Skip to main content

Installation

Install and configure a self-hosted Primary Site.

Prerequisites

To deploy your Primary Site in the cloud, you will first need an account with one of the supported cloud providers (AWS, Azure, GCP). You may also choose to self-host a Kubernetes installation and an S3-compatible object store such as MinIO.

We have tested the S3-compatible setup with MinIO. Other compatible services may work. Object creation events are required in order to process files from your inbox.

You will need to provision storage buckets, a Kubernetes cluster, and cloud credentials before installing the Primary Site.

Foxglove provides a set of Terraform examples to help with these initial provisioning steps in a supported cloud provider.

Create storage buckets

Create two storage buckets for your Primary Site:

  • inbox – For all file uploads
  • lake – For processed and indexed versions of all files added to inbox

Create Kubernetes cluster

Create a Kubernetes cluster to run your site workloads (e.g. processing inbox data, servicing data access requests from the lake) – we recommend doing this in the same region as your storage buckets, to reduce access latency and cost.

Create a foxglove namespace in your cluster:

$ kubectl create namespace foxglove

Configure cloud credentials

Create a service account with read and write access to the storage buckets. The Kubernetes workloads will use this service account.

See Configure cloud credentials for details on how to provide this credential to the deployment. This section also covers configuration of S3-compatible object storage.

Create secret with site token

Find your Primary Site token on the "Sites" settings page.

Install a Secret named foxglove-site-token into the foxglove namespace containing your site token:

$ kubectl create secret generic foxglove-site-token --from-literal=FOXGLOVE_SITE_TOKEN='fox_st_...' --namespace foxglove

There are multiple other ways to create secrets that may be preferable. See Create a Secret for more info.

Install the release

Install your Primary Site using Helm.

Prepare a values file

Create a values.yaml file to configure the installation. You'll need to include a storageProvider (aws, azure, google_cloud, or s3_compatible) and the names of your lake and inbox buckets:

Google Cloud

globals:
lake:
storageProvider: google_cloud
bucketName: foxglove-lake
inbox:
storageProvider: google_cloud
bucketName: foxglove-inbox

AWS

globals:
lake:
storageProvider: aws
bucketName: foxglove-lake
inbox:
storageProvider: aws
bucketName: foxglove-inbox
globals:
aws:
region: <us-east-1>

S3 Compatible For S3 compatible storage like MinIO

globals:
lake:
storageProvider: s3_compatible
bucketName: foxglove-lake
inbox:
storageProvider: s3_compatible
bucketName: foxglove-lake

Azure

globals:
lake:
storageProvider: azure
bucketName: foxglove-lake
inbox:
storageProvider: azure
bucketName: foxglove-inbox
globals:
azure:
storageAccountName: <my-storage-account>
serviceUrl: "https://<resourcegroup>.blob.core.windows.net"

Install

Helm will install the Primary Site deployment to your current Kubernetes context.

$ helm repo add foxglove https://helm-charts.foxglove.dev
$ helm repo update
$ helm upgrade --install foxglove-primary-site foxglove/primary-site \
--values ./values.yaml \
--namespace foxglove \
--create-namespace

View info about the deployment:

$ helm list -n foxglove

Ingress for data access

The deployment installs an Ingress which exposes a REST API endpoint for accessing available data.

To reach the ingress from outside the cluster you'll need to assign a DNS name and HTTPS endpoint. This HTTP endpoint must be reachable from your organization's network or any network you want to have access to the site data.

How to assign a DNS name and HTTPS endpoint to the ingress is specific to your organization and cloud environment.

You can configure the ingress using your values file. Below are the default values.

ingress:
enabled: true
className:
annotations: {}

To completely disable the Ingress, set ingress.enabled to false. However, you must provide an Ingress for the site to function.

Some cloud providers require configuring annotations for HTTPS certificates. Here's an example values file for AWS.

ingress:
annotations:
kubernetes.io/ingress.class: "alb"
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/backend-protocol: HTTP
alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-west-1:xxxxxxxxxxxx:certificate/EXAMPLE-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Configure Foxglove

Once the site's ingress public URL is known, you can configure it on a Site page, linked from the "Sites" settings page.

Under Site URL, enter the HTTPS URL you've assigned to the Ingress.

Bucket push notification

The site inbox processor needs to know when new files are uploaded to the inbox bucket. To notify of new uploads, configure a push notification to Foxglove inbox-notifications endpoint.

Configuring a push notification for new file uploads is specific to your cloud provider (or S3-compatible service).

The Foxglove AWS Terraform examples for cloud providers configure these resources for you. For manual setup, or for more information, see the documentation below.

Org admins can find the inbox notification endpoint on the Sites settings page.