Use Helm to Create an Aerospike Cluster on Kubernetes

Follow these instructions to use the Operator to deploy the Aerospike cluster using Helm.

Requirements

Before deploying your Aerospike cluster using Helm, you must use Helm to install the Aerospike Kubernetes Operator on your cluster.

note

For Kubernetes 1.23 version or later, Pod Security Admission (PSA) is enabled by default. Make sure the namespace where the Aerospike Cluster is deployed has either baseline or privileged Pod Security Standard level set. The restricted level is not supported by Aerospike. The default Pod Security Standard level in Kubernetes 1.23 is privileged. For more details, see Apply Pod Security Standards

Prepare the namespace

We recommend not using the Aerospike Kubernetes Operator's namespace for your clusters. Instead, use at least one namespace called aerospike for Aerospike clusters.

If this is the first cluster being launched, create and provide access for the Operator to use this namespace.

note

For Kubernetes 1.23 version or later, Pod Security Admission (PSA) is enabled by default. Make sure the namespace where the Aerospike cluster is deployed has either baseline or privileged Pod Security Standard level set. The restricted level is not supported by Aerospike. The default Pod Security Standard level in Kubernetes 1.23 is privileged. For more details, see Apply Pod Security Standards

The procedure to use the namespace aerospike is as follows:

Create the namespace

Create the Kubernetes namespace if not already created:

kubectl create namespace aerospike

Create a service account

kubectl -n aerospike create serviceaccount aerospike-operator-controller-manager

Create RoleBinding/ClusterRoleBinding for Aerospike cluster

Next, create a RoleBinding or ClusterRoleBinding as per requirement to attach this service account to ClusterRole aerospike-cluster. This ClusterRole is created as part of Operator installation and grants Aerospike cluster permission to service account.

• For using Kubernetes native Pod only network to connect to Aerospike cluster create RoleBinding:

kubectl -n aerospike create rolebinding aerospike-cluster --clusterrole=aerospike-cluster --serviceaccount=aerospike:aerospike-operator-controller-manager

• For connecting to Aerospike cluster from outside Kubernetes create ClusterRoleBinding:

kubectl create clusterrolebinding aerospike-cluster --clusterrole=aerospike-cluster --serviceaccount=aerospike:aerospike-operator-controller-manager

tip

For attaching multiple service accounts of different namespaces in one go, add multiple --serviceaccount params in above command

Example: To attach service accounts of aerospike and aerospike1 namespace

kubectl create clusterrolebinding aerospike-cluster --clusterrole=aerospike-cluster --serviceaccount=aerospike:aerospike-operator-controller-manager --serviceaccount=aerospike1:aerospike-operator-controller-manager

If the required ClusterRoleBinding already exists in cluster, edit it to attach new service account:

kubectl edit clusterrolebinding aerospike-cluster

This command launches an editor. Append the following lines to the subjects section:

  # A new entry for aerospike.
  # Replace aerospike with your namespace
- kind: ServiceAccount
  name: aerospike-operator-controller-manager
  namespace: aerospike

Save and ensure that the changes are applied.

Configure Persistent Storage

The Aerospike Operator works with dynamically-provisioned storage classes. Aerospike Server pods may have different storage volumes associated with each service.

Persistent storage on the pods uses these storage class provisioners.

Apply a sample storage class based on your Kubernetes environment:

• EKS: kubectl apply -f eks_ssd_storage_class.yaml
• GCE: kubectl apply -f gce_ssd_storage_class.yaml
• Microk8s: kubectl apply -f microk8s_filesystem_storage_class.yaml

See Storage Provisioning for more details on configuring persistent storage.

Get the Helm Charts

To get the Helm charts, clone the aerospike/aerospike-kubernetes-operator repository.

git clone https://github.com/aerospike/aerospike-kubernetes-operator.git

The charts are in the aerospike-kubernetes-operator/helm-charts folder.

cd aerospike-kubernetes-operator
git checkout 3.0.0

Deploy the Cluster

Deploy in "dev" Mode

"Dev" mode creates a minimal Aerospike Cluster with security disabled. Use this for testing only, not in production.

Create a Secret containing the Aerospike feature key file features.conf.

kubectl create secret generic aerospike-secret --from-file=[path to your features.conf file]

Default Values in "dev" Mode

These values are set as defaults when the cluster is deployed in "dev" mode (devMode=true).

aerospikeConfig:
  service:
    feature-key-file: /etc/aerospike/secrets/features.conf

  security:
    enable-security: false

  network:
    service:
      port: 3000
    fabric:
      port: 3001
    heartbeat:
      port: 3002

  namespaces:
    - name: test
      memory-size: 1073741824 # 1GiB
      replication-factor: 2
      storage-engine:
        type: memory

podSpec:
  multiPodPerHost: true

storage:
  volumes:
  - name: aerospike-config-secret
    source:
      secret:
        secretName: aerospike-secret
    aerospike:
      path: /etc/aerospike/secrets

validationPolicy:
  skipWorkDirValidate: true
  skipXdrDlogFileValidate: true

Install the chart.

helm install aerospike helm-charts/aerospike-cluster --set devMode=true

tip

This command assumes few defaults, and deploys an Aerospike cluster in "dev" mode with no data persistence. We recommend you create a custom YAML file with your required configurations, and apply it with helm install.

Deploy in "production" Mode (devMode=false)

Create Secrets

Create Secrets to set up features like the feature-key file (features.conf), Aerospike authentication, TLS, and the cluster admin password. See the Manage TLS Certificates section for more details.

The example Secrets directory includes a collection of example TLS certificates, security credentials, and more. Download these files into a local folder called secrets, then apply them as a Kubernetes Secret:

kubectl -n aerospike create secret generic aerospike-secret --from-file=secrets

Next, create a Secret containing the password for the Aerospike cluster admin:

kubectl -n aerospike create secret generic auth-secret --from-literal=password='admin123'

This is an example of a custom user-defined values.yaml file not using "dev" mode (installed with devMode=false).

## Aerospike cluster size
replicas: 3

## Aerospike server docker image
image:
  repository: aerospike/aerospike-server-enterprise
  tag: 6.4.0.0

## Aerospike access control configuration
aerospikeAccessControl:
  users:
    - name: admin
      secretName: auth-secret
      roles:
        - sys-admin
        - user-admin

## Aerospike Configuration
aerospikeConfig:
  service:
    feature-key-file: /etc/aerospike/secret/features.conf
  security: {}

  network:
    service:
      port: 3000
    heartbeat:
      port: 3002
    fabric:
      port: 3001

  namespaces:
    - name: test
      memory-size: 3000000000
      replication-factor: 2
      storage-engine:
        type: device
        devices:
          - /test/dev/xvdf
    - name: testMem
      memory-size: 3000000000
      replication-factor: 1
      storage-engine:
        type: memory

## Network policy
aerospikeNetworkPolicy: {}

## Pod spec
podSpec:
   multiPodPerHost: true

## Rack configuration
rackConfig:
  namespaces:
    - test
  racks:
    - id: 1
      # Change to the zone for your k8s cluster.
      zone: us-central1-c
    - id: 2
      # Change to the zone for your k8s cluster.
      zone: us-central1-c

## Storage configuration
storage:
  filesystemVolumePolicy:
    cascadeDelete: true
    initMethod: deleteFiles
  blockVolumePolicy:
    cascadeDelete: true
  volumes:
    - name: workdir
      aerospike:
        path: /opt/aerospike
      source:
        persistentVolume:
          storageClass: ssd
          volumeMode: Filesystem
          size: 1Gi
    - name: ns
      aerospike:
        path: /test/dev/xvdf
      source:
        persistentVolume:
          storageClass: ssd
          volumeMode: Block
          size: 5Gi
    - name: aerospike-config-secret
      source:
        secret:
          secretName: aerospike-secret
      aerospike:
        path: /etc/aerospike/secret

## Validation policy
validationPolicy:
   skipWorkDirValidate: false
   skipXdrDlogFileValidate: false

## seedsFinderServices defines service (e.g. loadbalancer) to connect to Aerospike
seedsFinderServices: {}

## operatorClientCert defines certificates to connect to Aerospike
operatorClientCert: {}

## Dev Mode
devMode: false

Install the chart with custom values.

helm install aerospike helm-charts/aerospike-cluster/ -f [custom YAML file]

Configurations

For more details on these configurations, see the Aerospike Cluster Configuration Settings.

Name	Description	Default
replicas	Aerospike cluster size.	3
image.repository	Aerospike Server container image repository.	aerospike/aerospike-server-enterprise
image.tag	Aerospike Server container image tag.	5.5.0.9
imagePullSecrets	Secrets containing credentials to pull Aerospike container image from a private registry.	{} (nil)
customLabels	Custom labels to add on the Aerospike cluster resource	{} (nil)
aerospikeAccessControl	Aerospike access control configuration. Define users and roles to be created on the cluster.	{} (nil)
aerospikeConfig	Aerospike configuration.	{} (nil)
aerospikeNetworkPolicy	Network policy (client access configuration).	{} (nil)
commonName	Base string for naming pods, services, stateful sets, etc.	Release name truncated to 63 characters (without hyphens)
podSpec	Aerospike pod spec configuration.	{} (nil)
rackConfig	Aerospike rack configuration.	{} (nil)
storage	Aerospike pod storage configuration.	{} (nil)
validationPolicy	Validation policy.	{} (nil)
operatorClientCert	Client certificates to connect to Aerospike.	{} (nil)
seedsFinderServices	Service (e.g. loadbalancer) for Aerospike cluster discovery.	{} (nil)
devMode	Deploy Aerospike cluster in dev mode.	false