Install on Self-hosted Kubernetes

After performing the steps in Before You Install on Self-hosted Kubernetes, you are ready to install Collibra DQ on self-hosted Kubernetes.

Sign in to the Kubernetes cluster

  1. Sign in to the Kubernetes cluster from a Linux compatible terminal.
  2. Create a namespace in the cluster using the following command:
    Copy
    kubectl create namespace <owldq>

Pull images from the Collibra registry

Collibra DQ images are located in the Google Artifact Registry (http://gcr.io/). To access the images, you need a key file (repo-key.json). Contact Collibra Support to obtain a key file for your organization. Collibra strongly recommends that you designate a key file recipient to obtain this file and keep it secure.

Note For more information on docker images related to DQ build packages, go to Builds.
  1. Run the following command:
    2. Copy 
    docker login -u _json_key -p "$(cat repo-key.json)" https://gcr.io

    Note Contact Collibra Support to obtain a key file (repo-key.json) for your organization.

  2. To pull the images, run the following docker pull commands:
    3. Copy 
    docker pull gcr.io/owl-hadoop-cdh/dq-agent:<version and build tag provided by Collibra>
    docker pull gcr.io/owl-hadoop-cdh/dq-web:<version and build tag provided by Collibra>
    docker pull gcr.io/owl-hadoop-cdh/dq-spark:<version and build tag provided by Collibra>
    docker pull gcr.io/owl-hadoop-cdh/dq-livy:<version and build tag provided by Collibra>

Push images into your private registry

  1. Sign in to your private container registry.
  2. Tag and push the images from Collibra to your private registry, by using the following commands:
Copy 
docker tag gcr.io/owl-hadoop-cdh/dq-web:2023.11 <registryURL>/dq-web:2023.11
docker push <registryURL>/dq-web:2023.11

Example:

Copy 
docker tag [OPTIONS] IMAGE [:TAG][REGISTRYHOST/][USERNAME/]NAME[:TAG]   
docker tag push NAME[:TAG]

Create an SSL keystore secret

To create an SSL keystore secret, run the following command:

Copy 
kubectl create secret generic dq-ssl-secret \
--from-file /path/to/keystore.jks \
--namespace <namespace>

Warning The file name that you use in the --from-file argument should be keystore.jks. If the file name is anything else, you must include an additional argument specifying the keystore file name in the Helm command.

Create a pull secret

Note  Deploying containers directly from the Collibra image repository is not recommended. You should only access the Collibra image registry for the initial download and validation of Docker images. After this, you should upload and store images to your private registry to provide you control over when the images are updated and eliminate any operational dependencies on Collibra's repository.

To create a pull secret, run the following command:

Copy 
kubectl create secret docker-registry dq-pull-secret \
--docker-server=<cdq-registry-server> \
--docker-username=_json_key \
--docker-email=<service-account-email> \
--docker-password="$(cat /path/to/key.json)" \
--namespace <namespace>

Note If your private registry is used for images and if they are accessible from within the Kubernetes cluster, this secret need not be created. If credentials are required to access your private registry, create this secret by modifying the docker-server URL and docker-password.

What's next?

Deploy on self-hosted Kubernetes