Requirements

Vamp requires access to a container scheduler (Kubernetes), a secure key-value store, a SQL database, and Elasticsearch.

Container scheduler

KUBERNETES

Vamp supports Kubernetes 1.12.x and 1.13.x. Support for Kubernetes 1.14.x is currently in beta.

Vamp has been tested with:

Dependencies

Vamp has four dependencies: a secure key-value store, a SQL database, Elasticsearch for aggregated metrics and NATS Streaming Server for event-based messaging.

MYSQL

MySQL version 5.7.x and later

Vamp uses MySQL to store the blueprint and gateway definitions and the current states of the deployments, gateways and workflows. The SQL database is also used to store the user role definitions and users. All data is securely stored.

We highly recommend using a managed MySQL service rather than running the MySQL in the same cluster as Vamp.

Vamp has been tested with:

HASHICORP VAULT

Hashicorp Vault version 1.0.x and later.

Vamp uses Hashicorp Vault as a secure key-value to store the namespaces configurations, workflow scripts and Vamp Gateway Agent (VGA) configuration.

Vamp requires both the data stored in Vault and the data stored in MySQL following a cluster restart, etc.

Hashicorp provide an extensive deployment guide. We highly recommend running Vault in HA mode with MySQL as the storage backend and using an external KMS to provide auto-unsealing.

ELASTICSEARCH

Elasticsearch version 6.6.x or later. Support Elasticsearch version 7.x is currently in beta.

Vamp uses Elasticsearch to store raw traffic logs and aggregated health and traffic metrics. Elasticsearch is also used by Vamp for audit logging.

Recommended cluster resources

SEPARATE MANAGEMENT AND SERVICE CLUSTERS

We highly recommend separating the management-focused components (Lifter and Vamp) from the operational-focused components (the Vamp Gateway Agents and workflows).

Cluster and service configuration data is longer lived than the clusters and services that they define. There are increasing legal requirements to hold data within national data centres and depending on the regulatory frameworks under which your organization operates your audit data may need to be very long-lived. Vamp is designed with these requirements in mind.

MINIMUM REQUIREMENTS

  • Management cluster:

    • Lifter and Vamp only: 2 nodes with 2+ vCPUs and 7.5+ GB memory per node

    • Lifter and Vamp plus Vault and Elasticsearch: 3 nodes with 2+ vCPUs and 7.5+ GB memory per node. This could be also be 2 higher capacity nodes

  • Each environment on each service cluster, requires:

    • 2 VGAs and workflow agents: 3 nodes with 1.2+ vCPU and 2.2+ GB memory per node. This can be spare capacity on 3 existing nodes

ALL-IN-ONE CLUSTER

This topology is suitable for smaller, lower volume development clusters where costs are more important than data security and durability.

MINIMUM REQUIREMENTS

A Kubernetes cluster with at least 4 nodes with 2+ vCPUs and 7.5+ GB memory per node