Helm Cluster Configuration
This guide outlines the design and usage of the helm chart for deploying a couchbase cluster. This chart is especially helpful for rolling out development clusters and generating TLS certificates and keys. Howerver, configurations requiring server groups and persistent volumes are better expressed and managed directly using a cluster spec. Refer to the couchbase operator documentation regarding deploying couchbase directly from kubectl.
The cluster chart requires the custom resource definition (CRD) to be installed so that Kubernetes knows about the CouchbaseCluster type.
By default the Operator will install the CRD for you. But if you’ve disabled this function, then you’ll either need to enable the |
To install the cluster chart run the following commands:
helm repo add couchbase https://couchbase-partners.github.io/helm-charts/
helm install couchbase/couchbase-cluster
The following outlines all of the values exposed by this chart to assist with customizing your deployment.
Cluster Configuration
The helm chart supports creating and managing a single couchbase cluster by exposing the following default values.
createCRD: false
couchbaseCluster:
create: true
name: ""
username: "Administrator"
password: "password"
authSecretOverride: ""
baseImage: "couchbase/server"
version: "enterprise-6.0.1"
exposeAdminConsole: true
adminConsoleServices:
- data
exposedFeatures:
- xdcr
adminConsoleServiceType: NodePort
exposedFeatureServiceType: NodePort
dns:
domain:
platform:
cluster:
dataServiceMemoryQuota: 256
indexServiceMemoryQuota: 256
searchServiceMemoryQuota: 256
eventingServiceMemoryQuota: 256
analyticsServiceMemoryQuota: 1024
indexStorageSetting: memory_optimized
autoFailoverTimeout: 120
autoFailoverMaxCount: 3
autoFailoverOnDataDiskIssues: true
autoFailoverOnDataDiskIssuesTimePeriod: 120
autoFailoverServerGroup: false
logRetentionTime: 604800s
logRetentionCount: 20
buckets:
default:
name: default
type: couchbase
memoryQuota: 128
replicas: 1
ioPriority: high
evictionPolicy: fullEviction
conflictResolution: seqno
enableFlush: true
enableIndexReplica: false
servers:
all_services:
size: 3
services:
- data
- index
- query
- search
- eventing
- analytics
serverGroups: []
pod: {}
securityContext: {}
volumeClaimTemplates: []
createCRD
Option to create the CRD defining the CouchbaseCluster type.
Value rules: The createCRD
value defaults to false
which excludes installation of the CRD resource.
Therefore, when false
, the CRD should be installed using the Operator chart, or be installed manually.
When set to true
the resource is installed.
name
The name of the cluster to create.
Value rules: The couchbaseCluster.name
value defaults to the name of the chart if not specified.
Must be unique from any other clusters in the namespace.
username
The username to use as the cluster admin.
This should only be used for experimental and test clusters.
Consider using authSecretOverride to provide a secret containing your own username and password.
|
Value rules: The couchbaseCluster.username
value is a string set to Administrator
by default.
password
The password to use as the cluster admin.
This should only be used for experimental and test clusters.
Consider using authSecretOverride to provide a secret containing your own username and password.
|
Value rules: The couchbaseCluster.password
value is a string set to Administrator
by default.
authSecretOverride
The secret to use for overriding the auto-generated secret. When specified the username and password from the secret are used for Administrator login.
Value rules: The couchbaseCluster.authSecretOverride
value is the name of a kubernetes secret and is not set by default.
Refer to the couchbase operator documentation for more information about creating auth secrets .
additional values
All of the remaining values which can be overridden in this spec are desccribed here in the Couchbase Cluster Config documentation.
Persistent Volumes
The best way to create a cluster with persistent volumes is to make a custom value file. The following example shows how volumeMounts can be added to created a persisted cluster.
Create a file named values-persistent.yaml
with the following values:
couchbaseCluster:
servers:
all_services:
pod:
volumeMounts:
default: couchbase
data: couchbase
securityContext:
fsGroup: 1000
volumeClaimTemplates:
- metadata:
name: couchbase
spec:
storageClassName: "default"
resources:
requests:
storage: 1Gi
Install the cluster chart using the custom value file:
helm install -f values-persistent.yaml couchbase/couchbase-cluster
Couchbase TLS
Certificates can be auto-generated or overridden by user supplied certs. Also since couchbase certs are represented as plain kubernetes secrets, the secret itself can be overridden.
couchbaseTLS:
create: false
expiration: 365
operatorSecret:
name:
cacert:
cakey:
clusterSecret:
name:
cert:
key:
create
This value determines whether the chart should create the cluster with TLS.
Value rules: The couchbaseTLS.create
is a boolean which defaults to false
.
When set to true
all of the certs and keys required for tls will be auto-generated unless manually specified.
When value is false
certs are not generated, but manual Secrets can be provided by overriding both operatorSecret.name
and clusterSecret.name
.
operatorSecret.name
Name of secret with top-level CA of cluster nodes.
Value rules: The couchbaseTLS.operatorSecret.name
value is auto-generated along with its data when couchbaseTLS.create
is true
.
When overriding, this value must refer to a native kubernetes Secret which contains a Base64 encoded caCert
.
operatorSecret.cert
PEM format CA certificate
Value rules: The couchbaseTLS.operatorSecret.cert
value defaults to an auto-generated CA cert used as the top-level CA.
When overriding, couchbaseTLS.operatorSecret.key
must also be provided.
operatorSecret.key
PEM format CA private key
Value rules: The couchbaseTLS.operatorSecret.key
value defaults to an auto-generated CA private key of the CA.
When overriding, couchbaseTLS.operatorSecret.cert
must also be provided.
clusterSecret.name
Name of secret with certs and private key for use by couchbase members.
Value rules: The couchbaseTLS.operatorSecret.name
value is auto-generated along with its data when couchbaseTLS.create
is true
.
When overriding, this value must refer to a native kubernetes Secret which contains a Base64 encoded cert
and key
.
clusterSecret.cert
PEM format certificate for cluster nodes
Value rules: The couchbaseTLS.clusterSecret.cert
value defaults to an auto-generated client cert.
When overriding, you must also provide the couchbaseTLS.operatorSecret.cert
and couchbaseTLS.operatorSecret.key
used to generates this client cert.
clusterSecret.key
PEM format private key for operator
Value rules: The couchbaseTLS.clusterSecret.key
value defaults to an auto-generated private key.
When overriding, you must also provide the couchbaseTLS.operatorSecret.cert
and couchbaseTLS.operatorSecret.key
used to generate this private key.
Custom TLS
Create cluster with auto-generated tls certs
helm install --set couchbaseTLS.create=true \
helm/couchbase-cluster
Use manually created secrets
helm install --set couchbaseTLS.create=false \
--set couchbaseTLS.clusterSecret.name= ”my-secret” \
helm/couchbase-cluster
Create a value file named values-tls.yaml
referencing manually created certs:
couchbaseTLS:
clusterSecret:
cert: /home/ubuntu/easy-rsa/easyrsa3/pki/ca.crt
key: /home/ubuntu/easy-rsa/easyrsa3/pki/ca.key
operatorSecret:
tlsCert: /home/ubuntu/easy-rsa/easyrsa3/pki/issued/couchbase-operator.crt
tlsKey: /home/ubuntu/easy-rsa/easyrsa3/pki/private/couchbase-operator.key
helm install -f values-tls.yaml couchbase/couchbase-cluster