Deploy Rok Components¶

At this point, you have configured everything and you are ready to install Rok. This guide will walk you through deploying Rok. More specifically, you will create the Rok namespaces and then deploy Rok Operator, Rok kmod, external services, and RokCluster CR.

Fast Forward

If you have already deployed the Rok components, expand this box to fast-forward.

Proceed to the Verify section.

Choose one of the following options to deploy Rok:

Option 1: Deploy Rok Components Automatically (preferred).
Option 2: Deploy Rok Components Manually.

Air Gapped

Follow Option 2 and proceed with the manual installation.

Overview

What You'll Need
Option 1: Deploy Rok Components Automatically (preferred)
Option 2: Deploy Rok Components Manually
- Procedure
- Verify
Summary
What's Next

What You'll Need ¶

A configured management environment.
Your clone of the Arrikto GitOps repository.
An existing Kubernetes cluster.
A cloud identity with access to your cloud provider's storage service.
Access to your cloud provider's object storage service for Rok..
Access to Arrikto's private container registry.
A configured Rok user.
Account management for Rok.
A Rok version that supports the kernel of your Kubernetes nodes.

Option 1: Deploy Rok Components Automatically (preferred)¶

Choose one of the following options, based on your cloud provider.

Deploy Rok by following the on-screen instructions on the rok-deploy user interface.

If rok-deploy is not already running, start it with:

root@rok-tools:~# rok-deploy --run-from rok

Proceed to the Summary section.

Rok does not currently support automatic deployment on Azure Cloud. Please follow the instructions in the Option 2: Deploy Rok Components Manually section to deploy Rok manually.

Rok does not currently support automatic deployment on Google Cloud. Please follow the instructions in the Option 2: Deploy Rok Components Manually section to deploy Rok manually.

Option 2: Deploy Rok Components Manually ¶

If you want to deploy Rok manually, follow the instructions below.

Procedure ¶

Air Gapped

Follow the Patch All Images for Your Deployment guide to patch all kustomizations to use the mirrored images from your internal Docker registry.

Go to your GitOps repository, inside your rok-tools management environment:
```
root@rok-tools:~# cd ~/ops/deployments
```

Create the Rok namespaces, rok and rok-system, that will host Rok and its system components:

root@rok-tools:~/ops/deployments# rok-deploy --apply rok/rok-namespaces/overlays/deploy

Deploy the Rok Operator:

root@rok-tools:~/ops/deployments# rok-deploy --apply rok/rok-operator/overlays/deploy

Deploy Rok Disk Manager.
1. Edit the kustomization manifest. Choose one of the following options, based on your cloud provider:
  AWS
  
  Azure
  
  Google Cloud
  Edit rok/rok-disk-manager/overlays/deploy/kustomization.yaml to use the eks overlay as base:
  bases: - ../eks # <-- Edit this line to point to the eks overlay
  Edit rok/rok-disk-manager/overlays/deploy/kustomization.yaml to use the aks overlay as base:
  bases: - ../aks # <-- Edit this line to point to the aks overlay
  Edit rok/rok-disk-manager/overlays/deploy/kustomization.yaml to use the gke overlay as base:
  bases: - ../gke # <-- Edit this line to point to the gke overlay
2. Commit changes:
```
root@rok-tools:~/ops/deployments# git commit -am "Configure Rok Disk Manager"
```
3. Apply the manifests:
```
root@rok-tools:~/ops/deployments# rok-deploy --apply \
>   rok/rok-disk-manager/overlays/deploy
```

Deploy Rok kmod:

root@rok-tools:~/ops/deployments# rok-deploy --apply rok/rok-kmod/overlays/deploy

Deploy Istio CRDs and resources in the istio-system namespace:

root@rok-tools:~/ops/deployments# rok-deploy --apply install/istio

Deploy etcd.
1. Edit the kustomization manifest. Choose one of the following options, based on your cloud provider:
  AWS
  
  Azure
  
  Google Cloud
  Edit rok/rok-external-services/etcd/overlays/deploy/kustomization.yaml to use the eks overlay as base:
  bases: - ../eks # <-- Edit this line to point to the eks overlay
  Edit rok/rok-external-services/etcd/overlays/deploy/kustomization.yaml to use the aks overlay as base:
  bases: - ../aks # <-- Edit this line to point to the aks overlay
  Edit rok/rok-external-services/etcd/overlays/deploy/kustomization.yaml to use the gke overlay as base:
  bases: - ../gke # <-- Edit this line to point to the gke overlay
2. Commit your changes:
```
root@rok-tools:~/ops/deployments# git commit -am "Configure etcd for our cloud provider"
```
3. Apply the manifests:
```
root@rok-tools:~/ops/deployments# rok-deploy --apply \
>   rok/rok-external-services/etcd/overlays/deploy
```
Deploy PostgreSQL.
1. Edit the kustomization manifest. Choose one of the following options, based on your cloud provider:
  AWS
  
  Azure
  
  Google Cloud
  Edit rok/rok-external-services/postgresql/overlays/deploy/kustomization.yaml to set the eks overlay as base:
  bases: - ../eks # <-- Edit this line to point to the eks overlay
  Edit rok/rok-external-services/postgresql/overlays/deploy/kustomization.yaml to set the aks overlay as base:
  bases: - ../aks # <-- Edit this line to point to the aks overlay
  Edit rok/rok-external-services/postgresql/overlays/deploy/kustomization.yaml to set the gke overlay as base:
  bases: - ../gke # <-- Edit this line to point to the gke overlay
2. Commit your changes:
```
root@rok-tools:~/ops/deployments# git commit -am \
>   "Configure PostgreSQL for our cloud provider"
```
3. Apply the manifests:
```
root@rok-tools:~/ops/deployments# rok-deploy --apply \
>   rok/rok-external-services/postgresql/overlays/deploy
```
Deploy Redis.
1. Edit the kustomization manifest. Choose one of the following options, based on your cloud provider:
  AWS
  
  Azure
  
  Google Cloud
  Edit rok/rok-external-services/redis/overlays/deploy/kustomization.yaml to set the eks overlay as base:
  bases: - ../eks # <-- Edit this line to point to the eks overlay
  Edit rok/rok-external-services/redis/overlays/deploy/kustomization.yaml to set the aks overlay as base:
  bases: - ../aks # <-- Edit this line to point to the aks overlay
  Edit rok/rok-external-services/redis/overlays/deploy/kustomization.yaml to set the gke overlay as base:
  bases: - ../gke # <-- Edit this line to point to the gke overlay
2. Commit your changes:
```
root@rok-tools:~/ops/deployments# git commit -am \
>   "Configure Redis for our cloud provider"
```
3. Apply the manifests:
```
root@rok-tools:~/ops/deployments# rok-deploy --apply \
>   rok/rok-external-services/redis/overlays/deploy
```

Deploy S3Proxy (Azure only):

root@rok-tools:~/ops/deployments# rok-deploy --apply \
>   rok/rok-external-services/s3proxy/overlays/deploy

Deploy the kubeflow namespace:

root@rok-tools:~/ops/deployments# rok-deploy --apply \
>   kubeflow/manifests/common/kubeflow-namespace/overlays/deploy

Deploy the Kubeflow Gateway in the kubeflow namespace:

root@rok-tools:~/ops/deployments# rok-deploy --apply \
>   kubeflow/manifests/common/istio-1-9/kubeflow-istio-resources/overlays/deploy

Deploy Dex in the auth namespace:

root@rok-tools:~/ops/deployments# rok-deploy --apply \
>   kubeflow/manifests/common/dex/overlays/deploy

Deploy AuthService in the istio-system namespace:

root@rok-tools:~/ops/deployments# rok-deploy --apply \
>   kubeflow/manifests/common/oidc-authservice/overlays/deploy

Deploy cert-manager resources, needed by the skel resources:

root@rok-tools:~/ops/deployments# rok-deploy --apply \
>   rok/cert-manager/cert-manager/overlays/deploy

Deploy CRDs needed by the skel resources:

root@rok-tools:~/ops/deployments# rok-deploy --apply \
>   kubeflow/manifests/apps/admission-webhook/upstream/overlays/deploy

Deploy the skel resources:

root@rok-tools:~/ops/deployments# rok-deploy --apply \
>   kubeflow/manifests/common/skel-resources/overlays/deploy

Deploy the Reception server in the kubeflow namespace:
```
root@rok-tools:~/ops/deployments# rok-deploy --apply \
>   kubeflow/manifests/apps/reception/overlays/deploy
```
Important

When a user logs in to Arrikto EKF for the first time, the Reception server will create a new Profile for this user. The Profile Controller will then handle this new Profile and create a dedicated namespace for this user.

To disable the automatic Profile creation, and consequently the automatic creation of dedicated user namespaces, follow the Disable Automatic Profile Creation guide.

Deploy the Profile Controller in the kubeflow namespace:

root@rok-tools:~/ops/deployments# rok-deploy --apply \
>   kubeflow/manifests/apps/profiles/upstream/overlays/deploy

Deploy roles necessary for RBAC configuration:

root@rok-tools:~/ops/deployments# rok-deploy --apply \
>   kubeflow/manifests/common/kubeflow-roles/overlays/deploy

Deploy the RokCluster CR:

root@rok-tools:~/ops/deployments# rok-deploy --apply rok/rok-cluster/overlays/deploy

Deploy the Rok Monitoring Stack in the monitoring namespace:
```
root@rok-tools:~/ops/deployments# rok-deploy --apply rok/monitoring/overlays/deploy
```
See also
- Learn more about the Rok Monitoring Stack on the Rok Monitoring user guide.

Verify ¶

Go to your GitOps repository, inside your rok-tools management environment:
```
root@rok-tools:~# cd ~/ops/deployments
```

Restore the required context from previous sections:

root@rok-tools:~/ops/deployments# source <(cat deploy/env.cloudidentity)

root@rok-tools:~/ops/deployments# export ROK_CLUSTER_NAMESPACE

Verify that the Rok Operator, Rok Disk Manager, and Rok kmod pods are up-and-running. Check the pod status and verify field STATUS is Running and field READY is 1/1 for all pods:

root@rok-tools:~/ops/deployments# kubectl -n rok-system get pods
NAME                     READY   STATUS    RESTARTS   AGE
rok-disk-manager-tmwqz   1/1     Running   0          31s
rok-kmod-8g48m           1/1     Running   0          37s
rok-operator-0           1/1     Running   0          59s

Verify that the Dex pod is up-and-running. Check the pod status and verify field STATUS is Running and field READY is 2/2:

root@rok-tools:~/ops/deployments# kubectl -n auth get pods
NAME                   READY   STATUS    RESTARTS   AGE
dex-6bd4d9ff8b-gx6kp   2/2     Running   0          65s

Verify that the Istio and AuthService pods are up-and-running. Check the pod status and verify field STATUS is Running and field READY is 1/1 for all pods:

root@rok-tools:~/ops/deployments# kubectl -n istio-system get pods
NAME                                    READY   STATUS    RESTARTS   AGE
authservice-0                           1/1     Running   0          9m27s
istio-ingressgateway-5f67fb9d94-dl5np   1/1     Running   0          9m42s
istiod-55cdc9bb69-892zk                 1/1     Running   0          9m42s

Verify that the cert-manager pods are up-and-running. Check the pod status and verify field STATUS is Running and field READY is 1/1 for all pods:

root@rok-tools:~/ops/deployments# kubectl -n cert-manager get pods
NAME                                       READY   STATUS    RESTARTS   AGE
cert-manager-6d86476c77-bl9rs              1/1     Running   0          9m
cert-manager-cainjector-5b9cd446fd-n5jpd   1/1     Running   0          9m
cert-manager-webhook-64d967c45-cdfwh       1/1     Running   0          9m

Verify that the skel resources, Reception server, and Profile Controller pods are up-and-running. Check the pod status and verify field STATUS is Running and field READY is N/N for all pods:

root@rok-tools:~/ops/deployments# kubectl -n kubeflow get pods
NAME                                            READY   STATUS    RESTARTS   AGE
admission-webhook-deployment-5d4cf6bbdb-gfrkv   2/2     Running   0          9m
kubeflow-reception-54497df69c-psvvp             2/2     Running   0          9m
profiles-deployment-6777bccfdc-l4l6z            3/3     Running   0          9m

Verify that the rok-init job has completed successfully. Check the job status and verify field COMPLETIONS is 1/1:

root@rok-tools:~/ops/deployments# kubectl -n ${ROK_CLUSTER_NAMESPACE?} get job
NAME       COMPLETIONS   DURATION   AGE
rok-init   1/1           59s        24m

Verify that the etcd, PostgreSQL, Redis, Rok CSI, and Rok pods are up-and-running. Check the pod status and verify field STATUS is Running and field READY is N/N for all Pods:

root@rok-tools:~/ops/deployments# kubectl -n ${ROK_CLUSTER_NAMESPACE?} get pods
NAME                                              READY   STATUS      RESTARTS   AGE
rok-9brt8                                         1/1     Running     0          5m23s
rok-csi-controller-0                              4/4     Running     0          5m21s
rok-csi-guard-ip--172-31-18-161.eu-central-1...   1/1     Running     0          5m21s
rok-csi-node-49ncb                                2/2     Running     0          5m22s
rok-etcd-0                                        1/1     Running     0          7m11s
rok-postgresql-0                                  1/1     Running     0          7m3s
rok-redis-0                                       2/2     Running     0          6m51s

Verify that the Rok Monitoring Stack is up and running:

root@rok-tools:~/ops/deployments# kubectl get pods -n monitoring
NAME                                   READY   STATUS    RESTARTS   AGE
grafana-6d7d7b78f7-6flm7               1/1     Running   0          2m17s
kube-state-metrics-765c7c7f95-chkzn    3/3     Running   0          2m16s
node-exporter-zng26                    2/2     Running   0          2m16s
prometheus-k8s-0                       3/3     Running   1          2m15s
prometheus-operator-5f75d76f9f-fmpp5   1/1     Running   0          8m24s

Ensure that Prometheus has successfully discovered the needed targets so that it can pull metrics periodically:

root@rok-tools:~/ops/deployments# kubectl exec -ti -n monitoring sts/prometheus-k8s \
> -c prometheus -- wget -qO - localhost:9090/metrics | grep 'discovered.*rok-metrics'
prometheus_sd_discovered_targets{config="rok/rok-metrics/0",name="scrape"} 7

root@rok-tools:~/ops/deployments# kubectl exec -ti -n monitoring sts/prometheus-k8s \
> -c prometheus -- wget -qO - localhost:9090/metrics | grep 'discovered.*rok-etcd-metrics'
prometheus_sd_discovered_targets{config="rok/rok-etcd-metrics/0",name="scrape"} 7

root@rok-tools:~/ops/deployments# kubectl exec -ti -n monitoring sts/prometheus-k8s \
> -c prometheus -- wget -qO - localhost:9090/metrics | grep 'discovered.*rok-redis-metrics'
prometheus_sd_discovered_targets{config="rok/rok-redis-metrics/0",name="scrape"} 7

Summary ¶

You have successfully deployed Rok on Kubernetes. You can consume Rok's storage through the rok StorageClass, take instant snapshots of your applications, and restore applications to an earlier state. You can create a time machine for your applications and travel back in time!

What's Next ¶

The next step is to test Rok and verify it works properly.

Test Rok

Deploy Rok Components¶

What You'll Need¶

Option 1: Deploy Rok Components Automatically (preferred)¶

Option 2: Deploy Rok Components Manually¶

Procedure¶

Verify¶

Summary¶

What's Next¶