This page is a summary of the steps we took to get browsertrix-cloud running on-prem in a k3s installation at KB.
Mostly this page is just a summary of the contents of the slack thread https://iipc.slack.com/archives/C02DUU7US9M/p1692966466359669?thread_ts=1685144091.950199&cid=C02DUU7US9M
Firstly, IT services installed k3s on a single machine and disabled SELinux.
The first thing to do after this is set the right kubectl configuration:
export KUBECONFIG=/etc/rancher/k3s/k3s.yaml
The browsertrix-cloud installation is based on the nginx ingress so you must disable traefik:
kubectl -n kube-system delete helmcharts.helm.cattle.io traefik
Then install cert-manager and ingress-nginx
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.12.0/cert-manager.yaml helm upgrade --install ingress-nginx ingress-nginx --repo https://kubernetes.github.io/ingress-nginx --namespace ingress-nginx --create-namespace
Now clone or download browsertrix cloud. We installed from the ansible-k3s branch, but that should soon be merged with main. Change directory to the browsertrix-cloud directory
cd browsertrix-cloud
and edit the file ./chart/examples/local-config.yaml by adding the following:
ingress: host: "btrix-cloud-devel-02.kb.dk" scheme: "https" tls: true ingress_class: "nginx"
(replacing btrix-cloud-devel-02.kb.dk with your hostname.)
Then install browsertrix-cloud
helm upgrade --install -f ./chart/values.yaml -f ./chart/examples/local-config.yaml btrix ./chart/
after this just wait for everything to come up and you should be ready.
Some notes
Users and Registration
Initially you only have the default user as documented in system documentation.
You can invite new users in the web gui, but the confirmation emails don't get sent in the default setup. However you can read the confirmation url in the backend log via
kubectl get pods kubectl logs browsertrix-cloud-backend-...
or using the kubernetes dashboard if you have that up and running
Limitations with Self-signed Certificates
Since this installation is with self-signed certificates, there can be problems with some functionality. In particular, we could not at first get replay to work in chrome. We found various workarounds:
- Start chrome from the command line with "--ignore-certificate-errors" and replay one harvest. Quit chrome and start normally. Now it should work for a while.
- Use Firefox.
- Learn how to install a valid TLS certificate.
Kubernetes Dashboard
We also installed the kubernetes dashboard on port 8001. To access this at the moment you need to login to the machine and obtain a token:
kubectl create token admin-user -n kubernetes-dashboard