Standalone Deployment of kdb Insights Enterprise Overview

This page details an example infrastructure architecture for deploying kdb Insights Enterprise on the Kubernetes container orchestration system.

Example infrastructure

To support the deployment of kdb Insights Enterprise, we provide an Infrastructure as Code (IaC) bundle. The bundle contains a Dockerized environment with Terraform code and the tools required to create a managed Kubernetes cluster in any of the three major cloud providers.

The infrastructure provisioned satisfies the base requirements for deploying kdb Insights Enterprise and provides additional integrations including Cloud Logging and Metrics. The result is a secure, but not production hardened infrastructure, with the Kubernetes cluster deployed into a private network and is only accessible through a VPN.

The following diagram shows a high-level overview of the cloud infrastructure provisioned by the IaC bundle.

Terraform

HashiCorp Terraform is an infrastructure as code tool that lets you define both cloud and on-prem resources in human-readable configuration files that you can version, reuse, and share.

We chose Terraform as it is multi-cloud, with plugins for AWS, Azure, GCP and others. This allows you to spin up the same architecture regardless of your chosen cloud provider, with only minor difference in the configuration steps.

Resources provisioned

The IaC bundle provisions resources at both the cloud service provider and Kubernetes level.

Cloud Provider resources

• Virtual Private Cloud (VPC)

• Public subnets used by the bastion host and any resources created by the Kubernetes cluster (for example, Load Balancer)

• Private subnets to deploy the Kubernetes worker nodes

• Bastion host running on a compute instance which acts as a VPN server to provide access to the Kubernetes cluster

• Managed Kubernetes Cluster (AKS,EKS,GKE).

Kubernetes resources

• cert-manager 1.17.1 - generates certificates for any endpoint exposed by nginx-ingress

• nginx-ingress 4.11.5 - exposes kdb Insights Enterprise endpoint which can be either REST API or Web Interface

• rook-ceph 1.16.5 - provides a shared filesystem for kdb Insights Enterprise

• Istio 1.25.0 - provides the ability to support in-flight encryption between services

• A StorageClass named sharedfiles that is backed by shared storage. A recommended option is to deploy the cloud provider's CSI driver that implements network file storage (AWS, Azure, GCP)

Architecture profile

The IaC bundle offers the following three different Architecture Profiles: