Deployment, Service, and Ingress Sample
Define a deployment, service, and Ingress in the YAML specification file when creating a deployment for a single authoring Data Collector that users must log into.
The following sample YAML specification file defines a deployment associated with a Kubernetes service and Ingress:
apiVersion: v1
kind: List
items:
- apiVersion: v1
kind: Service
metadata:
name: datacollector-service
namespace: <agentNamespace>
spec:
type: LoadBalancer
ports:
- name: iot
port: 18636
targetPort: 18636
protocol: TCP
selector:
app: <deploymentLabel>
- apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: authoring-sdc
namespace: <agentNamespace>
spec:
rules:
- host:
http:
paths:
- path: /
backend:
serviceName: datacollector-service
servicePort: 18636
- apiVersion: apps/v1
kind: Deployment
metadata:
name: datacollector-deployment
namespace: <agentNamespace>
spec:
replicas: 1
selector:
matchLabels:
app: <deploymentLabel>
template:
metadata:
labels:
app : <deploymentLabel>
kerberosEnabled: true
krbPrincipal: <KerberosUser>
spec:
containers:
- name : datacollector
image: <privateImage>
ports:
- containerPort: 18360
volumeMounts:
- name: krb5conf
mountPath: /etc/krb5.conf
subPath: krb5.conf
readOnly: true
env:
- name: HOST
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: PORT0
value: "18630"
- name: SDC_CONF_SDC_BASE_HTTP_URL
value: <serviceURL>
- name: SDC_CONF_HTTP_ENABLE_FORWARDED_REQUESTS
value: "true"
imagePullSecrets:
- name: <imagePullSecrets>
volumes:
- name: krb5conf
secret:
secretName: krb5conf...
kerberosEnabled: true
krbPrincipal: <KerberosUser>
...
volumeMounts:
- name: krb5conf
mountPath: /etc/krb5.conf
subPath: krb5.conf
readOnly: true
...
volumes:
- name: krb5conf
secret:
secretName: krb5conf| Variable | Description |
|---|---|
| agentNamespace | Namespace used for the Provisioning Agent that manages this deployment. |
| deploymentLabel | Label for this deployment. Must be unique for all deployments managed by the Provisioning Agent. |
| KerberosUser | User for the Kerberos principal when enabling Kerberos
authentication. This attribute is optional. If you remove this
attribute, the Provisioning Agent uses The Provisioning Agent creates a unique
Kerberos principal for each deployed Data Collector
container using the following format:
For
example, if you define the KerberosUser attribute
as marketing and the Provisioning Agent deploys two
Data Collector
containers, the agent creates the following Kerberos
principals: |
| privateImage | Path to your private Data Collector Docker
image stored in your private repository. Or, if using the public StreamSets
Data Collector Docker
image, modify the attribute as
follows: Where <version> is the Data Collector
version. For
example: |
| imagePullSecrets | Pull secrets required for the private image stored in your private
repository. If using the public StreamSets Data Collector Docker image, remove these lines. |
| serviceURL | URL for the Kubernetes service used to access the authoring Data Collector. The URL must use the HTTPS protocol. The URL must use the same protocol, HTTP or HTTPS, as the Control Hub system. Use the following format for the
URL: For
example: |
- The Ingress must be associated to a service defined in the same file.In the sample above, the Ingress is associated to the defined service with the following attributes:
serviceName: datacollector-service servicePort: 18636 - The service must be associated to the deployment defined in the same file.In the sample above, the service is associated to the defined deployment with the following attribute:
app: <deploymentLabel>