AKS Cluster configuration for deploying Mach5 Search

This document contains the GKE cluster configuration requirements for deploying Mach5 Search.

Kubernetes Version

Verified Kubernetes version for the GKE cluster to deploy Mach5 Search:

• 1.32.6 or above

Prerequisites

• An instance of Azure Database for PostgreSQL flexible server

  • Postgres version: 16.x
  • Note the hostname, password, databasename, user and port
    • Sample command to create the PSQL instance (change as needed)

  az postgres flexible-server create \
    --name <change_this_server_name> \
    --resource-group <change_this_resource_group> \
    --location eastus \
    --admin-user postgres \
    --admin-password Password123 \
    --tier Burstable \
    --sku-name Standard_B1ms \
    --storage-size 32 \
    --version 16
  

  • Make sure that the require_secure_transport parameter is set to OFF.

    • Sample CLI command (change as needed)

    az postgres flexible-server parameter set \
      --resource-group <change_this_resource_group> \
      --server-name <change_this_server_name> \
      --name require_secure_transport \
      --value OFF
    

  • This instance of PostgreSQL should be reachable /accessible from the AKS cluster in which Mach5 is deployed.

    • If needed you could add this firewall rule to allow azure services to access this PSQL instance (change as needed)

    az postgres flexible-server firewall-rule create \
      --name <change_this_server_name> \
      --resource-group <change_this_resource_group> \
      --rule-name AllowAzureServices \
      --start-ip-address 0.0.0.0 \
      --end-ip-address 0.0.0.0
    

• A Blob Storage Account which has a container that would be used for data and OTLP logs storage by Mach5 Search

AKS cluster

Cluster configuration for Mach5:

• Make sure to enable Workload Identity and Managed Identity on the cluster
• Label the system node pool with the following label: mach5-main-role: “true”

Sample az CLI AKS cluster creation command for reference: (Change as needed)

az aks create \
  --resource-group <change_this_resource_group> \
  --name <change_this_cluster_name> \
  --location eastus \
  --nodepool-name mainnode \
  --nodepool-labels mach5-main-role=true \
  --node-count 1 \
  --node-vm-size Standard_D4s_v4 \
  --service-cidr 10.1.0.0/16 \
  --dns-service-ip 10.1.0.10 \
  --network-plugin azure \
  --generate-ssh-keys \
  --enable-oidc-issuer \
  --enable-workload-identity \
  --enable-managed-identity

• Once the cluster is up and running:
  • Make sure that Blob Storage Account is accessible from the cluster pods.
    • One way to do that would be to add the virtual network of the cluster created above to allow access to the Blob Storage account. Refer to the screenshot below:

• Make sure that the Storage Blob Data Contributor Role is assigned to the node pool identity of the cluster
  • Refer to the screenshots below for reference:

• A license token is required to install Mach5. Please request the License Token Setup Guide from Mach5 team and provide the requested details to the Mach5 Administrator to obtain your license.

AKS Node Pools

Mach5 Search uses node-pools in AKS for scalability, efficient resource utilization and better performance of different parts of the system. In order to do so, cluster autoscaling must be enabled for all the node pools.

Node Pool configuration in Mach5:

Mach5 Search Helm charts

Following helm charts need to be installed in the EKS cluster for deploying Mach5 Search: