Skip to content
This repository has been archived by the owner on Oct 20, 2021. It is now read-only.

deeploy-ml/deeploy

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Install Deeploy


This repository is part of the [complete installation guide](https://deeploy-ml.zendesk.com/hc/en-150/categories/360002889759-Install) and contains detailed instructions how to install the Deeploy Software Stack on Kubernetes using [Helm](https://helm.sh/).

Table of Contents

Install the Deeploy Software Stack

We assume that you now have the prerequisites and infrastructure ready as defined in the installation guide. From here we continue deploying the Deeploy software stack with dependencies. Make sure you are in the deeploy-core root folder.

Step 1. Create the Deeploy namespaces

Create all the Deeploy namespaces in kubernetes.

kubectl apply -f namespaces/

Step 2. Install Istio

Current Istio installation instructions are based on istio version 1.4.10 that should work on common cloud platforms. Always double check platform specific installation requirements and the istio helm installation instructions to check the latest installation instructions.

Installation steps:

  1. Download the Istio release:

    curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.4.10 sh -
  2. Install Istio CRD's:

    for i in ./istio-1.4.10/install/kubernetes/helm/istio-init/files/crd*yaml; do kubectl apply -f $i; done
  3. Install Istio:

    $ # A lighter template, with just pilot/gateway.
    # Based on install/kubernetes/helm/istio/values-istio-minimal.yaml
    helm template --namespace=istio-system \
    -f ./istio/values.yaml \
    istio-1.4.10/install/kubernetes/helm/istio \
    | sed -e "s/custom-gateway/cluster-local-gateway/g" -e "s/customgateway/clusterlocalgateway/g" \
    > ./istio.yaml
    
    kubectl apply -f istio.yaml
  4. Wait for a couple seconds and verify everything is in the running state by running:

    kubectl get pods --namespace istio-system

For additional information about installing Istio, see the official website

Step 3. Install Knative

  1. Install Knative CRDs using

    kubectl apply --filename ./knative/serving-crds.yml
  2. Install core components

    kubectl apply --filename ./knative/serving-core.yml
  3. Install the Knative Istio controller:

    kubectl apply --filename ./knative/serving-istio.yml

Step 4. Install Cert-manager

  1. Install cert-manager.

  2. (Optional) Set up auto-renewal through ACME. Only do this if you want to terminate TLS on this cluster. Make sure to generate two certificates as described above.

Step 5. Metrics Server

The Kubernetes Metrics Server is necessary for pod autoscaling. Most cloud providers pre-install the Metrics Server in your cluster, but some do not.

Validate that the metrics-server pod is running in the kube-system namespace. If not, install it.

Step 6. Deeploy Helm chart

Edit ./helm/deeploy/values.yaml:

Deeploy General Values:

Parameter Description Default
host the hostname on which you will be running deeploy ""
license.type The type of license. Either "AWS" or "DEEPLOY" "AWS"
license.deeployLicenseKey if the license type is "DEEPLOY", this is the supplied Deeploy license key ""
license.availabilityZone if the license type is "AWS", this is the region where your cluster resides "eu-central-1"

Deeploy Image Repository Values:

Currently Deeploy is available from two image repositories

  • AWS Marketplace (current default): 709825985650.dkr.ecr.us-east-1.amazonaws.com/deeploy/deeploy
  • Docker: docker.io/deeployml
Parameter Description Default
images.registry the registry to pull the Deeploy images from "709825985650.dkr.ecr.us-east-1.amazonaws.com/deeploy/"
images.path the path to the DeeployML registry "/deeploy"
images.tag the version tag of the deeploy deployment same as application version
images.username if the license type is "DEEPLOY", the supplied username for the Docker registry ""
images.password f the license type is "DEEPLOY", the supplied password for the Docker registry ""

Deeploy Database Values:

Parameter Description Default
database.host the hostname of the database server ""
database.port the port for use of the database server 5432
database.username the username to access the database. Note: this user needs to be a superuser ""
database.password the password to access the database server ""
database.ssl.enabled whether to enable SSL on the database. If true, must also set database.ssl.ca. false
database.ssl.ca the CA of your database provider. Must be set if database.ssl.enabled is true. E.g. for AWS, see this guide. ""

Deeploy Remote Blob Storage Values:

For Remote Blob Storage you have two options:

  1. Use Remote Blob Storage (recommended). Deeploy currently supports AWS S3, Google Cloud Storage & Azure Blob Storage
  2. Don't configure remote Storage (not recommended). Deeploy spawns an on-cluster Minio service. This is not recommended, as it makes Deeploy statefull on the cluster. If you do want to use it, set minio.enabled to true.
Parameter Description Default
remoteBlobStorage.enabled whether to use off-cluster Blob storage. If enabled, set minio.enabled to false true
minio.enabled whether to use on-cluster S3 storage. If enabled, set remoteBlobStorage.enabled to false false
remoteBlobStorage.type storage service to use with Deeploy. One of AWS_S3, GCS, AZURE. "AWS_S3"
remoteBlobStorage.aws.bucketName name of the remote S3 storage bucket to use ""
remoteBlobStorage.aws.s3AccessKey access key for the S3 server. Only set if remoteBlobStorage.type is AWS_S3. ""
remoteBlobStorage.aws.s3SecretKey secret key for the S3 server Only set if remoteBlobStorage.type is AWS_S3. ""
remoteBlobStorage.gcp.gcloudApplicationCredentialsJson the json file with the credentials for the GCP service account. Only set if remoteBlobStorage.type is GCS. ""
remoteBlobStorage.gcp.bucketName name of the remote GS storage bucket to use ""
remoteBlobStorage.azure.subscriptionId the id of the subscription that hosts the storage account. Only set if remoteBlobStorage.type is AZURE. ""
remoteBlobStorage.azure.containerName the container name to use. Only set if remoteBlobStorage.type is AZURE. ""
remoteBlobStorage.azure.storageAccountName the name of the Azure Storage Account. Only set if remoteBlobStorage.type is AZURE. ""
remoteBlobStorage.azure.tenantId the Tenant ID of the Azure storage service. Only set if remoteBlobStorage.type is AZURE. ""
remoteBlobStorage.azure.clientId the Client ID of the Azure storage service. Only set if remoteBlobStorage.type is AZURE. ""
remoteBlobStorage.azure.clientSecret the Client Secret of the Azure storage service. Only set if remoteBlobStorage.type is AZURE. ""

Deeploy SMTP Values:

Parameter Description Default
email.smtpHost the hostname of the smtp server ""
email.port the port for use of the smtp server ""
email.username the username to access the smtp server ""
email.password the password to access the smtp server ""
email.fromAddress the email address for Deeploy to send emails from, i.e. deeploy@example.com ""

Deeploy Monitoring Values:

The Deeploy Monitoring feature sends anonimized usage data back to Deeploy. This helps us to improve the product.

Parameter Description Default
monitoring.enabled whether to enable monitoring false
monitoring.credentials.username username for the monitoring server ""
monitoring.credentials.password password for the monitoring server ""

Deeploy Security Values:

Parameter Description Default
security.tls.enabled whether to enable TLS true
security.adminCredentials.firstName first name of the main admin user ""
security.adminCredentials.lastName last name of the main admin user ""
security.adminCredentials.email email of the main admin user ""
security.keyManagement.kmsType either AWS or AZURE ""
security.keyManagement.aws.keyId ID of a KMS key used to encrypt/decrypt. Only set if security.keyManagement.kmsType is AWS. ""
security.keyManagement.aws.accessKey IAM Access Key of an account that has access to the key. Only set if security.keyManagement.kmsType is AWS. ""
security.keyManagement.aws.secretKey IAM Secret Key of an account that has access to the key. Only set if security.keyManagement.kmsType is AWS. ""
security.keyManagement.azure.keyId ID of the Azure Vault key. Only set if security.keyManagement.kmsType is AZURE. ""
security.keyManagement.azure.vaultName name of the Azure vault. Only set if security.keyManagement.kmsType is AZURE. ""
security.keyManagement.azure.clientId the Client ID of the client using the Azure Vault service. Only set if security.keyManagement.kmsType is AZURE. ""
security.keyManagement.azure.clientSecret the Client Secret of the client using the Azure Vault service. Only set if security.keyManagement.kmsType is AZURE. ""
security.keyManagement.azure.tenantId the Tenant ID of the Azure Vault service. Only set if security.keyManagement.kmsType is AZURE. ""
  1. Deploy the Deeploy stack using

    helm install -f ./helm/deeploy/values.yaml deeploy ./helm/deeploy --namespace deeploy

    Important: This might print out the following line. This is expected behavior and not a bug:

    manifest_sorter.go:192: info: skipping unknown hook: "crd-install"
  2. Add the s3 secret to the default service account:

    kubectl edit sa default -n deeploy

    and add the s3-secret name

    secrets:
    - name: default-...
    - name: s3-secret

    Close and save.

Create first admin user.

Troubelshooting

Permission Denied errors on GKE

When running on GKE (Google Kubernetes Engine), you may encounter a ‘permission denied’ error when creating some of the resources. This is a nuance of the way GKE handles RBAC and IAM permissions, and as such you should ‘elevate’ your own privileges to that of a ‘cluster-admin’ before running the above commands. If you have already run the above commands, you should run them again after elevating your permissions.