How do I choose/control where my workloads run?
The Ridge Allocation Engine provides a few options to control where your workloads will be placed:
- Select one or more Resource Pools. The system will place your workload in one of the specified Resource Pools making the selection based on available resources.
- Select a geographic location. If, for example, you select a country, the system will find a resource pool that matches all your requirements (such as available resources and compliance considerations) and offers the lowest price.
- Exclude certain geographical locations. The system will search all the other locations for a best-match.
- If you don’t care where the workload will run, you can let the system pick the best resource pool for you.
My workloads must run in a HIPAA compliant environment. Can I do this with Ridge?
Absolutely. You can specify the conformity requirement as part of your request for a Kubernetes cluster, container batch or storage. In fact, you can specify multiple requirements. For example: HIPAA,GDPR and SOC 2.
How do I configure a K8s cluster?
I can’t see the cluster master nodes? Is this OK?
Yes, Ridge offers a managed Kubernetes cluster. This means that we take care of the cluster’s control plane. You can see the worker nodes that you created. You can also delete and change the number of desired worker nodes. You can’t do this for master nodes.
What happens if a worker node fails?
Should a worker node fail, the system will identify this and bring up another worker node in its place. It will delete the failed node and you will no longer be charged for it. The new node will have the same characteristics as the failed node and it will automatically join the cluster.
Can I create a cluster that spans multiple locations?
No. A cluster will have all its components in a single resource pool. You can create multiple clusters in multiple geographies.
Can I change the size of my Kubernetes cluster?
Yes. You create one or more node pools for your cluster. Each node pool has a parameter indicating the desired number of nodes. If you increase this number a new node will be created. You may also decrease the number and delete the specific nodes that you no longer want in the cluster (you should first evict all the containers from these nodes).
How can I access the Kubernetes cluster I created?
Using the web UI, you can generate credentials. The output of this action will be displayed on the screen and you may copy it and use it for your kubectl configuration. This information includes the cluster endpoint, the cluster’s certificate and your own authentication token.
How do I grant users access to the Kubernetes cluster?
You will need to generate an access token for each user you wish to add to the system. Provide this token to the user. If the user is a member of your organization in Ridge and has the appropriate permissions, they will be able to generate their own token.
Can I create services of type LoadBalancer on my cluster?
Yes you can. Behind the scenes, the cloud provider component that Ridge installed on your cluster will make a request to Ridge, Ridge will create a load balancing function in the resource pool where your cluster is located. It will configure worker nodes as the targets for the protocols and ports that were specified in the service definition in Kubernetes. It will also take care of all the security aspects so that only the desired traffic reaches your cluster.
Will I be able to create Persistent Volumes in my cluster?
Yes. Your cluster is installed with a Ridge CSI plugin. This plugin will make requests to Ridge which in turn will create, attach and delete block-storage volumes in the resource pool where your cluster is running. You may see the volumes that were created for your PVCs in the UI.
How can I get the logs of the containers in the RCS batch?
When you create a batch you can specify an endpoint for an Elastic Search server. For example, set elasticsearch_endpoint to http://elasticsearch.example.com:9200
All the container logs of this batch will be sent to this endpoint.
My containers need to access S3, how can I give them temporary credentials to do this?
You can provide Ridge with AWS credentials which can be used for programmatic (API) access. These credentials will be stored securely on Ridge’s infrastructure and will never be transmitted,
The information you will need to provide is:
- The region where these credentials are valid, e.g. us-west-2
- Access Key Id
- Secret Access Key
When you create a batch of containers you can specify the role it will need to assume and the identifier of the above credentials. The system will provide temporary credentials to each of the containers. The AWS client in the containers will fetch these credentials just like it would if it were running in AWS. Therefore no development effort is required on your part.
I wish to create multiple batches that all get their image from the same registry. Will I need to input the credentials for the registry multiple times?
No. Just once. Use the UI or the API to enter the docker registry credentials. You will need to specify:
- The registry’s URL
- A username
- A password
These credentials will be stored securely.
When you create a batch(er) you can reference these credentials by name or ID
How can I run my cluster in a private network (VPC)?
At Ridge, all your clusters run in a private and isolated network environment. Unlike other clouds, you do not have to set up this environment. A separate networking environment is automatically created for each of your clusters. Ridge also takes care of all the firewalling and NAT rules that the cluster needs.
Still have a question ? Don’t hesitate to talk to one of our experts