A working Kubernetes cluster is required in order to install the FPX Authorization Server. The exact sizing of this cluster can vary depending on the specific deployment needs, but the bare minimum should include a single node with 1 vCPU and 1GB of RAM of available resources to dedicate to the FPX components. If the required configuration dictates that MySQL needs to be deployed as well, an additional 0.5 vCPU and 0.5GB of RAM should be allocated.
As FPX is packaged as a Helm chart, if you are using a version of Helm < 3.0, you will need to ensure that the tiller pod is initialized before continuing (See the Helm Guide for details).
While not required, an Ingress controller of some kind is recommended to be available within the network in order for external network traffic to reach the application pods running within Kubernetes. In order to protect resources using TLS, this ingress controller should support securing resource HTTP endpoints. At this time, the only officially supported ingress controller is:
It is also recommended that a namespace is created within the FPX install cluster. Within that namespace, a secret must be created that contains the docker-container repository credentials used during installation.
When installing the FPX Helm chart, there are up to two different domain names that are required depending on the configuration used -- one for the FPX Authorization Server, and a second for the FPX Authorization Server Admin API. These domain names should be pointed at the ingress point for the cluster using the appropriate A / CNAME records.
It is strongly recommended that for production deployments of FPX, MySQL is deployed externally and not managed within the Kubernetes infrastructure. In these instances, a MySQL endpoint will need to be available to FPX and included in its configuration. If such an endpoint is not available, one can be configured to be created. See the [Bitnami MySQL Helm Chart] (https://github.com/bitnami/charts/tree/master/bitnami/mysql) for details. This is meant to be used for testing and debugging purposes.
A MySQL database must be created for the Authorization Server accordingly. The following pages will assume this has already been done.