⚠️ This document is for the Alpha version of Nubus for Kubernetes. Feedback is welcome. ⚠️

Nubus for Kubernetes - Operation Manual 0.5.1 (Alpha)

Requirements

2. Requirements#

This section describes the requirements you need to meet before you can start deploying Univention Nubus on a Kubernetes cluster.

In general, you need a Kubernetes cluster and additional services. Nubus has a default configuration for the additional services, so you can decide whether to use them or use your own deployments of these services.

Nubus requires the following services:

  1. Kubernetes cluster

  2. Relational database

  3. Message queue: NATS

  4. S3-compatible object storage

  5. Certificate manager

Important

Univention support covers Univention Nubus.

Univention doesn’t provide support offerings for additional services outside of Nubus.

2.1. Kubernetes cluster#

You need a Kubernetes cluster to deploy and run Univention Nubus. For the Kubernetes cluster, you must ensure the following aspects:

  1. The clients and users that want to use the services of Univention Nubus need network access to Nubus through the Kubernetes cluster.

  2. The minimum required version of Kubernetes is 1.27.

  3. A dedicated namespace for the deployment of Univention Nubus. You don’t have to limit the namespace to Nubus only. You can also deploy other services there, as well. However, Nubus is the primary tenant of the namespace.

  4. Install Tools to manage Kubernetes clusters.

Univention Nubus recommends to ensure External access to cluster services.

See also

Patch Releases

for information about schedule and cadence of Kubernetes releases in Kubernetes Documentation [1].

Namespaces in Kubernetes

for information about the mechanism for isolating groups of resources within a single cluster in Kubernetes Documentation [1].

2.1.1. Production environment - managed or self-managed#

You can choose between a managed and a self-managed Kubernetes cluster.

Managed production environment

If you don’t want to manage a Kubernetes cluster yourself, you can use a managed service provider or certified platforms. Depending on the amount of management you want to take on or leave to others, you need to consider how availability, scale, security, and access management affect your requirements for a Kubernetes cluster.

At a minimum, you need access to a Kubernetes namespace and the permissions to deploy resources within that namespace. And the production environment must provide the services listed in the Requirements section of this page.

Self-managed production environment

To run a self-managed Kubernetes cluster, you need to take care of the maintenance, security, and resources. You need to provide the services listed in Requirements on this page. You also need expertise in running and managing a Kubernetes cluster.

See also

Consider consulting the following resources from the Kubernetes Documentation [1] during your decision-making process. They provide links to additional resources.

2.1.2. Tools to manage Kubernetes clusters#

Regardless of who manages the Kubernetes cluster, you need to install kubectl to run commands against Kubernetes clusters. To install kubectl, refer to kubectl - Install Tools.

The deployment of Univention Nubus requires Helm, the package manager for Kubernetes. Helm uses the packaging format Chart. A chart is a collection of files that describe a related set of Kubernetes resources. To install Helm, refer to Installing Helm.

See also

kubctl
Helm

  • Helm for more information about Helm and Charts.

  • Helm Docs for the documentation of Helm and the package format Helm Charts.

2.1.3. External access to cluster services#

Univention Nubus recommends a running Ingress Controller to provide external access to the services within Nubus. Nubus provides configuration for Ingress, an API object in Kubernetes that manages external access to services in a cluster.

Univention only supports the Ingress Controller Ingress-NGINX Controller.

See also

From Kubernetes Documentation [1], see the following resources:

2.2. Certificate manager#

Kubernetes requires certificates for secure communication between different components in a Kubernetes cluster. Univention Nubus also needs certificates, at least on the endpoint, for secure communication with clients.

You need a certificate manager for Kubernetes, as this makes certificate maintenance easier. A certificate manager creates TLS certificates for workloads in Kubernetes. It obtains certificates from a variety of certificate authorities, such as Let’s Encrypt and private PKI.

Nubus for Kubernetes requires cert-manager as certificate manager.

See also

Kubernetes documentation

Best practices: PKI certificates and requirements in Kubernetes Documentation [1].

cert-manager Documentation

for getting started with cert-manager, installation, and handling certificates.

2.3. Relational database#

Univention Nubus requires a relational database management system (RDBMS). Such a database system can be PostgreSQL.

Use an existing PostgreSQL deployment with implemented concepts for backup, restore, redundancy, failover, and security for Nubus. You only need to provide the location and respective credentials to the Nubus configuration. Using an existing PostgreSQL deployment for Nubus is a clear recommendation.

If you don’t have a PostgreSQL deployment, you can enable PostgreSQL in the configuration for a demonstration deployment of Univention Nubus.

Important

The PostgreSQL deployment within Nubus doesn’t provide concepts for backup, restore, and redundancy. Use it only for demonstration purposes.

⚠️ Univention doesn’t provide support for the PostgreSQL deployment within Nubus.

See also

Kubegres

is a Kubernetes operator allowing to deploy clusters of PostgreSQL instances.

How to Deploy Postgres to Kubernetes Cluster | DigitalOcean

for a step-by-step tutorial about deploying PostgreSQL on a Kubernetes cluster.

2.4. Message queue#

Univention Nubus requires the message queue system NATS. NATS is a connectivity technology, and is responsible for addressing, discovering, and exchanging messages between distributed systems. For example, NATS provides M:N connectivity. NATS bases addressing and discovery on subjects instead of hostnames and ports.

Univention Nubus provides a configuration for a NATS deployment. Using the NATS deployment within Nubus is a clear recommendation and supported by Univention.

If you have an existing NATS deployment, you can use it for Nubus.

See also

NATS Docs

for more information about the software, including the following:

2.5. S3-compatible object storage#

Univention Nubus requires an S3-compatible object storage. Such object storage is Amazon Simple Storage Service (S3) or MinIO. MinIO is an open source object storage solution that provides an S3-compatible API and supports all core S3 features.

Univention Nubus provides an example configuration for a MinIO deployment.

If you have an existing S3-compatible object storage deployment, you can use it for Nubus.

Important

The MinIO deployment within Nubus doesn’t provide concepts for backup, restore, and redundancy. Use it only for demonstration purposes.

⚠️ Univention doesn’t provide support for the MinIO deployment within Nubus.

See also

MinIO Object Storage for Kubernetes

for getting started with MinIO through a quickstart for Kubernetes, deployment, concepts, and administration.

On this page