Merge remote-tracking branch 'origin/main' into document-k8s-requirements

Author: fhennig

modules/ROOT/assets/images/managed-k8s/aks/1.png

@@ -1,3 +1,12 @@
 * xref:quickstart.adoc[]
-* xref:kubernetes.adoc[]
+* xref:kubernetes/index.adoc[]
+** xref:kubernetes/aks.adoc[]
+** xref:kubernetes/gke.adoc[]
+** xref:kubernetes/huawei-cloud.adoc[]
+** xref:kubernetes/ibm-cloud.adoc[]
+** xref:kubernetes/ionos-managed-k8s.adoc[]
+** xref:kubernetes/ionos-managed-stackable.adoc[]
+** xref:kubernetes/microk8s.adoc[]
+** xref:kubernetes/openshift.adoc[]
+** xref:kubernetes/ske.adoc[]
 * xref:getting-started.adoc[]

modules/ROOT/assets/images/managed-k8s/aks/2.png

@@ -16,7 +16,8 @@ Stackable is based on Kubernetes and uses this as the control plane to manage cl
 
 == Installing Kubernetes and kubectl
 
-Stackable's control plane is built around Kubernetes. Follow the xref:kubernetes.adoc#local-installation[instructions] on how to set up a local Kubernetes instance if you do not have access to a cluster and install kubectl.
+Stackable's control plane is built around Kubernetes.
+Follow the xref:kubernetes/index.adoc#local-installation[instructions] on how to set up a local Kubernetes instance if you do not have access to a cluster and install `kubectl`.
 
 If you already have kubectl installed, and have access to a Kubernetes cluster, you can skip this step.
 

modules/ROOT/assets/images/managed-k8s/aks/3.png

@@ -0,0 +1,50 @@
+= Azure Kubernetes Service (AKS)
+
+Automatic Kubernetes clusters are not supported, as the xref:secret-operator:index.adoc[secret-operator] requires special privileges that are not granted in automatic Kubernetes clusters.
+
+https://azure.microsoft.com/en-us/products/kubernetes-service
+
+. Create Kubernetes cluster
++
+Choose an arbitrary name, the default configurations should be fine.
++
+image::managed-k8s/aks/1.png[]
+
+. Update NodePool settings
++
+It is recommended to check `Enable public IP per node`, so that the Stackable demos work out of the box as they are using NodePorts for maximum portability.
++
+image::managed-k8s/aks/2.png[]
++
+In case you don't want to spend more money by having dedicated control-plane nodes, remove the `CriticalAddonsOnly` taint with the trash-button to the right, so that this nodes can also run workloads and not only the dataplane.
++
+image::managed-k8s/aks/3.png[]
+
+. Enable public access
++
+You also need set `Network policy` to `None`, so that your deployed demos are reachable from the internet.
++
+image::managed-k8s/aks/4.png[]
+
+. Create Kubernetes cluster
++
+Click on `Review + Create` to finish the creation
+
+. Allow incoming traffic
++
+Even though the Kubernetes nodes were configured to be public and have no traffic policy, incoming connections will still be blocked by default.
++
+image::managed-k8s/aks/8.png[]
+You need to go to `Network security group`s and modify the one created for your Kubernetes cluster.
++
+image::managed-k8s/aks/5.png[]
+Add a new inbound security rule, which allows all incoming connections.
++
+image::managed-k8s/aks/6.png[]
+
+. Access Kubernetes
++
+Access your Kubernetes by clicking on the `Connect` button and following the instructions.
++
+image::managed-k8s/aks/7.png[]
+

modules/ROOT/assets/images/managed-k8s/aks/4.png

@@ -0,0 +1,5 @@
+= Google Kubernetes Engine (GKE)
+
+Autopilot clusters are not suported, as the xref:secret-operator:index.adoc[secret-operator] requires special privileges that are not granted in Autopilot clusters.
+
+Other than that no special steps are needed.

modules/ROOT/assets/images/managed-k8s/aks/5.png

@@ -0,0 +1,3 @@
+= Huawei cloud
+
+Huawei cloud uses a non-standard Kubelet state directory. Therefore installing secret-operator on Huawei cloud requires special treatment. Please read on the xref:secret-operator:installation.adoc#_huawei_cloud[secret-operator installation guide] for details.

modules/ROOT/assets/images/managed-k8s/aks/6.png

@@ -0,0 +1,3 @@
+= IBM cloud
+
+IBM cloud uses a non-standard Kubelet state directory. Therefore installing secret-operator on IBM cloud requires a special treatment. Please read on the xref:secret-operator:installation.adoc#_ibm_cloud[secret-operator installation guide] for details.

modules/ROOT/assets/images/managed-k8s/aks/7.png

@@ -13,59 +13,14 @@ The following distributions are supported for a production setup of the Stackabl
 
 include::partial$supported-kubernetes-distributions.adoc[]
 
+In case a Kubernetes provider needs some special tuning or we have some tips for it, it has a subpage below this page.
+
 In this version of the SDP, the following Kubernetes versions are supported:
 
 include::partial$supported-kubernetes-versions.adoc[]
 
 Consult the xref:release_notes.adoc[release notes] to find out which specific versions are supported for the Stackable Data Platform you are using.
 
-[#openshift-notes]
-== Notes on OpenShift
-
-SDP operators are certified for the OpenShift platform and can be installed from the OperatorHub.
-
-IMPORTANT: OpenShift installations with FIPS mode enabled are not supported. This is because neither the SDP operators, nor the supported Apache products are FIPS-compliant.
-
-=== Customizing operator installations
-Depending on the cluster size, you may need to customize the resources requested by the SDP operator Pods.
-This is possible when installing the operators from the command line.
-For example, to assign `256Mi` of memory to the Apache Kafka operator, you need to create a custom Subscription as follows:
-
-[source,yaml]
-----
----
-apiVersion: operators.coreos.com/v1alpha1
-kind: Subscription
-metadata:
-  name: stackable-kafka-operator
-  namespace: stackable-operators
-spec:
-  channel: stable
-  installPlanApproval: Automatic
-  name: stackable-kafka-operator
-  source: certified-operators
-  sourceNamespace: openshift-marketplace
-  startingCSV: kafka-operator.v23.11.0
-  config:
-    resources:
-      limits:
-        memory: 256Mi
-      requests:
-        memory: 256Mi
-----
-
-In addition, You can restrict the operator to watch a specific namespace. By default, the operator watches all namespaces.
-For example, to restrict the Kafka operator to watching only a namespace called `kafka-namespace` you add the following properties to the Subscription manifest:
-
-[source,yaml]
-----
-spec:
-  config:
-    env:
-      - name: WATCH_NAMESPACE
-        value: kafka-namespace
-----
-
 [#local-installation]
 == Installing a testinging/development Kubernetes instance locally
 Stackable's control plane is built around Kubernetes, and we'll give some brief examples of how to install Kubernetes on your machine.

modules/ROOT/assets/images/managed-k8s/aks/8.png

@@ -0,0 +1,26 @@
+= IONOS managed Kubernetes
+
+https://cloud.ionos.com/managed/kubernetes
+
+TIP: IONOS also offers a xref:kubernetes/ionos-managed-stackable.adoc[managed Stackable service], which simplifies the usage of Stackable.
+
+There are no special setup steps needed.
+
+. Create Kubernetes cluster
++
+image::managed-k8s/ionos/1.png[]
+
+. Create Nodepool
++
+image::managed-k8s/ionos/2.png[]
+
+. Download kubeconfig
++
+image::managed-k8s/ionos/3.png[]
+
+. Set kubectl context
++
+[source,bash]
+----
+export KUBECONFIG=~/Downloads/kubeconfig.json
+----

modules/ROOT/assets/images/managed-k8s/ionos/1.png

@@ -0,0 +1,5 @@
+= IONOS managed Stackable
+
+https://cloud.ionos.com/solutions/managed-stackable
+
+> The Managed Stackable Data Platform from IONOS Cloud is designed to enable you to work with maximum efficiency: Simply select the appropriate data management tools for your respective purpose, build individual stacks for yourself or your customers and make all your data productively usable as quickly as possible

modules/ROOT/assets/images/managed-k8s/ionos/2.png

@@ -0,0 +1,3 @@
+= Microk8s
+
+Microk8s uses a non-standard Kubelet state directory. Therefore installing secret-operator on Microk8s requires a special treatement. Please read on the xref:secret-operator:installation.adoc#_microk8s[secret-operator installation guide] for details.

modules/ROOT/assets/images/managed-k8s/ionos/3.png

@@ -0,0 +1,45 @@
+= OpenShift
+
+SDP operators are certified for the OpenShift platform and can be installed from the OperatorHub.
+
+IMPORTANT: OpenShift installations with FIPS mode enabled are not supported. This is because neither the SDP operators, nor the supported Apache products are FIPS-compliant.
+
+== Customizing operator installations
+Depending on the cluster size, you may need to customize the resources requested by the SDP operator Pods.
+This is possible when installing the operators from the command line.
+For example, to assign `256Mi` of memory to the Apache Kafka operator, you need to create a custom Subscription as follows:
+
+[source,yaml]
+----
+---
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  name: stackable-kafka-operator
+  namespace: stackable-operators
+spec:
+  channel: stable
+  installPlanApproval: Automatic
+  name: stackable-kafka-operator
+  source: certified-operators
+  sourceNamespace: openshift-marketplace
+  startingCSV: kafka-operator.v23.11.0
+  config:
+    resources:
+      limits:
+        memory: 256Mi
+      requests:
+        memory: 256Mi
+----
+
+In addition, You can restrict the operator to watch a specific namespace. By default, the operator watches all namespaces.
+For example, to restrict the Kafka operator to watching only a namespace called `kafka-namespace` you add the following properties to the Subscription manifest:
+
+[source,yaml]
+----
+spec:
+  config:
+    env:
+      - name: WATCH_NAMESPACE
+        value: kafka-namespace
+----

modules/ROOT/assets/images/managed-k8s/ske/1.png

@@ -0,0 +1,40 @@
+= STACKIT Kubernetes Engine (SKE)
+
+https://www.stackit.de/de/produkt/stackit-kubernetes-engine/
+
+SKE clusters by default have no public IPs assigned to the Kubernetes nodes.
+As of 2024-06-13 marking the nodes as public during the Kubernetes cluster creation is not supported.
+
+As a workaround we create a normal Kubernetes and assign public IP adresses to the Kubernetes nodes.
+
+WARNING: The Kubernetes nodes are ephemeral. When STACKIT decides to reboot your Kubernetes nodes (e.g. to do security updates) they will loose their IP addresses and your services will not be reachable anymore, you need to re-assign the IP addresses.
+To circumvent this problem you can use LoadBalancers instead of NodePorts (which might be more expensive due to additional IP addresses).
+
+. Create Kubernetes cluster
++
+We recommend using at least 50GB disk space for the docker images.
++
+image::managed-k8s/ske/1.png[]
+
+. Wait until Kubernetes is up and running
++
+image::managed-k8s/ske/2.png[]
+
+. List servers
++
+image::managed-k8s/ske/3.png[]
+
+. Assign public IP to *all* Kubernetes nodes
++
+image::managed-k8s/ske/4.png[]
+
+. Download kubeconfig
++
+image::managed-k8s/ske/5.png[]
+
+. Set kubectl context
++
+[source,bash]
+----
+export KUBECONFIG=~/Downloads/my-cluister.yml
+----

modules/ROOT/assets/images/managed-k8s/ske/2.png

@@ -150,7 +150,7 @@ The following are selected product features provided by new versions available i
 Support for the ARM architecture::
 During the development of this release, we started introducing support for the arm64 architecture.
 Currently support is experimental, and we only provide arm64 images for the previous release (23.11).
-For more information on how to use the ARM images, refer to the xref:concepts:arm64-support.adoc[documentation].
+For more information on how to use the ARM images, refer to the xref:concepts:container-images.adoc#multi-platform-support[documentation].
 
 === Product versions
 

modules/ROOT/assets/images/managed-k8s/ske/3.png

@@ -1,7 +1,9 @@
 * https://aws.amazon.com/eks/[Amazon Elastic Kubernetes Service]
-* https://azure.microsoft.com/en-gb/products/kubernetes-service[Microsoft Azure Kubernetes Service]
-* https://cloud.google.com/kubernetes-engine[Google Kubernetes Engine]
-* https://cloud.ionos.com/managed/kubernetes[IONOS Managed Kubernetes]
+* xref:kubernetes/aks.adoc[Azure Kubernetes Service]
+* xref:kubernetes/gke.adoc[Google Kubernetes Engine]
+* xref:kubernetes/ionos-managed-k8s.adoc[IONOS Managed Kubernetes]
+* xref:kubernetes/ionos-managed-stackable.adoc[IONOS Managed Stackable]
+* xref:kubernetes/openshift.adoc[Red Hat OpenShift]
+* xref:kubernetes/ske.adoc[STACKIT Kubernetes Engine] (with the exception of missing public NodePorts)
 * https://www.rancher.com/products/rancher[SUSE Rancher]
 * https://www.suse.com/products/k3s/[SUSE K3S]
-* https://www.redhat.com/en/technologies/cloud-computing/openshift[Red Hat OpenShift]

modules/ROOT/assets/images/managed-k8s/ske/4.png

@@ -1,10 +1,9 @@
 * xref:concepts:index.adoc[]
-** xref:overview.adoc[Overview]
+** xref:overview.adoc[Platform overview]
+** xref:stacklet.adoc[]
 ** Common configuration mechanisms
-*** xref:roles-and-role-groups.adoc[]
 *** xref:product_image_selection.adoc[]
 *** xref:overrides.adoc[Advanced: overrides]
-*** xref:arm64-support.adoc[]
 ** Resources
 *** xref:resources.adoc[]
 *** xref:s3.adoc[]