Kubernetes Manual installation
------------------------------

Enterprise Steam can be installed into the Kubernetes environment where it can manage Driverless AI.

Requirements
~~~~~~~~~~~~

- Kubernetes v1.10+.
- Kubernetes StorageClass (called ``my-storage-class`` in this example) to store Driverless AI and Enterprise Steam data.
- Access to ``kubectl`` or similar tool to create a Kubernetes ServiceUser and Kubernetes Deployment for Enterprise Steam.

Namespace
~~~~~~~~~

The first step is to decide what Kubernetes Namespace to use with Enterprise Steam.
The first option is to use the default Kubernetes Namespace called ``default``.
This Namespace already exists in the cluster so you can skip this step.
The other option is to separate H2O/Steam into it's own Kubernetes Namespace called ``h2o`` or ``steam``.
In that case you will have to create the namespace. For example:

 .. code-block:: yaml

    apiVersion: v1
    kind: Namespace
    metadata:
      name: h2o

**In this and following examples we are using Kubernetes Namespace called** ``h2o`` **!**

Preparing Service User
~~~~~~~~~~~~~~~~~~~~~~

In order for Enterprise Steam to manage the Kubernetes cluster from inside the cluster, it needs to run as a Service User with elevated privileges.

1. Create a ServiceAccount called ``steam``:

 .. code-block:: yaml

    apiVersion: v1
    kind: ServiceAccount
    metadata:
      name: steam

2. Create a ClusterRole that allows to manage objects in the Kubernetes Cluster:

 .. code-block:: yaml

    apiVersion: rbac.authorization.k8s.io/v1
    kind: ClusterRole
    metadata:
      name: steam-role
    rules:
      - apiGroups: ["", "apps", "storage.k8s.io"]
        resources: ["namespaces", "pods", "pods/log", "deployments", "secrets", "services", "persistentvolumeclaims", "persistentvolumes", "events", "configmaps", "storageclasses"]
        verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]

3. Bind the newly created role with Enterprise Steam ServiceUser:

 .. code-block:: yaml

    apiVersion: rbac.authorization.k8s.io/v1
    kind: ClusterRoleBinding
    metadata:
      name: steam-role-binding
    subjects:
      - kind: ServiceAccount
        namespace: h2o
        name: steam
    roleRef:
      kind: ClusterRole
      name: steam-role
      apiGroup: rbac.authorization.k8s.io

Installation
~~~~~~~~~~~~

**In this section we will be showing a minimal example on how to install Enterprise Steam on Amazon EKS.**

**Do not copy and paste the example. Use the template to create your own deployment.**

1. Retrieve the Enterprise Steam Docker image from the `download page <../../index.html>`__ or `Docker Hub <https://hub.docker.com/repository/docker/h2oai/enterprise-steam>`__.
2. Load the Enterprise Steam Docker image into your local Docker image repository. (optional)

 .. code-block:: bash
    :substitutions:

    docker load < steam-|version|-docker.x86_64.el7.tar.gz
    # OR
    docker pull h2oai/enterprise-steam:|version|

3. Push the docker image into your Kubernetes image repository.
4. Create a PersistentStorage to store Enterprise Steam data. For example:

**Make sure to change the** ``storageclassName`` **to your own StorageClass name.**

 .. code-block:: yaml

    apiVersion: v1
    kind: PersistentVolumeClaim
    metadata:
      name: enterprise-steam-claim
      namespace: h2o
      annotations:
        pv.beta.kubernetes.io/gid: "955"
    spec:
      accessModes:
        - ReadWriteOnce
      volumeMode: Filesystem
      resources:
        requests:
          storage: 256Gi
      storageClassName: my-storage-class

**If you are using a different way of provisioning the storage, make sure the volume is readable by GID 955!**

5. Create a Service to access Enterprise Steam from outside of your Kubernetes cluster. For example:

 .. code-block:: yaml

    apiVersion: v1
    kind: Service
    metadata:
      name: enterprise-steam
      namespace: h2o
      labels:
        run: enterprise-steam
    spec:
      type: LoadBalancer
      ports:
        - port: 9555
          protocol: TCP
          name: https
      selector:
        run: enterprise-steam

6. Create a Deployment to start Enterprise Steam. For example:

 .. code-block:: yaml
    :substitutions:

    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: enterprise-steam
      namespace: h2o
    spec:
      selector:
        matchLabels:
          run: enterprise-steam
      replicas: 1
      template:
        metadata:
          labels:
            run: enterprise-steam
        spec:
          serviceAccountName: steam
          securityContext:
            runAsUser: 955
            runAsGroup: 955
            fsGroup: 955
          containers:
            - name: enterprise-steam
              image: h2oai/enterprise-steam:|version|
                resources:
                  requests:
                    cpu: 4
                    memory: 32Gi
              ports:
                - containerPort: 9555
              volumeMounts:
                - mountPath: /opt/h2oai/steam/data
                  name: enterprise-steam-data
              securityContext:
                allowPrivilegeEscalation: false
          volumes:
            - name: enterprise-steam-data
              persistentVolumeClaim:
                claimName: enterprise-steam-claim

7. Check that Enterprise Steam Deployment is running.

 .. code-block:: bash

    kubectl get deployment/enterprise-steam
    # NAME               READY   UP-TO-DATE   AVAILABLE   AGE
    # enterprise-steam   1/1     1            1           54m

8. Get the URL of Enterprise Steam

 .. code-block:: bash

    kubectl get services/enterprise-steam
    # NAME               TYPE           CLUSTER-IP      EXTERNAL-IP                                                              PORT(S)          AGE
    # enterprise-steam   LoadBalancer   10.100.101.28   c4201b1da6d3046398c3265f4759dfd2-338923311.us-west-2.elb.amazonaws.com   9555:32361/TCP   85m

9. You can login to Enterprise Steam. See the :ref:`login` section for more information.