-
Notifications
You must be signed in to change notification settings - Fork 110
How to run Texera on local Kubernetes
This document explains how to run Texera on Kubernetes locally for development purposes.
Before you begin, you will need a local Kubernetes cluster manager. We use Minikube in this instruction.
- Install Minikube.
- Start your cluster:
minikube start
- Verify that your node is running. You should see
minikubein your node list when you run:kubectl get nodes
All the necessary Kubernetes files are located in the bin/k8s directory of this repository.
- Navigate to the
bindirectory:cd bin - Install the Texera Helm chart. This command will install all Texera services into a new
texera-devnamespace.helm install texera k8s --namespace texera-dev --create-namespace
Note: If you get an error about missing Helm dependencies, navigate to the
k8sdirectory and run the dependency update command, then try the installation again:cd k8s helm dependency update cd .. helm install texera k8s --namespace texera-dev --create-namespace
Wait for the required deployments to be in the Running state. You can check their status by running:
kubectl get deployments -n texera-devThe key deployments required to run Texera are:
texera-webservertexera-file-servicetexera-workflow-computing-unit-manager
Once the deployments are running, you can access the Texera web interface.
-
Port-Forwarding (If Required)
By default, the UI should be available at http://localhost:30080.
If you get a "connection refused" error, you may need to manually forward the ingress port. Open a new terminal and run:
kubectl port-forward -n texera-dev service/texera-ingress-nginx-controller 30080:80
-
Login
Open http://localhost:30080 in your browser and log in using the default username and password.
If you see an error when trying to upload a file to a dataset, you may need to forward the port for MinIO (our file storage service).
Run the following command in a new terminal:
kubectl port-forward -n texera-dev service/texera-minio 31000:9000This maps the service's port 9000 to your local port 31000.
To test custom changes, you can update the bin/k8s/values.yaml file to use your own Docker images. After modifying the values.yaml file, upgrade the Helm release to apply the changes:
helm upgrade texera k8s --namespace texera-devFor any deployment, especially in production, it's crucial to apply the principle of least privilege to limit potential damage from a security vulnerability. While the OS user deploying the chart needs kubectl and helm permissions, a more critical concern is the user running the application inside the containers.
By default, many container images run as the root user. If an attacker exploits a vulnerability in an application (like the running code on computing unit), they would gain root privileges within the container, giving them full control to access or modify its contents and potentially attack other services.
To prevent this, you should configure the Kubernetes deployments to run the processes as a specific, unprivileged user.
The following is a sample template you can use:
spec:
template:
spec:
securityContext:
# Run as a non-root user (e.g., user 1001)
runAsUser: 1001
runAsGroup: 1001
# Enforce that the container cannot run as root
runAsNonRoot: true
# Make the root filesystem read-only
readOnlyRootFilesystem: true
containers:
- name: texera-webserver
image: ...Copyright © 2025 The Apache Software Foundation.
Getting Started
Implementing an Operator
- Step 2 - Guide to Implement a Java Native Operator
- Step 3 - Guide to Use a Python UDF
- Step 4 - Guide to Implement a Python Native Operator
Contributing to the Project