Helm Cluster Configuration

    +

    This guide outlines the design and usage of the helm chart for deploying a couchbase cluster. This chart is especially helpful for rolling out development clusters and generating TLS certificates and keys. Howerver, configurations requiring server groups and persistent volumes are better expressed and managed directly using a cluster spec. Refer to the couchbase operator documentation regarding deploying couchbase directly from kubectl.

    The cluster chart requires the custom resource definition (CRD) to be installed so that Kubernetes knows about the CouchbaseCluster type. By default the Operator will install the CRD for you. But if you’ve disabled this function, then you’ll either need to enable the createCRD flag in this chart, or install the CRD manually.

    To install the cluster chart run the following commands:

    helm repo add couchbase https://couchbase-partners.github.io/helm-charts/
    helm install couchbase/couchbase-cluster

    The following outlines all of the values exposed by this chart to assist with customizing your deployment.

    Cluster Configuration

    The helm chart supports creating and managing a single couchbase cluster by exposing the following default values.

    createCRD: false
    couchbaseCluster:
      create: true
      name: ""
      username: "Administrator"
      password: "password"
      authSecretOverride: ""
      baseImage: "couchbase/server"
      version: "enterprise-6.0.1"
      exposeAdminConsole: true
      adminConsoleServices:
        - data
      exposedFeatures:
        - xdcr
      adminConsoleServiceType: NodePort
      exposedFeatureServiceType: NodePort
      dns:
        domain:
      platform:
      cluster:
        dataServiceMemoryQuota: 256
        indexServiceMemoryQuota: 256
        searchServiceMemoryQuota: 256
        eventingServiceMemoryQuota: 256
        analyticsServiceMemoryQuota: 1024
        indexStorageSetting: memory_optimized
        autoFailoverTimeout: 120
        autoFailoverMaxCount: 3
        autoFailoverOnDataDiskIssues: true
        autoFailoverOnDataDiskIssuesTimePeriod: 120
        autoFailoverServerGroup: false
        logRetentionTime: 604800s
        logRetentionCount: 20
      buckets:
        default:
          name: default
          type: couchbase
          memoryQuota: 128
          replicas: 1
          ioPriority: high
          evictionPolicy: fullEviction
          conflictResolution: seqno
          enableFlush: true
          enableIndexReplica: false
      servers:
        all_services:
          size: 3
          services:
            - data
            - index
            - query
            - search
            - eventing
            - analytics
          serverGroups: []
          pod: {}
      securityContext: {}
      volumeClaimTemplates: []

    createCRD

    Option to create the CRD defining the CouchbaseCluster type.

    Value rules: The createCRD value defaults to false which excludes installation of the CRD resource. Therefore, when false, the CRD should be installed using the Operator chart, or be installed manually. When set to true the resource is installed.

    name

    The name of the cluster to create.

    Value rules: The couchbaseCluster.name value defaults to the name of the chart if not specified. Must be unique from any other clusters in the namespace.

    username

    The username to use as the cluster admin.

    This should only be used for experimental and test clusters. Consider using authSecretOverride to provide a secret containing your own username and password.

    Value rules: The couchbaseCluster.username value is a string set to Administrator by default.

    password

    The password to use as the cluster admin.

    This should only be used for experimental and test clusters. Consider using authSecretOverride to provide a secret containing your own username and password.

    Value rules: The couchbaseCluster.password value is a string set to Administrator by default.

    authSecretOverride

    The secret to use for overriding the auto-generated secret. When specified the username and password from the secret are used for Administrator login.

    Value rules: The couchbaseCluster.authSecretOverride value is the name of a kubernetes secret and is not set by default. Refer to the couchbase operator documentation for more information about creating auth secrets .

    additional values

    All of the remaining values which can be overridden in this spec are desccribed here in the Couchbase Cluster Config documentation.

    Persistent Volumes

    The best way to create a cluster with persistent volumes is to make a custom value file. The following example shows how volumeMounts can be added to created a persisted cluster.

    Create a file named values-persistent.yaml with the following values:

    couchbaseCluster:
      servers:
        all_services:
          pod:
            volumeMounts:
              default: couchbase
              data:  couchbase
      securityContext:
          fsGroup: 1000
      volumeClaimTemplates:
        - metadata:
            name: couchbase
          spec:
            storageClassName: "default"
            resources:
              requests:
                storage: 1Gi

    Install the cluster chart using the custom value file:

    helm install -f values-persistent.yaml couchbase/couchbase-cluster

    Couchbase TLS

    Certificates can be auto-generated or overridden by user supplied certs. Also since couchbase certs are represented as plain kubernetes secrets, the secret itself can be overridden.

    couchbaseTLS:
      create: false
      expiration: 365
      operatorSecret:
        name:
        cacert:
        cakey:
      clusterSecret:
        name:
        cert:
        key:

    create

    This value determines whether the chart should create the cluster with TLS.

    Value rules: The couchbaseTLS.create is a boolean which defaults to false. When set to true all of the certs and keys required for tls will be auto-generated unless manually specified. When value is false certs are not generated, but manual Secrets can be provided by overriding both operatorSecret.name and clusterSecret.name.

    expiration

    Expiration of CA in days

    Value rules: The couchbaseTLS.expiration defaults to 365 days.

    operatorSecret.name

    Name of secret with top-level CA of cluster nodes.

    Value rules: The couchbaseTLS.operatorSecret.name value is auto-generated along with its data when couchbaseTLS.create is true. When overriding, this value must refer to a native kubernetes Secret which contains a Base64 encoded caCert.

    operatorSecret.cert

    PEM format CA certificate

    Value rules: The couchbaseTLS.operatorSecret.cert value defaults to an auto-generated CA cert used as the top-level CA. When overriding, couchbaseTLS.operatorSecret.key must also be provided.

    operatorSecret.key

    PEM format CA private key

    Value rules: The couchbaseTLS.operatorSecret.key value defaults to an auto-generated CA private key of the CA. When overriding, couchbaseTLS.operatorSecret.cert must also be provided.

    clusterSecret.name

    Name of secret with certs and private key for use by couchbase members.

    Value rules: The couchbaseTLS.operatorSecret.name value is auto-generated along with its data when couchbaseTLS.create is true. When overriding, this value must refer to a native kubernetes Secret which contains a Base64 encoded cert and key.

    clusterSecret.cert

    PEM format certificate for cluster nodes

    Value rules: The couchbaseTLS.clusterSecret.cert value defaults to an auto-generated client cert. When overriding, you must also provide the couchbaseTLS.operatorSecret.cert and couchbaseTLS.operatorSecret.key used to generates this client cert.

    clusterSecret.key

    PEM format private key for operator

    Value rules: The couchbaseTLS.clusterSecret.key value defaults to an auto-generated private key. When overriding, you must also provide the couchbaseTLS.operatorSecret.cert and couchbaseTLS.operatorSecret.key used to generate this private key.

    Custom TLS

    Create cluster with auto-generated tls certs

    	helm install --set couchbaseTLS.create=true \
                   helm/couchbase-cluster

    Use manually created secrets

    helm install  --set couchbaseTLS.create=false \
                  --set couchbaseTLS.clusterSecret.name= ”my-secret” \
                  helm/couchbase-cluster

    Create a value file named values-tls.yaml referencing manually created certs:

    couchbaseTLS:
      clusterSecret:
        cert: /home/ubuntu/easy-rsa/easyrsa3/pki/ca.crt
        key: /home/ubuntu/easy-rsa/easyrsa3/pki/ca.key
      operatorSecret:
        tlsCert: /home/ubuntu/easy-rsa/easyrsa3/pki/issued/couchbase-operator.crt
        tlsKey: /home/ubuntu/easy-rsa/easyrsa3/pki/private/couchbase-operator.key
    helm install  -f values-tls.yaml couchbase/couchbase-cluster