Install Humio Operator on Kubernetes
The Humio Operator creates a way to deploy and manage one or more Humio Clusters, as well as configure Humio components such as Repositories, Parsers and Ingest Tokens.
Running Humio with the Humio Operator reduces the overall cost of running Humio on Kubernetes by running a Humio-maintained controller that manages many of the cluster operations for you.
Features
- Automates the installation of a Humio Cluster on Kubernetes
- Automates the management of Humio Repositories, Parsers, and Ingest Tokens
- Automates the management of Humio, such as partition balancing
- Automates version upgrades of Humio
- Automates configuration changes of Humio
- Allows the use various storage mediums, including hostPath or storage class PVCs
- Automates the cluster authentication and security such as pod-to-pod TLS, SAML and OAuth
If you are looking for information about shipping data from a Kubernetes cluster to Humio without running Humio in Kubernetes, please see our Kubernetes platform integration documentation.
Installation using the Humio Operator
The easiest way to install Humio in Kubernetes is to use the offical Humio Operator. This document describes installing the Humio Operator. Once the Humio Operator is running, and number of Humio resources may then be created, including Humio Cluster’s, Repositories, Parsers and Ingest Tokens.
For a procedure that follows the entire process, refer to the Quick Start Guide.
Prerequisites
Tooling
Platform
- A Kubernetes cluster that is version 1.16+
- Kubernetes node(s) that meet the Sizing Requirements
- Cluster storage that can either use hostPath (recommended) or PVCs
Services
- A running Kafka cluster with network access from Kubernetes nodes to both Zookeeper and Kafka brokers
- cert-manager v0.16+ (by default, but can be disabled with
certmanagerset tofalse) - NGINX Ingress Controller controller v0.34.1 (only required if configuring HumioCluster CR’s with
ingress.controllerset tonginx)
Installing the CRD’s
Obtain the version from Releases. Use the latest stable release.
export HUMIO_OPERATOR_VERSION=x.x.x
kubectl apply -f https://raw.githubusercontent.com/humio/humio-operator/humio-operator-${HUMIO_OPERATOR_VERSION}/config/crd/bases/core.humio.com_humioclusters.yaml
kubectl apply -f https://raw.githubusercontent.com/humio/humio-operator/humio-operator-${HUMIO_OPERATOR_VERSION}/config/crd/bases/core.humio.com_humioexternalclusters.yaml
kubectl apply -f https://raw.githubusercontent.com/humio/humio-operator/humio-operator-${HUMIO_OPERATOR_VERSION}/config/crd/bases/core.humio.com_humioingesttokens.yaml
kubectl apply -f https://raw.githubusercontent.com/humio/humio-operator/humio-operator-${HUMIO_OPERATOR_VERSION}/config/crd/bases/core.humio.com_humioparsers.yaml
kubectl apply -f https://raw.githubusercontent.com/humio/humio-operator/humio-operator-${HUMIO_OPERATOR_VERSION}/config/crd/bases/core.humio.com_humiorepositories.yaml
kubectl apply -f https://raw.githubusercontent.com/humio/humio-operator/humio-operator-${HUMIO_OPERATOR_VERSION}/config/crd/bases/core.humio.com_humioviews.yaml
Note: It is possible to skip this step if using
installCRDs=truewhen installing the Helm Chart. This is not recommended because uninstalling the helm chart will remove the custom resources.
Installing the Operator Helm Chart
To install the chart with the release name humio-operator:
helm repo add humio-operator https://humio.github.io/humio-operator
# Helm v3+
helm install humio-operator humio-operator/humio-operator \
--namespace logging \
--version="${HUMIO_OPERATOR_VERSION}" \
--values values.yaml
# Helm v2
helm install humio-operator/humio-operator --name humio-operator \
--namespace logging \
--version="${HUMIO_OPERATOR_VERSION}" \
--values values.yaml
Note: By default, we expect cert-manager to be installed in order to configure TLS. If you do not have cert-manager installed, or if you know you do not want TLS, see the configuration section for how to disable this.
Note: By default, we expect a non-OpenShift installation, see the configuration section for how to enable OpenShift specific functionality.
The command deploys humio-operator on the Kubernetes cluster in the default configuration. The configuration section lists the parameters that can be configured during installation.
Tip: List all releases using
helm list
Creating a Humio Cluster
A Humio Cluster can be created once the Humio Operator is running. Follow the instructions for creating a Humio Cluster resource.
Humio Operator Permissions
Note that by default, Kubernetes ServiceAccounts are created for the each container in the Humio pods. The Humio Operator will need the appropriate permissions to create ClusterRole, and ClusterRoleBinding resources, as well as Role and RoleBinding resources in the namespace in which the HumioCluster is created.
This can be bypassed by creating the ServiceAccounts prior to creating the HumioCluster resource and then configuring the HumioCluster to use them. See Custom Service Accounts.
If this is done, both operator.rbac.allowManageRoles and operator.rbac.allowManageClusterRoles can be set to false.
Uninstalling the Operator Helm Chart
To uninstall/delete the humio-operator deployment:
helm delete humio-operator --namespace logging
The command removes all the Kubernetes components associated with the chart and deletes the release.
Configuration
The following table lists the configurable parameters of the ingress-nginx chart and their default values.
| Parameter | Description | Default |
|---|---|---|
operator.image.pullSecrets |
Image pull secrets to pull the operator container image. | [] |
operator.image.repository |
Operator container image repository. | humio/humio-operator |
operator.image.tag |
Operator container image tag. | <latest release tag> |
operator.rbac.allowManageRoles |
Configure RBAC resources to allow the humio-operator to manage Role resources. Can be disabled if all RBAC resources are created outside the humio-operator. |
true |
operator.rbac.allowManageClusterRoles |
Configure RBAC resources to allow the humio-operator to manage ClusterRole resources. Can be disabled if init container is disabled on all HumioCluster resources, or if all RBAC resources are created outside the humio-operator. |
true |
operator.rbac.create |
Automatically create operator RBAC resources. | true |
operator.resources |
Operator resources requests and limits. | {requests: {cpu: 250m, memory: 200Mi}, limits: {cpu: 250m, memory: 200Mi}} |
operator.watchNamespaces |
List of namespaces the operator will watch for resources (if empty, it watches all namespaces). NB: If this is non-empty, it requires the use of Custom Service Accounts. | [] |
installCRDs |
Automatically install CRDs. NB: if this is set to true, custom resources will be removed if the Helm chart is uninstalled. | false |
openshift |
Install additional RBAC resources specific to OpenShift. | false |
certmanager |
Whether cert-manager is present on the cluster, which will be used for TLS functionality. | true |
These parameters can be passed via Helm’s --set option. For example:
# Helm v3+
helm install humio-operator humio-operator/humio-operator \
--namespace logging \
--version="${HUMIO_OPERATOR_VERSION}" \
--set installCRDs=true
# Helm v2
helm install humio-operator --name humio-operator \
--namespace logging \
--version="${HUMIO_OPERATOR_VERSION}" \
--set installCRDs=true