Unikorn Compute Service
Overview
The compute service is essentially a cut down version of the Kubernetes service that provisions its own compute servers using hardware abstraction provided by the Region service.
Where possible, as the Compute service is very similar to the Kubernetes service, we must maintain type and API parity to ease creation of UX tools and services.
Installation
Unikorn Prerequisites
To use the Compute service you first need to install:
Installing the Service
Installing Prerequisites
The Unikorn compute server component has a couple prerequisites that are required for correct functionality.
If not installing the server component, skip to the next section.
You'll need to install:
- cert-manager (used to generate keying material for JWE/JWS and for ingress TLS)
- nginx-ingress (to perform routing, avoiding CORS, and TLS termination)
Installing the Compute Service
Helm
Create a values.yaml
for the server component:
A typical values.yaml
that uses cert-manager and ACME, and external DNS might look like:
global:
identity:
host: https://identity.unikorn-cloud.org
region:
host: https://region.unikorn-cloud.org
compute:
host: https://compute.unikorn-cloud.org
helm install unikorn-compute charts/compute --namespace unikorn-compute --create-namespace --values values.yaml
ArgoCD
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: unikorn-compute
namespace: argocd
spec:
project: default
source:
repoURL: https://unikorn-cloud.github.io/compute
chart: compute
targetRevision: v0.1.0
destination:
namespace: unikorn
server: https://kubernetes.default.svc
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true
Configuring Service Authentication and Authorization
The Unikorn Identity Service describes how to configure a service organization, groups and role mappings for services that require them.
This service requires asynchronous access to the Unikorn Region API in order to poll cloud identity and physical network status during cluster creation, and delete those resources on cluster deletion.
This service defines the unikorn-compute
user that will need to be added to a group in the service organization.
It will need the built in role infra-manager-service
that allows:
- Read access to the
region
endpoints to access external networks
- Read/delete access to the
identites
endpoints to poll and delete cloud identities
- Read/delete access to the
physicalnetworks
endpoints to poll and delete physical networks
- Create/Read/Delete access to the
servers
endpoints to manage compute instances