Skip to content

Environment

This document lists the cloud-specific prerequisites for deploying QMigrator on Azure AKS, AWS EKS, Google GKE, and Minikube environments.

Each section outlines the required tools, configurations, permissions, and networking essentials needed before installation.

Azure Kubernetes Service (AKS)

Requirements

Category Details
Cluster Version Kubernetes v1.25+
Node Count Minimum 1 node
Node Size Standard_D4as_v5 or larger (4 vCPU, 16 GB RAM minimum)
Storage Types Azure Disk (RWO), Azure Files (RWX)
Network Plugin Azure CNI (recommended) or Kubenet
DNS Azure DNS or custom DNS
LoadBalancer Azure Load Balancer or Application Gateway

Permissions

Cluster Creation & Management:

  • Role: Contributor on Resource Group

Storage Access:

  • Role: Storage Account Contributor for Azure Files access
  • az storage account keys list permission

Network & Security

Outbound Connectivity:

  • Source Database (Oracle, PostgreSQL, MySQL, etc.)
  • Target Database (PostgreSQL, MySQL, etc.)
  • Docker registry (qmigrator.azurecr.io, docker.io, quay.io)

Inbound Connectivity:

  • LoadBalancer: Ports 80/443 (HTTP/HTTPS)

Storage Fulfillment

Azure Files (Shared Storage - RWX):

  1. Create Storage Account: 

    az storage account create --name <account-name> --resource-group <rg> \
    --location <location> --sku Standard_LRS

  2. Create File Share: 

    az storage share create --name qmig-shared \
    --account-name <account-name> \
    --account-key $(az storage account keys list --resource-group <rg> \
        --account-name <account-name> --query "[0].value" -o tsv)

Amazon Elastic Kubernetes Service (EKS)

Requirements

Category Details
Cluster Version Kubernetes v1.25+
Node Count Minimum 1 node
Node Size t3.xlarge or larger (4 vCPU, 16 GB RAM minimum)
Storage Types EBS (RWO), EFS (RWX)
IAM OIDC provider enabled for service accounts
VPC Custom VPC with public/private subnets
LoadBalancer AWS Network Load Balancer (NLB) or Application Load Balancer (ALB)

Permissions

IAM Roles for Cluster:

  • AmazonEKSClusterPolicy - Cluster management
  • AmazonEKSServiceRolePolicy - Cluster operations

IAM Roles for Worker Nodes:

  • AmazonEKSWorkerNodePolicy - EC2 permissions
  • AmazonEKS_CNI_Policy - Networking
  • AmazonEC2ContainerRegistryReadOnly - ECR access

IAM policy for EFS and bind to service account

Security Group Permissions:

  • Allow EKS instances to reach databases

Network & Security

Outbound Connectivity:

  • Source Database (Oracle, PostgreSQL, MySQL, etc.)
  • Target Database (PostgreSQL, MySQL, etc.)
  • Docker registry (qmigrator.azurecr.io, docker.io, quay.io)

Inbound Connectivity:

  • LoadBalancer: Ports 80/443

Storage Fulfillment

EFS (Shared Storage - RWX):

  1. Create EFS: 

    aws efs create-file-system --performance-mode generalPurpose \
    --throughput-mode bursting --region <region>

  2. Create Mount Targets in each subnet: 

    aws efs create-mount-target --file-system-id <fs-id> \
    --subnet-id <subnet-id> --security-groups <sg-id>

Google Kubernetes Engine (GKE)

Requirements

Category Details
Cluster Version Kubernetes v1.25+
Node Count Minimum 1 node
Node Size n4-standard-4 or larger (4 vCPU, 16 GB RAM minimum)
Storage Types Persistent Disk (RWO), GCS Bucket (RWX)
Workload Identity Enabled for pod authentication
Network VPC with private/public subnets
LoadBalancer Google Cloud Load Balancer or Ingress

Permissions

GCP Project-Level:

  • Role: roles/container.admin - GKE cluster management
  • Role: roles/iam.serviceAccountAdmin - Service account management
  • Role: roles/storage.admin - Cloud Storage access

Workload Identity Setup:

# Enable Workload Identity for cluster
gcloud container clusters update <cluster-name> \
    --workload-pool=<project-id>.svc.id.goog

Network & Security

Outbound Connectivity:

  • Source Database (Oracle, PostgreSQL, MySQL, etc.)
  • Target Database (PostgreSQL, MySQL, etc.)
  • Docker registry (qmigrator.azurecr.io, docker.io, quay.io)

Inbound Connectivity:

  • LoadBalancer/Ingress: Ports 80/443

Storage Fulfillment

GCS Bucket (Shared Storage - RWX):

  1. Create GCS Bucket: 

    gsutil mb -p <project-id> -l <region> gs://qmigrator-shared

  2. Install gcsfuse CSI Driver: 

    gcloud container clusters update <cluster-name> \
    --update-addons GcsFuseCsiDriver=ENABLED \
    --region=<region>

Minikube (Local / PoC Deployment)

Requirements

Category Details
Kubernetes Version v1.25+ (bundled with Minikube 1.30+)
Host OS Linux, macOS, or Windows (WSL2 recommended)
CPU/Memory 4 vCPU / 16 GB RAM minimum (8 vCPU / 32 GB recommended)
Disk Space 40 GB free space for images and volumes
Storage HostPath
Hypervisor Docker, VirtualBox, Hyper-V, or KVM
Ingress Add On

Permissions

Host-Level:

  • Docker daemon access (add user to docker group)
  • Sudo access for mount operations
  • Write permissions to Minikube data directory (~/.minikube)

Kubernetes RBAC:

  • Default user has cluster-admin access

Network & Security

Outbound Connectivity (from Minikube VM):

  • Host network (for database access from host machine)
  • Internet (for pulling container images)
  • Docker registry (qmigrator.azurecr.io)
  • Docker registry (qmigrator.azurecr.io, docker.io, quay.io)

Inbound Connectivity:

  • port-forward for direct access

Network Setup for Databases on Host:

# Enable Minikube to access host network
minikube start --driver=docker --extra-config=kubeadm.ignore-preflight-errors=DummyControlPlane

Storage Fulfillment

Local HostPath Storage:

  1. Create local directories: 

    mkdir -p /data/qmigrator/{shared,db,cache}
chmod 777 /data/qmigrator/{shared,db,cache}

  2. Mount into Minikube: 

    minikube start --mount --mount-string="/data/qmigrator:/data"

  3. Verify mount: 

    minikube ssh
ls -la /data/qmigrator