Bring your own cloud
The Bring Your Own Cloud (BYOC) plan offers you the flexibility to tailor your cloud infrastructure instead of depending on a hosted service. It allows you to utilize the advantages of your chosen cloud provider, maintain full control over your environment, and adjust configurations to suit your specific needs. This guide outlines the services that RisingWave deploys in a BYOC environment and walks you through the process of enabling BYOC in a step-by-step manner.
Architecture overview
Before creating a BYOC deployment, familiarize yourself with the following architecture. In the BYOC environment, the entire data plane is deployed in the user’s space. To manage the RisingWave clusters within this environment, we deploy two key services for operation delegation:
- Agent Service: This service manages Kubernetes (K8s) and cloud resources. It handles tasks such as managing RisingWave Pods, storage services (including AWS S3, GCS, and Azure Blob Storage), IAM roles/accounts associated with the RisingWave cluster, network endpoints, etc.
- RWProxy: This is a TCP proxy that routes SQL statements from the control plane to the appropriate RisingWave instances.
Create a BYOC environment
Follow the steps below to create your own cloud environment.
- Navigate to the Project page and click Create project.
- Choose Advanced and enter your invitation code. If you do not have an invitation code, please contact our support team or sales team to obtain one.
- Once you’ve redeemed the invitation code, select BYOC as the deployment type, and select your cloud platform as AWS or GCP (see Resource and permission for more details), region, and ID as necessary.
- After configuring these settings, you’ll see additional instructions on your screen. Follow these steps to establish your BYOC environment. Please be aware that the final command
rwc byoc apply --name xxx
may take 30 to 40 minutes to complete, and a progress bar will be shown to keep you updated. During this time, it’s crucial to ensure a stable internet connection. If the command is interrupted or fails due to network instability, you can safely retry it.
When you run the command rwc byoc apply --name xxx
, it will deploy some resources in your AWS/GCP/Azure environment, such as AWS S3/Google Cloud Storage/Azure Blob Storage and EKS/GKE/AKS clusters. Please do not modify the configuration of these resources. If you encounter any issues during this process, please contact our support team.
- Click Next to continue the configuration of cluster size and nodes. To learn more about the nodes, see the architecture of RisingWave.
- Click Next, name your cluster, and execute the command that pops up to establish a BYOC cluster in your environment.
Once the cluster is successfully created, you can manage it through the portal just like hosted clusters.
Resource and permission
When you customize your cloud platform, refer to the following notes to see what we’ve set up for you and the permissions you need to enable.
- Required service-linked role
The role
AWSServiceRoleForAutoScaling
needs to be in place. If it is not ready yet, you need to create it manually. See Create a service-linked role for detailed steps. - Required quota increase For optimal performance, the quota for managed node groups per cluster should be increased to 36 or more. See Service quotas for more details.
- Required permissions for BYOC environment creation/deletion We recommend using an IAM role/user with Administrator permissions for the AWS account to deploy the infrastructure.
- Resources provisioned in BYOC environment
We will set up the following resources in a BYOC environment:
- 1 VPC: including VPC, its subnets, security, and IPs to host all BYOC resources.
- 1 EKS cluster: to host all service and RisingWave clusters workloads.
- 2 S3 buckets: for RisingWave cluster data and infra state data respectively.
- 2 Internal network load balancer: to expose Agent Service and RWProxy.
- 1 External network load balancer (optional): to expose RWProxy to the Internet.
- A few IAM roles for EKS and K8s workloads, and Each role is granted the least privilege it requires.
- Required permission for deployed services
- ec2:DescribeVpcEndpoints
- ec2:DescribeVpcEndpointServices
- ec2:DescribeSubnets
- s3:*
- aps:GetLabels
- aps:GetMetricMetadata
- aps:GetSeries
- aps:QueryMetrics
Delete a BYOC environment
Follow the steps below to delete a BYOC environment deployed in your cloud.
- Delete all BYOC clusters running in the environment. Navigate to the Clusters page, click the delete icon to delete all of your BYOC clusters.
- Delete resources you created that are not managed by RisingWave, such as VPC Peerings, GCP Firewalls, and other common resources you might have used.
- Open the terminal and execute the following commands: