Server Node Fuzzball Orchestrate Configuration
Now that the K8s Fuzzball Operator is installed
on the Server node, we are ready to use it to
deploy Fuzzball! The first step is to generate a suitable fuzzball.yaml file to configure the new
deployment. Here is an example.
At this time, there are variables that appear in thefuzzball.yamlfile that can only be set to the given value. Do not assume that any variable in the YAML file can be used to configure the Fuzzball Orchestrate CRD.
The following code block describes several commands to set the values of environment variables and one (extremely long) cat command that will use these values to create the appropriate Custom Resource Definition (CRD) file.
# DEPOT_USER="" # populate with your username for CIQ Depot
# ACCESS_KEY="" # populate with the Depot key obtained from the CIQ sales/support team
# IP1="" # populate with the first IP address in your metallb pool (e.g. 10.0.0.99)
# NFS_SERVER_IP="" # populate with the IP address of your NFS server
# REALM_ID=$(uuidgen --random | tr 'A-Z' 'a-z')
# OWNER_EMAIL="admin@ciq.com" # populate with the email of the owner of the Fuzzball organization
# STORAGE_CLASS="longhorn" # change this to local-path if you installed Local Storage Path
# cat > fuzzball.yaml <<EOF
apiVersion: deployment.ciq.com/v1alpha1
kind: FuzzballOrchestrate
metadata:
labels:
app.kubernetes.io/name: fuzzball-orchestrate
app.kubernetes.io/part-of: fuzzball
name: fuzzball-orchestrate
spec:
image:
repository: depot.ciq.com/fuzzball/fuzzball-images
username: ${DEPOT_USER}
password: ${ACCESS_KEY}
exclusive: false
ingress:
create:
domain: "${IP1}.nip.io"
proxy:
type: LoadBalancer
annotations:
metallb.io/allow-shared-ip: ingress-and-fuzzball
metallb.io/loadBalancerIPs: ${IP1}
database:
create:
enableDebugPod: true
storage:
class: ${STORAGE_CLASS}
keycloak:
create:
ingress:
hostname: auth.${IP1}.nip.io
realmName: Fuzzball
realmId: ${REALM_ID}
username: keycloak
ownerEmail: "${OWNER_EMAIL}"
createDatabase: true
tls:
certManager:
create: {} # Empty object = deploy cert-manager with defaults
trustManager:
create: {} # Empty object = deploy trust-manager with defaults
fuzzball:
substrate:
nfs:
destination: "/fuzzball/shared"
server: ${NFS_SERVER_IP}
path: "/srv/fuzzball/shared"
audit:
storage:
class: ${STORAGE_CLASS}
storage: # example of how to specify resources for fuzzball services
resources:
requests:
cpu: 250m
memory: 256Mi
limits:
cpu: 1000m
memory: 1Gi
workflow:
callbackService:
type: LoadBalancer
annotations:
metallb.io/allow-shared-ip: ingress-and-fuzzball
metallb.io/loadBalancerIPs: ${IP1}
autoscaling: # example for auto-scaling workflow service
enabled: true
minReplicas: 1
maxReplicas: 3
targetCPUUtilization: 80
targetMemoryUtilization: 80
substrateBridge:
log:
storage:
class: ${STORAGE_CLASS}
dns:
externalService:
type: NodePort
orchestrator:
provisioner:
enabled: false
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 3
targetCPUUtilization: 80
targetMemoryUtilization: 80
resources:
requests:
cpu: "500m"
memory: "512Mi"
jetstream:
replicas: 3
externalService:
type: NodePort
storage:
class: ${STORAGE_CLASS}
size: 10Gi
EOFBecause of the environment variables you’ve set, this command will automatically populate the field
spec.image.password with a CIQ Depot access key and spec.keycloak.create.realmId with a v4 UUID.
It will also set the domain and hostname with the appropriate IP addresses for your setup. There are
a few more customizations you may want to make before proceeding.
- It is recommended that you update
spec.ingress.create.domainwith a site-specific domain. - Optionally update
spec.keycloak.create.passwordwith a unique password for the Keycloak admin user. - Optionally define
spec.keycloak.create.ingress.hostnamewith a site-specific domain name.
Once you have the fuzzball.yaml file created and customized to your liking, you are ready to use
it to deploy Fuzzball Orchestrate.