Welcome to getting started with Kubernetes on Datica! In this article we're going to walk you through how to get a Kubernetes cluster stood up. Additionally, we'll briefly cover how to utilize the various deployments provided by Datica—logging, monitoring, intrusion detection, and more.

Working with Datica

Once you've established contact with Datica, the first step is to work with our sales department on understanding your organization's needs as they pertain to compliance and security in the cloud. The new Datica Kubernetes Platform has two deployment models — On-account and Datica Cloud. By working with a Datica expert, we will help you understand which deployment model works best for you.

Once you've discussed your needs with a Datica expert, we'll then get a staging cluster stood up for you. This is a production ready cluster that you can use to begin testing. In order stand up a cluster in your account, we'll need the following information:

  • Vendor name (AWS or Azure)
  • Your cloud provider account ID
  • Your access key
  • Legal business name
  • What you'd like to name your cluster
  • Initial user administrators

Note: This account should be created within the "Datica" group. This will ensure any additional services are accessible to us. In addition to the information above, we'll also need you root access for the time being.

Once we have your credentials and you've set the proper permissions, we'll then need to know:

  • How many controller nodes you require (we require a minimum of 2 controllers to ensure HA, you may choose to have more)
  • How many workers you require (we deploy 3 by default)
  • Node instance type
  • Cloud provider region (ex: us-east-1)

All of this information can be collected via a secure form that we share with you, or we can discuss it over a phone call. We do not expect our users to be Kubernetes experts (that's what we're here for!). As a result, a number of concepts may be unfamiliar to you. Not to worry, Datica experts are more than happy to walk you through how to properly size and configure your cluster.

Provisioning a Kubernetes cluster

The primary benefit of using Datica is that we manage compliance and security for you. The secondary benefit is that we're a fully managed Kubernetes service. This means you simply tell us what you need (via the information collected above) and we take care of the rest. Our automated configuration tooling will stand up the cluster, compliance deployments, and the underlying infrastructure in a matter of minutes.

Gaining access

Once we've provisioned your new cluster, we'll grant you access to that cluster. That process is as follows:

  • We'll create an organization on your behalf using the legal business name collected above. This organization lives within Datica's centralized authentication system. This system is responsible for managing users and cluster access.
  • After we've created the organization, you'll be sent an invite to your email on file (as well as any other administrators). Use this email to activate your account.
  • Once you've activated your account, you'll need to download and install the Datica datikube CLI utility. You can download the package and view instructions for installation here.
  • Once you've installed datikube, you'll need three pieces of information:
    • <NAME> - This is the name you'd like to use for your cluster (ex: "prod", "staging", etc.). Datica will configure this for you.
    • <CLUSTER-URL> - This is a URL at which this cluster's kube-apiserver is accessible. Datica will provide this to you.
    • <CA-FILE> - This should be the relative path to the CA cert for this cluster. Datica will provide you with this file.
  • After you've gathered your cluster's name, cluster-url, and the ca-file, you can run the following command:
    • datikube set-context <NAME> <CLUSTER-URL> <CA-FILE>
    • Ex: datikube set-context prod-cluster ~/.example/ca.crt

After successfully running the datikube set-context command with the parameters above, you can begin using your new compliant cluster!

Next steps

Before deploying your workloads onto your new Kubernetes cluster. You'll want to ensure you can access the various deployments Datica provides. Those include:

  • Logging access: kubectl port-forward -n logging service/kibana 8001:80 - In your browser, the kibana dashboard can be accessed at the following url: http://localhost:8001
  • Monitoring access: kubectl port-forward -n monitoring service/grafana 8002:3000 - In your browser, the grafana dashboard can be accessed at the following url: http://localhost:8002