tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 96 | head -1)

echo "rsaPrivateKeyId: $rsaPrivateKeyId"
echo "rsaPrivateKeyPass: $rsaPrivateKeyPass"
echo "clientIdSalt: $clientIdSalt"
echo "rsaPrivateKeyBase64: $rsaPrivateKeyBase64"

echo "tokenPassphrase: $tokenPassphrase"
echo "jwtTokenPrivateKeyPassword: $jwtTokenPrivateKeyPassword"
echo "jwtTokenPrivateKeyBase64: $jwtTokenPrivateKeyBase64"
echo "jwtTokenPrivateKeyKid: $jwtTokenPrivateKeyKid"

echo "masterKey: $masterKey"
  1. Run the script to generate the values of the following variables and edit the values.yaml file: rsaPrivateKeyId,rsaPrivateKeyPass, clientIdSalt, rsaPrivateKeyBase64, tokenPassphrase, jwtTokenPrivateKeyPassword, jwtTokenPrivateKeyBase64, masterKey. These are some of the required general settings that need to be configured.
bash scriptname.sh
  1. Add the remaining mandatory fields you already prepared before to start
  2. Configure the OAuth provider with the required info
  3. Configure the mandatory MongoDB fields
info

More advanced configuration could be managed by following the Helm parameters documentation.

Step 2 - Installing the Helm Chart

  1. Add the Mia-platform repo that contains the helm chart
helm repo add mia-platform https://nexus.mia-platform.eu/repository/helm-internal/ --username your-username --password-stdin
  1. Check if you can reach the mia-platform repository
helm search repo mia-platform
  1. Launch the installation
helm install -f values.yml --create-namespace -n console --atomic --timeout 10m console mia-platform/mia-console
note

The Console Super User role has been designed exclusively for backoffice administration purposes. When assigned to a user, this role implies full visibility and management of all CMS resources.

  1. When all your pods are up and running you are ready for the Step 3

Step 3 - Log-in and Create your first company

  1. Reach your console URL https://your-console-url and you should see the log in page
  2. Log-in with your authentication provider
  3. Create a role_binding_mongo.yaml file and a console-super-user-binding.yaml with the following configurations
  4. Execute the following jobs on the cluster console to edit the configuration of the super-user. Remember to substitute the {{FIRST_LOGIN_EMAIL}} with your auth provider log-in email
cat <<EOF | kubectl apply -n console --filename -
apiVersion: batch/v1
kind: Job
metadata:
  name: create-super-user-binding
spec:
  ttlSecondsAfterFinished: 60
  template:
    spec:
      restartPolicy: Never
      containers:
        - name: create-super-user-binding
          image: "mongo"
          imagePullPolicy: IfNotPresent
          command:
          - '/bin/bash'
          - '-c'
          - 'export USER_ID=\$(mongosh \$MONGO_CONNECTION --eval "EJSON.stringify(db.userinfo.findOne({\"email\": \"\$EMAIL\"})._id.toString());" --quiet) && echo \$USER_ID  && mongosh \$MONGO_CONNECTION --eval "EJSON.stringify(db.bindings.updateOne({ \"bindingId\" : \"super-users\"}, { \"\\\$set\": { \"bindingId\": \"super-users\", \"roles\": [\"console-super-user\"], \"subjects\": [ \$USER_ID], \"__STATE__\": \"PUBLIC\" }}, {\"upsert\": true }))"'
          env:
          - name: MONGO_CONNECTION
            valueFrom:
              secretKeyRef:
                name: console
                key: mongo.url.short
          - name: EMAIL
            value: {{FIRST_LOGIN_EMAIL}}
---
apiVersion: batch/v1
kind: Job
metadata:
  name: add-cms-permissions
spec:
  ttlSecondsAfterFinished: 60
  template:
    spec:
      restartPolicy: Never
      containers:
        - name: add-cms-permissions
          image: "mongo"
          imagePullPolicy: IfNotPresent
          command: 
          - '/bin/bash'
          - '-c'
          - 'mongosh \$MONGO_CONNECTION --eval "EJSON.stringify(db.userinfo.updateOne({\"email\": \"\$EMAIL\"}, { \\\$addToSet: { groups: { \\\$each: [ \"console_cms\", \"manage_users\" ] } } }))"'
          env:
          - name: MONGO_CONNECTION
            valueFrom:
              secretKeyRef:
                name: console
                key: mongo.url.short
          - name: EMAIL
            value: {{FIRST_LOGIN_EMAIL}}
EOF
info

If you want to setup multiple Super User you can use the same binding and add multiple subjects to the list directly from backoffice.

  1. Now it's possible to can create the first company via API by heading to the /documentations/api-portal/ path on your Console host and using the POST /companies API. The API will return the id of the company.
  2. After the creation of the Company you will be able to access it from Console at the /tenants/:id path, here you'll be able to manage the Company providers and Clusters.
  3. Now you are ready to start with your first project! You can find out more here
info

For further information head to the Company creation documentation section.