Assembly Resource
The AssemblyResource
CRD is used to set namespace endpoints and defaults. These allow the operator to deploy Assembly
CRs to that given namespace.
The Assembly
CR allows for per deploy image and container configuration, but where those fields have not been set the AssemblyResource
can be used to populate them.
Defining your own custom resource of kind: AssemblyResource
Top level of the CR details the apiVersion
of the CR and the kind
.
AssemblyResource
name is set within metadata
apiVersion: insights.kx.com/v1alpha1
kind: AssemblyResource
metadata:
name: insights
Validation on the CR fields is carried out on the apply
of the CR.
kubectl apply -f insights_resource.yaml
On successfully applying your AssemblyResource
, it can be seen by calling a get
on the asr
resource.
kubectl get assemblyresources
NAME DESCRIPTION AGE
insights Assembly Resource for insights 2d23h
Assembly Resources Configuration
Namespace configuration is set under the spec
key of the AssemblyResource
CR.
Some fields are required and will alert you if missing when applying your AssemblyResource
.
Optional fields are defaulted by the AssemblyResource
CRD, but may be overridden as part of your AssemblyResource
.
apiVersion: insights.kx.com/v1alpha1
kind: AssemblyResource
metadata:
name: assemblyresource-sample
spec:
description: "Assembly Resource for insights"
spec.description
The description
key is an optional string
field, allowing you to give a brief description of your AssemblyResource
.
Key | Type | Required | Description | Default | Validation |
---|---|---|---|---|---|
description |
string |
false |
Assembly Resource description | Assembly Resource for insights |
Any string |
spec.defaults
The defaults
key is an object allowing default image and container configuration for each of the Assembly
components.
Key | Type | Required | Description |
---|---|---|---|
defaults |
object |
false |
Component default configuration |
spec.defaults.certManager
The optional certManager
key allows the namespace Issuer to be set for all Assembly
that require a certificate to be generated by cert-manager
spec:
defaults:
certManager:
issuer: kxi-certificate
Key | Type | Required | Description |
---|---|---|---|
certManager |
object |
false |
Cert Manager Object |
certManager.issuer |
string |
false |
Cert Manager Issuer |
spec.defaults.license
The optional license
key allows the namespace KX On Demand License to be set for all Assembly
components that require a KX License.
spec:
defaults:
license:
user: "User Name"
email: "u.name@custom.com"
secretName: "my-kx-secret"
licType: "selfService"
asFile: true
kxAcct: "insights.kx-acc-svc:5000"
Key | Type | Required | Description |
---|---|---|---|
license |
object |
false |
KX License details |
license.user |
string |
false |
License owner name |
license.email |
string |
false |
License owner e-mail address |
license.secretName |
string |
false |
Name of pre-existing secret containing KX License |
license.licType |
string |
false |
License Type - onDemand or selfService |
license.asFile |
boolean |
false |
Mount License secret as a file |
license.kxAcct |
string |
false |
KX Account aggregator service endpoint |
spec.defaults.storageManager
The optional storageManager
key allows the namespace default image and container configuration to be set on all Storage Manager components that may be deployed as part of an Assembly
spec:
defaults:
storageManager:
affinity: soft
sm:
image: registry.dl.kx.com/kxi-sm:0.9.15
portName: "sm"
port: 10001
env:
- name: CUSTOM_ENV_VAR
value: "customValue"
eoi:
...
Key | Type | Required | Description |
---|---|---|---|
sm |
object |
false |
Storage Manager defaults object |
sm.image |
string |
false |
Full image string |
sm.portName |
string |
false |
Main container port name |
sm.port |
integer |
false |
Main container port |
sm.env |
array |
false |
List of Kubernetes Environment variables |
eoi |
object |
false |
EOI container defaults object |
eoi.image |
string |
false |
Full image string |
eoi.portName |
string |
false |
EOI container port name |
eoi.port |
integer |
false |
EOI container port |
eoi.env |
array |
false |
List of Kubernetes Environment variables |
eod |
object |
false |
EOD container defaults object |
eod.image |
string |
false |
Full image string |
eod.portName |
string |
false |
EOD container port name |
eod.port |
integer |
false |
EOD container port |
eod.env |
array |
false |
List of Kubernetes Environment variables |
dbm |
object |
false |
DBM container defaults object |
dbm.image |
string |
false |
Full image string |
dbm.portName |
string |
false |
DBM container port name |
dbm.port |
integer |
false |
DBM container port |
dbm.env |
array |
false |
List of Kubernetes Environment variables |
affinity |
string |
false |
Set hard , soft , hard-az or soft-az affinity on all instances |
probes |
object |
false |
Configure the use of probes within the component. See probes for more details. |
spec.defaults.seq
The optional seq
key allows the namespace default image, container and sequencer archiver configuration to be set on all Sequencer components that may be deployed as part of an Assembly
spec:
defaults:
seq:
rt:
image: registry.dl.kx.com/kxi-rt-sequencer-raft:0.0.38
env:
- name: CUSTOM_ENV_VAR
value: "customValue"
affinity: hard
containerPorts:
- containerPort: 4000
name: seq-tcp
protocol: TCP
- containerPort: 5000
name: topic
protocol: TCP
...
externalServicePorts:
- name: rt-ext
port: 5000
protocol: TCP
targetPort: topic
servicePorts:
- name: pull
port: 5001
protocol: TCP
targetPort: pull
- name: push
port: 5002
protocol: TCP
targetPort: push
...
archiver:
retentionDuration: 10080
maxLogSize: "5g"
maxDiskUsagePercent: 90
Key | Type | Required | Description |
---|---|---|---|
rt |
object |
false |
RT defaults object |
rt.image |
string |
false |
Full image string |
rt.env |
array |
false |
List of Kubernetes Environment variables |
rt.externalNodePort |
boolean |
true |
Use NodePort Type as default Service type for all externally facing Sequencers |
rt.useInternalLBAnnotations |
boolean |
false |
When enabled will append Service annotations creating an Internal LoadBalancer for external RT |
rt.affinity |
string |
false |
Set hard , soft , hard-az or soft-az affinity on all instances |
rt.containerPorts |
list |
false |
List of Container port objects, define ports to be exposed by RT container |
rt.servicePorts |
list |
false |
List of Service port objects, define ports to be exposed internally by RT Service resource |
rt.externalServicePorts |
list |
false |
List of Service port objects, define ports to be exposed externally by RT Service resource |
archiver |
object |
false |
Sequencer Archiver configuration |
archiver.retentionDuration |
integer |
false |
Log retention in minutes |
archiver.maxLogSize |
string |
false |
Maximum log size |
archiver.maxDiskUsagePercent |
integer |
false |
Maximum Percentage of disk utilization |
spec.defaults.dap
The optional dap
key allows the namespace default image and container configuration to be set on all Data Access components that may be deployed as part of an Assembly
spec:
defaults:
dap:
image: registry.dl.kx.com/kxi-da:0.9.25
portName: "dap"
port: 5080
env:
- name: CUSTOM_ENV_VAR
value: "customValue"
affinity: soft
Key | Type | Required | Description |
---|---|---|---|
image |
string |
false |
Full image string |
portName |
string |
false |
Main container port name |
port |
integer |
false |
Main container port |
env |
array |
false |
List of Kubernetes Environment variables |
affinity |
string |
false |
Set hard , soft , hard-az or soft-az affinity on all instances |
spec.defaults.dapSingle
The optional dapSingle
key allows the namespace default image and container configuration to be set on all Data Access components configured as single: true
that may be deployed as part of an Assembly
spec:
defaults:
dapSingle:
image: registry.dl.kx.com/kxi-da-single:0.9.25
port: 5080
env:
- name: CUSTOM_ENV_VAR
value: "customValue"
affinity: soft
Key | Type | Required | Description |
---|---|---|---|
image |
string |
false |
Full image string |
port |
integer |
false |
Main container port |
env |
array |
false |
List of Kubernetes Environment variables |
affinity |
string |
false |
Set hard , soft , hard-az or soft-az affinity on all instances |
spec.defaults.imagePullSecrets
The optional list
field imagePullSecrets
allows secrets to be provided to all Assembly
deployed within this namespace.
spec:
defaults:
imagePullSecrets:
- name: image-secret-cred
Key | Type | Required | Description |
---|---|---|---|
imagePullSecrets |
list |
false |
List of image pull secrets |
spec.defaults.sidecar
The optional sidecar
field allows for configuration of metrics, discovery and side car container configuration.
The configuration will then be used to default any Assembly
deployed.
spec:
defaults:
sidecar:
image: registry.dl.kx.com/kxi-sidecar:0.9.0
resources:
requests:
cpu: 0.1
memory: 128Mi
limits:
cpu: 0.1
memory: 128Mi
discovery:
enabled: true
registry: disco-discovery-proxy:8761
metrics:
enabled: true
useAnnotations: false
serviceMonitor:
enabled: true
prometheus: kx-prom
Key | Type | Required | Description |
---|---|---|---|
image |
string |
false |
Full image string |
discovery |
object |
false |
Discovery Configuration |
discovery.enabled |
boolean |
false |
Enable Discovery on each of the Assembly components |
discovery.registry |
string |
false |
Discovery Service URL |
metrics |
object |
false |
Metrics Configuration |
metrics.enabled |
boolean |
false |
Enable Metrics on each of the Assembly components |
metrics.useAnnotations |
boolean |
false |
Where Metrics has been enabled, and ServiceMonitor disabled, annotations may be applied to the Pod to allow Metrics scraping |
metrics.serviceMonitor |
object |
false |
Service Monitor object |
metrics.serviceMonitor.enabled |
boolean |
false |
Enable the Service Monitor resource for the Assembly components |
metrics.serviceMonitor.prometheus |
string |
false |
Existing prometheus release name |
resources |
object |
false |
Parent object to define requests and limits See spec.defaults.sidecar.resources |
spec.defaults.sidecar.resources
Where metrics
or discovery
have been enabled for an Assembly, a side car container is deployed within each of the component pods.
The resources
field allows the container resources limits
and requests
to be set for the side car container.
Resource Limits
When a process in the container tries to consume more than the allowed amount of memory, the system kernel terminates the process that attempted the allocation, with an out of memory (OOM) error
Key | Type | Required | Description |
---|---|---|---|
requests |
object |
false |
Requested resources for Pod container |
requests.memory |
string |
false |
Requested container memory in bytes. You can express memory as a plain integer or as a fixed-point number. See here for more details |
requests.cpu |
string |
false |
Requested container cpu in units of Kubernetes CPUs. |
limits |
object |
false |
Enforce resource limits on a Pod's container |
limits.memory |
string |
false |
Enforced maximum memory in bytes. You can express memory as a plain integer or as a fixed-point number. See here for more details |
limits.cpu |
string |
false |
Enforced cpu usage limit in units of Kubernetes CPUs. |
spec.defaults.sp
The optional sp
field allows for configuration of SP pipelines. SP coordinator service, worker and controller images.
The configuration will then be used to default pipelines requested within a deployed Assembly
.
spec:
defaults:
sp:
workerImage: "registry.dl.kx.com/kxi-sp-worker:0.10.5"
controllerImage: "registry.dl.kx.com/kxi-sp-controller:0.10.5"
coordinator: kxi-sp.svc:5000
env:
- name: CUSTOM_ENV_VAR
value: "customValue"
Key | Type | Required | Description |
---|---|---|---|
workerImage |
string |
false |
Full image string for Pipeline Worker |
controllerImage |
string |
false |
Full image string for Pipeline Controller |
coordinator |
string |
false |
The SP Coordinator service |
env |
array |
false |
List of Kubernetes Environment variables |
spec.defaults.podSecurityContext
The optional key podSecurityContext
allows pod security configuration to be defaulted for any Assembly
deployed within the namespace.
spec:
defaults:
podSecurityContext:
fsGroup: 65534
runAsUser: 65534
Key | Type | Required | Description |
---|---|---|---|
fsGroup |
integer |
false |
Any files within Assembly will be owned by this user ID |
runAsUser |
integer |
false |
Any Containers in the Assembly, all processes run with this user ID |
spec.defaults.mount
The mount
key is an object allowing default configuration to be set for Assembly mount
PVC.
spec:
defaults:
mount:
storageClass: "rook-cephfs"
accessModes:
- "ReadWriteMany"
Key | Type | Required | Description |
---|---|---|---|
storageClass |
string |
false |
Storage Class to default to on all Assembly mount resources |
accessModes |
[]string |
false |
Requested k8s access modes for PVC |
spec.defaults.element
The element
key is an object allowing default configuration for all attach volumes to an Assembly component.
spec:
defaults:
element:
storageClass: "standard"
accessModes:
- "ReadWriteOnce"
Key | Type | Required | Description |
---|---|---|---|
storageClass |
string |
false |
Storage Class to default to element attached volumes |
accessModes |
[]string |
false |
Requested k8s access modes for PVC |
spec.keycloak
The keycloak
key is an object allowing configuration of the Keycloak credentials and endpoint for requesting Access Tokens.
Key | Type | Required | Description |
---|---|---|---|
keycloak |
object |
false |
Component default configuration |
spec:
keycloak:
enabled: true
baseURL: keycloak.svc
realm: insights
clientID: kxi-operator
clientSecret: kxi-operator-client-secret
Key | Type | Required | Description |
---|---|---|---|
enabled |
boolean |
false |
Enable Keycloak on namespace |
baseURL |
string |
false |
Keycloak service endpoint |
realm |
string |
false |
Keycloak realm |
clientID |
string |
false |
Client ID to use when communicating with keycloak |
clientSecret |
string |
false |
Secret used for authentication |
Advanced Configurations
probes
The ASR allow for the configuration of liveness, readiness and startup probes.
...
probes:
enabled: true
livenessProbe:
enabled: true
failureThreshold: 4
initialDelaySeconds: 60
path: /alive
periodSeconds: 4
probeType: httpGet
scheme: HTTP
successThreshold: 1
timeoutSeconds: 1
readinessProbe:
enabled: false
failureThreshold: 4
initialDelaySeconds: 15
path: /ready
periodSeconds: 4
probeType: httpGet
scheme: HTTP
successThreshold: 1
timeoutSeconds: 1
startUpProbe:
enabled: true
failureThreshold: 6
initialDelaySeconds: 5
path: /alive
periodSeconds: 15
probeType: httpGet
scheme: HTTP
successThreshold: 1
timeoutSeconds: 1
...
Key | Type | Required | Description |
---|---|---|---|
enabled |
boolean |
false |
Enable the use of probes within the component |
livenessProbe |
object |
false |
Configure a liveness probe for component, see Probe Spec for more details |
readinessProbe |
object |
false |
Configure a readiness probe for component, see Probe Spec for more details |
startUpProbe |
object |
false |
Configure a startup probe for component, see Probe Spec for more details |
Probe Spec
Within the probes object you can configure each of the three probe types - liveness, readiness and startup probes.
Under each of the relevant keys livenessProbe
, readinessProbe
and startUpProbe
you may configure the probe as below:
Configuration varies depending on the selected probeType
.
[startUpProbe | livenessProbe | readinessProbe]:
enabled: true
failureThreshold: 6
initialDelaySeconds: 5
periodSeconds: 15
successThreshold: 1
timeoutSeconds: 1
Key | Type | Required | Description |
---|---|---|---|
enabled |
boolean |
false |
Enable this particular probe within instance |
probeType |
string |
false |
Probe type may be httpGet, tcpSocket or exec |
initialDelaySeconds |
integer |
false |
Number of seconds after the container has started before liveness probes are initiated |
timeoutSeconds |
integer |
false |
Number of seconds after which the probe times out |
periodSeconds |
integer |
false |
How often (in seconds) to perform the probe |
successThreshold |
integer |
false |
Minimum consecutive successes for the probe to be considered successful after having failed |
failureThreshold |
integer |
false |
Minimum consecutive failures for the probe to be considered failed after having succeeded |
terminationGracePeriodSeconds |
integer |
false |
Optional duration in seconds the pod needs to terminate gracefully upon probe failure |
probeType tcpSocket
Additional fields to configure the tcpSocket probeType
[startUpProbe | livenessProbe | readinessProbe]:
probeType: tcpSocket
port: 1234
port
| integer
| false
| Where probeType
is tcpSocket
- Probe target port may be set, if unset will use container port |
probeType exec
Additional fields to configure the exec probeType
[startUpProbe | livenessProbe | readinessProbe]:
probeType: exec
command:
- cat
- /tmp/healthy
Key | Type | Required | Description |
---|---|---|---|
port |
[]string |
false |
Where probeType is exec - Command that will be executed on the running container |
probeType httpGet
Additional fields to configure the exec probeType
[startUpProbe | livenessProbe | readinessProbe]:
probeType: httpGet
port: 1234
path: "/alive"
scheme: "HTTP"
headers:
- name: custom-header
value: custom
Key | Type | Required | Description |
---|---|---|---|
port |
integer |
false |
Where probeType is httpGet - Probe target port may be set, if unset will use container port |
path |
string |
false |
Target endpoint for request |
scheme |
string |
false |
Scheme to use for connecting to the host - HTTP or HTTPS |
headers |
[]object |
false |
Custom headers to set in the request. HTTP allows repeated headers |