Skip to content

corridor/kubernetes-ggx

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
base
base
 
 
overlays/example
overlays/example
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

kubernetes-ggx

Kubernetes manifests for deploying GenGuardX with Kustomize.

Quickstart

  1. Get the docker credentials from the Corridor Team - Contact [email protected]
  2. Create a kubernetes secret with the docker credentials
  3. Deploy the services (Note: For more customized setups, check the Configurations section below)
  4. Verify the rollout
# 1. Copy the provided docker credentials json file to /tmp/corridor-registry-key.json (or a preferred path)

# 2. Create a kubernetes secret with the docker credentials
kubectl create secret docker-registry corridor-registry-secret \
  --docker-server=us-central1-docker.pkg.dev \
  --docker-username=_json_key \
  --docker-password="$(cat /tmp/corridor-registry-key.json)" \
  --namespace ggx

# 3. Deploy the services (NOTE: Use --dry-run=server for safety)
kubectl apply -k overlays/example

# 4. Verify rollout
kubectl get pods -n ggx
kubectl get svc -n ggx
kubectl get ingress -n ggx

Architecture

The deployment architecture is based on the existing Corridor GenGuardX setup:

  • corridor-app: Primary API and Web application which serves the GGX platform
  • corridor-worker: Background worker process for heavy execution tasks
  • corridor-jupyter: Jupyter/JupyterHub-facing service for ad-hoc analytics
  • Shared persistent volumes for data, uploads, notebooks, Jupyter state, and backups
  • A single ingress routing / to the app and /jupyter to jupyter-service

Cloud Compatibility

This repo is cloud agnostic.

It can be used on any Kubernetes cluster, including managed Kubernetes offerings such as GKE, EKS, AKS, Openshift, etc.

Layout

base/               Reusable application manifests
overlays/example/   Minimal deployable overlay with placeholder configuration

It is possible to host multiple instances of GenGuardX - for example: overlays/prod, overlays/staging, overlays/dev. Or overlays/team1 and /overlays/team2

Configure

Feel free to configure the kubernetes setup based on your needs. Some common configurations are:

  • By default the kustomization.yaml uses the latest tag. To use a older version of Corridor GenGaurdX, set the docker image tag in overlays/example/kustomization.yaml > newTag variable.
  • Set the public hostname based on your egress domain name in overlays/example/kustomization.yaml
  • Set database and application-specific settings in overlays/example/configs/api_config.py
  • If your cluster uses a different RWX storage class, update the PVC patches in overlays/example/kustomization.yaml.
  • Configure TLS secret keys etc in base/ingress.yaml
  • Configure other nginx configs like gzip/timeout etc. in base/ingress.yaml
  • Change Memory requests and limits in the respective base/*.yaml files for that service.

FAQs

My pod is showing ImagePullBackOff

If your pod events show ImagePullBackOff or registry authorization errors -> The image authentication is likely the culprit. Double check if the correct docker credentials are added to the kubernetes secret

App is taking a long time to start

The app deployment runs a database migration in an init container before the main API starts. This can be decoupled to reduce restart time.

About

Kubernetes manifests for deploying GenGuardX with Kustomize.

ggx.corridorplatforms.com/

Topics

kubernetes deployment gcp devsecops ggx aks eks

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages