The following scenarios for deploying DPOD Cloud Agent on k8s cloud providers are provided as an examples/samples and may change between different cloud providers, k8s versions and k8s cluster custom configuration.

Set variables according to your environment:

Configure Amazon EKS for Cloud Agent Deployment

Configure cluster nodes for registry mirror (containerd)

• Create EC2 Launch Template for the cluster nodes.

• In the Launch Template Advanced details -> User data add the following configuration:
  Change the configuration according to your environment (at least the host attribute).

  MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="//" --// Content-Type: text/x-shellscript; charset="us-ascii" #!/bin/bash mkdir -p /etc/containerd/certs.d/icr.io printf 'server = "https://icr.io"\n[host."https://icr.io/dpod"]\n capabilities = ["pull", "resolve"]\n skip_verify = false\n override_path = true\n' | tee /etc/containerd/certs.d/icr.io/hosts.toml --//--

• Make sure to create the cluster with Node Group that uses the new Launch Template

Configure Google GKE for Cloud Agent Deployment

Configure cluster nodes for registry mirror (containerd)

A DaemonSet can be used to configure the GKE cluster nodes containerd runtime.

K8s DaemonSet ensures that all (or some) Nodes run a copy of a Pod, this Pod can execute logic which in this case can be used to configure the registry mirror as described here.

For further information about K8S DaemonSet can be found in K8s documentation.

A generic example of “startup-script” DeamonSet can be found here.

Deploy DPOD Cloud Agent on k8s cluster using OLM

Starting k8s 1.25 Pod Security Admission became stable feature and adopted by most of the cloud providers which requires some configurations in order to deploy OLM and use it to deploy operators and applications. For further information see K8s documentation.

• Change the DPOD Cloud Agent NS labels to conform with Pod Security Admission

  apiVersion: v1 kind: Namespace metadata: labels: kubernetes.io/metadata.name: example-dpod-cloudagent-ns pod-security.kubernetes.io/enforce: restricted pod-security.kubernetes.io/enforce-version: latest pod-security.kubernetes.io/audit: restricted pod-security.kubernetes.io/audit-version: latest pod-security.kubernetes.io/warn: restricted pod-security.kubernetes.io/warn-version: latest name: example-dpod-cloudagent-ns

• Create the DPOD Cloud Agent CatalogSource in OLM NS

  • Based on OLM documentation in order to create subscription the CatalogSource should be created in the target NS (where the subscription for DPOD Cloud Agent is created) or in OLM NS (ClusterScope).

  • Use the following definition to create CatalogSource which conform with Pod Security Admission configured for the OLM NS:

• Create OperatorGroup for the new namespace for ClusterScope

• Install the DPOD Cloud Agent operator

• Create CR to deploy the DPOD Cloud Agent

Create LoadBalancer services for DPOD Cloud Agent on Amazon EKS

Deploy Manager LB service

Deploy LoadBalancer service based on the number of messaging brokers replicas.

• Deploy Messaging bootstrap LB service

• Deploy broker-0 LB service

• Deploy broker-1 LB service

• Deploy broker-2 LB service

Create LoadBalancer services for DPOD Cloud Agent on Google GKE

Deploy Manager LB service

Deploy LoadBalancer service based on the number of messaging brokers replicas.

• Deploy messaging bootstrap LB service

• Deploy broker-0 LB service

• Deploy broker-1 LB service

• Deploy broker-2 LB service

Update the DNS records

• Get the LB external address

•