Installing yatai-deployment

Welcome to yatai-deployment! You will learn the system requirements, software dependencies, instructions for installing this Yatai component.

See yatai-deployment architecture for a detailed introduction of the yatai-deployment component.


  • yatai-image-builder

    yatai-deployment relies on Bento CR to get the image and runners information, you should check the documentation Installing yatai-image-builder first.

  • Kubernetes

    Kubernetes version greater than 1.20


    If you do not have a production Kubernetes cluster and want to install yatai-deployment for development and testing purposes. You can use minikube to set up a local Kubernetes cluster for testing. If you are using macOS, you should use hyperkit driver to prevent the macOS docker desktop network limitation

  • Helm

    Yatai uses Helm to install yatai-deployment.

  • Ingress Controller

    Yatai uses ingress controller to facilitate access to bento deployments. You can use the following command to check if you have an ingress controller installed in your cluster:

    kubectl get ingressclass

    The output should look like this:

    nginx   <none>       10d

    If no value is returned, there is no ingress controller installed in your cluster. You need to select an ingress controller and install it, for example, you can install nginx-ingress.


    When installing nginx-ingress, remember to set controller.allowSnippetAnnotations to true, otherwise it will cause the deployment to fail.

    If you are using minikube, you don’t need to install ingress controller manually, just enable ingress addon with the following command:

    minikube addons enable ingress

Quick Install


This quick installation script can only be used for development and testing purposes.

This script will automatically install the following dependencies inside the yatai-deployment namespace of the Kubernetes cluster:

  • cert-manager (if not already installed)

  • metrics-server (if not already installed)

bash <(curl -s "")

Installation Steps


If you don’t have kubectl installed and you are using minikube, you can use minikube kubectl -- instead of kubectl, for more details on using it, please check: minikube kubectl

1. Create Namespaces

# for yatai-deployment deployment
kubectl create ns yatai-deployment
# for bento deployment resources
kubectl create ns yatai

2. Install Certificate Manager

Read the official documentation to verify that it works: manual-verification.

  1. Install cert-manager via kubectl

kubectl apply -f
  1. Verify the cert-manager installation

kubectl -n cert-manager get pod

The output should look like this:


Wait until the status of all pods becomes Running before proceeding.

NAME                                       READY   STATUS    RESTARTS   AGE
cert-manager-5dd59d9d9b-7js6w              1/1     Running   0          60s
cert-manager-cainjector-8696fc9f89-6grf8   1/1     Running   0          60s
cert-manager-webhook-7d4b5b8c56-7wrkf      1/1     Running   0          60s

Create an Issuer to test the webhook works okay:

cat <<EOF > test-resources.yaml
apiVersion: v1
kind: Namespace
  name: cert-manager-test
kind: Issuer
  name: test-selfsigned
  namespace: cert-manager-test
  selfSigned: {}
kind: Certificate
  name: selfsigned-cert
  namespace: cert-manager-test
  secretName: selfsigned-cert-tls
    name: test-selfsigned

Create the test resources:

kubectl apply -f test-resources.yaml

Check the status of the newly created certificate. You may need to wait a few seconds before the cert-manager processes the certificate request.

kubectl describe certificate -n cert-manager-test

The output should look like this:

    Last Transition Time:  2022-08-12T09:11:03Z
    Message:               Certificate is up to date and has not expired
    Observed Generation:   1
    Reason:                Ready
    Status:                True
    Type:                  Ready
  Not After:               2022-11-10T09:11:03Z
  Not Before:              2022-08-12T09:11:03Z
  Renewal Time:            2022-10-11T09:11:03Z
  Revision:                1
  Type    Reason     Age   From                                       Message
  ----    ------     ----  ----                                       -------
  Normal  Issuing    7s    cert-manager-certificates-trigger          Issuing certificate as Secret does not exist
  Normal  Generated  6s    cert-manager-certificates-key-manager      Stored new private key in temporary Secret resource "selfsigned-cert-j4jwn"
  Normal  Requested  6s    cert-manager-certificates-request-manager  Created new CertificateRequest resource "selfsigned-cert-gw8b9"
  Normal  Issuing    6s    cert-manager-certificates-issuing          The certificate has been successfully issued

Clean up the test resources:

kubectl delete -f test-resources.yaml

If all the above steps have been completed without error, you’re good to go!

3. Install Metrics Server

Read its official documentation for installation


If you are using minikube, you can install metrics-server with the following command:

minikube addons enable metrics-server

4. Configure network

The network config is for BentoDeployment access.

1. Ingress Class

Set ingress class for BentoDeployment ingress.

Store your ingress class in environment var:

export INGRESS_CLASS=$(kubectl get ingressclass -o jsonpath='{.items[0]}' 2> /dev/null)


If no value returned, it means you do not have any ingress class, please install a ingress controller first!

After the yatai-deployment helm chart has been installed you can configure it in this way:

kubectl -n yatai-deployment patch cm/network --type merge --patch '{"data":{"ingress-class":"'${INGRESS_CLASS}'"}}'
Verify that this ingress class is working properly


You should make sure that the $INGRESS_CLASS environment variable is not empty and contains the correct value, otherwise the following command will not work.

cat <<EOF | kubectl apply -f -
kind: Ingress
  name: test-ingress
  ingressClassName: ${INGRESS_CLASS}
  - http:
      - path: /testpath
        pathType: Prefix
            name: test
              number: 80

Wait for ingress to be successfully assigned address:


The following command will wait 5 minutes for the above ingress to be assigned address

timeout 5m bash -c "until kubectl get ing test-ingress -o yaml -o jsonpath='{.status.loadBalancer}' | grep ingress; do : ; done" && echo 'successfully' || echo 'failed'

If the above command returns successfully, it means that the ingress class is working properly. Otherwise, you need to check the ingress controller logs to see what went wrong.

2. Ingress Annotations

Set annotations for BentoDeployment ingress resource

For example, if you want to set ingress annotation: “foo”: “bar”, you should add the follow option after the helm install command:


After the yatai-deployment helm chart has been installed you can configure it in this way:

kubectl -n yatai-deployment patch cm/network --type merge --patch '{"data": {"ingress-annotations": "{\"foo\":\"bar\"}"}}'

3. DNS for domain suffix

The domain suffix is used to generate ingress hosts for BentoDeployment.

You need to configure your DNS in one of the following two options:

You don’t need to do anything because Yatai will use to automatically generate domain-suffix for BentoDeployment ingress host.

First, you must register a domain name. The following example assumes that you already have a domain name of

To configure DNS for Yatai, take the External IP or CNAME from setting up networking, and configure it with your domain DNS provider as follows:

  • If the kubernetes networking layer (LoadBalancer) produced an External IP address, then configure a wildcard A record for the domain:

# Here is the domain suffix for your cluster
* == A
  • If the networking layer produced a CNAME, then configure a CNAME record for the domain:

# Here is the domain suffix for your cluster
* == CNAME

Once your DNS provider has been configured, direct yatai to use that domain:


After the yatai-deployment helm chart has been installed you can configure it in this way:

# Replace with your domain suffix
kubectl -n yatai-deployment patch cm/network --type merge --patch '{"data":{"domain-suffix":"'${DOMAIN_SUFFIX}'"}}'

5. Install yatai-deployment

1. Install yatai-deployment-crds

helm upgrade --install yatai-deployment-crds yatai-deployment-crds \
    --repo \
    -n yatai-deployment


If you encounter error like this:

Error: rendered manifests contain a resource that already exists. Unable to continue with install: CustomResourceDefinition "" in namespace "" exists and cannot be imported into the current release: invalid ownership metadata; label validation error: missing key "": must be set to "Helm"; annotation validation error: missing key "": must be set to "yatai-deployment-crds"; annotation validation error: missing key "": must be set to "yatai-deployment"

It means you already have BentoDeployment CRD, you should use this command to fix it:

kubectl label crd
kubectl annotate crd

Then reinstall the yatai-deployment-crds.

2. Verify that the CRDs of yatai-deployment has been established

kubectl wait --for condition=established --timeout=120s crd/

The output of the command above should look something like this: condition met

3. Install the yatai-deployment helm chart

helm upgrade --install yatai-deployment yatai-deployment \
    --repo \
    -n yatai-deployment \

4. Verify the yatai-deployment installation

kubectl -n yatai-deployment get pod -l

The output should look like this:


Wait until the status of all pods becomes Running or Completed before proceeding.

NAME                                    READY   STATUS      RESTARTS   AGE
yatai-deployment-8b9fb98d7-xmtd5        1/1     Running     0          67s
yatai-deployment-default-domain-s8rh9   0/1     Completed   0          67s

View the logs of yatai-deployment-default-domain:

kubectl -n yatai-deployment logs -f job/yatai-deployment-default-domain

The logs of yatai-deployment-default-domain should be like this:


Automatic domain-suffix generation will take about 1 minute.

time="2022-08-16T14:48:11Z" level=info msg="Creating ingress default-domain- to get a ingress IP automatically"
time="2022-08-16T14:48:11Z" level=info msg="Waiting for ingress default-domain-rrlb9 to be ready"
time="2022-08-16T14:48:41Z" level=info msg="Ingress default-domain-rrlb9 is ready"
time="2022-08-16T14:48:41Z" level=info msg="you have not set the domain-suffix in the network config, so use magic DNS to generate a domain suffix automatically: ``, and set it to the network config"

View the logs of yatai-deployment:

kubectl -n yatai-deployment logs -f deploy/yatai-deployment