Deployment on an Existing Managed Kubernetes Cluster

Introduction

It is possible to use an existing EKS or AKS cluster with a dedicated node group for LightBeam services. This setup allows you to isolate workloads from different tenants using node pools (node groups) with specific labels, ensuring that workloads are scheduled on the appropriate nodes.

Labels are used in Kubernetes to define a subset of nodes (node pools) where specific workloads can be scheduled.

As part of the LightBeam cluster deployment, it is necessary to set two labels on both the existing and new node groups:

Set the labels lb/enabled=true and lb-etl/enabled=true on the nodes created for LightBeam services.
Set the labels lb/enabled=false and lb-etl/enabled=false on the existing node group.

Steps to Set Labels on Node Groups

Step 1: Label the New Node Group

To label the new node group intended for LightBeam services, use the following command:

kubectl label nodes <new-node-name> lb/enabled=true lb-etl/enabled=true

Replace <new-node-name> with the actual name of the new node.

Example Command

kubectl label nodes ip-192-168-0-1.ec2.internal lb/enabled=true lb-etl/enabled=true

Step 2: Label the Existing Node Group

To label the existing node group, use the following command:

kubectl label nodes <existing-node-name> lb/enabled=false lb-etl/enabled=false

Replace <existing-node-name> with the actual name of the existing node.

Example Command

kubectl label nodes ip-192-168-0-2.ec2.internal lb/enabled=false lb-etl/enabled=false

Adding Node Selectors to Lightbeam Services, Workflows and Datasources

To add a label to Lightbeam services and workflows, add the following configuration in charts/lightbeam/values.yaml file:

nodeSelector:
  lb/enabled: "true"

To add a label to datasource specific workloads, add the following configuration in charts/lightbeam/values.yaml file:

datasourcenodeSelector:
  lb-etl/enabled: "true"

Adding Node Selectors to Lightbeam web, logging and monitoring

To add node selectors to Lightbeam web, logging and monitoring workloads, specify the following in charts/lightbeam-web-portal/values.yaml, charts/lightbeam-logging/values.yaml, and charts/lightbeam-monitoring/values.yaml respectively.

nodeSelector:
  lb/enabled: "true"

Important Notes:

Label Selector or Pod Affinity: Ensure that the workload templates use the node selector to prevent deployments on nodes that are not labeled for Lightbeam services. If there's a strict restriction against deploying any workload on existing nodes, even if there are available resources, it will be necessary to update the templates accordingly.
Resource Availability: While adding these labels, ensure that the node groups have enough resources to handle the expected workloads.

By setting these labels and using node selectors, it is possible to control where the Lightbeam services are deployed within the EKS cluster. This approach helps to isolate the services and manage resources effectively.

About LightBeam

LightBeam automates Privacy, Security, and AI Governance, so businesses can accelerate their growth in new markets. Leveraging generative AI, LightBeam has rapidly gained customers’ trust by pioneering a unique privacy-centric and automation-first approach to security. Unlike siloed solutions, LightBeam ties together sensitive data cataloging, control, and compliance across structured and unstructured data applications providing 360-visibility, redaction, self-service DSRs, and automated ROPA reporting ensuring ultimate protection against ransomware and accidental exposures while meeting data privacy obligations efficiently. LightBeam is on a mission to create a secure privacy-first world helping customers automate compliance against a patchwork of existing and emerging regulations.

For any questions or suggestions, please get in touch with us at: .

PreviousStandalone Virtual Machine NextAzure Marketplace Deployment

Last updated 9 months ago