Requirements
Qovery requires a Kubernetes cluster with the following requirements:
- Kubernetes version 1.26 or higher
- Helm version 3.0 or higher
- from 1 CPU to 4 CPU depending on the third-party components you want to install
- From 512 MB to 4 GB RAM depending on the third-party components you want to install
- 20 GB disk space
- Being able to access to the Internet
- A private registry
Why Qovery needs a Container Registry?
Qovery requires a private container registry to store built images and mirror containers in order to reduce potential images deletion by 3rd party, while you still need them (more info here).
⚠️ Temporary limitations
In our current state of Qovery BYOK development, we have some temporary limitations that will be removed within February 2024.
Kubernetes hosting & access
You can run Qovery BYOK on any Kubernetes cluster running on:
- AWS
- GCP
- Scaleway
To access your Kubernetes cluster and deploy on it, Qovery needs:
- your cloud provider credentials
- the cluster Kubeconfig
The cluster must be reachable from the internet and so Qovery to be able to deploy on it.
Container registry
As of now, we only support AWS ECR or GCP GCR as Container Registries.
Below you can find the installation step to make your cluster work with ECR or GCR.
- ECR
- GCR
Create an IAM user with the following policy, and generate an access key:
{"Statement": [{"Action": ["ecr:*"],"Effect": "Allow","Resource": "*"}],"Version": "2012-10-17"}
Then, create a config.yaml
file to configure the ECR Credentials Provider, where you should set the AWS credentials previously generated:
apiVersion: kubelet.config.k8s.io/v1kind: CredentialProviderConfigproviders:- name: ecr-credential-providermatchImages:- "*.dkr.ecr.*.amazonaws.com"- "*.dkr.ecr.*.amazonaws.com.cn"- "*.dkr.ecr-fips.*.amazonaws.com"- "*.dkr.ecr.us-iso-east-1.c2s.ic.gov"- "*.dkr.ecr.us-isob-east-1.sc2s.sgov.gov"defaultCacheDuration: "12h"apiVersion: credentialprovider.kubelet.k8s.io/v1env:- name: AWS_ACCESS_KEY_IDvalue: CHANGE_ME- name: AWS_DEFAULT_REGIONvalue: CHANGE_ME- name: AWS_SECRET_ACCESS_KEYvalue: CHANGE_ME
Here we use the Kubelet Credential Provider to inject the AWS credentials into the pods. The config.yaml
file is mounted into the Kubernetes nodes, and the ecr-credential-provider
binary is also mounted into the nodes.