← back to ultihash.io

Customize your deployment

How to further customise your UltiHash Self-Hosted deployment via Kubernetes and Helm

The Helm chart used during installation is flexible and allows for various configurations to fine-tune the UltiHash setup according to your specific needs. Below are key areas where you might want to make changes:

Ingress configuration

  • Purpose: Configure how the UltiHash cluster is accessed externally.

  • Example: Set up Ingress with specific annotations and TLS configuration.

    entrypoint:
  ingress:
    host: <your_domain_name>
    annotations:
      kubernetes.io/ingress.class: nginx
      nginx.ingress.kubernetes.io/proxy-body-size: "0"
    tls:
     - hosts:
        - <your_domain_name>
       secretName: <tls_secret>

  • Recommendation: Ensure the ingress controller is configured for your environment (e.g., Nginx) and that TLS is used for secure communication.

Resource allocation

  • Purpose: Adjust the resource allocations for service replicas.

  • Example: Customize resource requests and limits for critical services.

    etcd:
  resources:
    limits:
      memory: "2Gi"
      cpu: "500m"

entrypoint:
  resources:
    limits:
      memory: "16Gi"
      cpu: "8"

database:
  primary:
    resources:
      limits:
        memory: "16Gi"
        cpu: "8"

deduplicator:
  resources:
    limits:
      memory: "64Gi"
      cpu: "16"

storage:
  resources:
    limits:
      memory: "32Gi"
      cpu: "16"

  • Recommendation: Adjust resources to balance performance with cost.

You also might need to adjust Kubernetes-specific settings to optimize the UltiHash deployment:

Node affinity and tolerations

  • Purpose: Control where pods are scheduled within your Kubernetes cluster.

  • Example: Use node affinity to keep storage pods on different nodes.

    storage:
  affinity:
    podAntiAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
      - labelSelector:
          matchExpressions:
          - key: role
            operator: In
            values:
            - storage
        topologyKey: kubernetes.io/hostname

  • Recommendation: Use affinity rules to optimize performance and ensure critical services run on appropriate nodes.

Secret management

  • Purpose: Securely manage and rotate Kubernetes secrets used by the UltiHash cluster.

  • Example: Rotate a Kubernetes secret without causing downtime:

    kubectl delete secret docker-registry registry-credential

kubectl create secret docker-registry registry-credentials \\\\
  --docker-server='registry.ultihash.io' \\\\
  --docker-username='<new_registry_username>' \\\\
  --docker-password='<new_registry_password>'

# Gracefully restart UltiHash services to apply the changes
helm upgrade <release_name> oci://registry.ultihash.io/stable/ultihash-cluster -n <namespace> --values.yaml --force

  • Recommendation: Rotate secrets periodically and implement alerts for expired or compromised secrets.

Last updated

Was this helpful?