Skip to main content

KOBIL Shift Operator

Prerequisites

  • Kubernetes version 1.21, 1.22, 1.23, 1.24.

  • Helm version 3.10.2.

  • Access to KOBIL chart museum

    helm repo add kobil https://charts.kobil.com --username {chart_username} --password {chart_password}

  • An imagePullSecret providing access to the relevant repositories at Azure (kobilsystems.azurecr.io)

    kubectl create secret docker-registry registry-azure \
    --docker-server=kobilsystems.azurecr.io \
    --docker-username=your_user_token_name \
    --docker-password=your_password

Deploy KOBIL Shift-Operator

KOBIL Shift Operator charts are available at https://charts.kobil.com. Before deployment, configure image pull secret, Docker image registry, and Helm Chart repository credentials in configuration file shift-operator-values.yaml:

global:
  imagePullSecrets:
    - registry-azure

  registry: kobilsystems.azurecr.io

helmRepo:
  url: https://charts.kobil.com
  username: ""
  password: ""

By default, the Shift Operator downloads helm chart <chart_name>-<chart_version>.tgz from URL {{ helmRepo.url }}/charts/<chart_name>-<chart_version>.tgz. This works when using chart museum as helm repository, i.e. helmRepo.url points to a chart museum. When using different repositories, the path /charts/ might be different. The path can be changed using value helmRepo.path (which defaults to "/charts/"). E.g. when using Nexus, set

helmRepo:
  url: http://<host>:<port>/repository/<nexus_repository_name>/
  path: ""
  username: "username"
  password: "password"

Deploy Shift operator with the following command

helm install shift-operator -f shift-operator-values.yaml -n shift kobil/shift-operator --version x.y.z

Verify that KOBIL Shift-Operator is running by executing:

kubectl -n shift get deployments

Also verify that the custom resource definition servicegroups.shift.kobil.com is available by executing kubectl get crd.

Using proxies

KOBIL Shift Operator supports http and https proxies for downloading helm charts from the chart repository. Configure the proxy using values

proxy:
  enabled: true
  httpProxy: http://10.10.10.1:80
  httpsProxy: http://10.10.10.1:80
  noProxy: exanple.com,localhost

If the proxy intercepts https traffic, the certificate chain used by the proxy must be added to the trusted certs of Shift Operator. Use value trustedCerts.certs: to configure these certificates. Each certificate must be added in a separate key. The certificates must be in PEM format as base64 encoded string. For example:

trustedCerts:
  certs:
    proxy-root: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk...Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
    proxy-intermediate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk...Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=

Alternatively, add these certificates in a Kubernetes secret and reference the name of this secret in value trustedCerts.existingSecretName. For example:

apiVersion: v1
kind: Secret
metadata:
  name: proxy-certs
type: Generic
data:
  proxy-root: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk...Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
  proxy-intermediate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk...Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
trustedCerts:
  existingSecretName: proxy-certs

Operational notes

By default, KOBIL Shift Operator is deployed with rather small resource requests and no limits:

  resources: 
    requests:
      cpu: 100m
      memory: 128Mi

This is because the operator is idle most of the time and only consumes resources during Shift installation or update. When being active, CPU consumption can grow up to 5 cores and memory consumption can grow up to 1.5Gi. There can be implications in case the Kubernetes node where the operator is running does not have sufficient resources. If not enough CPU is available, the operator will continue working, but slow. If not enough memory is available, the Kubernetes node might go out of memory and kill random processes. To prevent this, deploy the operator with increased resource requests and limits to ensure that sufficient resources are reserved:

mainContainer:
  resources: 
    requests:
      cpu: "2"
      memory: "2Gi"
    limits:
      memory: "2Gi"

Since the operator is idle most of the time, it can be scaled down when no Shift update or installation is performed. This frees the requested resources in the cluster. Use the following command to scale down:

kubectl -n shift scale --replicas=0 deployment <shift-operator-deployment>

Use the following command to scale up before performing an Shift update

kubectl -n shift scale --replicas=1 deployment <shift-operator-deployment>