Creating a Qdrant Cluster in Hybrid Cloud
Once you have created a Hybrid Cloud Environment, you can create a Qdrant cluster in that enviroment. Use the same process to Create a cluster. Make sure to select your Hybrid Cloud Environment as the target.
Note that in the “Kubernetes Configuration” section you can additionally configure:
- Node selectors for the Qdrant database pods
- Toleration for the Qdrant database pods
- Additional labels for the Qdrant database pods
- A service type and annotations for the Qdrant database service
These settings can also be changed after the cluster is created on the cluster detail page.
Authentication to your Qdrant clusters
In Hybrid Cloud the authentication information is provided by Kubernetes secrets.
You can configure authentication for your Qdrant clusters in the “Configuration” section of the Qdrant Cluster detail page. There you can configure the Kubernetes secret name and key to be used as an API key and/or read-only API key.
One way to create a secret is with kubectl:
kubectl create secret generic qdrant-api-key --from-literal=api-key=your-secret-api-key --namespace the-qdrant-namespace
The resulting secret will look like this:
apiVersion: v1
data:
api-key: ...
kind: Secret
metadata:
name: qdrant-api-key
namespace: the-qdrant-namespace
type: kubernetes.io/generic
With this command the secret name would be qdrant-api-key
and the key would be api-key
.
If you want to retrieve the secret again, you can also use kubectl
:
kubectl get secret qdrant-api-key -o jsonpath="{.data.api-key}" --namespace the-qdrant-namespace | base64 --decode
Exposing Qdrant clusters to your client applications
You can expose your Qdrant clusters to your client applications using Kubernetes services and ingresses. By default, a ClusterIP
service is created for each Qdrant cluster.
Within your Kubernetes cluster, you can access the Qdrant cluster using the service name and port:
http://qdrant-9a9f48c7-bb90-4fb2-816f-418a46a74b24.qdrant-namespace.svc:6333
This endpoint is also visible on the cluster detail page.
If you want to access the database from your local developer machine, you can use kubectl port-forward
to forward the service port to your local machine:
kubectl --namespace your-qdrant-namespace port-forward service/qdrant-9a9f48c7-bb90-4fb2-816f-418a46a74b24 6333:6333
You can also expose the database outside the Kubernetes cluster with a LoadBalancer
(if supported in your Kubernetes environment) or NodePort
service or an ingress.
The service type and necessary annotations can be configured in the “Kubernetes Configuration” section during cluster creation, or on the cluster detail page.
Especially if you create a LoadBalancer Service, you may need to provide annotations for the loadbalancer configration. Please refer to the documention of your cloud provider for more details.
Examples:
- AWS EKS LoadBalancer annotations
- Azure AKS Public LoadBalancer annotations
- Azure AKS Internal LoadBalancer annotations
- GCP GKE LoadBalancer annotations
You could also create a Loadbalancer service manually like this:
apiVersion: v1
kind: Service
metadata:
name: qdrant-9a9f48c7-bb90-4fb2-816f-418a46a74b24-lb
namespace: qdrant-namespace
spec:
type: LoadBalancer
ports:
- name: http
port: 6333
- name: grpc
port: 6334
selector:
app: qdrant
cluster-id: 9a9f48c7-bb90-4fb2-816f-418a46a74b24
An ingress could look like this:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: qdrant-9a9f48c7-bb90-4fb2-816f-418a46a74b24
namespace: qdrant-namespace
spec:
rules:
- host: qdrant-9a9f48c7-bb90-4fb2-816f-418a46a74b24.your-domain.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: qdrant-9a9f48c7-bb90-4fb2-816f-418a46a74b24
port:
number: 6333
Please refer to the Kubernetes, ingress controller and cloud provider documention for more details.
If you expose the database like this, you will be able to see this also reflected as an endpoint on the cluster detail page. And will see the Qdrant database dashboard link pointing to it.
Configuring TLS
If you want to configure TLS for accessing your Qdrant database in Hybrid Cloud, there are two options:
- You can offload TLS at the ingress or loadbalancer level.
- You can configure TLS directly in the Qdrant database.
If you want to configure TLS directly in the Qdrant database, you can reference a secret containing the TLS certificate and key in the “Configuration” section of the Qdrant Cluster detail page.
To create such a secret, you can use kubectl
:
kubectl create secret tls qdrant-tls --cert=mydomain.com.crt --key=mydomain.com.key --namespace the-qdrant-namespace
The resulting secret will look like this:
apiVersion: v1
data:
tls.crt: ...
tls.key: ...
kind: Secret
metadata:
name: qdrant-tls
namespace: the-qdrant-namespace
type: kubernetes.io/tls
With this command the secret name to enter into the UI would be qdrant-tls
and the keys would be tls.crt
and tls.key
.