Standard Deployment Guide
📘 Overview
This guide details how to deploy CSGHUB in a production environment using Helm Chart.
Production deployment has higher requirements for high availability, security, and maintainability compared to test environments. Please follow the steps strictly.
⚙️ Prerequisites
✅ Environment Requirements
| Item | Requirement |
|---|---|
| Kubernetes Cluster | v1.28+, properly configured network and storage |
| Helm | v3.12.0+, with cluster administrator permissions |
| Domain | Registered domain with DNS resolution permissions |
| Storage | Configured StorageClass supporting dynamic volume provisioning |
💡 Recommended: Use external databases and high-availability object storage in production (e.g., AWS RDS, MinIO HA, or Ceph).
💾 Resource Planning
Plan resources according to expected usage scale:
| Resource Type | Small Team | Medium Team | Large Team |
|---|---|---|---|
| Node Count | 3 | 5–10 | 10+ |
| Total CPU | 16 cores | 32 cores | 64+ cores |
| Total Memory | 32 GB | 64 GB | 128+ GB |
| Storage | 1 TB | 2–5 TB | 5+ TB |
⚠️ Note: Ensure time synchronization between nodes (NTP recommended), and preconfigure sufficient Ingress bandwidth and LoadBalancer resources.
🧩 Deployment Steps
1️⃣ Add Helm Repository
# Add CSGHUB Helm repository
helm repo add csghub https://charts.opencsg.com/repository/csghub
# Update repository index
helm repo update
# Verify repository addition
helm search repo csghub
2️⃣ Install CSGHub
helm upgrade --install csghub csghub/csghub \
--namespace csghub \
--create-namespace \
--set global.ingress.domain="<your-domain>" # e.g., example.com
After successful installation, you should see output like:
Release "csghub" has been upgraded. Happy Helming!
NAME: csghub
NAMESPACE: csghub
STATUS: deployed
APP VERSION: v1.12.0
✅ CSGHub has been successfully installed!
---
🔗 CSGHub & 🔐 Casdoor & 🕓 Temporal Admin Console
Access your CSGHub, Casdoor, or Temporal instance:
🌐 CSGHub: http://csghub.example.com
🔐 Casdoor Admin Console: http://casdoor.example.com
🕓 Temporal Admin Console: http://csghub.example.com/-/temporal
🔑 Credentials: root / NTRyMTNDY4MDFjVkMTEDJiMWUlc2MjQl
🔗 Access Services
Default access endpoints and credentials:
| Service | URL | Default Credentials |
|---|---|---|
| 🌐 CSGHUB Portal | http://csghub.example.com | Auto-generated |
| 🔐 Casdoor Console | http://casdoor.example.com | Auto-generated |
| 🕓 Temporal Console | http://csghub.example.com/-/temporal | Auto-generated |
Retrieve admin username and password:
# Get Casdoor admin credentials
kubectl get secret -n csghub csghub-casdoor-init \
-o jsonpath='{.data.INIT_ADMIN_USER}' | base64 -d && echo -n " / " && \
kubectl get secret -n csghub csghub-casdoor-init \
-o jsonpath='{.data.INIT_ADMIN_PASSWORD}' | base64 -d
💾 MinIO Console
Address: http://minio.example.com:30080/console/
Credentials:
kubectl get secret -n csghub csghub-minio \
-o jsonpath='{.data.MINIO_ROOT_USER}' | base64 -d && \
echo -n " / " && \
kubectl get secret -n csghub csghub-minio \
-o jsonpath='{.data.MINIO_ROOT_PASSWORD}' | base64 -d
📦 Image Registry
The default deployment includes a private image registry:
Endpoint: csghub.example.com:30080
Credentials:
kubectl get secret -n csghub csghub-registry \
-o jsonpath='{.data.REGISTRY_USERNAME}' | base64 -d && \
echo -n " / " && \
kubectl get secret -n csghub csghub-registry \
-o jsonpath='{.data.REGISTRY_PASSWORD}' | base64 -d
Login example:
kubectl get secret -n csghub csghub-registry \
-o jsonpath='{.data.REGISTRY_PASSWORD}' | base64 -d | \
docker login csghub.example.com \
--username "$(kubectl get secret -n csghub csghub-registry \
-o jsonpath='{.data.REGISTRY_USERNAME}' | base64 -d)" \
--password-stdin
# Example: push/pull images
docker pull csghub.example.com/test:latest
docker push csghub.example.com/test:latest
⚠️ Tip: The default registry is basic. For production, consider integrating an enterprise-level registry service.
🔒 Enable HTTPS Access
TLS encryption is recommended for security.
1️⃣ Create TLS Secret
Prepare trusted TLS certificates (wildcard or multi-domain) and create a secret:
kubectl -n csghub create secret tls csghub-tls-certs \
--cert=fullchain.pem \
--key=privkey.pem
2️⃣ Enable TLS in Helm
helm upgrade --install csghub csghub/csghub \
--namespace csghub \
--set global.ingress.domain="<your-domain>" \
--set global.ingress.tls.enabled=true \
--set global.ingress.tls.secretName="csghub-tls-certs"
💡 For single-domain certificates, specify separate secretName for each service:
--set portal.ingress.tls.secretName="portal-tls-certs" \
--set minio.ingress.tls.secretName="minio-tls-certs" \
--set casdoor.ingress.tls.secretName="casdoor-tls-certs"
⚡ Auto-Configured Components
CSGHUB supports automatic installation and configuration of:
- 🧭 Knative Serving
- 🌀 Argo Workflow
- ⚙️ LWS (Lightweight Scheduler)
By default autoConfigure is enabled:
--set runner.autoConfigure=true
Control namespace installation mode:
| Parameter | Description |
|---|---|
| runner.mergingNamespace=disable | Standard mode: create separate namespaces for each component (default) |
| runner.mergingNamespace=multi | Merge some component namespaces reasonably |
| runner.mergingNamespace=single | Install all components in a single namespace |
📚 References
- Official Documentation: https://github.com/OpenCSGs/csghub-charts
- Helm Documentation: https://helm.sh/docs/
- Kubernetes Official Guide: https://kubernetes.io/docs/