K8s Advanced Parameters
Instead of managing manually your own cluster as in the precedent page, you might want to choose a container orchestration tool such as Kubernetes to have a maximum of flexibility on your deployment. This page gives detailed information on how to run Cells in a multi-node setup using inside Kubernetes.
What is Kubernetes ?
Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications.
Install a Kubernetes cluster
You can manually create your own kubernetes cluster on your servers by using kubernetes tools.
Alternatively, there are many operators that offer the possibility of installing a Kubernetes cluster easily. You can find a few below :
- Amazon Elastic Kubernets Service (EKS)
- Google Kubernetes Engine (GKE)
- Microsoft Azure Kubernetes Service (AKS)
- Scaleway Kubernetes Kapsule
For testing, you can use minikube to easily deploy your applications in a local cluster
What is HELM ?
Helm is essentially a package manager for kubernetes applications. Helm Charts can be defined to easily preconfigure the deployment of an application with its dependencies.
Parameters can be changed by setting them during install or upgrade. (e.g. helm install my-cells cells/cells --set image.tag=latest
You can use kubectl locally to easily access your remote cluster. Change your kubeconfig to manage and monitor your deployment directly from your computer. Helm commands will automatically use the kubeconfig configuration.
Install using Helm
Refer to the quick install page for more information.
The cells helm charts can be used to deploy a ReplicaSet of Cells stateless servers. Using helm3 you can add the Cells Helm repo as follows :
helm repo add cells https://download.pydio.com/pub/charts/helm
helm install --namespace <namespace> --create-namespace my-cells cells/cells
Each dependency parameter can be configured directly from the command line by adding the name of the dependency as prefix :
helm install my-cells cells/cells --set mariadb.image.tag=latest ...
Dependencies can also be disabled if you want to use your own deployment from another repo. You need to make sure that you set the corrected address of your external service in the cells configuration for cells to be able to reach it.
helm install my-cells cells/cells --set mariadb.enabled=false
Cells Chart declares the following mandatory dependencies below. They are all necessary for a fully functional Cells cluster. You can install equivalent versions if you require by disabling the initial dependency
Name | Repo | Enable | Parameters list |
mariadb | bitnami | mariadb.enabled |
https://artifacthub.io/packages/helm/bitnami/mariadb#parameters |
redis | bitnami | redis.enabled |
https://artifacthub.io/packages/helm/bitnami/redis#parameters |
nats | bitnami | nats.enabled |
https://artifacthub.io/packages/helm/bitnami/nats#parameters |
mongodb | bitnami | mongodb.enabled |
https://artifacthub.io/packages/helm/bitnami/mongodb#parameters |
minio | bitnami | minio.enabled |
https://artifacthub.io/packages/helm/bitnami/minio#parameters |
vault | Hashicorp | vault.enabled |
https://developer.hashicorp.com/vault/docs/platform/k8s/helm/configuration |
Cells Chart declares the following optional dependencies below
Name | Repo | Enable | Parameters list |
ingress-nginx | kubernetes | ingress.enabled |
https://artifacthub.io/packages/helm/ingress-nginx/ingress-nginx#values |
Number of replicas
Parameter | Description | Default |
replicaCount |
Number of replicas used be default by the application | 1 |
Server image
Parameter | Description | Default |
image.repository |
pydio/cells | |
image.pullPolicy |
IfNotPresent | |
image.tag |
unstable |
Parameter | Description | Default |
service.type |
NodePort | |
service.port |
8080 | |
service.discoveryPort |
8002 | |
service.binds |
Configures new bind addresses for the pod | not set |
service.reverseproxyurl |
Configure the reverse proxy url for the pod | not set |
service.tlsconfig |
Configure the tlsconfig of the pod load balancer | not set |
service.customconfigs |
Configure custom configuration for the Cells instance | { # Initial license "defaults/license/data": "FAKE", # sticky session for grpc "cluster/clients/grpc/loadBalancingStrategies[0]/name": "priority-local", # "frontend/plugin/core.pydio/APPLICATION_TITLE": "My Pydio Cells Cluster" } |
Resources are not set by default in order to run everywhere.
But it becomes mandatory if you want to set up an autoscaling strategy (below)
Parameter | Description | Default |
resources.limits.cpu |
not set | |
resources.limits.memory |
not set | |
resources.requests.cpu |
not set | |
resources.requests.memory |
not set |
Autoscaling is disabled by default. But you can enable it to have the replica set horizontally scaling to use the full (or as defined) capacity of your cluster.
Parameter | Description | Default |
autoscaling.enabled |
Enables autoscaling | false |
autoscaling.minReplicas |
Minimum number of replicas started for a Cells deployment | 3 |
autoscaling.maxReplicas |
Maximum number of replicas started for a Cells deployment | 5 |
autoscaling.targetCPUUtilizationPercentage |
Target cpu percentage usage of the maximum resource allocated to reach to trigger a new pod deployment | 80 |
autoscaling.targetMemoryUtilizationPercentage |
Target memory percentage usage of the maximum resource allocated to reach to trigger a new pod deployment | 80 |
In order to access your application remotely, you can set an ingress API object that will provide load balancing, SSL termination and name-based virtual hosting :
Parameter | Description | Default |
ingress.enabled |
Enables Ingress | false |
ingress.annotations |
Ingress annotations | { "kubernetes.io/ingress.class": "nginx", "cert-manager.io/cluster-issuer": "letsencrypt", "nginx.ingress.kubernetes.io/proxy-body-size": "0" } |
ingress.hostname |
Ingress main hostname | cells.local |
ingress.tls |
Ingress TLS enabled | false |
ingress.clusterissuer.server |
URL to the LetsEncrypt certification API | https://acme-v02.api.letsencrypt.org/directory |
ingress.clusterissuer.email |
Email used for verification during the certification | not set |
ingress.extraHosts |
Potential extra hostnames allowed | [] |
Nats Jetstream queue
In cells helm chart version <= 0.1.2
, you should manually modify deployment.yaml
to add an env for persist queue as well as activate nats jetstream in values.yaml
Update deployment.yaml
Add an extra environment variable (CELLS_PERSISTQUEUE) to instruct Cells to use the NATS service as a queue. Modify the containers section as follows:
- name: {{ .Chart.Name }}
['-c', 'source /var/cells-install/source && cells start ']
- name: POD_NAME
fieldPath: metadata.name
value: {{ include "cells.natsURL" . }}
Update values.yaml
When NATS starts with JetStream, it transitions from a Deployment to a StatefulSet. This change requires adding a PersistentVolume to the cluster. An example configuration for NATS in values.yaml:
enabled: true
enabled: true
maxMemory: 5G
enabled: false
enabled: true
# Allow pod to write to the mounted repository
podSecurityContext: { enabled: true }
enabled: true
storageClass: gp2
annotations: {}
- ReadWriteOnce
size: 8Gi
selector: {}
enabled: true
resourceType: statefulset
## Number of NATS nodes
replicaCount: 3
name: nats
connectRetries: ""
enabled: false
user: nats_cluster
password: "secret-changeme"
Back to topNote: The
podSecurityContext: { enabled: true }
setting is required for proper functionality.