Skip to content

Commit

Permalink
Merge pull request #18972 from cockroachdb/DOC-11283
Browse files Browse the repository at this point in the history
[DOC-11283] Update Helm chart details for insecure deployments
  • Loading branch information
mdlinville authored Oct 14, 2024
2 parents adb52e8 + 3e16239 commit acd0e39
Show file tree
Hide file tree
Showing 7 changed files with 136 additions and 4 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,8 @@ If you are running a secure Helm deployment on Kubernetes 1.22 and later, you mu
By default, the Helm chart will generate and sign 1 client and 1 node certificate to secure the cluster. To authenticate using your own CA, see [Certificate management](/docs/{{ page.version.version }}/secure-cockroachdb-kubernetes.html?filters=helm#use-a-custom-ca).
{{site.data.alerts.end}}
Refer to the [CockroachDB Helm chart's `values.yaml` template](https://github.com/cockroachdb/helm-charts/blob/master/cockroachdb/values.yaml).

1. Install the CockroachDB Helm chart, specifying your custom values file.

Provide a "release" name to identify and track this particular deployment of the chart, and override the default values with those in `my-values.yaml`.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,8 @@ If you are running a secure Helm deployment on Kubernetes 1.22 and later, you mu
By default, the Helm chart will generate and sign 1 client and 1 node certificate to secure the cluster. To authenticate using your own CA, see [Certificate management](/docs/{{ page.version.version }}/secure-cockroachdb-kubernetes.html?filters=helm#use-a-custom-ca).
{{site.data.alerts.end}}
Refer to the [CockroachDB Helm chart's `values.yaml` template](https://github.com/cockroachdb/helm-charts/blob/master/cockroachdb/values.yaml).

1. Install the CockroachDB Helm chart, specifying your custom values file.

Provide a "release" name to identify and track this particular deployment of the chart, and override the default values with those in `my-values.yaml`.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,8 @@ If you are running a secure Helm deployment on Kubernetes 1.22 and later, you mu
By default, the Helm chart will generate and sign 1 client and 1 node certificate to secure the cluster. To authenticate using your own CA, see [Certificate management](/docs/{{ page.version.version }}/secure-cockroachdb-kubernetes.html?filters=helm#use-a-custom-ca).
{{site.data.alerts.end}}
Refer to the [CockroachDB Helm chart's `values.yaml` template](https://github.com/cockroachdb/helm-charts/blob/master/cockroachdb/values.yaml).

1. Install the CockroachDB Helm chart, specifying your custom values file.

Provide a "release" name to identify and track this particular deployment of the chart, and override the default values with those in `my-values.yaml`.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,8 @@ If you are running a secure Helm deployment on Kubernetes 1.22 and later, you mu
By default, the Helm chart will generate and sign 1 client and 1 node certificate to secure the cluster. To authenticate using your own CA, see [Certificate management](/docs/{{ page.version.version }}/secure-cockroachdb-kubernetes.html?filters=helm#use-a-custom-ca).
{{site.data.alerts.end}}
Refer to the [CockroachDB Helm chart's `values.yaml` template](https://github.com/cockroachdb/helm-charts/blob/master/cockroachdb/values.yaml).

1. Install the CockroachDB Helm chart, specifying your custom values file.

Provide a "release" name to identify and track this particular deployment of the chart, and override the default values with those in `my-values.yaml`.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,68 @@
$ helm repo update
~~~
1. Install the CockroachDB Helm chart.
1. The cluster configuration is set in the Helm chart's [values file](https://github.com/cockroachdb/helm-charts/blob/master/cockroachdb/values.yaml).

{{site.data.alerts.callout_info}}
By default, the Helm chart specifies CPU and memory resources that are appropriate for the virtual machines used in this deployment example. On a production cluster, you should substitute values that are appropriate for your machines and workload. For details on configuring your deployment, see [Configure the Cluster](configure-cockroachdb-kubernetes.html?filters=helm).
{{site.data.alerts.end}}

Before deploying, modify some parameters in our Helm chart's [values file](https://github.com/cockroachdb/helm-charts/blob/master/cockroachdb/values.yaml):
1. Create a local YAML file (e.g., `my-values.yaml`) to specify your custom values. These will be used to override the defaults in `values.yaml`.
1. To avoid running out of memory when CockroachDB is not the only pod on a Kubernetes node, you *must* set memory limits explicitly. This is because CockroachDB does not detect the amount of memory allocated to its pod when run in Kubernetes. We recommend setting `conf.cache` and `conf.max-sql-memory` each to 1/4 of the `memory` allocation specified in `statefulset.resources.requests` and `statefulset.resources.limits`.
{{site.data.alerts.callout_success}}
For example, if you are allocating 8Gi of `memory` to each CockroachDB node, allocate 2Gi to `cache` and 2Gi to `max-sql-memory`.
{{site.data.alerts.end}}
{% include_cached copy-clipboard.html %}
~~~ yaml
conf:
cache: "2Gi"
max-sql-memory: "2Gi"
~~~
The Helm chart defaults to a secure deployment by automatically setting `tls.enabled` to `true`. For an insecure deployment, set `tls.enabled` to `false`:
{% include_cached copy-clipboard.html %}
~~~ yaml
tls:
enabled: false
~~~
Your values file should look similar to:
{% include_cached copy-clipboard.html %}
~~~ yaml
conf:
cache: "2Gi"
max-sql-memory: "2Gi"
tls:
enabled: false
~~~
Refer to the [CockroachDB Helm chart's `values.yaml` template](https://github.com/cockroachdb/helm-charts/blob/master/cockroachdb/values.yaml).

1. Install the CockroachDB Helm chart, specifying your custom values file.

Provide a "release" name to identify and track this particular deployment of the chart, and override the default values with those in `my-values.yaml`.

{{site.data.alerts.callout_info}}
This tutorial uses `my-release` as the release name. If you use a different value, be sure to adjust the release name in subsequent commands.
{{site.data.alerts.end}}

{{site.data.alerts.callout_danger}}
To allow the CockroachDB pods to successfully deploy, do not set the [`--wait` flag](https://helm.sh/docs/intro/using_helm/#helpful-options-for-installupgraderollback) when using Helm commands.
{{site.data.alerts.end}}

{% include_cached copy-clipboard.html %}
~~~ shell
$ helm install my-release --values {custom-values}.yaml cockroachdb/cockroachdb
~~~

1. Install the CockroachDB Helm chart.

Provide a "release" name to identify and track this particular deployment of the chart.

Expand Down Expand Up @@ -57,7 +118,7 @@
NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE
pvc-71019b3a-fc67-11e8-a606-080027ba45e5 100Gi RWO Delete Bound default/datadir-my-release-cockroachdb-0 standard 11m
pvc-7108e172-fc67-11e8-a606-080027ba45e5 100Gi RWO Delete Bound default/datadir-my-release-cockroachdb-1 standard 11m
pvc-710dcb66-fc67-11e8-a606-080027ba45e5 100Gi RWO Delete Bound default/datadir-my-release-cockroachdb-2 standard 11m
pvc-710dcb66-fc67-11e8-a606-080027ba45e5 100Gi RWO Delete Bound default/datadir-my-release-cockroachdb-2 standard 11m
~~~

{{site.data.alerts.callout_success}}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,8 @@ If you are running a secure Helm deployment on Kubernetes 1.22 and later, you mu
By default, the Helm chart will generate and sign 1 client and 1 node certificate to secure the cluster. To authenticate using your own CA, see [Certificate management](/docs/{{ page.version.version }}/secure-cockroachdb-kubernetes.html?filters=helm#use-a-custom-ca).
{{site.data.alerts.end}}
Refer to the [CockroachDB Helm chart's `values.yaml` template](https://github.com/cockroachdb/helm-charts/blob/master/cockroachdb/values.yaml).

1. Install the CockroachDB Helm chart, specifying your custom values file.

Provide a "release" name to identify and track this particular deployment of the chart, and override the default values with those in `my-values.yaml`.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,68 @@
$ helm repo update
~~~
1. Install the CockroachDB Helm chart.
1. The cluster configuration is set in the Helm chart's [values file](https://github.com/cockroachdb/helm-charts/blob/master/cockroachdb/values.yaml).

{{site.data.alerts.callout_info}}
By default, the Helm chart specifies CPU and memory resources that are appropriate for the virtual machines used in this deployment example. On a production cluster, you should substitute values that are appropriate for your machines and workload. For details on configuring your deployment, see [Configure the Cluster](configure-cockroachdb-kubernetes.html?filters=helm).
{{site.data.alerts.end}}

Before deploying, modify some parameters in our Helm chart's [values file](https://github.com/cockroachdb/helm-charts/blob/master/cockroachdb/values.yaml):
1. Create a local YAML file (e.g., `my-values.yaml`) to specify your custom values. These will be used to override the defaults in `values.yaml`.
1. To avoid running out of memory when CockroachDB is not the only pod on a Kubernetes node, you *must* set memory limits explicitly. This is because CockroachDB does not detect the amount of memory allocated to its pod when run in Kubernetes. We recommend setting `conf.cache` and `conf.max-sql-memory` each to 1/4 of the `memory` allocation specified in `statefulset.resources.requests` and `statefulset.resources.limits`.
{{site.data.alerts.callout_success}}
For example, if you are allocating 8Gi of `memory` to each CockroachDB node, allocate 2Gi to `cache` and 2Gi to `max-sql-memory`.
{{site.data.alerts.end}}
{% include_cached copy-clipboard.html %}
~~~ yaml
conf:
cache: "2Gi"
max-sql-memory: "2Gi"
~~~
The Helm chart defaults to a secure deployment by automatically setting `tls.enabled` to `true`. For an insecure deployment, set `tls.enabled` to `false`:
{% include_cached copy-clipboard.html %}
~~~ yaml
tls:
enabled: false
~~~
Your values file should look similar to:
{% include_cached copy-clipboard.html %}
~~~ yaml
conf:
cache: "2Gi"
max-sql-memory: "2Gi"
tls:
enabled: false
~~~
Refer to the [CockroachDB Helm chart's `values.yaml` template](https://github.com/cockroachdb/helm-charts/blob/master/cockroachdb/values.yaml).

1. Install the CockroachDB Helm chart, specifying your custom values file.

Provide a "release" name to identify and track this particular deployment of the chart, and override the default values with those in `my-values.yaml`.

{{site.data.alerts.callout_info}}
This tutorial uses `my-release` as the release name. If you use a different value, be sure to adjust the release name in subsequent commands.
{{site.data.alerts.end}}

{{site.data.alerts.callout_danger}}
To allow the CockroachDB pods to successfully deploy, do not set the [`--wait` flag](https://helm.sh/docs/intro/using_helm/#helpful-options-for-installupgraderollback) when using Helm commands.
{{site.data.alerts.end}}

{% include_cached copy-clipboard.html %}
~~~ shell
$ helm install my-release --values {custom-values}.yaml cockroachdb/cockroachdb
~~~

1. Install the CockroachDB Helm chart.

Provide a "release" name to identify and track this particular deployment of the chart.

Expand Down Expand Up @@ -57,7 +118,7 @@
NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE
pvc-71019b3a-fc67-11e8-a606-080027ba45e5 100Gi RWO Delete Bound default/datadir-my-release-cockroachdb-0 standard 11m
pvc-7108e172-fc67-11e8-a606-080027ba45e5 100Gi RWO Delete Bound default/datadir-my-release-cockroachdb-1 standard 11m
pvc-710dcb66-fc67-11e8-a606-080027ba45e5 100Gi RWO Delete Bound default/datadir-my-release-cockroachdb-2 standard 11m
pvc-710dcb66-fc67-11e8-a606-080027ba45e5 100Gi RWO Delete Bound default/datadir-my-release-cockroachdb-2 standard 11m
~~~

{{site.data.alerts.callout_success}}
Expand Down

0 comments on commit acd0e39

Please sign in to comment.