Configure the Kubernetes cloud provider
This document describes how to configure the Kubernetes provider for YugabyteDB universes using the Yugabyte Platform. If no cloud providers are configured in the Yugabyte Platform console yet, the main Dashboard page highlights the need to configure at least one cloud provider, as per the following illustration:
If you plan to run YugabyteDB universes on Kubernetes, all you need to provide in the Yugabyte Platform console is your Kubernetes provider credentials. The Yugabyte Platform uses those credentials to automatically provision and de-provision the pods that run Yugabyte.
Before you install YugabyteDB on a Kubernetes cluster, perform the following:
- Create a
- Create a
kubeconfigfile of the earlier-created service account to configure access to the Kubernetes cluster.
This is the ServiceAccount whose secret can be used to generate a
- Should not be deleted once it is in use by the platform.
namespacein the ServiceAccount creation command can be replaced by the desired namespace in which to install YugabyteDB.
Run the following
kubectl command to apply the YAML file:
kubectl apply -f https://raw.githubusercontent.com/yugabyte/charts/master/rbac/yugabyte-platform-universe-management-sa.yaml -n <namespace>
Expect the following output:
You need to grant access to this ServiceAccount using ClusterRoles and Roles as well as ClusterRoleBindings and RoleBindings, thus allowing it to manage the YugabyteDB universe's resources for you.
Ensure that you have replaced the
namespace from the commands with the correct namespace of the previously created ServiceAccount.
The tasks you can perform depend on your access level.
Global Admin can grant broad cluster level admin access by executing the following command:
curl -s https://raw.githubusercontent.com/yugabyte/charts/master/rbac/platform-global-admin.yaml \ | sed "s/namespace: <SA_NAMESPACE>/namespace: <namespace>"/g \ | kubectl apply -n <namespace> -f -
Global Restricted can grant access to only the specific cluster roles to create and manage YugabyteDB universes across all the namespaces in a cluster using the following command:
curl -s https://raw.githubusercontent.com/yugabyte/charts/master/rbac/platform-global.yaml \ | sed "s/namespace: <SA_NAMESPACE>/namespace: <namespace>"/g \ | kubectl apply -n <namespace> -f -
This contains ClusterRoles and ClusterRoleBindings for the required set of permissions.
Namespace Admin can grant namespace level admin access by using the following command:
curl -s https://raw.githubusercontent.com/yugabyte/charts/master/rbac/platform-namespaced-admin.yaml \ | sed "s/namespace: <SA_NAMESPACE>/namespace: <namespace>"/g \ | kubectl apply -n <namespace> -f -
If you have multiple target namespaces, then you have to apply the YAML in all of them.
Namespace Restricted can grant access to only the specific roles required to create and manage YugabyteDB universes in a particular namespace. Contains Roles and RoleBindings for the required set of permissions.
For example, if your goal is to allow the platform software to manage YugabyteDB universes in the namespaces
yb-db-us-east4-a (the target namespaces), then you need to apply in both the target namespaces.
curl -s https://raw.githubusercontent.com/yugabyte/charts/master/rbac/platform-namespaced.yaml \ | sed "s/namespace: <SA_NAMESPACE>/namespace: <namespace>"/g \ | kubectl apply -n <namespace> -f -
kubeconfig file for a Kubernetes cluster
You can create a
kubeconfig file for previously created
yugabyte-platform-universe-management service account as follows:
Run the following
wgetcommand to get the Python script for generating the
Run the following command to generate the
python generate_kubeconfig.py -s yugabyte-platform-universe-management -n <namespace>
The following output should appear:
Generated the kubeconfig file: /tmp/yugabyte-platform-universe-management.conf
Use this generated
kubeconfigfile as the
kubeconfigin the Yugabyte Platform Kubernetes provider configuration.
Select the Kubernetes service
You can use the Pivotal Container Service or Managed Kubernetes Service.
Select the tab for the service you are using, as per the following illustration:
Use the configuration form shown in the following illustration to select the Kubernetes provider type from Type (Pivotal Container Service is the default).
Configure the cloud provider
Continue configuring your Kubernetes provider as follows:
- Give a meaningful name for your configuration.
- Choose one of the folloiwng ways to specify Kube Config for an availability zone:
- Specify at provider level in the provider form. If specified, this configuration file is used for all availability zones in all regions.
- Specify at zone level in the region form. This is required for multi-az or multi-region deployments.
- Use Service Account to provide the name of the service account which has necessary access to manage the cluster (see Create cluster).
- Use Image Registry to specify from where to pull YugabyteDB image. Accept the default setting, unless you are hosting the registry.
- Use the Pull Secret File field to upload the pull secret to download the image of the Enterprise YugabyteDB that is in a private repository. Your Yugabyte sales representative should have provided this secret.
The following illustration shows the completed form:
Configure the region and zones
Continue configuring your Kubernetes provider by clicking Add Region and completing the Add new region dialog, as follows:
- Use the
Regionfield to select the region.
- Use the Zone field to select a zone label that should match with your failure domain zone label
- Optionally, use the Storage Class field to enter a comma-delimited value. If you do not specify this value, it would default to standard. You need to ensure that this storage class exists in your Kubernetes cluster.
- Use the Namespace field to specify the namespace. If provided SA has the
Cluster Adminpermissions, you are not required to complete this field. The SA used in the provided
kubeconfigfile should have access to this namespace.
- Use Kube Config to upload the configuration file. If this file is available at provider level, you are not required to supply it.
Complete the Overrides field using one of the provided options. If you do not specify anything, Yugabyte Platform would use defaults specified inside the Helm chart. The following overrides are available:
Overrides to add service-level annotations:
serviceEndpoints: - name: "yb-master-service" type: "LoadBalancer" annotations: service.beta.kubernetes.io/aws-load-balancer-internal: "0.0.0.0/0" app: "yb-master" ports: ui: "7000" - name: "yb-tserver-service" type: "LoadBalancer" annotations: service.beta.kubernetes.io/aws-load-balancer-internal: "0.0.0.0/0" app: "yb-tserver" ports: ycql-port: "9042" yedis-port: "6379" ysql-port: "5433"
Overrides to disable LoadBalancer:
Overrides to change the cluster domain name:
Overrides to add annotations at StatefulSet-level:
networkAnnotation: annotation1: 'foo' annotation2: 'bar'
Overrides to add custom resource allocation for YB master and TServer pods and it overrides the instance types selected in the Yugabyte universe creation flow:
resource: master: requests: cpu: 2 memory: 2Gi limits: cpu: 2 memory: 2Gi tserver: requests: cpu: 2 memory: 4Gi limits: cpu: 2 memory: 4Gi
Overrides to enable Istio compatibility (required when Istio is used with Kubernetes):
istioCompatibility: enabled: true
Continue configuring your Kubernetes provider by clicking Add Zone and notice that there are might be multiple zones, as per the following illustration:
Finally, click Add Region, and then click Save to save the configuration. If successful, you will be redirected to the table view of all configurations.
You are now ready to create YugabyteDB universes, as described in the next section.