# Setup Hybrid Cloud # Creating a Hybrid Cloud Environment The following instruction set will show you how to properly set up a **Qdrant cluster** in your **Hybrid Cloud Environment**. You can also watch a video demo on how to set up a Hybrid Cloud Environment:

To learn how Hybrid Cloud works, [read the overview document](/documentation/hybrid-cloud/index.md). ## Prerequisites Qdrant Hybrid Cloud is available as part of our Enterprise plan. To get access to Qdrant Hybrid Cloud, please [contact us](/contact-us/index.md). - **Kubernetes Cluster:** To create a Hybrid Cloud Environment, you need a [standard compliant](https://www.cncf.io/training/certification/software-conformance/) Kubernetes cluster. You can run this cluster in any cloud (e.g. EKS), on-premise (e.g. vSphere), or edge environment (e.g. vSphere). See [Deployment Platforms](/documentation/hybrid-cloud/platform-deployment-options/index.md) for more information. - **Storage:** For storage, you need to set up the Kubernetes cluster with a Container Storage Interface (CSI) driver that provides block storage. For vertical scaling, the CSI driver needs to support volume expansion. The `StorageClass` needs to be created beforehand. For backups and restores, the driver needs to support CSI snapshots and restores. The `VolumeSnapshotClass` needs to be created beforehand. See [Deployment Platforms](/documentation/hybrid-cloud/platform-deployment-options/index.md) for more information. - **Kubernetes nodes:** You need enough CPU and memory capacity for the Qdrant database clusters that you create. A small amount of resources is also needed for the Hybrid Cloud control plane components. Qdrant Hybrid Cloud supports x86_64 and ARM64 architectures. - **Permissions:** To install the Qdrant Cloud Agent you need to have `cluster-admin` access in your Kubernetes cluster. - **Connection:** The Qdrant Cloud Agent in your cluster needs to be able to connect to Qdrant Cloud. It will create an outgoing connection to `grpc.cloud.qdrant.io` and `api.cloud.qdrant.io` on port `443`. - **Locations:** By default, the Qdrant services (like Qdrant Cloud Agent, Operator and Cluster-Manager) pulls Helm charts and container images from `registry.cloud.qdrant.io`. The Qdrant database container image is pulled from `docker.io`. For a complete list see [Mirroring images and charts](#mirroring-images-and-charts). > **Note:** You can also mirror these images and charts into your own registry and pull them from there. ### CLI tools During the onboarding, you will need to deploy the Qdrant Cloud Agent using Helm. Make sure you have the following tools installed: * [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) * [helm](https://helm.sh/docs/intro/install/) You will need to have access to the Kubernetes cluster with `kubectl` and `helm` configured to connect to it. Please refer the documentation of your Kubernetes distribution for more information. ## Installation 1. To set up Hybrid Cloud, open the Qdrant Cloud Console at [cloud.qdrant.io](https://cloud.qdrant.io). On the dashboard, select **Hybrid Cloud**. 2. Before creating your first Hybrid Cloud Environment, you have to provide billing information and accept the Hybrid Cloud license agreement. The installation wizard will guide you through the process. > **Note:** You will only be charged for the Qdrant cluster you create in a Hybrid Cloud Environment, but not for the environment itself. 3. Now you can specify the following: - **Name:** A name for the Hybrid Cloud Environment - **Kubernetes Namespace:** The Kubernetes namespace for the services (like agent and operator). Once you select a namespace, you can't change it. You can also configure the StorageClass and VolumeSnapshotClass to use for the Qdrant databases, if you want to deviate from the default settings of your cluster. By default, Qdrant Cloud will provision two volumes per Qdrant Pod: One for the data stored within Qdrant, and one for [collection snapshots](/documentation/operations/snapshots/index.md). By default, the same StorageClass will be used for both volumes. You can also configure a different StorageClass in the advanced configuration options of your Hybrid Cloud environment. If you want to disable the snapshot volume, you can configure `emptyDir` as a Snapshot StorageClass. ![Create Hybrid Cloud Environment](/documentation/cloud/hybrid_cloud_env_create.png) 4. You can then enter the YAML configuration for your Kubernetes operator. Qdrant supports a specific list of configuration options, as described in the [Qdrant Operator configuration](/documentation/hybrid-cloud/operator-configuration/index.md) section. 5. (Optional) If you have special requirements for any of the following, activate the **Show advanced configuration** option: - If you use a proxy to connect from your infrastructure to the Qdrant Cloud API, you can specify the proxy URL, credentials and certificates. - Container registry URL for Qdrant services (like Agent, Operator, Cluster-manager and monitoring stack) images. The default is . - Helm chart repository URL for the Qdrant services. The default is . - An optional secret with credentials to access your own container registry. - Log level for the operator and agent. - Node selectors and tolerations for the operater, agent, cluster-manager and monitoring stack. - Control Plane Labels that will be added to all Kubernetes resources of the Hybrid Cloud control-plane components. ![Create Hybrid Cloud Environment - Advanced Configuration](/documentation/cloud/hybrid_cloud_advanced_configuration.png) 6. Once complete, click **Create**. > **Note:** All settings but the Kubernetes namespace can be changed later. ### Generate Installation Command After creating your Hybrid Cloud, select **Generate Installation Command** to generate a script that you can run in your Kubernetes cluster which will perform the initial installation of the Kubernetes operator and agent. ![Rotate Hybrid Cloud Secrets](/documentation/cloud/hybrid_cloud_create_command.png) It will: - Create the Kubernetes namespace, if not present. - Set up the necessary secrets with credentials to access the Qdrant container registry and the Qdrant Cloud API. - Sign in to the Helm registry at `registry.cloud.qdrant.io`. - Install the Qdrant cloud agent and Kubernetes operator chart. You need this command only for the initial installation. After that, you can update the agent and operator using the Qdrant Cloud Console. > **Note:** If you generate the installation command a second time, it will re-generate the included secrets, and you will have to apply the command again to update them. ## Advanced configuration ### Mirroring images and charts #### Required artifacts Container images: - `registry.cloud.qdrant.io/qdrant/qdrant` - `registry.cloud.qdrant.io/qdrant/qdrant-cloud-agent` - `registry.cloud.qdrant.io/qdrant/operator` - `registry.cloud.qdrant.io/qdrant/cluster-manager` - `registry.cloud.qdrant.io/qdrant/prometheus` - `registry.cloud.qdrant.io/qdrant/prometheus-config-reloader` - `registry.cloud.qdrant.io/qdrant/kube-state-metrics` - `registry.cloud.qdrant.io/qdrant/kubernetes-event-exporter` - `registry.cloud.qdrant.io/qdrant/qdrant-cluster-exporter` Open Containers Initiative (OCI) Helm charts: - `registry.cloud.qdrant.io/qdrant-charts/qdrant-cloud-agent` - `registry.cloud.qdrant.io/qdrant-charts/operator` - `registry.cloud.qdrant.io/qdrant-charts/qdrant-cluster-manager` - `registry.cloud.qdrant.io/qdrant-charts/prometheus` - `registry.cloud.qdrant.io/qdrant-charts/kubernetes-event-exporter` - `registry.cloud.qdrant.io/qdrant-charts/qdrant-cluster-exporter` To mirror all necessary container images and Helm charts into your own registry, you should use an automatic replication feature that your registry provides, so that you have new image versions available automatically. Alternatively you can manually sync the images with tools like [Skopeo](https://github.com/containers/skopeo). When syncing images manually, make sure that you sync then with all, or with the right CPU architecture. ##### Automatic replication Ensure that you have both the container images in the `/qdrant/` repository, and the helm charts in the `/qdrant-charts/` repository synced. Then go to the advanced section of your Hybrid Cloud Environment and configure your registry locations: * Container registry URL: `your-registry.example.com/qdrant` (this will for example result in `your-registry.example.com/qdrant/qdrant-cloud-agent`) * Chart repository URL: `oci://your-registry.example.com/qdrant-charts` (this will for example result in `oci://your-registry.example.com/qdrant-charts/qdrant-cloud-agent`) If you registry requires authentication, you have to create your own secrets with authentication information into your `the-qdrant-namespace` namespace. Example: ```shell kubectl --namespace the-qdrant-namespace create secret docker-registry my-creds --docker-server='your-registry.example.com' --docker-username='your-username' --docker-password='your-password' ``` You can then reference they secret in the advanced section of your Hybrid Cloud Environment. ##### Manual replication This example uses Skopeo. You can find your personal credentials for the Qdrant Cloud registry in the onboarding command, or you can fetch them with `kubectl`: ```shell kubectl get secrets qdrant-registry-creds --namespace the-qdrant-namespace -o jsonpath='{.data.\.dockerconfigjson}' | base64 --decode | jq -r '.' ``` First login to the source registry: ```shell skopeo login registry.cloud.qdrant.io ``` Then login to your own registry: ```shell skopeo login your-registry.example.com ``` To sync all container images: ```shell skopeo sync --all --src docker --dest docker registry.cloud.qdrant.io/qdrant/operator your-registry.example.com/qdrant/operator skopeo sync --all --src docker --dest docker registry.cloud.qdrant.io/qdrant/qdrant-cloud-agent your-registry.example.com/qdrant/qdrant-cloud-agent skopeo sync --all --src docker --dest docker registry.cloud.qdrant.io/qdrant/prometheus your-registry.example.com/qdrant/prometheus skopeo sync --all --src docker --dest docker registry.cloud.qdrant.io/qdrant/prometheus-config-reloader your-registry.example.com/qdrant/prometheus-config-reloader skopeo sync --all --src docker --dest docker registry.cloud.qdrant.io/qdrant/kube-state-metrics your-registry.example.com/qdrant/kube-state-metrics skopeo sync --all --src docker --dest docker registry.cloud.qdrant.io/qdrant/qdrant your-registry.example.com/qdrant/qdrant skopeo sync --all --src docker --dest docker registry.cloud.qdrant.io/qdrant/cluster-manager your-registry.example.com/qdrant/cluster-manager skopeo sync --all --src docker --dest docker registry.cloud.qdrant.io/qdrant/qdrant-cluster-exporter your-registry.example.com/qdrant/qdrant-cluster-exporter skopeo sync --all --src docker --dest docker registry.cloud.qdrant.io/qdrant/kubernetes-event-exporter your-registry.example.com/qdrant/kubernetes-event-exporter ``` To sync all helm charts: ```shell skopeo sync --all --src docker --dest docker registry.cloud.qdrant.io/qdrant-charts/prometheus your-registry.example.com/qdrant-charts/prometheus skopeo sync --all --src docker --dest docker registry.cloud.qdrant.io/qdrant-charts/operator your-registry.example.com/qdrant-charts/operator skopeo sync --all --src docker --dest docker registry.cloud.qdrant.io/qdrant-charts/qdrant-kubernetes-api your-registry.example.com/qdrant-charts/qdrant-kubernetes-api skopeo sync --all --src docker --dest docker registry.cloud.qdrant.io/qdrant-charts/qdrant-cloud-agent your-registry.example.com/qdrant-charts/qdrant-cloud-agent skopeo sync --all --src docker --dest docker registry.cloud.qdrant.io/qdrant-charts/qdrant-cluster-exporter your-registry.example.com/qdrant-charts/qdrant-cluster-exporter skopeo sync --all --src docker --dest docker registry.cloud.qdrant.io/qdrant-charts/kubernetes-event-exporter your-registry.example.com/qdrant-charts/kubernetes-event-exporter ``` With the above configuration, you can add the following values to the advanced section of your Hybrid Cloud Environment: * Container registry URL: `your-registry.example.com/qdrant` * Chart repository URL: `oci://your-registry.example.com/qdrant-charts` If your registry requires authentication, you can create and reference the secret the same way as described above. ## Rotating Secrets If you need to rotate the secrets to pull container images and charts from the Qdrant registry and to authenticate at the Qdrant Cloud API, you can do so by following these steps: * Go to the Hybrid Cloud environment list or the detail page of the environment. * In the actions menu, choose "Rotate Secrets" * Confirm the action * You will receive a new installation command that you can run in your Kubernetes cluster to update the secrets. If you don't run the installation command, the secrets will not be updated and the communication between your Hybrid Cloud Environment and the Qdrant Cloud API will not work. ![Rotate Hybrid Cloud Secrets](/documentation/cloud/hybrid_cloud_rotate_secrets.png) ## Deleting a Hybrid Cloud Environment To delete a Hybrid Cloud Environment, first delete all Qdrant database clusters in it. Then you can delete the environment itself. To clean up your Kubernetes cluster, after deleting the Hybrid Cloud Environment, you can download the script from https://github.com/qdrant/qdrant-cloud-support-tools/tree/main/hybrid-cloud-cleanup to remove all Qdrant related resources. Run the following command while being connected to your Kubernetes cluster. The script requires `kubectl` and `helm` to be installed. ```shell ./hybrid-cloud-cleanup.sh your-qdrant-namespace ```