#Kubernetes

The IKO documentation is robust. A single web page, that consists of about 50 actual pages of documentation. For beginners that can be a bit overwhelming. As the saying goes: how do you eat an elephant? One bite at a time. Let's start with the first bite: helm.

What is Helm?

Helm is to Kubernetes what the InterSystems Package Manager (IPM, formerly ObjectScript Package Manager - ZPM) is to IRIS.

Good morning dear community,

This is like my first post in this community. Let's see how this turns out.
I have a question about the Intersystems Kubernetes Operator and the deployment of the webgateways.
I am responsible for the hosting and deployment of the apps. For the future we are planning to host our application in a kubernetes cluster. I am using the IKO for this.
I am using webgateways, for external access as separate pods. And sidecar containers for internal access, like the management portal.

Runtime Enforcement

Anakin Skywalker challenged the high ground and has been terribly injured on Mustafar.  

So if you are following from the previous post or dropping in now, let's segway to the world of eBPF applications and take a look at Parca, which builds on our brief investigation of performance bottlenecks using eBPF, but puts a killer app on top of your cluster to monitor all your iris workloads, continually, cluster wide!  

Continous Profiling with Parca, IRIS Workloads Cluster Wide

I attended Cloud Native Security Con in Seattle with full intention of crushing OTEL day, then perusing the subject of security applied to Cloud Native workloads the following days leading up to CTF as a professional excercise. This was happily upended by a new understanding of eBPF, which got my screens, career, workloads, and atitude a much needed upgrade with new approaches to solving workload problems. 

So I made it to the eBPF party and have been attending clinic after clinic on the subject ever since, here I would like to "unbox" eBPF as a technical solution, mapped directly to what we do in practice (even if its a bit off), and step through eBPF through my experimentation on supporting InterSystems IRIS Workloads, particularly on Kubernetes, but not necessarily void on standalone workloads.

eBee Steps with eBPF and InterSystems IRIS Workloads

Say I want to uninstall the IKO - all I need to do is:

> helm uninstall intersystems

What happens behind the scenes is that helm will uninstall what was installed when you ran :

> helm install intersystems <relative/path/to/iris-operator>

In some sense - this is symmetric to when we ran install - however with a different image.

You'll notice that when you install, it knows what image to take from:

operator:
  registry: containers.intersystems.com
  repository: intersystems/iris-operator-amd
  tag: 3.7.13.100

For uninstall the image to take note of is:

In our previous article, we have explored the most common Kubernetes components:

• We started with the pods and the services we needed to communicate with each other.
• Then, we examined the  Ingress component used to Route traffic into the cluster.
• We also skimmed through an external configuration using ConfigMaps and Secrets.
• Afterward, we analyzed Data persistence with the help of Volumes.
• Finally, we took a quick look at pod blueprints with such replicating mechanisms as Deployments and StatefulSets (the latter is employed specifically for such stateful applications as databases).

In this article, we will explore Kubernetes architecture and configuration.

Hi Community,

Play the new video on InterSystems Developers YouTube:

⏯ Introducing Smart Data Services @ Global Summit 2023

In this article, we will cover below topics:

• What is Kubernetes?
• Main Kubernetes (K8s) Components

What is Kubernetes?

Kubernetes is an open-source container orchestration framework developed by Google. In essence, it controls container speed and helps you manage applications consisting of multiple containers. Additionally, it allows you to operate them in different environments, e.g., physical machines, virtual machines, Cloud environments, or even hybrid deployment environments.

What problems does it solve?

In case you're planning on deploying IRIS For Health, or any of our containerized products, via the IKO on OpenShift, I wanted to share some of the hurdles we had to overcome.

As with any IKO based installation, we first need to deploy the IKO itself. However we were getting this error:

Warning FailedCreate 75s (x16 over 3m59s) replicaset-controller Error creating: pods "intersystems-iris-operator-amd-f6757dcc-" is forbidden: unable to validate against any security context constraint:

proceeded by a list of all the security context constraints (SCCs) it could not validate against.

Hey Community,

Hit that play button and enjoy the new video on InterSystems Developers YouTube:

⏯ Can You Autoscale This? Lessons from the Field on Kubernetes @ Global Summit 2023

InterSystems Kubernetes Operator (IKO) 3.7 is now Generally Available.  IKO 3.7 adds significant new functionality along with numerous bug fixes.  Highlights include:

• When using IKO 3.7 with IRIS 2024.1+, the WebGateway can authenticate to IRIS via mutual TLS.
• Support for reporting asynchronous mirror members
• Resource requests can now be applied to IAM pods
• Improvements to iriscluster resource output

Hi, I was wondering if anyone already dealt with this issue:
"System has been suspended for over X seconds, exceeding the maximum duration specified. Allowing system activity to resume. Any ongoing backup has presumably failed. Next InterSystems IRIS backup must be a full one"

our backup system "Commvault" is automatic, how do you tell it once you get this message that the next backup should be full?

thanks,

Eyal

Hello, we deploy IRIScluster using IKO on Red Hat OpenShift deployed in AWS. For DR, we have another AWS region on stand by. We do daily backups. I run a standalone IRIS in the second region. I want to add it as async member to the mirror to have some essential data available in the standby region. Is this possible?

We have solution which uses IRIS with IAM and webgateway integrated.

After integration, we notice that in the kong configuration in the kongdb upstreams are not created as listed in the kong.yml

We noticed that, IAM api calls are failing with enterprise license expired.

[kong@iam-deployment-75f485954c-ssdfv /]$ curl --location --request POST 'http://localhost:8001/services/'
{"message":"Enterprise license missing or expired"}

From Logs:

This article will cover turning over control of provisioning the InterSystems Kubernetes Operator, and starting your journey managing your own "Cloud" of InterSystems Solutions through Git Ops practices. This deployment pattern is also the fulfillment path for the PID^TOO||| FHIR Breathing Identity Resolution Engine.

Git Ops

K9s is a terminal-based UI (aka kubectl clown suit), to manage Kubernetes clusters that drastically simplifies navigating, observing, and managing your applications in K8s, including Custom Resources like the InterSystems Kubernetes Operator (IKO) and ArgoCD Applications. If you are about to take your CKD, CKA, or CKS, leave k9s well enough alone for awhile as the abstraction to kubectl will become the standard for navigating the cluster and you will undoubtedly become estranged to the extended flags of kubectl and bomb the exam.

I am currently using IKO 3.6 to deploy an irisCluster on EKS, but I am facing some challenges. Firstly, I need assistance in understanding how to connect to the Web Gateway sidecar. If anyone has experience with this, I would greatly appreciate any guidance or advice you can offer. Secondly, I am trying to utilize the 'seed: path' options of irisDatabases, but I am unsure of the best approach. If anyone has successfully implemented this feature, I would love to hear about your approach and any insights you can provide. Thank you in advance for any help you can offer!

With the world (as well as our own technology) moving to the cloud at such a fast pace it is easy (at least for myself) to get caught up in the little details. One thing I, and some clients of ours, had run into a couple of times was the necessity to specify the version of the images one plans to use with the IKO.

InterSystems Kubernetes Operator (IKO) 3.6 is now Generally Available.  IKO 3.6 adds significant new functionality along with numerous bug fixes.  Highlights include:

• Easily include Web Gateway sidecars for compute and data nodes.
• Kubernetes secret for Web Gateway authentication
• Define Databases in the Data section
• Define Namespaces in the Data section
• Ephemeral Web Gateways for cases where everything you need is in the container image
• Upgrade Horizontal Pod Autoscaler support to version 2 of the HPA spec

I want to deploy IRIS apps running in containers in Kubernetes with user accounts configured.

I have a %ZSTART routine which looks for an XML file with Users export data and if the %ZSTART routine finds this file, it imports it. This Users export data can be obtained by running a class method.

I have defined a task which can be scheduled or run on demand. This tasks imports user data from an XM file.

In Kubernetes I can provide a ConfigMap to stage the Users data for the %ZSTART routine.

@Jeff Fried 

Hi Jeff,

I reviewed the Ensemble 2018 support documentation
https://docs.intersystems.com/latest/csp/docbook/DocBook.UI.Page.cls?KE…

And I did not find a restriction on the use of Ensemble 2018 installed on Docker with Openshift, but I received information that Intersystems would not support this installation case. That is true?

This would help us with the transition to IRIS as I carry out the migrations.

Thank you very much for your help

In this article, we’ll build a highly available IRIS configuration using Kubernetes Deployments with distributed persistent storage instead of the “traditional” IRIS mirror pair. This deployment would be able to tolerate infrastructure-related failures, such as node, storage and Availability Zone failures. The described approach greatly reduces the complexity of the deployment at the expense of slightly extended RTO.

I deployed the IRIS container on my Mac M1 Docker Desktop Kubernetes cluster:

I limited the container 1.5Gb memory:

In the "merge.cpf" file I constrained IRIS memory usage aspects:

Now I load-test the container by multiple installing  and uninstalling the %ZPM package:

• install ZPM (zpm-installer.routine and execution):

LS,

I'm trying to learn how to use the IKO for deploying solutions to Kubernetes. In my current project I'm trying to deploy the IAM onto a K8S context. Are there directly usable samples of the yaml file I need to use for that?  

Hi *.*,

I am new to IRIS, IKO and IAM. I have read through a lot of the documentation, but I need clarity on some things that I can't find in the documentation.

InterSystems Kubernetes Operator (IKO) 3.5 is now Generally Available.  IKO 3.5 adds significant new functionality along with numerous bug fixes.  Highlights include:

This week I was able to demo a proof of concept for our FMS interface on traffic cop architecture to my team. We are working on modernizing an Interoperability production running on mirrored Health Connect instances. We deploy IRIS workloads on Red Hat OpenShift Container Platform using InterSystems Kubernetes Operator (IKO). We can define any number of replicas for the compute stateful set where each compute pod runs our Interoperability production. We introduced Horizontal Pod Autoscaler (HPA) to scale up the number of compute pods based on memory or CPU utilization. But IKO scaled down

IRIS configurations and user accounts contain various data elements that need to be tracked, and many people struggle to copy or sync those system configurations and user accounts between IRIS instances. So how can this process be simplified?

In software engineering, CI/CD or CICD is the set of combined practices of continuous integration (CI) and (more often) continuous delivery or (less often) continuous deployment (CD). Can CI/CD eliminate all our struggles?

I work in a team which develops and deploys IRIS clusters. We run IRIS in containers on Red Hat OpenShift container platform.