Install on Self-hosted Kubernetes

After performing the steps in Before You Install on Self-hosted Kubernetes, you are ready to install Collibra DQ on self-hosted Kubernetes.

Sign in to the Kubernetes cluster

  1. Sign in to the Kubernetes cluster from a Linux compatible terminal.
  2. Create a namespace in the cluster using the following code snippet:
    Copy
    kubectl create namespace <owldq>

Pull images from the Collibra registry

Collibra DQ containers are located in the Google Container Registry (http://gcr.io/).

Note For more information on docker images related to DQ build packages, go to Builds.
  1. Download the .json repo-key. It is provided by Collibra. Reach out to your Account Team so they can request a repo-key on your behalf from Engineering.
  2. Run the following command:
    3. Copy 
    docker login -u _json_key -p "$(cat repo-key.json)" https://gcr.io

    Note Image names with their versions are provided by Collibra.

  3. To pull the images, run the following docker pull commands:
    4. Copy 
    docker pull gcr.io/owl-hadoop-cdh/dq-agent:<version and build tag provided by Collibra>
    docker pull gcr.io/owl-hadoop-cdh/dq-web:<version and build tag provided by Collibra>
    docker pull gcr.io/owl-hadoop-cdh/dq-spark:<version and build tag provided by Collibra>
    docker pull gcr.io/owl-hadoop-cdh/dq-livy:<version and build tag provided by Collibra>

Push images into your private registry

  1. Sign in to your private container registry.
  2. Tag and push the images from Collibra to your private registry, by using the following commands:
Copy 
docker tag gcr.io/owl-hadoop-cdh/dq-web:2023.11 <registryURL>/dq-web:2023.11
docker push <registryURL>/dq-web:2023.11

Example:

docker tag [OPTIONS] IMAGE [:TAG][REGISTRYHOST/][USERNAME/]NAME[:TAG]

docker tag push NAME[:TAG]

Create an SSL keystore secret

kubectl create secret generic dq-ssl-secret \
--from-file /path/to/keystore.jks \
--namespace <namespace>

Warning The file name that you use in the --from-file argument should be keystore.jks. If the file name is anything else, you must include an additional argument specifying the keystore file name in the Helm command.

Create a pull secret

Note  Deploying containers directly from the Collibra image repository is not recommended. You should only access the Collibra image registry for the initial download and validation of Docker images. After this, you should upload and store images to your private registry to provide you control over when the images are updated and eliminate any operational dependencies on Collibra's repository.

  1. To create a pull secret, use the following code snippet:

Copy 
kubectl create secret docker-registry dq-pull-secret \
--docker-server=<cdq-registry-server> \
--docker-username=_json_key \
--docker-email=<service-account-email> \
--docker-password="$(cat /path/to/key.json)" \
--namespace <namespace>

Note If your private registry is used for images and if they are accessible from within the Kubernetes cluster, this secret need not be created. If credentials are required to access your private registry, create this secret by modifying the docker-server URL and docker-password.

What's next?

Deploy on self-hosted Kubernetes