Deploying BDB Core Platform

Once you meet all the prerequisites, the platform can be deployed using either HELM or FluxCD.

Using HELM: The HELM uses a packaging format called charts. A chart is a collection of files that describes a related set of Kubernetes resources. The settings and configurations can be passed to the chart by preparing the values.yaml template.

Using FluxCD: The FluxCD method is a continuous delivery tool to keep Kubernetes clusters in sync with configuration sources such as GIT repositories and automate configuration updates when available.

By default, the workloads are logically separated into multiple namespaces for easy maintenance. BDB Chart will create Namespaces, Persistence Volume, and Secrets during the installation. BDB highly recommends creating all these before installation to retain the same during reinstallation/upgradation.

Key Features and Configurations

The following features are enabled & configured while deploying the BDB platform:

Multi-Tenancy

BDB platform supports multi-tenancy as a built-in feature. The default deployment will create 2 tenants – Production and Sanity. The additional tenant can be created based on scale & customer requirements. A separate namespace can be configured as an execution space for each tenant.

Secret Management

Inbuilt secret management feature in the BDB data platform is enabled To ensure deployment is highly secure. In the case of HELM, all the credentials like database, usernames, passwords, etc. get stored in Kubernetes as a secret with base64 encryption. In the case of FluxCD, you can store the credentials in the GIT with SOPS encryption. Flux will decrypt and deploy the secrets in Kubernetes.

Auto Scaling

The HorizontalPodAutoscaler (HPA) feature in the BDB platform automatically updates a workload resource to scale the workload to match the demand. You can enable and configure the range of scaling and threshold in the chart.

Cluster Autoscaling

The BDB platform offers seamless cluster autoscaling by automatically scaling resources to meet demand. This ensures optimal scalability and rapid resource enhancement during peak usage. Ideal for cloud deployments, it guarantees availability and performance under any load.

High Availability (HA)

BDB platform supports the HA feature that ensures the platform is available to businesses to work continuously without failure over time. A highly available architecture is when several components, modules, or services work together to maintain optimal performance, irrespective of peak-time loads. This can be achieved by adding multiple worker nodes to the cluster and scheduling the pods to the different nodes. These are performed by enabling node affinity in the charts during installation. Multi-zone Kubernetes cluster in a cloud environment can give more reliability on platform deployment.

Single Sign-On

The BDB platform has an in-built SSO module that can be used for SAML2-based federated authentication. This permits users to use one set of login credentials across the applications/ services/ tools. SSO integration can be accomplished either using Keycloak or Auth0.

• Keycloak: Keycloak is an open-source software product that allows single sign-on with Identity and Access Management aimed at modern applications and services.

• Auth0: Auth0 is a flexible, drop-in solution to add authentication and authorization services to your applications. Your team and organization can avoid the cost, time, and risk of building your solution to authenticate and authorize users.

Routing and Load Balancing

By default, the BDB platform comes with the Nginx Ingress controller, but it can be replaced with any other ingress controller suggested by the customer. An ingress controller abstracts away the complexity of Kubernetes application traffic routing and provides a bridge between Kubernetes services and external ones. Kubernetes Ingress controllers accept traffic from outside the Kubernetes platform and load balance to pods (containers) running inside the platform.

Initialization & Configuration

After the successful deployment of the BDB Platform, the initialization can be done via the rest API call or installation UI. This will create the required table and metadata on the repository database with the platform Admin user.

Once the platform is initialized, you can load the UI on a browser with the ingress URL redirecting to the login page. Login with the credentials provided during platform initialization and update the license using the admin module. Subsequently, all the tenant-based configurations can be applied to the Admin Module. Please refer to the section License Management to learn more about the steps to enable a license.