OpenIM Helm Charts simplify deployment and management of OpenIM instant messaging platform and associated middleware on Kubernetes clusters.
- Installed and configured Kubernetes (K8s) environment.
- Two domain names: one for MinIO API, another for OpenIM Server API.
- Configured StorageClass (e.g., NFS-Client).
- (Optional) For K8s with LoadBalancer-configured Ingress Controller nodes, no need to configure TLS items in
-config.yaml
files. - If you also need to open the grafana web page to view the monitoring and logging, you also need to prepare a second domain name, which can be a subdomain name. If you want to enable minio's console web access, you will also need a separate domain name, which can be a subdomain.
Note: The next release will feature single domain access and IP-based URL access. Aliyun provides free certificate service (20), Once you've downloaded it to the server, Use:
kubectl create secret tls openimtls1-secret --cert=fullchain.pem --key=privkey.pem -n openim
you need to modify theinfra/prometheus-config.yaml
file to use the secret nameopenimtls1-secret
and the domain nameopenim.example.com
to access the openim server. prometheusUrl is the url accessed by the real Prometheu.
-
Setup Helm:
- Install Helm.
- Add repository:
helm repo add openim https://openimsdk.github.io/helm-charts
- Search available charts:
helm search repo openim
Because Github packages are OCI compliant, helm packages on GitHub do not require the
helm repo add
to add packages -
Install Middleware:
- Add repo:
helm repo add openim-infra https://xxxxx.xxx
- Deploy middleware services using commands in the
Install Middleware
section below.
- Add repo:
-
Deploy OpenIM Services: Use commands in
Install OpenIM Server Service
,Install OpenIM Chat Service
,Install Web Frontend
, andInstall Admin Frontend
sections.
- Install:
helm install [RELEASE_NAME] charts/openim-server
- Uninstall:
helm uninstall [RELEASE_NAME]
- Upgrade:
helm upgrade [RELEASE_NAME] [CHART] --install
- List Releases:
helm list
For detailed command explanations, visit Helm's official documentation.
- openim-admin: Helm Chart for "openim-admin" service with
Chart.yaml
,templates/
, andvalues.yaml
. - adminfront-config.yaml: Configuration for "openim-admin".
- chat-server: Helm Chart for "chat-server" with associated files.
- infra: Contains Helm Charts/configurations for middleware OpenIM relies on.
Detailed directory info can be found in the respective directories.
Before we dive into the installation steps for ingress-nginx
and NFS
, it's important to note that the methods provided here are basic. Depending on the complexity of your environment and requirements, you might want to explore other choices.
NFS is widely used for sharing directories and files over the network. Here, we're focusing on the NFS Subdir External Provisioner which dynamically provisions NFS persistent volumes.
The official Helm repository contains a detailed guide on how to install the nfs-subdir-external-provisioner
. You can access and read more about it here.
If you prefer to use the local repository for installation, follow these steps:
- Update the
config.yaml
file under the directory infra/nfs-subdir-external-provisioner. Modify theimage
andnfs
values:
image:
repository: m.daocloud.io/registry.k8s.io/sig-storage/nfs-subdir-external-provisioner
nfs:
server: YOUR_NFS_SERVER_IP
path: YOUR_NFS_MOUNT_PATH
Replace YOUR_NFS_SERVER_IP
with your internal or public IP address and YOUR_NFS_MOUNT_PATH
with your NFS mount directory.
- Deploy NFS using the following Helm command:
helm install nfs-subdir-external-provisioner ./infra/nfs-subdir-external-provisioner/ -f infra/nfs-subdir-external-provisioner/config.yaml -n openim
ingress-nginx
is an Ingress controller for Kubernetes that provides NGINX as a reverse proxy and load balancer.
Update the config.yaml file under the directory infra/ingress-nginx
:
controller:
name: controller
image:
registry: m.daocloud.io
image: registry.k8s.io/ingress-nginx/controller
hostNetwork: true
service:
enabled: true
type: NodePort
nodePorts:
http: 32080
https: 32443
tcp:
8080: 32808
admissionWebhooks:
patch:
enabled: true
image:
registry: m.daocloud.io
image: registry.k8s.io/ingress-nginx/kube-webhook-certgen
defaultBackend:
enabled: false
name: defaultbackend
image:
registry: m.daocloud.io
image: registry.k8s.io/defaultbackend-amd64
Execute the following Helm command to deploy ingress-nginx
:
helm install ingress-nginx ./infra/ingress-nginx/ -f infra/ingress-nginx/config.yaml -n openim
- controller: Defines the main configuration for the ingress-nginx controller.
name
: Name of the controller.image
: Specifies the image details for the ingress-nginx controller.hostNetwork
: If set to true, the NGINX ingress controller will use the host's network namespace, allowing it to see the real client IP.service
: Specifies the service details for exposing the ingress-nginx controller.admissionWebhooks
: Configuration for the Kubernetes admission webhooks. The patch webhook adds the certificate volume to the ingress controller pod.
- defaultBackend: It is a service that handles all traffic that the ingress controller (NGINX) cannot route to an application in the cluster. In this configuration, it's disabled.
For further reading and more advanced configurations for ingress-nginx
, you can refer to the official ingress-nginx documentation.
Deploy required middleware services:
helm install im-mysql infra/mysql -f infra/mysql-config.yaml -n openim
helm install im-kafka infra/kafka -f infra/kafka-config.yaml -n openim
helm install im-minio infra/minio -f infra/minio-config.yaml -n openim
helm install im-mongodb infra/mongodb -f infra/mongodb-config.yaml -n openim
helm install im-redis infra/redis -f infra/redis-config.yaml -n openim
Note
If the OpenIM cluster is deployed in the
openim
namespace, use the-n
argument to specify the namespace. If the namespace does not exist, you can use--create-namespace
to create a new namespace. Please do not modify the following chart names:im-mysql
,im-kafka
,im-minio
,im-mongodb
,im-redis
, otherwise, you will need to synchronize theserviceName
information toconfig-imserver.yaml
andconfig-chatserver.yaml
. Please do not modify the account information in these five configuration files, otherwise, you will need to synchronize the middleware account information toconfig-imserver.yaml
andconfig-chatserver.yaml
.These configuration files include account information, for example,
minio-config.yaml
also includes domain information.
If you need to enable monitoring, install the kube-prometheus-stack component:
helm install kube-prometheus-stack infra/kube-prometheus-stack/ -f infra/prometheus-config.yaml -n openim
Note To enable monitoring you need a domain name to access grafana web pages. Please change prometheus-config.yaml to your real domain name and tls name. if you want prometheus pull openim-server metrics ,you need to set the two following enable: true of config-imserver.yaml global: monitor: enabled: true config: prometheus: enable: true
Note Your prometheus-config.yaml file is configured with a feature to send alerts via email. You just need to update it with your actual smtp_from, smtp_auth_username, smtp_auth_password, and email_configs field information.
If you need to enable loki, install the loki-stack component:
helm install loki-stack infra/loki-stack/ -n openim
Note To enable monitoring you need change loki.storageClassName to your real storageClassName. in this we use grafana in kube-prometheus-stack for loki display,so you should config the datasource of loki using "http://loki-stack:3100"
helm install openimserver -f k8s-open-im-server-config.yaml -f config-imserver.yaml -f notification.yaml ./charts/openim-server/ -n openim
Ensure domain info in open-im-server-config.yaml
. Sync with middleware's -config.yaml
if changes were made during its setup.
helm install openimchat -f k8s-chat-server-config.yaml -f config-chatserver.yaml ./charts/openim-chat/ -n openim
- Web:
helm install imwebfront -f k8s-webfront-config.yaml ./charts/openim-web/ -n openim
- Admin:
helm install imadminfront -f k8s-adminfront-config.yaml ./charts/openim-admin/ -n openim
Note: Set domain details in respective -config.yaml
files, reflecting your domain and TLS details.
How to deploy multiple Kubernetes environments with namespaces
Specifically, why are ingress-nginx, nfs, and kube-prometheus-stack using the same configuration?
Answer:
Ingress-nginx, nfs, and kube-prometheus-stack are all core Kubernetes components that are used in many different environments. It is often more efficient to use a single configuration for these components, rather than creating separate configurations for each environment.
For example, ingress-nginx is used to provide external access to services running in Kubernetes. A single ingress controller can be configured to route traffic to different services in different environments. This can save time and effort, as it eliminates the need to create and manage separate ingress controllers for each environment.
Similarly, nfs is used to provide shared storage for Kubernetes pods. A single nfs server can be configured to provide storage to pods in different environments. This can improve performance and reliability, as it eliminates the need to create and manage separate nfs servers for each environment.
Finally, kube-prometheus-stack is a collection of Prometheus and Grafana components that can be used to collect and monitor metrics from Kubernetes. A single kube-prometheus-stack can be configured to collect metrics from pods in different environments. This can provide a unified view of the health and performance of all Kubernetes environments.
Of course, there are some cases where it may be necessary to use separate configurations for ingress-nginx, nfs, and kube-prometheus-stack. For example, if you need to have different security or performance requirements for different environments. However, in general, using a single configuration is a good way to simplify and streamline the deployment of multiple Kubernetes environments.