Helm Cluster Configuration

This guide outlines the design and usage of the helm chart for deploying a couchbase cluster. This chart is especially helpful for rolling out development clusters and generating TLS certificates and keys. Howerver, configurations requiring server groups and persistent volumes are better expressed and managed directly using a cluster spec. Refer to the couchbase operator documentation regarding deploying couchbase directly from kubectl.

The cluster chart requires the custom resource definition (CRD) to be installed so that Kubernetes knows about the CouchbaseCluster type. By default the Operator will install the CRD for you. But if you’ve disabled this function, then you’ll either need to enable the createCRD flag in this chart, or install-openshift.html.adoc#install-the-custom-resource-definition.

To install the cluster chart run the following commands:

helm repo add couchbase https://couchbase-partners.github.io/helm-charts/
helm install couchbase/couchbase-cluster

The following outlines all of the values exposed by this chart to assist with customizing your deployment.

Cluster Configuration

The helm chart supports creating and managing a single couchbase cluster by exposing the following default values.

createCRD: false
couchbaseCluster:
  create: true
  name: ""
  username: "Administrator"
  password: "password"
  authSecretOverride: ""
  baseImage: "couchbase/server"
  version: "enterprise-6.0.1"
  exposeAdminConsole: true
  adminConsoleServices:
    - data
  exposedFeatures:
    - xdcr
  adminConsoleServiceType: NodePort
  exposedFeatureServiceType: NodePort
  dns:
    domain:
  platform:
  cluster:
    dataServiceMemoryQuota: 256
    indexServiceMemoryQuota: 256
    searchServiceMemoryQuota: 256
    eventingServiceMemoryQuota: 256
    analyticsServiceMemoryQuota: 1024
    indexStorageSetting: memory_optimized
    autoFailoverTimeout: 120
    autoFailoverMaxCount: 3
    autoFailoverOnDataDiskIssues: true
    autoFailoverOnDataDiskIssuesTimePeriod: 120
    autoFailoverServerGroup: false
    logRetentionTime: 604800s
    logRetentionCount: 20
  buckets:
    default:
      name: default
      type: couchbase
      memoryQuota: 128
      replicas: 1
      ioPriority: high
      evictionPolicy: fullEviction
      conflictResolution: seqno
      enableFlush: true
      enableIndexReplica: false
  servers:
    all_services:
      size: 3
      services:
        - data
        - index
        - query
        - search
        - eventing
        - analytics
      serverGroups: []
      pod: {}
  securityContext: {}
  volumeClaimTemplates: []

createCRD

Option to create the CRD defining the CouchbaseCluster type.

Value rules: The createCRD value defaults to false which excludes installation of the CRD resource. Therefore, when false, the CRD should be installed using the Operator chart, or be installed manually. When set to true the resource is installed.

name

The name of the cluster to create.

Value rules: The couchbaseCluster.name value defaults to the name of the chart if not specified. Must be unique from any other clusters in the namespace.

username

The username to use as the cluster admin.

This should only be used for experimental and test clusters. Consider using authSecretOverride to provide a secret containing your own username and password.

Value rules: The couchbaseCluster.username value is a string set to Administrator by default.

password

The password to use as the cluster admin.

This should only be used for experimental and test clusters. Consider using authSecretOverride to provide a secret containing your own username and password.

Value rules: The couchbaseCluster.password value is a string set to Administrator by default.

authSecretOverride

The secret to use for overriding the auto-generated secret. When specified the username and password from the secret are used for Administrator login.

Value rules: The couchbaseCluster.authSecretOverride value is the name of a kubernetes secret and is not set by default. Refer to the couchbase operator documentation for more information about creating auth secrets .

additional values

All of the remaining values which can be overridden in this spec are desccribed here in the Couchbase Cluster Config documentation.

Persistent Volumes

The best way to create a cluster with persistent volumes is to make a custom value file. The following example shows how volumeMounts can be added to created a persisted cluster.

Create a file named values-persistent.yaml with the following values:

couchbaseCluster:
  servers:
    all_services:
      pod:
        volumeMounts:
          default: couchbase
          data:  couchbase
  securityContext:
      fsGroup: 1000
  volumeClaimTemplates:
    - metadata:
        name: couchbase
      spec:
        storageClassName: "default"
        resources:
          requests:
            storage: 1Gi

Install the cluster chart using the custom value file:

helm install -f values-persistent.yaml couchbase/couchbase-cluster

Couchbase TLS

Certificates can be auto-generated or overridden by user supplied certs. Also since couchbase certs are represented as plain kubernetes secrets, the secret itself can be overridden.

couchbaseTLS:
  create: false
  expiration: 365
  operatorSecret:
    name:
    cacert:
    cakey:
  clusterSecret:
    name:
    cert:
    key:

create

This value determines whether the chart should create the cluster with TLS.

Value rules: The couchbaseTLS.create is a boolean which defaults to false. When set to true all of the certs and keys required for tls will be auto-generated unless manually specified. When value is false certs are not generated, but manual Secrets can be provided by overriding both operatorSecret.name and clusterSecret.name.

expiration

Expiration of CA in days

Value rules: The couchbaseTLS.expiration defaults to 365 days.

operatorSecret.name

Name of secret with top-level CA of cluster nodes.

Value rules: The couchbaseTLS.operatorSecret.name value is auto-generated along with its data when couchbaseTLS.create is true. When overriding, this value must refer to a native kubernetes Secret which contains a Base64 encoded caCert.

operatorSecret.cert

PEM format CA certificate

Value rules: The couchbaseTLS.operatorSecret.cert value defaults to an auto-generated CA cert used as the top-level CA. When overriding, couchbaseTLS.operatorSecret.key must also be provided.

operatorSecret.key

PEM format CA private key

Value rules: The couchbaseTLS.operatorSecret.key value defaults to an auto-generated CA private key of the CA. When overriding, couchbaseTLS.operatorSecret.cert must also be provided.

clusterSecret.name

Name of secret with certs and private key for use by couchbase members.

Value rules: The couchbaseTLS.operatorSecret.name value is auto-generated along with its data when couchbaseTLS.create is true. When overriding, this value must refer to a native kubernetes Secret which contains a Base64 encoded cert and key.

clusterSecret.cert

PEM format certificate for cluster nodes

Value rules: The couchbaseTLS.clusterSecret.cert value defaults to an auto-generated client cert. When overriding, you must also provide the couchbaseTLS.operatorSecret.cert and couchbaseTLS.operatorSecret.key used to generates this client cert.

clusterSecret.key

PEM format private key for operator

Value rules: The couchbaseTLS.clusterSecret.key value defaults to an auto-generated private key. When overriding, you must also provide the couchbaseTLS.operatorSecret.cert and couchbaseTLS.operatorSecret.key used to generate this private key.

Custom TLS

Create cluster with auto-generated tls certs

	helm install --set couchbaseTLS.create=true \
               helm/couchbase-cluster

Use manually created secrets

helm install  --set couchbaseTLS.create=false \
              --set couchbaseTLS.clusterSecret.name= ”my-secret” \
              helm/couchbase-cluster

Create a value file named values-tls.yaml referencing manually created certs:

couchbaseTLS:
  clusterSecret:
    cert: /home/ubuntu/easy-rsa/easyrsa3/pki/ca.crt
    key: /home/ubuntu/easy-rsa/easyrsa3/pki/ca.key
  operatorSecret:
    tlsCert: /home/ubuntu/easy-rsa/easyrsa3/pki/issued/couchbase-operator.crt
    tlsKey: /home/ubuntu/easy-rsa/easyrsa3/pki/private/couchbase-operator.key
helm install  -f values-tls.yaml couchbase/couchbase-cluster