Skip to main content
Version: 1.2.0

Deploy to Kubernetes

The easiest way to deploy YuniKorn is to leverage our helm charts, you can find the guide here. This document describes the manual process to deploy YuniKorn scheduler and admission controller. It is primarily intended for developers.

Build docker image

Under project root of the yunikorn-k8shim, run the command to build an image using the map for the configuration:

make image

This command will build an image. The image will be tagged with a default version, image tag and your build architecture.

Note the default build uses a hardcoded user and tag. You must update the IMAGE_TAG variable in the Makefile to push to an appropriate repository.

Note the latest yunikorn images in docker hub are not updated anymore due to ASF policy. Hence, you should build both scheduler image and web image locally before deploying them.

Note the imaging tagging includes your build architecture. For Intel, it would be amd64 and for Mac M1, it would be arm64v8.

Setup RBAC for Scheduler

The first step is to create the RBAC role for the scheduler, see yunikorn-rbac.yaml

kubectl create -f scheduler/yunikorn-rbac.yaml

The role is a requirement on the current versions of kubernetes.

Create the ConfigMap

This must be done before deploying the scheduler. It requires a correctly setup kubernetes environment. This kubernetes environment can be either local or remote.

  • download configuration file if not available on the node to add to kubernetes:
curl -o queues.yaml https://raw.githubusercontent.com/apache/yunikorn-k8shim/master/conf/queues.yaml
  • create ConfigMap in kubernetes:
kubectl create configmap yunikorn-configs --from-file=queues.yaml
  • check if the ConfigMap was created correctly:
kubectl describe configmaps yunikorn-configs

Note if name of the ConfigMap is changed the volume in the scheduler yaml file must be updated to reference the new name otherwise the changes to the configuration will not be picked up.

Attach ConfigMap to the Scheduler Pod

The ConfigMap is attached to the scheduler as a special volume. First step is to specify where to mount it in the pod:

  volumeMounts:
- name: config-volume
mountPath: /etc/yunikorn/

Second step is to link the mount point back to the configuration map created in kubernetes:

  volumes:
- name: config-volume
configMap:
name: yunikorn-configs

Both steps are part of the scheduler yaml file, an example can be seen at scheduler.yaml for reference.

Deploy the Scheduler

The scheduler can be deployed with following command.

kubectl create -f deployments/scheduler/scheduler.yaml

The deployment will run 2 containers from your pre-built docker images in 1 pod,

  • yunikorn-scheduler-core (yunikorn scheduler core and shim for K8s)
  • yunikorn-scheduler-web (web UI)

Alternatively, the scheduler can be deployed as a K8S scheduler plugin:

kubectl create -f deployments/scheduler/plugin.yaml

The pod is deployed as a customized scheduler, it will take the responsibility to schedule pods which explicitly specifies schedulerName: yunikorn in pod's spec. In addition to the schedulerName, you will also have to add a label applicationId to the pod.

  metadata:
name: pod_example
labels:
applicationId: appID
spec:
schedulerName: yunikorn

Note: Admission controller abstracts the addition of schedulerName and applicationId from the user and hence, routes all traffic to YuniKorn. If you use helm chart to deploy, it will install admission controller along with the scheduler. Otherwise, proceed to the steps below to manually deploy the admission controller if running non-example workloads where schedulerName and applicationId are not present in the pod spec and metadata, respectively.

Setup RBAC for Admission Controller

Before the admission controller is deployed, we must create its RBAC role, see admission-controller-rbac.yaml.

kubectl create -f scheduler/admission-controller-rbac.yaml

Create the Secret

Since the admission controller intercepts calls to the API server to validate/mutate incoming requests, we must deploy an empty secret used by the webhook server to store TLS certificates and keys. See admission-controller-secrets.yaml.

kubectl create -f scheduler/admission-controller-secrets.yaml

Deploy the Admission Controller

Now we can deploy the admission controller as a service. This will automatically validate/modify incoming requests and objects, respectively, in accordance with the example in Deploy the Scheduler. See the contents of the admission controller deployment and service in admission-controller.yaml.

kubectl create -f scheduler/admission-controller.yaml

Access to the web UI

When the scheduler is deployed, the web UI is also deployed in a container. Port forwarding for the web interface on the standard ports can be turned on via:

POD=`kubectl get pod -l app=yunikorn -o jsonpath="{.items[0].metadata.name}"` && \
kubectl port-forward ${POD} 9889 9080

9889 is the default port for Web UI, 9080 is the default port of scheduler's Restful service where web UI retrieves info from. Once this is done, web UI will be available at: http://localhost:9889.

Configuration Hot Refresh

YuniKorn supports to load configuration changes automatically from attached configmap. Simply update the content in the configmap, that can be done either via Kubernetes dashboard UI or commandline. Note, changes made to the configmap might have some delay to be picked up by the scheduler.