Hello,
I am currently beginning the evaluation of the Gen3 stack, for a national clinical / research data collaboration initiative and had a few inquiries and apologize if I have missed certain details anywhere.
I will be deploying Gen3 in a private data center running a company-wide bare metal Kubernetes environment. 1) Are there instructions posted similarly for Docker-Compose for deploying on K8s?
-
What scripts need to be executed, aside from running kubectl -f apply statements, as it seems that naturally many manifests will depend on other files that must be updated or properly configured prior to actual deployment. Ultimately what is the first step, what files do we need to start with first, to run first, and if there is a CI/CD pipeline, for K8s, is this ansible, or terraform, or bash/sh scripts?
-
Our Kubernetes environment prohibits running any pod/container with root, and as such requires running with non-root user privileges. I have begun an arduous task of custom building many of the Gen3 dependent docker images in which I am addressing this, and then updating the SecurityContext to specify the runas user. I have done this for PostgreSQL, in which case I was lucky to use bitnami's image that handled this already for me, and I have done this for indexd, and Spark, but wanted to inquire if you have done this, or something similar for the rest of the services?
-
What minimum list of services must be ran to support a DC in K8s? Of these, which will be collocated in pods together, or completely separate on their own requiring services defined to intercommunicate via protocol allowances to other pods?
Initially I missed the kube dir , and Kubernetes altogether, and had taken your docker-compose.yaml and converted it with Kompose. I then hand modified a set of working deployment.yamls which took care of all requisites and dependencies including volumes, and due to the RunAsUser restriction / perm restrictions that we impose even for POCs and prototypes, had to build custom docker build versions and inside many deployments use init containers and volume workarounds to address perm issues for non-root user support. Naturally this is taking longer so I am now inquiring to hopefully help accelerate the build.
