![]() If your SMTP provider is not listed, refer to the provider's documentation for information on creating an SMTP URI. ![]() The following table contains examples of what the URI will look like for some of the most popular SMTP services: Provider To confirm that your enterprise security team generated the correct certificate, run the following command using the openssl CLI: This certificate needs to be valid for the BASEDOMAIN your organization uses for Astronomer, as well as the subdomains listed at the beginning of Step 4. If you're installing Astronomer for a large organization, you'll need to request a TLS certificate and private key from your enterprise security team. Option 2: Request a TLS certificate from your security team Make note of the certificate you create in this setup for Step 5. To set up TLS certificates this way, follow the guidelines in Automatically Renew TLS Certificates Using Let's Encrypt. Use this option if you are configuring Astronomer for a smaller organization without a dedicated security team. Let's Encrypt is a free and secure certificate authority (CA) service that provides TLS certificates that renew automatically every 90 days. Option 1: Create TLS certificates using Let's Encrypt We recommend this option for large organizations with their own protocols for generating TLS certificates. Option 2: Request a TLS certificate from your organization's security team.We recommend this option for smaller organizations where your DNS administrator and Kubernetes cluster administrator are either the same person or on the same team. Option 1: Obtain a TLS certificate from Let's Encrypt.To obtain a TLS certificate, complete one of the following setups: Create a Kubernetes namespace Ĭreate a namespace called astronomer to host the core Astronomer platform: You'll use helm to install and manage the Astronomer platform. It allows you to easily deploy complex Kubernetes applications. Helm is a package manager for Kubernetes. Step 3: Configure Helm with your GKE cluster If you work with multiple Kubernetes environments, kubectx is an incredibly useful tool for quickly switching between Kubernetes clusters. For more detailed instructions and a full list of optional flags, refer to GKE's "Creating a Cluster".The Astronomer platform and all components within it will consume ~11 CPUs and ~40GB of memory as the default overhead, so we generally recommend using larger vs smaller nodes.We recommend using the n1-standard-8 machine type with a minimum of 3 nodes (24 CPUs) as a starting point.For more information, refer to Astronomer's Version compatibility reference. Each version of Astronomer Software is compatible with only a particular set of Kubernetes versions.Login to your Google account with the gcloud CLI: Note: You can view Google Cloud Platform's Web Console at Create a GCP project Step 2: Configure GCP for Astronomer Deployment Kibana Dashboard: įor the full list of subdomains, see Step 4.Airflow Deployments: /uniquely-generated-airflow-name/airflow.Once created, your Astronomer base domain will be linked to a variety of sub-services that your users will access via the internet to manage, monitor and run Airflow on the platform.įor the base domain, for example, here are some corresponding URLs that your users would be able to reach: Step 1: Choose a base domain Īll Astronomer services will be tied to a base domain of your choice, under which you will need the ability to add and edit DNS records. To avoid these issues, Astronomer recommends installing Astronomer Software on a GKE Dataplane V1 cluster. When Astronomer Software is installed on a GCP GKE Dataplane V2 cluster, the interaction between the Astronomer Nginx ingress controller and Cilium can cause dropped connections, dropped packets, and intermittent 504 timeout errors when accessing the Astronomer UI or Houston API. There is a known bug on GCP GKE Dataplane V2 clusters that affects Astronomer Software installations.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |