- Operating StreamNative Platform
- Deploy
Deploy StreamNative Platform on Red Hat OpenShift
This page describes how to deploy StreamNative Platform as a cloud-native, stateful container application on Red Hat OpenShift.
Deploy Pulsar Operators
Pulsar Operators include the BookKeeper Operator, Pulsar Operator, and ZooKeeper Operator, which can bring up a Pulsar cluster easily on Openshift.
- BookKeeper Operator: provides a full management lifecycle for BookKeeper clusters.
- Pulsar Operator: manages the deployment of the Pulsar Broker and Pulsar Proxy to run Pulsar clusters.
- ZooKeeper Operator: provides a full management lifecycle for ZooKeeper clusters.
You can deploy Pulsar Operators with either cluster-scoped permissions or namespace-scoped permissions. With cluster-scoped permissions, the Pulsar Operators can watch resources across all namespaces in the cluster. With namespace-scoped permissions, the Pulsar Operators can watch resources in a particular namespace.
OpenShift Web Console
This section describes how to deploy Pulsar Operators using the OpenShift Web Console.
Note
Currently, you can only deploy Pulsar Operators with cluster-scoped permissions.
Prerequisites
- Install kubectl v1.16 or higher.
- Install the cert-manager.
- Deploy an OpenShift cluster.
Steps
Navigate to your OpenShift Web Console and click OperatorHub.
Enter "StreamNative" or "Pulsar" in the search box. There are three tiles: BookKeeper Operator, Pulsar Operator, and ZooKeeper Operator.
Click the BookKeeper Operator tile, and then click Install. This step shows the BookKeeper Operator as an example.
Customize the configurations.
- Installation mode
- All namespaces on the cluster(default): deploy the Pulsar Operators with cluster-scoped permissions.
- A specific namespace on the cluster: deploy the Pulsar Operators with namespace-scoped permissions. Currently, this option is not supported because it needs to pass the parameter through an environment variable.
- Updated Approval
- Automatic: automatically install or update the Pulsar Operators.
- Manual: manually install or update the Pulsar Operators.
- Installation mode
Click Install. A page displays, showing the BookKeeper Operator installation process.
After the BookKeeper Operator is installed, you can see the new status Installed operator - ready for use.
Repeat Steps 3 through 6 to install the Pulsar Operator, and then repeat the steps for the ZooKeeper Operator.
Confirm that all Pulsar Operators are running. You can find the Pods in the openshift-operators namespace.
kubectl -n openshift-operators get pods NAME READY STATUS RESTARTS AGE bookkeeper-operator-controller-manager-85df68b588-7pblp 2/2 Running 0 4m53s pulsar-operator-controller-manager-5ff697757c-2pnl2 2/2 Running 0 96s zookeeper-operator-controller-manager-7655ff7ff6-8mn2z 2/2 Running 0 13s
CLI
This section describes how to deploy Pulsar Operators using the Command Line Interface (CLI) tool.
Note
You can deploy Pulsar Operators with either cluster-scoped permissions or namespace-scoped permissions.
Prerequisites
- Install kubectl v1.16 or higher.
- Install Helm v3.0 or higher.
- Install the cert-manager.
- Deploy an OpenShift cluster.
- Prepare the Pulsar Operators v0.10.3 or higher.
Steps
To deploy Pulsar Operators using the CLI tool, you can define the following options in your values.yaml
YAML file.
watchNamespace: # --- [1]
<component>: # --- [2]
serviceAccount: # --- [3]
clusterRole: # --- [4]
- [1]
watchNamespace
: describe the namespace where the Controllers watch updates to Pulsar components. - [2]
<component>
: represent the component to configure, such as the Pulsar broker, Pulsar Proxy, and so on. - [3]
serviceAccount
: provide an identity for processes that run in a Pod. - [4]
clusterRole
: describe whether to grant cluster-scoped permissions to the service account. By default, it is set totrue
.
To deploy Pulsar Operators with cluster-scoped permissions, you can set an empty string to the watchNamespace
option and set the clusterRole
option to true
.
This example shows how to deploy Pulsar Operators with cluster-scoped permissions.
Create a Kubernetes namespace.
kubectl create namespace <kubernetes_namespace>
Install the Pulsar Operators.
Note
The
pulsar-operator
chart provides default values for options that are used to install the Pulsar Operators with cluster-scoped permissions. You can customize the file according to your configuration.helm upgrade pulsar-operators streamnative/pulsar-operator \ --install \ -n <k8s_namespace>
Confirm that all Pulsar Operators are running.
kubectl get pods -n <kubernetes_namespace> NAME READY STATUS RESTARTS AGE bookkeeper-operator-controller-manager-85df68b588-7pblp 2/2 Running 0 4m53s pulsar-operator-controller-manager-5ff697757c-2pnl2 2/2 Running 0 96s zookeeper-operator-controller-manager-7655ff7ff6-8mn2z 2/2 Running 0 13s
Deploy StreamNative Platform Chart
Before deploying StreamNative Platform on OpenShift, you need to install the Vault Operator, configure the Security Context Constraints (SCCs), and disable Pulsar monitoring components (including Prometheus, Grafana, and so on).
Enable OpenShift Security Context Constraints
SCCs allow you to control permissions for the Pulsar Pods. You can either use the default SCC or use an existing SCC.
If you do not have a SCC yet, a SCC is automatically created when you deploy StreamNative Platform using the Helm Chart. You can set the openshift.scc.create
option to true
in your values.yaml
YAML file and then update the resources.
openshift:
enabled: true
scc:
enabled: true # --- [1]
create: true # --- [2]
- [1]
scc.enabled
: enable SCC for StreamNative Platform. - [2]
scc.create
: create a SCC automatically.
Disable monitoring components
OpenShift is shipped with monitoring components. Therefore, you must disable Pulsar monitoring components by using the monitoring.<component>
option.
monitoring:
prometheus: false
grafana: false
node_exporter: false
alert_manager: false
loki: false
datadog: false
Examples
This example shows how to deploy StreamNative Platform on OpenShift with the default SCC and namespace-scoped permissions.
Create a Kubernetes namespace for your Pulsar cluster.
This example shows how to create a Kubernetes namespace
app-sn
for your Pulsar cluster.kubectl create namespace app-sn
Define a YAML file.
This is a sample YAML file. You should customize the file according to your configuration.
openshift: enabled: true scc: enabled: true create: true zookeeper: customTools: serviceAccount: clusterRole: false securityContext: runAsUser: 0 bookkeeper: serviceAccount: clusterRole: false securityContext: runAsUser: 0 broker: serviceAccount: clusterRole: false securityContext: runAsUser: 0 proxy: securityContext: runAsUser: 0 vault: securityContext: runAsUser: 0 streamnative_console: securityContext: runAsUser: 0 serviceAccount: use: true create: true toolset: securityContext: runAsUser: 0 functions: serviceAccount: clusterRole: false prometheus: serviceAccount: clusterRole: false monitoring: prometheus: false grafana: false node_exporter: false alert_manager: false loki: false datadog: false
Apply the YAML file to deploy StreamNative Platform.
helm install -f /path/to/values.yaml <release_name> streamnative/sn-platform --set initialize=true -n app-sn
Cleanup
Remember to destroy any resources you create after are finished with StreamNative Platform and the Pulsar cluster.
helm uninstall <release-name> -n <k8s_namespace>