Deploy Rok Components¶
At this point, you have configured everything and you are ready to install Rok. This guide will walk you through deploying Rok. More specifically, you will create the Rok namespaces and then deploy Rok Operator, Rok kmod, external services, and RokCluster CR.
Fast Forward
If you have already deployed the Rok components, expand this box to fast-forward.
- Proceed to the Verify section.
Choose one of the following options to deploy Rok:
- Option 1: Deploy Rok Components Automatically (preferred).
- Option 2: Deploy Rok Components Manually.
Air Gapped
Follow Option 2 and proceed with the manual installation.
Overview
What You'll Need¶
- A configured management environment.
- Your clone of the Arrikto GitOps repository.
- An existing Kubernetes cluster.
- A cloud identity with access to your cloud provider's storage service.
- Access to your cloud provider's object storage service for Rok..
- Access to Arrikto's private container registry.
- A configured Rok user.
- Account management for Rok.
- A Rok version that supports the kernel of your Kubernetes nodes.
Option 1: Deploy Rok Components Automatically (preferred)¶
Choose one of the following options, based on your cloud provider.
Deploy Rok by following the on-screen instructions on the rok-deploy
user interface.
If rok-deploy
is not already running, start it with:
root@rok-tools:~# rok-deploy --run-from rok
Proceed to the Summary section.
Option 2: Deploy Rok Components Manually¶
If you want to deploy Rok manually, follow the instructions below.
Procedure¶
Air Gapped
Follow the Patch All Images for Your Deployment guide to patch all kustomizations to use the mirrored images from your internal Docker registry.
Go to your GitOps repository, inside your
rok-tools
management environment:root@rok-tools:~# cd ~/ops/deployments
Create the Rok namespaces,
rok
androk-system
, that will host Rok and its system components:root@rok-tools:~/ops/deployments# rok-deploy --apply rok/rok-namespaces/overlays/deploy
Deploy the Rok Operator:
root@rok-tools:~/ops/deployments# rok-deploy --apply rok/rok-operator/overlays/deploy
Deploy Rok Disk Manager.
Edit the kustomization manifest. Choose one of the following options, based on your cloud provider:
Edit
rok/rok-disk-manager/overlays/deploy/kustomization.yaml
to use theeks
overlay as base:bases: - ../eks # <-- Edit this line to point to the eks overlay
Edit
rok/rok-disk-manager/overlays/deploy/kustomization.yaml
to use theaks
overlay as base:bases: - ../aks # <-- Edit this line to point to the aks overlay
Edit
rok/rok-disk-manager/overlays/deploy/kustomization.yaml
to use thegke
overlay as base:bases: - ../gke # <-- Edit this line to point to the gke overlay
Commit changes:
root@rok-tools:~/ops/deployments# git commit -am "Configure Rok Disk Manager"
Apply the manifests:
root@rok-tools:~/ops/deployments# rok-deploy --apply \ > rok/rok-disk-manager/overlays/deploy
Deploy Rok kmod:
root@rok-tools:~/ops/deployments# rok-deploy --apply rok/rok-kmod/overlays/deploy
Deploy Istio CRDs and resources in the
istio-system
namespace:root@rok-tools:~/ops/deployments# rok-deploy --apply install/istio
Deploy etcd.
Edit the kustomization manifest. Choose one of the following options, based on your cloud provider:
Edit
rok/rok-external-services/etcd/overlays/deploy/kustomization.yaml
to use theeks
overlay as base:bases: - ../eks # <-- Edit this line to point to the eks overlay
Edit
rok/rok-external-services/etcd/overlays/deploy/kustomization.yaml
to use theaks
overlay as base:bases: - ../aks # <-- Edit this line to point to the aks overlay
Edit
rok/rok-external-services/etcd/overlays/deploy/kustomization.yaml
to use thegke
overlay as base:bases: - ../gke # <-- Edit this line to point to the gke overlay
Commit your changes:
root@rok-tools:~/ops/deployments# git commit -am "Configure etcd for our cloud provider"
Apply the manifests:
root@rok-tools:~/ops/deployments# rok-deploy --apply \ > rok/rok-external-services/etcd/overlays/deploy
Deploy PostgreSQL.
Edit the kustomization manifest. Choose one of the following options, based on your cloud provider:
Edit
rok/rok-external-services/postgresql/overlays/deploy/kustomization.yaml
to set theeks
overlay as base:bases: - ../eks # <-- Edit this line to point to the eks overlay
Edit
rok/rok-external-services/postgresql/overlays/deploy/kustomization.yaml
to set theaks
overlay as base:bases: - ../aks # <-- Edit this line to point to the aks overlay
Edit
rok/rok-external-services/postgresql/overlays/deploy/kustomization.yaml
to set thegke
overlay as base:bases: - ../gke # <-- Edit this line to point to the gke overlay
Commit your changes:
root@rok-tools:~/ops/deployments# git commit -am \ > "Configure PostgreSQL for our cloud provider"
Apply the manifests:
root@rok-tools:~/ops/deployments# rok-deploy --apply \ > rok/rok-external-services/postgresql/overlays/deploy
Deploy Redis.
Edit the kustomization manifest. Choose one of the following options, based on your cloud provider:
Edit
rok/rok-external-services/redis/overlays/deploy/kustomization.yaml
to set theeks
overlay as base:bases: - ../eks # <-- Edit this line to point to the eks overlay
Edit
rok/rok-external-services/redis/overlays/deploy/kustomization.yaml
to set theaks
overlay as base:bases: - ../aks # <-- Edit this line to point to the aks overlay
Edit
rok/rok-external-services/redis/overlays/deploy/kustomization.yaml
to set thegke
overlay as base:bases: - ../gke # <-- Edit this line to point to the gke overlay
Commit your changes:
root@rok-tools:~/ops/deployments# git commit -am \ > "Configure Redis for our cloud provider"
Apply the manifests:
root@rok-tools:~/ops/deployments# rok-deploy --apply \ > rok/rok-external-services/redis/overlays/deploy
Deploy S3Proxy (Azure only):
root@rok-tools:~/ops/deployments# rok-deploy --apply \ > rok/rok-external-services/s3proxy/overlays/deploy
Deploy the
kubeflow
namespace:root@rok-tools:~/ops/deployments# rok-deploy --apply \ > kubeflow/manifests/common/kubeflow-namespace/overlays/deploy
Deploy the Kubeflow Gateway in the
kubeflow
namespace:root@rok-tools:~/ops/deployments# rok-deploy --apply \ > kubeflow/manifests/common/istio-1-9/kubeflow-istio-resources/overlays/deploy
Deploy Dex in the
auth
namespace:root@rok-tools:~/ops/deployments# rok-deploy --apply \ > kubeflow/manifests/common/dex/overlays/deploy
Deploy AuthService in the
istio-system
namespace:root@rok-tools:~/ops/deployments# rok-deploy --apply \ > kubeflow/manifests/common/oidc-authservice/overlays/deploy
Deploy cert-manager resources, needed by the skel resources:
root@rok-tools:~/ops/deployments# rok-deploy --apply \ > rok/cert-manager/cert-manager/overlays/deploy
Deploy CRDs needed by the skel resources:
root@rok-tools:~/ops/deployments# rok-deploy --apply \ > kubeflow/manifests/apps/admission-webhook/upstream/overlays/deploy
Deploy the skel resources:
root@rok-tools:~/ops/deployments# rok-deploy --apply \ > kubeflow/manifests/common/skel-resources/overlays/deploy
Deploy the Reception server in the
kubeflow
namespace:root@rok-tools:~/ops/deployments# rok-deploy --apply \ > kubeflow/manifests/apps/reception/overlays/deploy
Important
When a user logs in to Arrikto EKF for the first time, the Reception server will create a new Profile for this user. The Profile Controller will then handle this new Profile and create a dedicated namespace for this user.
To disable the automatic Profile creation, and consequently the automatic creation of dedicated user namespaces, follow the Disable Automatic Profile Creation guide.
Deploy the Profile Controller in the
kubeflow
namespace:root@rok-tools:~/ops/deployments# rok-deploy --apply \ > kubeflow/manifests/apps/profiles/upstream/overlays/deploy
Deploy roles necessary for RBAC configuration:
root@rok-tools:~/ops/deployments# rok-deploy --apply \ > kubeflow/manifests/common/kubeflow-roles/overlays/deploy
Deploy the RokCluster CR:
root@rok-tools:~/ops/deployments# rok-deploy --apply rok/rok-cluster/overlays/deploy
Deploy the Rok Monitoring Stack in the
monitoring
namespace:root@rok-tools:~/ops/deployments# rok-deploy --apply rok/monitoring/overlays/deploy
See also
- Learn more about the Rok Monitoring Stack on the Rok Monitoring user guide.
Verify¶
Go to your GitOps repository, inside your
rok-tools
management environment:root@rok-tools:~# cd ~/ops/deployments
Restore the required context from previous sections:
root@rok-tools:~/ops/deployments# source <(cat deploy/env.cloudidentity)
root@rok-tools:~/ops/deployments# export ROK_CLUSTER_NAMESPACE
Verify that the Rok Operator, Rok Disk Manager, and Rok kmod pods are up-and-running. Check the pod status and verify field STATUS is Running and field READY is 1/1 for all pods:
root@rok-tools:~/ops/deployments# kubectl -n rok-system get pods NAME READY STATUS RESTARTS AGE rok-disk-manager-tmwqz 1/1 Running 0 31s rok-kmod-8g48m 1/1 Running 0 37s rok-operator-0 1/1 Running 0 59s
Verify that the Dex pod is up-and-running. Check the pod status and verify field STATUS is Running and field READY is 2/2:
root@rok-tools:~/ops/deployments# kubectl -n auth get pods NAME READY STATUS RESTARTS AGE dex-6bd4d9ff8b-gx6kp 2/2 Running 0 65s
Verify that the Istio and AuthService pods are up-and-running. Check the pod status and verify field STATUS is Running and field READY is 1/1 for all pods:
root@rok-tools:~/ops/deployments# kubectl -n istio-system get pods NAME READY STATUS RESTARTS AGE authservice-0 1/1 Running 0 9m27s istio-ingressgateway-5f67fb9d94-dl5np 1/1 Running 0 9m42s istiod-55cdc9bb69-892zk 1/1 Running 0 9m42s
Verify that the cert-manager pods are up-and-running. Check the pod status and verify field STATUS is Running and field READY is 1/1 for all pods:
root@rok-tools:~/ops/deployments# kubectl -n cert-manager get pods NAME READY STATUS RESTARTS AGE cert-manager-6d86476c77-bl9rs 1/1 Running 0 9m cert-manager-cainjector-5b9cd446fd-n5jpd 1/1 Running 0 9m cert-manager-webhook-64d967c45-cdfwh 1/1 Running 0 9m
Verify that the skel resources, Reception server, and Profile Controller pods are up-and-running. Check the pod status and verify field STATUS is Running and field READY is N/N for all pods:
root@rok-tools:~/ops/deployments# kubectl -n kubeflow get pods NAME READY STATUS RESTARTS AGE admission-webhook-deployment-5d4cf6bbdb-gfrkv 2/2 Running 0 9m kubeflow-reception-54497df69c-psvvp 2/2 Running 0 9m profiles-deployment-6777bccfdc-l4l6z 3/3 Running 0 9m
Verify that the
rok-init
job has completed successfully. Check the job status and verify field COMPLETIONS is 1/1:root@rok-tools:~/ops/deployments# kubectl -n ${ROK_CLUSTER_NAMESPACE?} get job NAME COMPLETIONS DURATION AGE rok-init 1/1 59s 24m
Verify that the etcd, PostgreSQL, Redis, Rok CSI, and Rok pods are up-and-running. Check the pod status and verify field STATUS is Running and field READY is N/N for all Pods:
root@rok-tools:~/ops/deployments# kubectl -n ${ROK_CLUSTER_NAMESPACE?} get pods NAME READY STATUS RESTARTS AGE rok-9brt8 1/1 Running 0 5m23s rok-csi-controller-0 4/4 Running 0 5m21s rok-csi-guard-ip--172-31-18-161.eu-central-1... 1/1 Running 0 5m21s rok-csi-node-49ncb 2/2 Running 0 5m22s rok-etcd-0 1/1 Running 0 7m11s rok-postgresql-0 1/1 Running 0 7m3s rok-redis-0 2/2 Running 0 6m51s
Verify that the Rok Monitoring Stack is up and running:
root@rok-tools:~/ops/deployments# kubectl get pods -n monitoring NAME READY STATUS RESTARTS AGE grafana-6d7d7b78f7-6flm7 1/1 Running 0 2m17s kube-state-metrics-765c7c7f95-chkzn 3/3 Running 0 2m16s node-exporter-zng26 2/2 Running 0 2m16s prometheus-k8s-0 3/3 Running 1 2m15s prometheus-operator-5f75d76f9f-fmpp5 1/1 Running 0 8m24s
Ensure that Prometheus has successfully discovered the needed targets so that it can pull metrics periodically:
root@rok-tools:~/ops/deployments# kubectl exec -ti -n monitoring sts/prometheus-k8s \ > -c prometheus -- wget -qO - localhost:9090/metrics | grep 'discovered.*rok-metrics' prometheus_sd_discovered_targets{config="rok/rok-metrics/0",name="scrape"} 7
root@rok-tools:~/ops/deployments# kubectl exec -ti -n monitoring sts/prometheus-k8s \ > -c prometheus -- wget -qO - localhost:9090/metrics | grep 'discovered.*rok-etcd-metrics' prometheus_sd_discovered_targets{config="rok/rok-etcd-metrics/0",name="scrape"} 7
root@rok-tools:~/ops/deployments# kubectl exec -ti -n monitoring sts/prometheus-k8s \ > -c prometheus -- wget -qO - localhost:9090/metrics | grep 'discovered.*rok-redis-metrics' prometheus_sd_discovered_targets{config="rok/rok-redis-metrics/0",name="scrape"} 7