/
Cloud Agent Deployment on K8S Cloud Providers Examples

IBM DataPower Operations Dashboard v1.0.22.x

Cloud Agent Deployment on K8S Cloud Providers Examples

Owned by Shachar Greenberg
Last updated: Oct 21, 2024 by Amit Munwes
4 min read

The following scenarios of deploying the DPOD Cloud Agent on k8s cloud providers are provided only as examples.
The details may change between different cloud providers, k8s versions and k8s cluster custom configuration.
You are expected to modify and adjust the commands according to your specific case.

The following variable is used across this document:

DPOD_CLOUD_AGENT_OPERATOR_VERSION="1.2.0"

Deploy DPOD Cloud Agent on k8s cluster using OLM

  • Starting k8s 1.25, Pod Security Admission became a stable feature and adopted by most of the cloud providers, which require some configurations in order to deploy OLM and use it to deploy operators and applications. For further information see K8s documentation.

  • Change the DPOD Cloud Agent NS labels to conform with the Pod Security Admission:

    apiVersion: v1 kind: Namespace metadata: labels: kubernetes.io/metadata.name: example-dpod-cloudagent-ns pod-security.kubernetes.io/enforce: restricted pod-security.kubernetes.io/enforce-version: latest pod-security.kubernetes.io/audit: restricted pod-security.kubernetes.io/audit-version: latest pod-security.kubernetes.io/warn: restricted pod-security.kubernetes.io/warn-version: latest name: example-dpod-cloudagent-ns

  • Create the DPOD Cloud Agent CatalogSource in OLM namespace.

    • Based on OLM documentation, in order to create a subscription, the CatalogSource should be created in the target NS (where the subscription for DPOD Cloud Agent is created) or in OLM NS (for ClusterScope).

    • Use the following definition to create a CatalogSource which conform with the Pod Security Admission configured for the OLM NS:

      apiVersion: operators.coreos.com/v1alpha1 kind: CatalogSource metadata: name: ibm-dpod-cloud-agent-catalog namespace: olm spec: displayName: IBM DataPower Operations Dashboard Cloud Agent image: icr.io/cpopen/dpod-cloud-agent-operator-catalog:${DPOD_CLOUD_AGENT_OPERATOR_VERSION}-amd64 publisher: IBM sourceType: grpc grpcPodConfig: securityContextConfig: restricted

  • Create an OperatorGroup for the new namespace for ClusterScope:

  • Install the DPOD Cloud Agent operator:

  • Create a CR to deploy the DPOD Cloud Agent.

Create LoadBalancer Services for DPOD Cloud Agent on Amazon EKS

(Assuming 3 Messaging broker replicas)

  • Deploy the Manager LB service:

  • Deploy the Messaging bootstrap LB service:

  • Deploy the broker-0 LB service:

  • Deploy the broker-1 LB service:

  • Deploy the broker-2 LB service:

Create LoadBalancer Services for DPOD Cloud Agent on Google GKE

(Assuming 3 Messaging broker replicas)

  • Deploy the Manager LB service:

  • Deploy the Messaging bootstrap LB service:

  • Deploy the broker-0 LB service:

  • Deploy the broker-1 LB service:

  • Deploy the broker-2 LB service:

Update the DNS Records

Get the LB external address:

 

Copyright © 2015 MonTier Software (2015) Ltd.