This section details the infrastructure prerequisites required to deploy kdb Insights Enterprise on the Kubernetes container orchestration system.
Managed Kubernetes cluster
kdb Insights Enterprise currently supports the managed Kubernetes offerings below.
The Kubernetes cluster should have at least one node pool with a minimum node count of three to support the rook-ceph distributed storage system replication. See below.
An ingress controller such as ingress-nginx is required to access the kdb Insights Enterprise dashboards and APIs from outside the cluster.
In order to use the NGINX Ingress Controller a valid SSL certificate is required for the ingress endpoint. For details on how certificates are used in kdb Insights Enterprise see here.
The cert-manager installation is required to add certificates and certificate issuers as resource types in the Kubernetes cluster.
Each deploy of kdb Insights Enterprise will create a namespaced certificate issuer to provide mTLS between microservices.
A ClusterIssuer such as letsencrypt can be used with the NGINX Ingress Controller above to provide a certificate for the API endpoints.
NB air-gapped deploys: cert-manager requires access to the internet and so cannot be used in an air-gapped environment. Instead the NGINX Ingress Controller should reference a Kubernetes secret which contains a certificate for the API endpoints.
Distributed storage system
The data tier in kdb Insights Enterprise requires a shared filesystem such as Rook Ceph which can be mounted with read/write permission from multiple pods. Choose from one of the supported file systems based on your performance and availability requirements.
Network file systems
kdb Insights Enterprise requires a storage class named
sharedfiles to provision shared file storage instances.
DNS record which points to your Kubernetes Ingress
In order to access your cluster, a DNS record should be created which resolves to the external IP address of the cluster’s NGINX Ingress Controller. For more information see DNS Setup.