Docker and Kubernetes: Countly Enterprise

Follow

Authentication

Countly Enterprise Docker images are hosted in GCR (Google Container Registry). In order to get access to them, you'll need to set up service account authentication in your container engine. 

gcloud & docker CLI incompatiblity for our use case

`docker` may not be able to use the JSON auth file which is provided by us if you have the `gcloud` CLI tool on your computer and you configured it to access any gcr.io repository. Please remove `gcr.io` line from the `credHelpers` section in `~/.docker/config.json` file before you continue.

For plain Docker:

cat service-account.json | docker login -u _json_key --password-stdin https://gcr.io

For Kubernetes:

kubectl create secret docker-registry countly-registry \
  --docker-server=https://gcr.io \
  --docker-username=_json_key \
  --docker-password="$(cat service-account.json)"

Then:

imagePullSecrets:
  - name: countly-registry

 

Images

Countly has quite a few images for different environments and deployment scenarios:

Title Images Description
API/Frontend CentOS

gcr.io/countly-01/centos-api:latest

gcr.io/countly-01/centos-frontend:latest

Recommended. General CentOS-based split images.
API/Frontend Debian

gcr.io/countly-01/api:latest

gcr.io/countly-01/frontend:latest

 General Debian-based split images
Core

gcr.io/countly-01/countly-ee-core:latest

API and Frontend in one image. For simple low-load cases when you don't want to have overhead of multiple API and Frontend containers.

Currently, CentOS images are preferred since they're better optimized (smaller).

Core images are simpler to deploy (less containers), but allow less granular scalability as you need to carry all the frontend dependencies and RAM requirements along with every additional container you add. Countly API processes/containers account for ~99% of computing resources in high load cases.

Images with Auth Plugin Packages

Countly has quite a few images built with Auth Plugins for different environments and deployment scenarios:

Title Images Description
API/Frontend
Active-Directory

us-docker.pkg.dev/countly-01/auth-plugins/ad-api:latest 
us-docker.pkg.dev/countly-01/auth-plugins/ad-frontend:latest

API and Frontend images supporting Active-Directory as auth plugin

API/Frontend Cognito

us-docker.pkg.dev/countly-01/auth-plugins/cognito-api:latest
us-docker.pkg.dev/countly-01/auth-plugins/cognito-frontend:latest

API and Frontend images supporting
Cognito as auth plugin

API/Frontend
LDAP

us-docker.pkg.dev/countly-01/auth-plugins/ldap-api:latest
us-docker.pkg.dev/countly-01/auth-plugins/ldap-frontend:latest

API and Frontend images supporting
LDAP as auth plugin

API/Frontend
Okta

us-docker.pkg.dev/countly-01/auth-plugins/okta-api:latest
us-docker.pkg.dev/countly-01/auth-plugins/okta-frontend:latest

API and Frontend images supporting
Okta as auth plugin

Configuration

Please follow our configuration guide. Countly Enterprise doesn't have any extra requirements for Docker-based installations. The standard setup would look like this:

env: 
- name: COUNTLY_PLUGINS
value: "mobile,web,desktop,some,more,plugins"
- name: COUNTLY_CONFIG__FILESTORAGE
value: "gridfs"
- name: COUNTLY_CONFIG__MONGODB
value: "mongodb://some.mongo.host/countly"
- name: COUNTLY_CONFIG_HOSTNAME
value: countly.example.com
- name: NODE_OPTIONS
value: "--max-old-space-size=2048"
- name: COUNTLY_CONFIG__MAIL_CONFIG_HOST
value: "smtp.example.com"
- name: COUNTLY_CONFIG__MAIL_CONFIG_PORT
value: 25
- name: COUNTLY_CONFIG__MAIL_CONFIG_AUTH_USER
value: "example-user"
- name: COUNTLY_CONFIG__MAIL_CONFIG_AUTH_PASS
value: "example-password"

Also, please note that Countly Enterprise uses more MongoDB databases than Countly Lite, therefore you'll need to ensure that one of these is true (in the order of preference):

  • You have no authentication for MongoDB.
  • Authentication is made against admin database.
  • Authentication is the same across all the databases and they do exist.

Please follow Securing MongoDB guide for more details. 

Looking for help?