Application Catalogue Overview

The table below provides an overview of the applications listed in the default catalogue. These can be installed on the cluster during manual provisioning or added to templated clusters at a later stage once provisioned. The applications are deployed in form of managed Helm charts with the option of customizing their values via the Dashboard UI before deployment.

Application NameDescriptionHome Page/DocumentationNotesEWC specific configuration
Ingress-Nginx ControllerIngress controller for Kubernetes using NGINX as a reverse proxy and load balancer supporting HTTP and HTTPS protocols.

https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/

 

already configured when you deploy the cluster

External SecretsExternal Secrets management for Kubernetes.

https://external-secrets.io

Only the External Secrets Operator is installed. The secret store (vault) is to be provided and configured by the users.

 N/A

Cert-ManagerA Kubernetes addon to automate the management and issuance of TLS certificates from various issuing sources.

https://cert-manager.io

Only cert-manager deployed, no ClusterIssuer added. Users can deploy what they prefer.

Users can decide which clusterissuer to use. 

For example, for HTTP ACME and letsencrypt you can create the following clusterIssuer (place your email in the correct value):

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    email: <random email here>
    privateKeySecretRef:
      name: letsencrypt-prod-acme-account-key
    server: https://acme-v02.api.letsencrypt.org/directory
    solvers:
    - http01:
        ingress:
          class: nginx
          serviceType: ClusterIP

Then you can deploy an ingress using that cluster issuer for the certificate. For example:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
  labels:
    app: yourapp
    component: ingress
  name: yourapp
  namespace: yournamespace
spec:
  ingressClassName: nginx
  rules:
    - host: app.yourtenancy.s.ewcloud.host
      http:
        paths:
          - backend:
              service:
                name: proxy-public
                port:
                  name: http
            path: /
            pathType: Prefix
  tls:
    - hosts:
        - app.yourtenancy.s.ewcloud.host
      secretName: app-certificate
ExternalDNSExternalDNS synchronizes exposed Kubernetes Services and Ingresses with DNS providers.

https://kubernetes-sigs.github.io/external-dns/

Default External-DNS is deployed. It's up to the users to configure the integration with the DNS system of their choice.

In Morpheus, in your tenancy you find under Cypher the following credentials:

  1. aws_access_key_id → secret/dns_route53_access_key

  2. aws_secret_access_key → secret/dns_route53_secret_key

If you don't find the credentials in Morpheus Cypher, please raise a Jira ticket in the EWC support page!


During the deployment of external-dns application, you can input these in the values file to integrate external-dns with EWC DNS - European Weather Cloud Knowledge Base - ECMWF Confluence Wiki.:
env:
  - name: AWS_ACCESS_KEY_ID
    value: "aws_access_key_id"

  - name: AWS_SECRET_ACCESS_KEY
    value: "aws_secret_access_key"

  - name: AWS_REGION
    value: "eu-central-1"


GPU OperatorA customized NVIDIA GPU Operator Helm Chart preconfigured for the use of the Time-slicing GPU sharing feature on EWC machines.

https://docs.nvidia.com/datacenter/cloud-native/gpu-operator/latest/index.html

A EWC-specific configuration for time-slicing GPU sharing feature on Ubuntu worker nodes is provided. Other GPU sharing features are currently not supported in the EUMETSAT side of the EWC.

Note: Only Ubuntu GPU nodes are currently available in the EUMETSAT side of the EWC.

already configured when you deploy if the app is selected

EWC Cluster AutoscalerA component that automatically adjusts the size of a Kubernetes Cluster so that all pods have a place to run and there are no unneeded nodes.

https://github.com/kubernetes/autoscaler/tree/master/cluster-autoscaler

EUMETSAT EWC Managed Kubernetes Service - Enable Cluster Autoscaling

Don't select cluster auto-scaling settings while creating the cluster on the cluster creation pages. Cluster auto-scaling is enabled by adding EWC Cluster Autoscaler application during cluster creation or after cluster creation.

EWC specific values are provided for autoscaling of KKP clusters.

Application Deployment

In order to add an application from the catalogue to your cluster, select it during the manual cluster deployment, or add to the cluster later once it is deployed. The process as of Step 2 is the same in both cases.

  1. Navigate to the Applications tab at the bottom of the cluster details page and click on Add Application.


  2. Select from the list of available applications.


  3. In case multiple versions of the application are available, select one and optionally also customize the Namespace and Deployment names.


  4. Optionally customize the values.yaml of the application Helm chart and finally click on Add Application. Documentation for the chart is available via a link in the previous step.


  5. The selected application will be installed in a few moments and will appear under the Applications tab at the bottom of the cluster details page.
  • No labels