Practical Developer Setup (New Cluster)

Step-by-step notes for bringing up the full Octopus Suite on a fresh Kubernetes cluster, protecting the Config UI, loading the default endpoint config, and logging in with at least one admin user to manage widgets.

1) Prepare your cluster

• Verify a default StorageClass exists (PVCs must bind automatically).

• Set your namespace/release (defaults shown):

  export KUBE_NAMESPACE=ska-octopus-suite
  export HELM_RELEASE=ska-octopus
  kubectl create namespace "$KUBE_NAMESPACE" --dry-run=client -o yaml | kubectl apply -f -
  

2) Create required secrets

• Config UI password (required to unlock /config-ui and /config routes):

  kubectl -n "$KUBE_NAMESPACE" create secret generic octopus-config-ui-password \
    --from-literal=cfg-ui-password='change-me' \
    --dry-run=client -o yaml | kubectl apply -f -
  

• Local auth users (backed by OCTOPUS_AUTH_USERS): include at least one admin so you can manage widgets later. Example with an admin + viewer:

  kubectl -n "$KUBE_NAMESPACE" create secret generic octopus-auth-users \
    --from-literal='auth-users.json=[{"username":"admin","password":"adminpw","role":"Admin"},{"username":"analyst","password":"analystpw","role":"User"}]' \
    --dry-run=client -o yaml | kubectl apply -f -
  

• (Optional) JWT secret if you want to override the built-in default:

  kubectl -n "$KUBE_NAMESPACE" create secret generic octopus-jwt \
    --from-literal=token='s3cr3t' \
    --dry-run=client -o yaml | kubectl apply -f -
  

3) Install charts (choose the right path)

• Local/dev cluster (full suite, including local EDA + mock devices):

  From this repo root (ska-octopus-suite):

  KUBE_NAMESPACE="$KUBE_NAMESPACE" HELM_RELEASE="$HELM_RELEASE" make k8s-install-all-charts
  

  This installs the suite charts (including ska-octopus and hdbpp) into the target namespace.

• Official/shared server (do not install the suite):

  Do not use make k8s-install-all-charts from ska-octopus-suite, because that path deploys a new EDA and mock Tango devices meant for local emulation. Instead, install the charts individually from:

  • /home/code/ska-octopus-backend/charts

  • /home/code/ska-octopus-frontend/charts

  The rest of this guide still applies after that.

4) Post-install checks (new server)

• Confirm access requirements and URLs. Note whether the services are public, require VPN, or require Microsoft login. Record the frontend and backend URLs. Example:

  https://k8s.stfc.skao.int/integration-octopus/ska-octopus-frontend
  https://k8s.stfc.skao.int/integration-octopus/ska-octopus-backend
  https://k8s.stfc.skao.int/integration-octopus/ska-octopus-backend/config-ui
  

• Confirm the Config UI password is set (see Step 2: Create required secrets). The Config UI password must be provided to the Octopus team so they can help with endpoint connections.

• Confirm local users are created (see Step 2: Create required secrets). Provide at least one Admin account to the Octopus team so they can help with widget setup and updates.

• Confirm Tango connectivity requirements. If Tango is needed, decide whether there is one connection or multiple, then set the TANGO_* variables accordingly. Example chart values:

  ska-octopus-backend:
    vars:
      TANGO_HOST: "databaseds-tango-base-test.ska-octopus-suite.svc.cluster.local:10000"
      TANGO_DBS:
        - value: "http://ska-tango-tangogql-ariadne-primary.ska-octopus-suite.svc.cluster.local:5004/db"
          label: "Low DB"
        - value: "http://ska-tango-tangogql-ariadne-secondary.ska-octopus-suite.svc.cluster.local:5004/db"
          label: "CIPA DB"
    ska-tango-tangogql-ariadne:
      enabled: true
  

  If you use an external tangoGQL instance, keep ska-octopus-backend.ska-tango-tangogql-ariadne.enabled: false and point the TANGO_DBS entries at the external HTTP endpoints. You can add more entries for additional tangoGQL instances. TANGO_HOST still points at the Tango DB TLR when direct Tango access is needed.

• Confirm EDA availability. If EDA is required, create the read-only secret and user (user accessing EDA [while we wait for a proper API] must be read only):

  kubectl -n "$KUBE_NAMESPACE" create secret generic octopus-eda-readonly-postgresenv \
    --from-literal=HDBPP_PG_DSN='postgresql://postgres:tango@hdbpp-hdbpp-db:5432/hdb' \
    --dry-run=client -o yaml | kubectl apply -f -
  

5) Open the Config UI and load endpoints

On Minikube with the chart defaults, the ingress exposes the backend at:

https://192.168.49.2/integration-octopus/ska-octopus-backend/config-ui

Log in with the password you set in octopus-config-ui-password, then import the default endpoints file:

https://gitlab.com/ska-telescope/ska-octopus/ska-octopus-suite/-/blob/main/endpoints/localEmulation.json

Apply/activate that version so the backend exposes the local emulation schema.

6) Open the frontend and log in

On Minikube with the chart defaults, the frontend is reachable at:

http://192.168.49.2/integration-octopus/ska-octopus-frontend

Sign in with one of the users from octopus-auth-users (e.g., admin/adminpw). Keep at least one Admin account so you can manage widgets.

7) Register the Tango table widget

In the frontend, go to ⚙️ -> Widgets Store -> Add widget and register:

artefact:@ska-octopus-widgets/tango-table-widget@0.1.26

You can pick newer versions from the widget release tracker: https://developer.skao.int/projects/ska-octopus-suite/en/latest/widget-release-tracker.html