Kubernetes Deployment
Deploy QBITEL Bridge to Kubernetes with manual manifests for fine-grained control over each component.
Prerequisites
- Kubernetes 1.24+ cluster
- kubectl configured with cluster access
- Container images built and pushed to a registry
Create Namespaces
# Create required namespaces
kubectl create namespace qbitel-service-mesh
kubectl create namespace qbitel-container-security
kubectl create namespace qbitel-monitoring
# Or apply from manifests
kubectl apply -f kubernetes/service-mesh/namespace.yaml
kubectl apply -f kubernetes/observability/namespace.yamlService Mesh Deployment
Deploy the xDS Server and Istio integration for service mesh management:
# Apply RBAC configuration
kubectl apply -f kubernetes/service-mesh/rbac.yaml
# Deploy xDS Server
kubectl apply -f kubernetes/service-mesh/xds-server-deployment.yaml
# Verify deployment
kubectl get pods -n qbitel-service-mesh
kubectl logs -n qbitel-service-mesh deployment/xds-server -fContainer Security
Deploy the admission webhook for pod security validation:
# Generate TLS certificates for the webhook
./scripts/generate-webhook-certs.sh
# Deploy admission webhook
kubectl apply -f kubernetes/container-security/admission-webhook-deployment.yaml
# Verify webhook registration
kubectl get validatingwebhookconfigurations
# Enable webhook for a namespace
kubectl label namespace your-namespace qbitel.ai/webhook=enabledAI Engine Deployment
# Deploy the AI Engine
kubectl apply -f ai_engine/deployment/kubernetes/deployment.yaml
# Verify the engine is running
kubectl get pods -n qbitel-service-mesh -l app=qbitel-engine
# Port-forward for local access
kubectl port-forward -n qbitel-service-mesh svc/qbitel-engine 8000:8000Observability Stack
# Deploy the observability stack
kubectl apply -k kubernetes/observability/
# This deploys:
# - Prometheus for metrics collection
# - Grafana with pre-configured dashboards
# - OpenTelemetry Collector
# - Tempo for distributed tracing
# Access Grafana
kubectl port-forward -n qbitel-monitoring svc/grafana 3000:3000Verify Deployment
# Check all pods
kubectl get pods -n qbitel-service-mesh
# Expected output:
# NAME READY STATUS RESTARTS
# qbitel-xds-server-xxx 1/1 Running 0
# qbitel-admission-webhook-xxx 1/1 Running 0
# qbitel-engine-xxx 1/1 Running 0
# Test xDS Server health
kubectl exec -n qbitel-service-mesh deployment/qbitel-xds-server -- \
curl -f http://localhost:8081/healthz
# Test AI Engine health
kubectl exec -n qbitel-service-mesh deployment/qbitel-engine -- \
curl -f http://localhost:8000/healthNetwork Requirements
| Port | Protocol | Service |
|---|---|---|
| 8000 | TCP | REST API |
| 50051 | TCP | gRPC API |
| 9090 | TCP | Prometheus metrics |
| 3000 | TCP | Grafana dashboards |
| 8081 | TCP | xDS Server health |
Next Steps
- Helm Charts -- simplified deployment with Helm
- Production Checklist -- security hardening and scaling
- Monitoring -- configure alerts and dashboards