Installing Data Catalog on Kubernetes with Helm
Use this installation method if all your data sources are in networks separated by low latencies from the Kubernetes cluster and if you do not have any Hadoop-based data sources (HDFS or Hive). In this installation, all the necessary Data Catalog components are entirely deployed in the Kubernetes cluster.
Before you begin
Before you begin to install Data Catalog on Kubernetes, you must obtain the relevant Helm chart and Docker images.
Contact Hitachi Vantara Lumada Data Catalog support to obtain access to the following artifacts:
Helm chart
ldc-7.0.0.tgz
Docker images
By default, the Hitachi Vantara-owned Docker images are not publicly available. The following Docker images files will be provided by Hitachi Vantara:
- lumada-catalog/app-server:7.0.0
- lumada-catalog/agent:7.0.0
- lumada-catalog/mongodb-migration-tool:7.0.0
- lumada-catalog/spark:3.1.1-hadoop-2.10.1-1.0.0
- lumada-catalog/mongodb:5.0.6-220222.21-master-ee
Installing on Kubernetes
Perform the following tasks to install Data Catalog on Kubernetes with Helm:
- Load Docker images and Helm charts
- Create Kubernetes secrets
- Customize Helm chart values
- Deploy the Helm chart
Load Docker images and Helm charts
Procedure
Log into the registry, and make sure you have the following required software to run the script:
- jq
- docker
- tar
Load the Docker images on each node of your cluster with the following example command:
./ldc-load-images.sh -r myregisty.azurecr.io --images /tmp/ldc-images-7.0.0.tar.gz(Optional) Re-tag the loaded images and push them to your organization's Docker registry for improved manageability.
Create Kubernetes secrets
Perform the following steps create secrets for configuration information in the core-site.xml file and your license files:
Procedure
Use the following example command to create a secret for your configurations:
kubectl create secret generic ldc-custom-core-site --from-file="core-site.xml"NoteThe file must specifically be named core-site.xml.Use the following example command to create secrets for your
ldc-license-public-keystore.p12andlicense-features.yamllicense files:kubectl create secret generic ldc-license --from-file=license-features.yaml --from-file=ldc-license-public-keystore.p12NoteThese files must specifically be namedldc-license-public-keystore.p12andlicense-features.yaml.
Customize Helm chart values
You will need to customize certain values that you provide to the Helm chart. Create a custom-values.yml file with contents similar to the following examples.
Perform the following steps to customize your custom-values.xml Helm deployment file:
Procedure
Create a local copy of the custom-values.xml file with the following example command:
touchcustom-values.yamlCustomize the local version of your XML file similar to one of the following examples:
Minimum required configuration for services exposed via NodePort:
keycloak: service: type: NodePort nodePort: 31111 app-server: service: type: NodePort httpsNodePort: 31112 keycloak: authServerUrl: "http://<k8s node host name>:31111/auth" global: registry: myregisty.azurecr.ioMinimum required configuration for services exposed via the Ingress controller:
keycloak: ingress: enabled: true hosts: - host: keycloak-dev1.hv.com paths: - path: / pathType: Prefix tls: - hosts: - "keycloak-dev1.hv.com" secretName: keycloak-ingress-certs app-server: ingress: enabled: true hosts: - host: app-server-dev1.hv.com paths: - path: / pathType: Prefix tls: - hosts: - "app-server-dev1.hv.com" secretName: app-server-ingress-certs keycloak: authServerUrl: "https://keycloak-dev1.hv.com/auth" global: registry: myregisty.azurecr.io
Apply further customizations as needed based on the charts in Chart parameters.
Deploy the Helm chart
Perform the following steps to deploy the chart and start running Data Catalog:
Procedure
Use the following example command to deploy the chart:
helm install --wait ldc ldc-7.0.0.tgz -f custom-values.ymlUse the following example command to temporarily access Data Catalog for a deployment test:
kubectl port-forward svc/ldc-app-server 8082:8082Open http://localhost:8082 in your local browser to test the deployment.
Next steps
ldc-app-server service using your cluster's Ingress gateway or load balancer, depending on your system.Chart parameters
You can customize your Helm chart for Data Catalog with the following parameters:
Agent
Parameter Type Description Default value agent.appServerGraphQLUrlstring None (leave unspecified) agent.appServerWSUrlstring An empty value means the value will be generated using the template function None (leave unspecified) agent.enabledboolean trueagent.isDefaultboolean trueagent.serviceAccount.createstring true agent.serviceAccount.namestring None (leave unspecified) agent.spark.historyServer.addressstring "http://{{ .Release.Name }}-spark-history-server:18080"agent.spark.historyServer.storageLocationstring "s3a://spark-history/events/"agent.spark.jarUpload.accessKeystring "minioadmin"agent.spark.jarUpload.endpointstring "http://{{ .Release.Name }}-minio-bundled:9000"agent.spark.jarUpload.locationstring "s3a://ldc/cluster_jars"agent.spark.jarUpload.secretKeystring "minioadmin"agent.spark.jarUpload.secretTokenstring None (leave unspecified) agent.spark.k8sMasterEnabledboolean trueagent.spark.secureboolean trueagent.spark.serviceAccountboolean "{{ .Release.Name }}-spark"Application server
Parameter Type Description Default value app-server.configurationOverridesExtraEnv[0].namestring "MINIO_SECRET_KEY"app-server.configurationOverridesExtraEnv[0].valuestring "minioadmin"app-server.configurationOverridesExtraEnv[1].namestring "MINIO_ACCESS_KEY"app-server.configurationOverridesExtraEnv[1].valuestring "minioadmin"app-server.configurationOverridesExtraEnv[2].namestring "MINIO_ENDPOINT"app-server.configurationOverridesExtraEnv[2].valuestring "http://{{ .Release.Name }}-minio-bundled:9000"app-server.configurationOverrides[0].componentstring "__template_agent"app-server.configurationOverrides[0].propertyKeystring "ldc.metadata.hdfs.large_properties.attributes"app-server.configurationOverrides[0].value[0]string "fs.s3a.access.key=${MINIO_ACCESS_KEY}"app-server.configurationOverrides[0].value[1]string "fs.s3a.secret.key=${MINIO_SECRET_KEY}"app-server.configurationOverrides[0].value[2]string "fs.s3a.endpoint=${MINIO_ENDPOINT}"app-server.configurationOverrides[0].value[3]string "fs.s3a.path.style.access=true"app-server.configurationOverrides[0].value[4]string "fs.s3a.threads.max=40"app-server.configurationOverrides[0].value[5]string "fs.s3a.connection.maximum=200"app-server.debugboolean Print debug messages in log falseapp-server.enabledboolean trueapp-server.keycloak.authPassstring Password for role syncing "admin"app-server.keycloak.authServerUrlstring Base URL for you Realm authorization endpoint. Needs to be accessible for client's browser "http://localhost:8080/auth"app-server.keycloak.authUserstring User name for role syncing "admin"app-server.keycloak.callbackUrlstring URL to which Keycloak will redirect the user after granting authentication. By default is it relative, but it could be an absolute URL "/callback"app-server.keycloak.clientIDstring This should match your Application Name, resource or OAuth Client Name. "ldc-client"app-server.keycloak.realmstring Name of your Keycloak realm "ldc-realm"app-server.keycloak.resourcestring This should match your Application Name, resource or OAuth Client Name. "ldc-client"app-server.mongodbURIstring nilMiscellaneous
Parameter Type Description Default value global.registrystring Override registry for Hitachi Vantara-managed images. By default, they are in ldmp-docker.repo.orl.eng.hitachivantara.com nilkeycloak.enabledboolean Whatever to deploy or not dev/demo keycloak instance trueminio-bundledobject Minio helm chart config For reference see MinIO Helm chart minio-bundled.enabledboolean Whatever to deploy or not dev/demo minio instance truemongodb.enabledboolean Whatever to deploy or not dev/demo mongodb instance truespark-history-server.enabledboolean truetekton-hooks.enabledboolean false