Skip to content

Installing the Anyware Trust Center

Before You Begin

Before installing the , you'll install Kubernetes (unless it's already present) and Helm, which will manage configuration and installation.

Deploy your Kubernetes Cluster

The installs into a Kubernetes cluster. If you have installed Kubernetes, already deployed a Kubernetes cluster, you can move to the next section.

If you have not already deployed the Kubernetes cluster, download and install Kubernetes and the Kubernetes command-line tool, kubectl. There are a number of ways to do this, and the best method will depend on your specific requirements. You can quickly create and deploy a local Kubernetes cluster using minikube.

Install Helm

Helm manages installation, upgrading, and uninstalling of the . It's similar in concept to Yum or Apt, but manages Kubernetes clusters instead of Linux packages.

  1. Install Helm using the method of your choice.

  2. To verify installation, open a terminal and run the help command:

    helm help

If installation was successful, we're ready to get started!

Providing a Custom Subdomain for the Trust Center

The Trust Center defines FQDNs for its APIs and for its bootstrap service:

  • bootstrap.<subdomain>: the FQDN for the Trust Center bootstrap service
  • trust-center.<subdomain>: the FQDN for the Trust Center APIs

By default, both of these <subdomain> values will point to tc.corp.

Note: Proof of concept deployments

For proof-of-concept deployments, the default FQDNs are usually sufficient, and can quickly be added to the machine's /etc/hosts file making them resolvable via DNS:

  1. On the Trust Center machine, Open /etc/hosts using a text editor (if your hosts file is somewhere else, adapt this path).

  2. Add the following line (replace <ip-address-of-vm> with the address of your machine):

    <ip-address-of-vm> trust-center.tc.corp bootstrap.tc.corp

  3. Save and close the file.

Custom Domains

To provide a custom domain instead of using the default:

  1. Provide the desired subdomain using the domain parameter at install time

  2. Create DNS A records for these FQDNs using the IP address of the machine where the is installed.

Available Settings and Defaults

# Kubernetes settings for installing TC
k8s:
  containerRegistry:
    fqdn: <FQDN or IP of container registry>
    namespace: trust-center # the cluster namespace for all Trust Center components
    password: <password for registry user>
    username: <registry user>

# MongoDB configuration
mongodb:
  fqdn: <FQDN or IP address for MongoDB>
  password: <generated at install time>
  port: 27017 # standard MongoDB port
  username: admin # default for in-cluster MongoDB

# PKI provider configuration
pki:
  openXPKI:
    caAlias: <the name of the PKI CA>
    fqdn: <FQDN or IP address for PKI provider>
    password: <the password used to authenticate to OpenXPKI>
    port: 443
    username: <the username used to authenticate to OpenXPKI>

# Default credentials / access point for the TC itself
tc:
  domain: <sub-domain that TC endpoints will use; defaults to 'tc.corp' if not specified>
  password: <generated at install time>
  port: 32443 # default
  username: tcAdmin

# Vault configuration
vault:
  url: http://vault.trust-center-persistence:8200 # default for in-cluster Vault
  appRoles: # Only necessary if users have deployed Vault externally and are providing these details for authentication
  - name:
      name:
      roleId:
      secretId:

Proof-of-concept Deployment Subdomains

Install the Trust Center

Installation is accomplished using a Helm chart. Helm charts are definition files that dictate how applications are installed into Kubernetes; similar to an rpm or a dpkg file.

All of these instructions are performed on the machine where the will be installed.

Providing Configuration Values to Helm

The needs a minimal number of configuration settings provided at install time. You can provide these configuration values on the command line (inline), or by passing a configuration file to the installer. Typically, providing configuration values inline works well for proof-of-concept deployments or if there aren't many overrides. YAML files are recommended in cases where the same configuration will be deployed multiple times, or if the configurations need to be version controlled.

Providing Values Inline

To provide values inline, use dot notation to reference configuration values.

Creating a Configuration File

Initial installation parameters are specified in a plain-text YAML file called values.yml, which is part of the trust center package. The default file looks similar to this:

# Default values for trust-center.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.

# Credentials for the Docker registry with the Trust Center installer
imageCredentials:
  registry: teratcregistry.azurecr.io
  username: ""
  password: ""
  email: "no-reply@teradici.com"

# Only provide values here that are necessary to customize / override defaults.
config:
  tc:
    # Domain to use for the Trust Center
    # You must create set of A records in provided DNS subdomain or
    # update your machine to resolve the subdomains listed below.
    # The TC expects that the following subdomains will be resolvable:
    # - bootstrap.<domain> -- the FQDN for the bootstrap service
    # - trust-center.<domain> -- the FQDN for the Trust Center APIs
    domain: <sub-domain that TC endpoints will use; defaults to 'tc.corp' if not specified>
    password: <generated at install time>
    port: 32443 # default
    username: tcAdmin

To override default values or specify new configuration settings, modify existing settings in this file (or add additional settings) using a text editor.

For example, to specify a new domain of abc.xyz, you would open the values.yml file in a text editor and change this line...

    domain: "tc.corp"

...to this:

    domain: "abc.xyz"

Required parameters

You must supply the following parameters to the chart in order to install successfully:

Name Description Default value
imageCredentials.username The username for the Docker registry "" (not defined)
imageCredentials.password The password for the Docker registry "" (not defined)

Optional parameters

Optional parameters can be overridden or specified to change the default behavior of the .

Name Description Default value
config.tc.domain The domain the will connect to services on. "tc.corp"

**To install the **:

  1. Make sure Kubernetes is installed.

  2. Make sure Helm is installed.

  3. Using Helm, add the trust center repo information:

    Important: This command requires an access token fron Teradici

    This command requires an access code from Teradici. Replace <TOKEN> in the following example with your token.

    helm repo add trust-center-beta 'https://dl.anyware.hp.com/<TOKEN>/trust-center-beta/helm/charts/'
helm repo update

  4. Install the chart:

    • If you placed your installation configuration in a YAML file, file, include the configuration file via -f (in this example, the file is named values.yaml):

      helm install -f values.yaml trust-center --generate-name

    • If you will supply configuration values inline instead:

      helm install trust-center --set imageCredentials.username=<username>,imageCredentials.password=<password>,config.tc.domain=<domain>

      Replace <username>, <password>, and <domain> with their respective values. Remember that specifying config.tc.domain is optional and only required if you are changing the default value.

      Installation can take 15 minutes or longer. Once the installer pod has started running, you can monitor progress by tailing the logs for the pod beginning with trust-center-installer:

      kubectl logs -f $(kubectl get pods -o=jsonpath='{.items[0].metadata.name}' -n trust-center) -n trust-center

  5. After installation completes, record the admin credentials that were generated during installation:

    • Get the generated username: 
      kubectl get secret trust-center-initial-admin-credentials -n trust-center -o jsonpath='{.data.username}' | base64 -d -
    • Get the generated password: 
      kubectl get secret trust-center-initial-admin-credentials -n trust-center -o jsonpath='{.data.password}' | base64 -d -

  6. Use the API to update the local admin user's password using the values you noted in the previous step:

Installing the Chart

Install via the usual helm install process.

Installation progress can be monitored by tailing the logs for the pod starting with trust-center-installer, e.g. (this command will only work once the pod has started running) kubectl logs -f $(kubectl get pods -o=jsonpath='{.items[0].metadata.name}' -n trust-center) -n trust-center

Once installation has completed, you can retrieve the initial admin credentials from the trust-center-initial-admin-credentials Kubernetes secret:

Follow the example code in the API docs to update the local admin user's password using these credentials: https://<fqdn-or-ip-of-trust-center>:32443/api/v1/docs#section/API-Examples/Configure-Local-Admin-User.