Create an organization

After you've deployed ArcGIS Enterprise on Kubernetes on your Kubernetes cluster, you must create an ArcGIS Enterprise organization. You can create an organization in one of two ways:

  • Use a browser to run the setup wizard
  • Use the configure.sh script to create an organization silently

The configuration script is included in the deployment package that is delivered as a .tar.gz file and available for download from My Esri.

Both options will do the following:

  • Download the Esri Docker images for ArcGIS Enterprise on Kubernetes
  • Deploy ArcGIS Enterprise on Kubernetes containers in your ArcGIS Enterprise on Kubernetes cluster
  • Create an ArcGIS Enterprise organization

Use the setup wizard

Once you've deployed ArcGIS Enterprise on Kubernetes, perform the following steps with the configuration wizard to complete your organization:

Open the Create New Organization link in a web browser. Browse to your load balancer URL and append /manager to the end of the URL. For example, if your load balancer context is arcgis, open the https://organization.example.com/arcgis/manager URL.

The page redirects to the ArcGIS Enterprise on Kubernetes setup wizard. Click Continue to begin. To complete the wizard, follow these steps:

  1. On the Architecture profiles page, select the profile that meets your organization's requirements and click Next.
  2. On the Provide license page, upload a ArcGIS Enterprise on Kubernetes license file and specify a user type for the primary administrator account:
    • Choose the license file (a .json file) that will license your organization's user types and apps. This file is obtained from My Esri.
    • Select the user type for the primary administrator account that you will create in the next step. You can change the administrator's user type in after the organization is created.
    • Click Next.
  3. On the Create administrator account page, create a primary administrator account for your ArcGIS Enterprise organization. Provide a username, password, email, first and last name, and a security question and answer, and click Next.

    Your username must be at least six characters. The only special characters allowed are the at sign (@), dash (-), dot (.), and underscore (_).

    Your password must be at least eight characters. It must contain at least one alphabet letter (uppercase or lowercase) and one number. All special characters are allowed.

  4. On the Set storage information page, provide the following information for each storage item using system managed storage:
    • Volume type—Choose Dynamic or Static to specify how you're provisioning persistent volumes (PVs). Use Static when the PVC should bind to an existing PV. Use Dynamic when a new PV should be provisioned through the specified storage class.
    • Storage class name—Specify your own storage class name or if you've set a storage class, specify the storage class name for each volume.
      Note:

      When binding to an existing PV that has no storage class defined, leave the storage class name blank. If a default storage class is configured in the cluster, the DefaultStorageClass admission controller adds the default storage class and prevents the PVC from binding. In this case, administrators should either add a storage class specification to the PV or remove the default storage class configuration.

    • Size (GiB)—Defines the size of the PV. The minimum size is 32 GiB. The value should match the size of the existing PV when using static binding. If the value is higher than the size of the existing PV, the PVC will not bind with the PV.
    • Label selector—Required for static provisioning. The label or labels must match those of the existing PV. For example labels, see Static provisioning.
  5. If you are using a cloud object store, select the storage service from the drop-down menu and provide the information needed for that service.
    1. If using Amazon S3, provide the following information:
      • Bucket name—The name of the bucket created in Amazon S3.
      • Region—The region where the bucket exists.
        Note:

        To connect to a private S3 endpoint, choose Custom as the region. Type or paste the URL to access the private cloud in the Private URL field.

      • Folder (optional)—The name of an existing or nonexisting root directory in Amazon S3 that can be used for the object store. The root directory should not contain files created or used by an existing organization. If no value is specified, the default arcgis is used. If there is already a root directory named arcgis in the bucket, you must specify a new and unique root directory name.
      • Authentication type—Choose either Access key or IAM role.
      • If using access key as the authentication type, provide the following information:
        • Access key—Paste or type the access key for the IAM user.
        • Secret key—Paste or type the secret key for the IAM user.
    2. If using Azure Blob, provide the following information:
      • Container name—The name of the container created in Azure.
      • Folder (optional)—The name of an existing or nonexisting root directory in Azure Blob that can be used for the object store. The root directory should not contain files created or used by an existing organization. If no value is specified, the default arcgis is used. If there is already a root directory named arcgis in the bucket, you must specify a new and unique root directory name.
      • Storage account—The name of the parent storage account the container exists under.
      • Storage domain—The Azure storage domain where the Blob storage container exists.
        Note:

        To connect to a custom Azure Blob endpoint, choose Other as the storage domain and provide the URL or DNS endpoint to access the storage location.

      • Authentication type—Choose either Storage account key or Managed identity.
      • If using Storage account key as the authentication type, provide the following:
        • Storage account—The name of the parent storage account under which the container exists.
        • Account key—Paste or type the primary or secondary account key for the associated storage account.
      • If using Managed identity as the authentication type, select System-assigned or User-assigned as the identity type.
        • If you selected a user-assigned identity, provide the client ID.
        Note:

        User-assigned identities must be assigned to the instances where the hosting and federated ArcGIS Server sites are running and have at least read-only access to the storage account container. If more than one user-assigned managed identity is assigned to an instance or storage container, you must specify a client ID.

    3. If using Google Cloud Storage, provide the following information:
      • Bucket name—The name of the bucket created in Google Cloud Storage.
      • Folder (optional)—The name of an existing or nonexisting root directory in Google Cloud Storage that can be used for the object store. The root directory should not contain files created or used by an existing organization. If no value is specified, the default arcgis is used. If there is already a root directory named arcgis in the bucket, you must specify a new and unique root directory name.
      • Access key—Paste or type the access key for the service account.
      • Secret key—Paste or type the secret key for the service account.
      Note:

      While a multi-region bucket increases the availability and redundancy of storage, it may introduce performance degradation and unpredictable latency when creating or restoring backups. See Google Cloud documentation for differences between regional, dual-region, and multi-region Cloud Storage and location considerations.

  6. If you are using a cloud relational store, select the database service from the drop-down menu and provide the following information:
    • Database endpoint—The database endpoint that allows both read and write operations. This typically points to the primary instance of the database where all data modifications occur.
    • Read-only endpoint (optional)—The database endpoint that is used only for read operations. This typically points to one or more read replicas of the database, which are synchronized with the primary instance. Read-only endpoints help distribute the load, improving performance and availability.
    • Database port—The network port on which the database server is listening for connections. The default port is 5432.
    • Username—The username of the database administrator account used to authenticate with the database. Ensure it has the necessary permissions to perform required operations.
    • Password—The password of the database administrator.
  7. On the Set user managed storage tab of the Set storage information page, optionally provide a registered data folder or set of folders for your organization to support publishing workflows.
    1. Enter a name for the folder data store.
    2. Select a folder registration type from the drop-down menu.
    3. If you are registering a Network file system (NFS), provide the following information:
      • Publisher folder path—Provide individual (drive or shared) locations where source data can be accessed and published by clients, such as ArcGIS Pro.
      • NFS hostname—Provide the machine name where shared data is stored and accessed through a NFS path.
      • NFS share path—Provide an NFS path on the host machine where shared data can be stored and accessed across the organization.
    4. If you are registering a Persistent volume claim (PVC), provide the following information:
      • In the Publisher folder path field, provide shared locations where source data can be accessed and published by clients, such as ArcGIS Pro.
      • If using the PV-based folder data store for geocode services, do the following:
        • Check the box next to This will be used for geocoding services.
        • Provide the local path on the nodes for the local PV in the Volume path field. The volume path is available in the persistent volume definition file.
      • If not using the data store for geocode services, choose Linux or Windows as the share type.
      • If you chose Linux, provide the following information:
        • NFS share path—Provide an NFS path on the host machine where shared data can be stored and accessed across the organization. The NFS share path is available in the persistent volume definition file.
        • NFS hostname—Provide the machine name where shared data is stored and accessed through an NFS path.
      • If you chose Windows, provide the source path of the Windows share in Volume path. The volume path is available in the persistent volume definition file.
      • Choose the JSON file that contains the volume specification of the persistent volume. This file will be used to create the persistent volume claim (PVC) that binds to the PV.

    To register more than one path, click Register a folder, and repeat this step.

    Note:

    It is recommended that you register folders during this step, as the act of registering later is subject to system downtime.

  8. Click Next and review the summary of configuration details provided on the Configuration summary page.
  9. Click Finish to start the setup.

While the wizard runs, it displays the current configuration status.

Use the configuration script

As an alternative to using the setup wizard, you can create an organization silently. Once you've deployed ArcGIS Enterprise on Kubernetes, you can run the configure.sh script.

Note:
It is recommended that you run the password-encrypt.sh tool to generate encrypted passwords for use in the configure.properties file.

Run the script

The configure.sh script is available for download from My Esri and is delivered as a .tar.gz file. The script is bundled with a configure.properties file, which provides a set of parameters prompting for unique input to your ArcGIS Enterprise organization and a password-encrypt.sh tool, which is used to generate AES-256 encrypted passwords

The configure.sh script does the following:

  • Verifies valid parameters in the configure.properties file
  • Creates a storage JSON based on provided storage properties found in the configure.properties file
  • Creates an ArcGIS Enterprise organization

Note:

The client workstation used to run this script must have access to https://<FQDN>/<context>/admin.

To run the script, complete the following steps:

  1. On your Kubernetes client machine, open a terminal as an administrator.
  2. Browse to <ArcGIS Enterprise on Kubernetes install directory>/tools/configure.
  3. Open the configure.properties file.
  4. Provide values for each parameter listed in the file. The file is divided into the following sections:
    • Architecture profile
    • Organization
    • License
    • Encryption Keyfile
    • Administrator account
    • Log settings
    • Storage
  5. Save the file. Optionally, rename the file.
  6. In the terminal, run the configuration script using the following command format:
    ./configure.sh [options] -f <user_properties>
    

    • One of the options you can choose to run with the configuration script is to register user managed data stores. If you choose to register a user-managed data store, you'll need to provide a data folder, or a set of data folders, for your organization in a .json file using the following format:
      Note:

      The example JSON below specifies the details for a network file share (NFS) with a client path that points to a network share, as well as an NFS with a client path that points to a local drive.

      [
        {
          "clientPath": "\\\\sample_server\\SharedPath\\Data",
          "type": "folder",
          "info": {
            "fileServerHost": "nfsHost.domain.com",
            "fileServerType": "nfs",
            "fileServerPath": "/SharedPath/Data"
          }
        },
        {
          "clientPath": "C:\\data",
          "type": "folder",
          "info": {
            "fileServerHost": "nfsHost.domain.com",
            "fileServerType": "nfs",
            "fileServerPath": "/data",
            "hostName": "yourclienthost.domain.com"
          }
        }
      ]
      
    • You will also need to append the path to the .json file to the command format in the following way:
      % ./configure.sh -f my.properties -u /path/to/my_data_stores.json
      

The contents of <user properties> are derived from the configure.properties file.

Once you've run the script, you'll be presented with a summary of configuration details and asked whether you want to continue.

  • If you specify y for yes, the script proceeds and creates an organization. This is the default input the script assumes.
  • If you specify n for no, the script immediately exits and does not create an organization.