Live Workshop: Integrate Google SecOps with Bindplane - Join Us on January 29th at 11 AM ET!Sign Up Now

High Availability

Deploy BindPlane OP Server to Kubernetes with High Availability

important

🚧 This feature is only available in BindPlane OP Enterprise. Learn more here.

Architecture

When BindPlane is deployed as a Deployment, it has the following architecture.

  • BindPlane with multiple replicas
    • Deployed as a Deployment.
  • Prometheus time series database
  • One or more Transform agent pods, for live preview
  • PostgreSQL storage backend

note

BindPlane uses Prometheus as a storage backend for agent throughput metrics. It is unnecessary to manage Prometheus outside of the Helm chart.

note

PostgreSQL is not deployed by the BindPlane Helm chart and must be deployed as a prerequisites.

Prerequisites

Licensing

An Enterprise license is required when operating BindPlane in High Availability. Learn more here.

PostgreSQL

PostgreSQL must be deployed and reachable from the cluster.

Postgres requirements

  • Database named bindplane
  • User with full permission to the bindplane database
  • Reachable from BindPlane's Kubernetes cluster

Event Bus

BindPlane requires an external event bus when operating with more than one pod. See the Event Bus documentation for details.

Installation

Add the BindPlane OP Helm chart to your workstation.

bash
1helm repo add "bindplane" \
2    "https://observiq.github.io/bindplane-op-helm"
3
4helm repo update

Create a values.yaml file, which will be used to configure your Helm deployment.

  • license: Your Enterprise license. Add the initial options. Make sure to set the following:
  • config.username: Your basic auth username for the Administrator project.
  • config.password: Your basic auth password for the Administrator project.
  • config.sessions_secret: A random uuid. You can use uuidgen to create one.
  • config.eventbus.type: The event bus type to use. This example will use Google Pub/Sub. See the Helm Event Bus Configuration doc for available options.
  • backend.postgres.host: The Hostname or IP address of the PostgreSQL server.
  • backend.postgres.port: The PostgreSQL server's port.
  • backend.postgres.username: The username the BindPlane server should use to connect to Postgres.
  • backend.postgres.password: The password the BindPlane server should use to connect to Postgres.
yaml
1config:
2  # An Enterprise license is required for
3  # BindPlane when using PostgreSQL and an event bus.
4  license: ''
5
6  # These options should be configured by
7  # the user.
8  username: ''
9  password: ''
10  sessions_secret: ''
11
12replicas: 3
13
14# Eventbus is required when operating BindPlane
15# using a distributed architecture.
16eventbus:
17  type: 'pubsub'
18  pubsub:
19    projectid: ''
20    topic: ''
21
22# Postgres is deployed outside of this chart
23# shared by all BindPlane pods.
24backend:
25  type: postgres
26  postgres:
27    host: ''
28    port: 5432
29    database: 'bindplane'
30    username: ''
31    password: ''
32
33resources:
34  # Allow cpu bursting.
35  # Request fixed amount of memory, 1Gb.
36  requests:
37    cpu: '500m'
38    memory: '1024Mi'
39  limits:
40    memory: '1024Mi'
41
42transform_agent:
43  replicas: 2

Deploy BindPlane to the bindplane namespace using Helm and your previously created values.yaml configuration file.

bash
1helm repo update
2
3helm upgrade \
4    --values="values.yaml" \
5    --namespace=bindplane \
6    --create-namespace \
7    --install \
8    bindplane \
9    bindplane/bindplane

After a few moments, check the namespace by running kubectl -n bindplane get pod. You will see three pods.

text
1NAME                                            READY   STATUS    RESTARTS   AGE
2pod/bindplane-657d79f559-69wmw                  1/1     Running   0          55s
3pod/bindplane-657d79f559-h8j2l                  1/1     Running   0          55s
4pod/bindplane-657d79f559-tdl8j                  1/1     Running   0          19m
5pod/bindplane-prometheus-0                      1/1     Running   0          22m
6pod/bindplane-transform-agent-b44d78f5b-dgn2h   1/1     Running   0          22m
7pod/bindplane-transform-agent-b44d78f5b-k9jdg   1/1     Running   0          22m
8
9NAME                                TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)    AGE
10service/bindplane                   ClusterIP   10.53.39.91    <none>        3001/TCP   24m
11service/bindplane-prometheus        ClusterIP   10.53.35.68    <none>        9090/TCP   24m
12service/bindplane-transform-agent   ClusterIP   10.53.34.233   <none>        4568/TCP   24m
13
14NAME                                        READY   UP-TO-DATE   AVAILABLE   AGE
15deployment.apps/bindplane                   3/3     3            3           24m
16deployment.apps/bindplane-transform-agent   2/2     2            2           24m
17
18NAME                                                  DESIRED   CURRENT   READY   AGE
19replicaset.apps/bindplane-657d79f559                  3         3         3       19m
20replicaset.apps/bindplane-685bd7f59b                  0         0         0       24m
21replicaset.apps/bindplane-transform-agent-b44d78f5b   2         2         2       24m
22
23NAME                                    READY   AGE
24statefulset.apps/bindplane-prometheus   1/1     24m