Skip to content

Kubernetes quick start

This page is for people who are familiar with Kubernetes in general, and want to start using it as quickly as possible.

Requesting access

In order to obtain access to Kubernetes, please submit a Kubernetes request . Alternatively you can email your request to support@hpc.ut.ee .

Polices set access at the tenant/namespace level. This means that you get a namespace and give access to that specific namespace, mostly with administrator permissions.

UTHPC uses a kubeconfig file to configure access to Kubernetes. Certificate and token are inside kubeconfig file. This means you need to have kubectl installed.

Functionalities

UTHPC provides several different functionalities/modules via different Kubernetes applications.

Current capabilities:

  • Integration with HashiCorp Vault for secrets management.
  • Capsule for multi-tenancy and policy-based environments.
  • Longhorn for persistent storage.
  • Nginx ingress controller for publishing applications to the internal network.

In case you need…

Here's a quick information panel what to do in certain situations.

Publish your app to outside world

To control and enforce best practices, monitoring, and security, then publishing to outside world isn't possible by yourself. UTHPC team does it through HTTP Proxy cluster called web.cs.ut.ee. If you need to publish an app/software, please contact UTHPC support together with the name/port of your services, and the domain you would like to use.

UTHPC admins direct the domain to HTTP Proxy cluster web.cs.ut.ee, install HTTPS certificates on the proxy, and route the traffic through the proxies to your domain. It's also possible to enable any specific settings on the proxy level.

You need a database

While you can run a database on Kubernetes yourself, even Google raises some considerations about this.

If you wish to have a separately hosted and managed database, please contact UTHPC support, together with information what kind of database engine do you need.

Persistent storage

You can ask for persistent storage using the StorageClasses feature with a Persistent Volume Claim (PVC) in Kubernetes. Please keep your requests limited, as the space and performance of a PVC are tightly related.

Example of using a PVC in Kubernetes, asking for a 2Gi large PVC, and mounting it to /data inside an NGINX container.

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: longhorn-volv-pvc
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 2Gi
---
apiVersion: v1
kind: Pod
metadata:
  name: volume-test
  namespace: default
spec:
  containers:
  - name: volume-test
    image: nginx:stable-alpine
    imagePullPolicy: IfNotPresent
    volumeMounts:
    - name: volv
      mountPath: /data
    ports:
    - containerPort: 80
  volumes:
  - name: volv
    persistentVolumeClaim:
      claimName: longhorn-volv-pvc

Continuous delivery to deploy to Kubernetes

There's two main ways to provide programmatic access to the Kubernetes.

One way is for the administrator of a namespace to create appropriate Service Accounts to the namespace, and with RoleBindings allow appropriate access.

The other way is to use ArgoCD, at argocd.hpc.ut.ee , which allows you to also manage the lifecycle of the app.