Customize ESS

You can customize your ESS deployment using Kustomize overlays.

You can customize during or after your initial installation/deployment. By using customizations, you can add and remove the features as needed for your ESS deployment.

These techniques allow you to create a number of workflows, such as:

approvals
dev -> staging -> production
security review
extra operational overlays

Applying Your Customizations

Note The installation and customization tutorials assume Infrastructure as Code (IaC) practice for managing the system and assumes the installation directory is under source control.

Warning

CRITICAL SECURITY REQUIREMENT

NEVER commit files containing secrets such as .env or JWT to version control. These files must be managed securely.

As part of updating the inputs for your deployment:

Review the template secret files
Set strong secrets for the values, such as strong passwords
Store the secret securely outside your repository using one of these methods:
- Cloud secrets management service
- Enterprise secrets vault solution
- Kubernetes Secrets with encryption at rest
- Secure file system with restricted access (development only)
Configure your deployment to retrieve credentials from your secure storage at runtime
Add the secrets files to your .gitignore file immediately

To customize your ESS deployment, you can create your own customization overlay(s) and apply to the deployment.

Go to your ESS installation directory:
```
cd ${HOME}/ess
```

Create an overlay file with the change you want to make. For example, the following creates an overlay file named labels.yaml :

# labels.yaml
apiVersion: builtin
kind: LabelTransformer
metadata:
  name: author
labels:
  author: me
fieldSpecs:
  - path: metadata/labels
    create: true

In your ESS installation directory, edit the kustomization.yaml to incorporate your customization. For this example, add labels.yaml to the file:


 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 # This file was initially generated by the Inrupt installer
 # You can use this file to fine-tune your environment
 # Find out more at: https://docs.inrupt.com/ess/2.4/installation/customize-configurations/
 resources:
   - ../release/ess/deployment/kubernetes/overlays/standalone/
 components:
   # These are your inputs
   - inputs/
   # inrupt-kustomizer can copy them to the places where they are needed using replacements
   - ../release/ess/deployment/kubernetes/overlays/standalone/replacements/
 ## Added kustomization for the labels.yaml.
 transformers:
   - labels.yaml

For other customizations, modify the kustomization.yaml as appropriate.

Build the kustomized.yaml file (same command found in the readme.txt during the initial installation/deployment):
```
docker run -it -v ${HOME}/ess:/kustomize docker.software.inrupt.com/inrupt-kustomizer:2.4.0 > kustomized.yaml
```

Review Changes To review the changes that will be applied to your cluster, you can:

Use kubectl diff to see the changes from the running cluster:
```
kubectl diff -f `kustomized.yaml`
```
Use the diff option for your source control (e.g., git diff if using GitHub as your source control):
```
git diff `kustomized.yaml`
```

When you are ready, you can apply the changes to your cluster (same command as in the initial installation/deployment):
```
kubectl apply -f `kustomized.yaml`
```

Consider using automations to apply your own customization to your cluster.

Commit the changes to source control.

Ensure that the repo is private

Examples

The pages in this section contain examples for customizing your ESS deployment.

Start App and Approval Pages

Security

Logging and Auditing

Pod Maintenance and Metrics

General

Design Considerations

When designing your customizations, be aware that new features and services will arrive in updates to ESS. As such, consider the following when customizing:

Be selective. Try to focus the customization on the specific objects you want to change. For example, specify the deployment name when scaling to 20 replicas.
Use labels to select things by their purpose. A number of parts of the deployment have labels such as role:logging to help you choose things to customize.
Use merge and replace behaviors to control what you consume. You can choose to extend an existing object, such as a ConfigMap, using merge. If you want to fully replace the original content, you can use replace.
Use namespaces to separate distinct workloads For instance, you may be adding logging or certificate management. Consider putting those in other namespaces if they are cluster-wide and serve other workloads, not just ESS. However, if you are adding a new web server that will work in tandem with ESS, then using the same namespace as ESS may be preferable.

Additional Information

For more information on Kustomize, see Declarative Management of Kubernetes Objects Using Kustomize .

PreviousInstallation NextStart App and Approval Pages

Last updated 3 months ago