Questionnaire: Deploying in a Customer-Controlled Region—Common Questions

The following questions are part of the Questionnaire for Deploying PubSub+ Cloud in a Customer-Controlled Region. These questions are common to all deployment types. Once completed, proceed to answer the questions for the specific Kubernetes implementation you are deploying to PubSub+ Cloud to. If you intend to use multiple implementations, you must complete a questionnaire for each Kubernetes implementation:

The entire questionnaire can be downloaded as a PDF, including the common questions, and the Kuberenetes implementation specific questions, by clicking the button below and selecting the Kubernetes deployment type:

It can also be downloaded as an Excel spreadsheet, including the common questions, and the Kuberenetes implementation specific questions, by clicking the button below:

This section contains questions about the following common deployment factors:

Cluster

You must answer the following questions about your cluster.

Question Possible Answers How Solace Uses This Information Links to Related Documentation

Do you have an existing cluster (or a defined specification for a new cluster), or do you require an architecture example to start from?

I have an existing cluster (or clusters) or intend to create new clusters based on existing specification.
or

I would like a best practice architecture example to start from.

Solace's best practices documentation provides descriptions of how best to label and taint worker nodes with the correct resource requirements for the service classes that are supported in PubSub+ Cloud.

If you have an existing cluster, you can use our best practices documentation to understand how to modify your cluster, and how to provide Solace with the node selectors and tolerations we need to deploy event broker services in your cluster.

Solace provides reference Terraform projects for deploying a Kubernetes cluster to AKS, EKS, and GKE. These Terraform projects have the recommended configuration settings, such as worker node sizes, resource configurations, taints, and labels optimized to install PubSub+ Cloud. For other cloud providers or on-premises deployments, we can provide documentation that describes our best practices.

You can download the reference Terraform projects from our GitHub repository: https://github.com/SolaceLabs/customer-controlled-region-reference-architectures

Beware that all sample scripts, Terraform modules, and examples are provided as-is. You can modify the files as required and are responsible for maintaining the modified files for your Kubernetes cluster.

Support for nodeSelector, Labels, Taints, and Tolerations

General Resource Requirements for Kubernetes and Default Port Configuration

Will the cluster be used exclusively for PubSub+ Cloud or will it be shared with other applications or workloads?

Exclusive
or

Shared

Providing this information allows Solace to understand the architecture of your cluster so we can better suggest changes that may help the operation of PubSub+ Cloud in your cluster.

Deployment Architecture for Kubernetes

General Resource Requirements for Kubernetes and Default Port Configuration

Is the Kubernetes version of your cluster supported by PubSub+ Cloud?

Yes
or

No

Only supported Kubernetes versions are tested and guaranteed to work with PubSub+ Cloud.

If you use a different implementation of Kubernetes, contact Solace to find out how we can support your deployment.

Supported Kubernetes Versions

What is the cluster domain for your Kubernetes cluster?

 

This is typically cluster.local, but your Kubernetes administrator can configure it to be something else. Solace requires this information to properly configure the Mission Control Agent.

DNS for Services and Pods in the Kubernetes documentation

Are there any custom node selectors or tolerations required to successfully schedule the Mission Control Agent or event broker service pods? If so, what are they?

 

If it varies from our best practices, Solace requires this information to ensure that the event broker service pods are scheduled successfully.

Support for nodeSelector, Labels, Taints, and Tolerations

Are there any custom labels that must be applied to the Mission Control Agent or event broker service pods? If so, what are they?

 

Solace supports only fixed labels that can be applied to the Mission Control Agent or event broker services. We don't support dynamic labels.

Support for nodeSelector, Labels, Taints, and Tolerations

What geographic locations will the clusters reside in?

For clusters in the cloud, provide a list of regions.

For on-premises clusters provide a list of countries or regions.

 

PubSub+ Cloud produces diagnostic logs that are pushed to an AWS S3 bucket for use by Solace. We use S3 buckets that are geographically close to the deployment to optimize retrieval.

S3 Bucket Names for Gathered Diagnostics

Does your cluster have any Pod Security Policies? Do you use a Policy Controller (for example, Gatekeeper) to enforce security in your cluster? If so, do any of these policies affect the operation of PubSub+ Cloud in your cluster?

 

Policy controllers like Gatekeeper can enforce security policies in a cluster, such as required labels, a restricted set of container registry images, and so on.

In most cases, PubSub+ Cloud can be configured to meet these requirements.

Support for nodeSelector, Labels, Taints, and Tolerations

Connectivity Model for Kubernetes Deployments

Does your cluster enforce resource quotas? Have these quotas been updated to support the number of event broker services you expect to create in your cluster?

 

Your cluster must have sufficient resource to successfully create event broker service.

General Resource Requirements for Kubernetes and Default Port Configuration

Operational Connectivity

You must answer the following questions about yourOperational Connectivity.

Question Possible Answers How Solace Uses This Information Links to Related Documentation

Will you use access the Solace Container Registry directly or will you use a mirror?

Direct
or

Mirror

PubSub+ Cloud container images are provided in a private registry that can either be accessed directly or mirrored (for example using Nexus or Artifactory).

PubSub+ Cloud cannot push images to a private registry due to the frequency with which we publish and perform upgrades with new container images for our Mission Control Agent.

Connectivity Model for Kubernetes Deployments

If you are using a mirror container registry, what is its path?

For example, for container image quay.io/example/nginx the container registry portion is quay.io/example.

Solace requires this information to configure the Mission Control Agent to create event broker services using the correct container image name.

Connectivity Model for Kubernetes Deployments

If you are using a mirror container registry, what is the name of the image pull secret used to authenticate with it?

 

The Mission Control Agent and event broker service may require a secret in the namespace they’re deployed in so they can pull images from the registry.

Downloading the Registry Credentials for the Solace Container Registry

Do you restrict outbound internet access? Is your environment configured to allow all outbound communication required for proper operation of PubSub+ Cloud?

Restricted
or

Not restricted

If you restrict outbound access then you must read the documentation for details about how to allow access for PubSub+ Cloud.

Connectivity Model for Kubernetes Deployments

If you have an HTTP/HTTPS proxy that is required for outbound communication, what is its URL? Does it require credentials? If yes, we will contact you to securely provide them.

For example:
https://proxy-host

or
http://proxy-host

Solace needs this information to configure the Mission Control Agent to use your proxy.

Using HTTP/HTTPS Proxies

Messaging Connectivity

You must answer the following questions about yourMessaging Connectivity.

Question Possible Answers How Solace Uses This Information Links to Related Documentation

Do you intend to create event broker services that are accessed via the public internet, private networking, or both?

Public
or

Private
or

Both

Solace needs this information to configure the Mission Control Agent to create event broker services that match your requirements.

Exposing Event Broker Services to External Traffic

Feature Requirements

You must answer the following questions about your plans to use certain features that require special configuration.

Question Possible Answers How Solace Uses This Information Links to Related Documentation

Do you intend to use MQTT Retain on any of your event broker services?

Yes
or

No

Solace may need to allocate more memory to the event broker service’s pod for it to support MQTT Retain.

 

Do you intend to provide a custom server certificate for your event broker services?

Yes
or

No

Solace needs this information to configure the Mission Control Agent to use your custom server certificates.

 

Will you be using more than one environment? If so, which environment do you want your initial datacenter created in?

Yes, and the environment name
or

No

Solace uses this information to put your datacenter in the environment you specify. If you won’t be using more than one environment, or don’t specify the environment, the datacenter will be placed in your organization’s default environment.

You can create environments, change your default environment, and move datacenters to different environments at a later time.

Creating and Managing Environments

Contact Information

You must provide a point of contact for each entry in the table below. Solace prefers a distribution list as the point of contact, though you can choose to provide individual contact details.

Contact Type Distribution List or Contact Details

Event broker service incidents or issues.

 

Event broker service upgrade notifications and scheduling.

 

Release and maintenance notifications.