Migration Issues with Airbyte OSS 1.0.0 on Kubernetes

Slack Knowledge Base Q&A API, Terraform and Other Topics
, , , ,
1

Summary

User is facing challenges in configuring connector-sidecar resources, images, and security context while migrating from Airbyte OSS 0.63.3 to 1.0.0 using helm charts on Kubernetes. The user has attempted various configurations and environment variables without success, particularly with the workload-launcher and connectorSidecar settings.


Question

hello airbyte community! I’m in the process of migrating to airbyte OSS 1.0.0 from an earlier version (0.63.3) using helm charts (0.220.2) on kubernetes. I am running the application in a constrained environment enforced by the company policy (like mandatory labels, resources limits, docker registry, security context, etc).

The problem is that i did not find a way to specify the connector-sidecar resources, images, and security context as required by my constraints. I tried multiple recommendations from this channel, play with different settings and environment variables, but none seems to work.

At the time to deploy the vesrion 0.63.3, i had many issues to properly configure the worker pod (the workload launcher did not exist at the time) to be able to configure the pod templates used for the ingestion. This pod was created by the worker and i was able to make it work mostly thanks to environment variables, including some that are not documented like ROOTLESS_WORKLOAD that configured the pod with the required securityContext that cannot be specified by helm (because the pod is created by the worker and not the helm chart). Now that i migrated to 1.0.0, i have to setup the workload-launcher with the same specifications.

However, nothing seems to work. For example setting connectorSidecar image like described here https://github.com/airbytehq/airbyte-platform/blob/v1.0.0/charts/airbyte/values.yaml#L992 doesn’t do anything

    # -- Connector Sidecar image
    image: "my-regitry/airbyte/sidecar-connector"```
Same with the environment variables for the `workload-launcher` or even the `global`
```    extraEnv: 
    - name: CONTAINER_ORCHESTRATOR_ENABLED
      value: "false"
    - name: ROOTLESS_WORKLOAD
      value: "true"
    - name: SIDECAR_KUBE_CPU_LIMIT
      value: 400m
    - name: SIDECAR_KUBE_CPU_REQUEST
      value: 200m
    - name: SIDECAR_KUBE_MEMORY_LIMIT
      value: 2Gi
    - name: SIDECAR_MEMORY_REQUEST
      value: 256Mi
    - name: KUBERNETES_REQUEST_TIMEOUT
      value: "60000"
    - name: KUBERNETES_CONNECTION_TIMEOUT
      value: "30000"
    - name: JOB_KUBE_SIDECAR_CONTAINER_IMAGE
      value: my-registry/airbyte/connector-sidecar```
If anyone was able to specify those parameters, i would be greatful for your help. But so far, it seems to me that configuring those parameters seem not possible.

It is worth mentioning that i explicitly use v1.0.0 because starting from helm chart 1.1.0, the chart tries to create a cluster role binding that is not possible and blocked on my cluster by company constraints. (it's the `node-viewer` role, not sure why it is necessary). My next step is to try with chart 1.2.0 and use Kustomize to not create the cluster role binding.

<br>

---

This topic has been created from a Slack thread to give it more visibility.
It will be on Read-Only mode here. [Click here](https://airbytehq.slack.com/archives/C021JANJ6TY/p1731774751572579) if you want
to access the original thread.

[Join the conversation on Slack](https://slack.airbyte.com)

<sub>
['airbyte-oss', 'kubernetes', 'helm-charts', 'connector-sidecar', 'workload-launcher', 'resource-limits', 'security-context']
</sub>