Use Helm to Create an Aerospike Cluster on Kubernetes

This page describes how to use AKO to deploy an Aerospike Database Enterprise Edition (EE) cluster using Helm.

Requirements

Before deploying your Aerospike cluster using Helm, you need to install Aerospike Kubernetes Operator (AKO). You can use Helm to install AKO on your Kubernetes cluster.

Create the namespace. Aerospike recommends using at least one namespace called aerospike for Aerospike clusters instead of AKO’s namespace for your clusters. If this is your first cluster to be launched, create and provide access for AKO to use this namespace.

You can use the kubectl or akoctl tools to grant permissions for the aerospike namespace.
- kubectl
- akoctl
1. Create the Kubernetes namespace if not already created.
  kubectl create namespace aerospike
2. Create a service account.
  kubectl -n aerospike create serviceaccount aerospike-operator-controller-manager
3. Create a RoleBinding or ClusterRoleBinding to attach this service account to the aerospike-cluster ClusterRole. This ClusterRole is created as part of AKO installation and grants Aerospike cluster permissions to the service account.
  - For using the Kubernetes native, pod-only network to connect to the Aerospike cluster, create a RoleBinding with the following command:
  kubectl -n aerospike create rolebinding aerospike-cluster --clusterrole=aerospike-cluster --serviceaccount=aerospike:aerospike-operator-controller-manager
  - For connecting to the Aerospike cluster from outside Kubernetes, create a ClusterRoleBinding with the following command:
    
    kubectl create clusterrolebinding aerospike-cluster --clusterrole=aerospike-cluster --serviceaccount=aerospike:aerospike-operator-controller-manager
    
    For attaching multiple service accounts of different namespaces at one time, add multiple --serviceaccount parameters to the previous command.
    Example: To attach service accounts of the aerospike and aerospike1 namespaces:
    kubectl create clusterrolebinding aerospike-cluster --clusterrole=aerospike-cluster --serviceaccount=aerospike:aerospike-operator-controller-manager --serviceaccount=aerospike1:aerospike-operator-controller-manager
4. If the required ClusterRoleBinding already exists in the cluster, edit it to attach a new service account.
  kubectl edit clusterrolebinding aerospike-cluster
5. The kubectl edit command launches an editor. Append the following lines to the subjects section:
  kind: ServiceAccount
  name: aerospike-operator-controller-manager
  namespace: aerospike
6. Save and ensure that the changes are applied.
For instructions on installing the akoctl plugin, see akoctl installation.
- For using the Kubernetes native, pod-only network to connect to the Aerospike cluster, grant namespace scope permissions:
  kubectl akoctl auth create -n aerospike --cluster-scope=false
- For connecting to the Aerospike cluster from outside Kubernetes, grant cluster scope permissions:
  kubectl akoctl auth create -n aerospike
  To grant permissions for multiple namespaces at the same time, specify a comma-separated namespace list with the -n flag.
  kubectl akoctl auth create -n aerospike,aerospike1
Configure persistent storage. AKO uses dynamically-provisioned storage classes that automatically provision storage as needed. Aerospike Database pods may have different storage volumes associated with each service. Persistent storage on the pods uses storage class provisioners that are set up in the storage class file.

Apply one of the following sample storage classes based on your Kubernetes environment:
- Amazon Elastic Kubernetes Service (EKS): kubectl apply -f eks_ssd_storage_class.yaml
- Google Compute Engine (GCE): kubectl apply -f gce_ssd_storage_class.yaml
- Microk8s: kubectl apply -f microk8s_filesystem_storage_class.yaml
See Storage Provisioning for more details on configuring persistent storage.
Add the Helm repository to get the Helm charts.
Terminal window
```
helm repo add aerospike https://aerospike.github.io/aerospike-kubernetes-enterprise
```
If the Helm repository is already added, update the index:
Terminal window
```
helm repo update
```

Deploy the cluster. Choose “dev” or “production” mode for your deployment.

Deploy in “dev” mode

“Dev” mode creates a minimal Aerospike cluster with security disabled. Use this for testing only, not in production.

Create a Secret containing the Aerospike feature-key file features.conf.

kubectl -n aerospike create secret generic aerospike-secret --from-file=-=PATH_TO_DIRECTORY_WITH_FEATURES.CONF

Default values in “dev” mode

These values are set as defaults when the cluster is deployed in “dev” mode (devMode=true).

aerospikeConfig:
  service:
    feature-key-file: /etc/aerospike/secrets/features.conf

  network:
    service:
      port: 3000
    fabric:
      port: 3001
    heartbeat:
      port: 3002

  namespaces:
    - name: test
      replication-factor: 2
      storage-engine:
        type: memory
        data-size: 1073741824

podSpec:
  multiPodPerHost: true

storage:
  volumes:
  - name: aerospike-config-secret
    source:
      secret:
        secretName: aerospike-secret
    aerospike:
      path: /etc/aerospike/secrets

validationPolicy:
  skipWorkDirValidate: true
  skipXdrDlogFileValidate: true

Install the chart.

helm install aerospike aerospike/aerospike-cluster -n aerospike --set devMode=true

Deploy in “production” mode

Create Secrets

Create Secrets to set up features like the feature-key file (features.conf), Aerospike authentication, TLS, and the cluster admin password. See the Manage TLS Certificates section for more details.

The example Secrets directory includes a collection of example TLS certificates, security credentials, and more. Download these files into a local folder called secrets, then apply them as a Kubernetes Secret:

kubectl -n aerospike create secret generic aerospike-secret --from-file=secrets

Next, create a Secret containing the password for the Aerospike cluster admin:

kubectl -n aerospike create secret generic auth-secret --from-literal=password='admin123'

This is an example of a custom user-defined values.yaml file not using “dev” mode (installed with devMode=false).

## Aerospike cluster size
replicas: 3

## Aerospike Database Docker image
image:
  repository: aerospike/aerospike-server-enterprise
  tag: 8.0.0.2

## Aerospike access control configuration
aerospikeAccessControl:
  users:
    - name: admin
      secretName: auth-secret
      roles:
        - sys-admin
        - user-admin

## Aerospike Configuration
aerospikeConfig:
  service:
    feature-key-file: /etc/aerospike/secret/features.conf
  security: {}

  network:
    service:
      port: 3000
    heartbeat:
      port: 3002
    fabric:
      port: 3001

  namespaces:
    - name: test
      replication-factor: 2
      storage-engine:
        type: device
        devices:
          - /test/dev/xvdf
    - name: testMem
      replication-factor: 1
      storage-engine:
        type: memory
        data-size: 1073741824

## Network policy
aerospikeNetworkPolicy: {}

## Pod spec
podSpec:
   multiPodPerHost: true

## Rack configuration
rackConfig:
  namespaces:
    - test
  racks:
    - id: 1
      # Change to the zone for your k8s cluster.
      zone: us-central1-c
    - id: 2
      # Change to the zone for your k8s cluster.
      zone: us-central1-c

## Storage configuration
storage:
  filesystemVolumePolicy:
    cascadeDelete: true
    initMethod: deleteFiles
  blockVolumePolicy:
    cascadeDelete: true
  volumes:
    - name: workdir
      aerospike:
        path: /opt/aerospike
      source:
        persistentVolume:
          storageClass: ssd
          volumeMode: Filesystem
          size: 1Gi
    - name: ns
      aerospike:
        path: /test/dev/xvdf
      source:
        persistentVolume:
          storageClass: ssd
          volumeMode: Block
          size: 5Gi
    - name: aerospike-config-secret
      source:
        secret:
          secretName: aerospike-secret
      aerospike:
        path: /etc/aerospike/secret

## Validation policy
validationPolicy:
   skipWorkDirValidate: false
   skipXdrDlogFileValidate: false

## seedsFinderServices defines service, such as loadbalancer, to connect to Aerospike
seedsFinderServices: {}

## operatorClientCert defines certificates to connect to Aerospike
operatorClientCert: {}

## Dev Mode
devMode: false

Install the chart with custom values.

helm install aerospike aerospike/aerospike-cluster -n aerospike -f PATH_TO_CUSTOM_YAML_FILE

Configurations

For more details on these configurations, see the Aerospike Cluster Configuration Settings.

Name	Description	Default
`replicas`	Aerospike cluster size.	`3`
`image.repository`	Aerospike Database container image repository.	`aerospike/aerospike-server-enterprise`
`image.tag`	Aerospike Database container image tag.	`8.0.0.2`
`imagePullSecrets`	Secrets containing credentials to pull Aerospike container image from a private registry.	`{}` (nil)
`customLabels`	Custom labels to add on the Aerospike cluster resource	`{}` (nil)
`aerospikeAccessControl`	Aerospike access control configuration. Define users and roles to be created on the cluster.	`{}` (nil)
`aerospikeConfig`	Aerospike configuration.	`{}` (nil)
`aerospikeNetworkPolicy`	Network policy (client access configuration).	`{}` (nil)
`commonName`	Base string for naming pods, services, stateful sets, and so forth.	Release name truncated to 63 characters without hyphens
`podSpec`	Aerospike pod spec configuration.	`{}` (nil)
`rackConfig`	Aerospike rack configuration.	`{}` (nil)
`storage`	Aerospike pod storage configuration.	`{}` (nil)
`validationPolicy`	Validation policy.	`{}` (nil)
`operatorClientCert`	Client certificates to connect to Aerospike.	`{}` (nil)
`seedsFinderServices`	Service, such as loadbalancer, for Aerospike cluster discovery.	`{}` (nil)
`devMode`	Deploy Aerospike cluster in dev mode.	`false`