Kubernetes Helm installation ---------------------------- To manage H2O.ai products on Kubernetes, Enterprise Steam needs to be installed as a Kubernetes operator. Helm chart is the recommend way of installing Enterprise Steam. Requirements ~~~~~~~~~~~~ - Kubernetes 1.10+ - Helm 2.11+ (Helm 3 recommended) - Existing Kubernetes StorageClass Helm ~~~~ While this Helm Chart supports Helm 2.11+, all the steps below describe installation using Helm v3. Downloading the chart ~~~~~~~~~~~~~~~~~~~~~ Latest version of the chart is always available on the Enterprise Steam `download page <../../index.html>`__. Installing the Chart ~~~~~~~~~~~~~~~~~~~~ To install the chart with the release name ``my-release``: .. code-block:: bash :substitutions: helm install my-release ./enterprise-steam-|version|.tgz Alternatively, a YAML file that specifies the values can be provided while installing the chart. .. code-block:: bash :substitutions: helm install my-release -f values.yaml ./enterprise-steam-|version|.tgz The command deploys Enterprise Steam on the Kubernetes cluster in the default configuration. The Values section lists the values that can be configured during installation. Uninstalling the Chart ~~~~~~~~~~~~~~~~~~~~~~ To uninstall/delete the ``my-release`` deployment: .. code-block:: bash :substitutions: helm delete my-release Common configuration ~~~~~~~~~~~~~~~~~~~~ Here is a list of common configurations. Feel free to combine them and see the full list of values below. Install Enterprise Steam into h2o namespace: .. code-block:: bash :substitutions: helm install my-release ./enterprise-steam-|version|.tgz \ --namespace h2o Set custom Enterprise Steam docker image name and tag: .. code-block:: bash :substitutions: helm install my-release ./enterprise-steam-|version|.tgz \ --set image.repository=myrepo/enterprise-steam \ --set image.tag=|version| Set custom Enterprise Steam storage: .. code-block:: bash :substitutions: helm install my-release ./enterprise-steam-|version|.tgz \ --set persistentVolume.size=256Gi Set custom Enterprise Steam resources: .. code-block:: bash :substitutions: helm install my-release ./enterprise-steam-|version|.tgz \ --set resources.limits.cpu=2 \ --set resources.limits.memory=32Gi \ --set resources.requests.cpu=1 \ --set resources.requests.memory=8Gi Set strict launch mode for Steam. In this mode, Steam pod fails to launch if OIDC or Kubernetes services won't start: .. code-block:: bash :substitutions: helm install my-release ./enterprise-steam-|version|.tgz \ --set strictLaunch=true Spawn a Load Balancer for Enterprise Steam: .. code-block:: bash :substitutions: helm install my-release ./enterprise-steam-|version|.tgz \ --set service.type=LoadBalancer Ingress example ~~~~~~~~~~~~~~~ This advanced example shows Enterprise Steam exposed via a TLS secured Kubernetes Ingress. - ``my-storage-class`` is the StorageClass name that Steam will use to provision it's storage - ``steam.mycluster.mycompany.com`` is the hostname where Enterprise Steam will be exposed - ``ingress-wildcard-cert`` is the name of Kubernetes Secret that contains TLS certificate valid for ``steam.mycluster.mycompany.com`` domain - ``nginx`` is the IngressClass **Note:** You must specify the ``kubernetes.io/ingress.class: nginx`` annotation instead of ``className: nginx`` for Kubernetes < 1.18 .. code-block:: yaml persistentVolume: storageClassName: "my-storage-class" ingress: enabled: true className: nginx hosts: - host: steam.mycluster.mycompany.com paths: ["/"] tls: - secretName: ingress-wildcard-cert hosts: - steam.mycluster.mycompany.com Save the file as ``steam-config.yaml`` and run: .. code-block:: bash :substitutions: helm install -f steam-config.yaml my-release ./enterprise-steam-|version|.tgz After installation ~~~~~~~~~~~~~~~~~~ Follow the instructions listed after you run ``helm install``. Continue with the :ref:`login` section for more information. Values ~~~~~~ This is the list of all available values and their description and default values. .. code-block:: | Key | Type | Default | Description | |-----|------|---------|-------------| | affinity | object | `{}` | Deployment affinity. | | containerSecurityContext | object | `{"allowPrivilegeEscalation":false}` | Container security context. | | extraEnv | list | `[]` | Extra 'env' passed to the container(s). | | fullnameOverride | string | `""` | If you need override the fully qualified app name. | | image.pullPolicy | string | `"Always"` | Docker image pull policy. | | image.pullSecrets | list | `[]` | Optional list of references to secrets in the same namespace to use for pulling the image | | image.repository | string | `"h2oai/enterprise-steam"` | Application Docker repository. | | image.tag | string | `""` | Application Docker tag / version. Defaults to the chart appVersion. | | ingress.annotations | object | `{}` | Ingress annotations. | | ingress.className | string | `""` | IngressClass name | | ingress.enabled | bool | `false` | Ingress enabled. | | ingress.hosts | list | `[{"host":"enterprise-steam.cluster.local","paths":["/"]}]` | Set Ingress host and paths. | | ingress.tls | list | `[]` | Ingress TLS setting. Optionally enable TLS for Ingress. | | nameOverride | string | `""` | If you need to override the name of the chart from 'enterprise-steam' to something else. | | nodeSelector | object | `{}` | Deployment node selector. | | persistentVolume.resourcePolicy | string | `""` | Setting it to "keep" to avoid removing PVCs during a helm delete operation. Leaving it empty will delete PVCs after the chart is deleted. | | persistentVolume.accessModes | list | `["ReadWriteOnce"]` | PersistentVolume access modes. Must match those of existing PV or dynamic provisioner. | | persistentVolume.annotations | object | `{}` | PersistentVolumeClaim annotations. | | persistentVolume.existingClaim | string | `""` | Set to use an existing PersistentVolumeClaim. If left empty, a new PersistentVolumeClaim will be created. | | persistentVolume.size | string | `"64Gi"` | PersistentVolume Size. | | persistentVolume.storageClassName | string | `""` | StorageClass name. If left empty, no storageClassName spec is set, choosing the default provisioner (gp2 on AWS, standard on GKE, etc..). | | podAnnotations | object | `{}` | Deployment Pod annotations. | | podLabels | object | `{}` | Deployment Pod labels. | | podSecurityContext | object | `{"fsGroup":955,"runAsGroup":955,"runAsUser":955}` | Deployment/Pod security context. | | resources | object | `{"limits":{"cpu":2,"memory":"8Gi"},"requests":{"cpu":2,"memory":"8Gi"}}` | Resources requested for Enterprise Steam Pod. Please adjust them as you like. Listed is the minimum spec. | | service.annotations | object | `{}` | Service annotations. Includes example for use with LoadBalancer service type. | | service.loadBalancerIP | string | `""` | LoadBalancer IP. Ignored if the type is not LoadBalancer or if the IP is empty string. | | service.name | string | `""` | Service name is user-configurable for maximum service discovery flexibility. Leave empty for default Service name. | | service.port | int | `9555` | Service port. | | service.type | string | `"ClusterIP"` | Service type. | | serviceAccount.allowClusterRolePrivileges | bool | `false` | Set to grant Enterprise Steam read access to some cluster-wide resources. See rbac.tpl for detail on what RBAC privileges are granted. | | serviceAccount.annotations | object | `{}` | Annotations to add to the created ServiceAccount. | | serviceAccount.create | bool | `true` | Specifies whether a service account should be created. If you choose to provide an existing ServiceAccount make sure it has all necessary roles. | | serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated. | | serviceAccount.openshift | bool | `false` | Creates special apiGroups required in case of an OpenShift deployment. | | serviceAccount.openshiftResourceNames | list | `["privileged"]` | Configurable resourceNames for OpenShift apiGroups. | | strictLaunch | bool | `false` | Optional flag to set strict launch for Steam. If set to true, Steam pod launch will fail if OIDC or kubernetes services fail to initialize | | tolerations | list | `[]` | Deployment tolerations. | | volumeMounts | list | `[]` | Deployment Pod volume mounts. | | volumes | list | `[]` | Additional deployment Pod volumes. |