Kubernetes Helm installation¶
To manage H2O.ai products on Kubernetes, Enterprise Steam needs to be installed as a Kubernetes operator. Helm chart is the recommend way of installing Enterprise Steam.
Requirements¶
Kubernetes 1.10+
Helm 2.11+ (Helm 3 recommended)
Existing Kubernetes StorageClass
Helm¶
While this Helm Chart supports Helm 2.11+, all the steps below describe installation using Helm v3.
Downloading the chart¶
Latest version of the chart is always available on the Enterprise Steam download page.
Installing the Chart¶
To install the chart with the release name my-release
:
helm install my-release ./enterprise-steam-1.9.13.tgz
Alternatively, a YAML file that specifies the values can be provided while installing the chart.
helm install my-release -f values.yaml ./enterprise-steam-1.9.13.tgz
The command deploys Enterprise Steam on the Kubernetes cluster in the default configuration. The Values section lists the values that can be configured during installation.
Uninstalling the Chart¶
To uninstall/delete the my-release
deployment:
helm delete my-release
Common configuration¶
Here is a list of common configurations. Feel free to combine them and see the full list of values below.
Install Enterprise Steam into h2o namespace:
helm install my-release ./enterprise-steam-1.9.13.tgz \ --namespace h2o
Set custom Enterprise Steam docker image name and tag:
helm install my-release ./enterprise-steam-1.9.13.tgz \ --set image.repository=myrepo/enterprise-steam \ --set image.tag=1.9.13
Set custom Enterprise Steam storage:
helm install my-release ./enterprise-steam-1.9.13.tgz \ --set persistentVolume.size=256Gi
Set custom Enterprise Steam resources:
helm install my-release ./enterprise-steam-1.9.13.tgz \ --set resources.limits.cpu=2 \ --set resources.limits.memory=32Gi \ --set resources.requests.cpu=1 \ --set resources.requests.memory=8Gi
Set strict launch mode for Steam. In this mode, Steam pod fails to launch if OIDC or Kubernetes services won’t start:
helm install my-release ./enterprise-steam-1.9.13.tgz \ --set strictLaunch=true
Spawn a Load Balancer for Enterprise Steam:
helm install my-release ./enterprise-steam-1.9.13.tgz \ --set service.type=LoadBalancer
Ingress example¶
This advanced example shows Enterprise Steam exposed via a TLS secured Kubernetes Ingress.
my-storage-class
is the StorageClass name that Steam will use to provision it’s storagesteam.mycluster.mycompany.com
is the hostname where Enterprise Steam will be exposedingress-wildcard-cert
is the name of Kubernetes Secret that contains TLS certificate valid forsteam.mycluster.mycompany.com
domainnginx
is the IngressClass
Note: You must specify the kubernetes.io/ingress.class: nginx
annotation instead of className: nginx
for Kubernetes < 1.18
persistentVolume: storageClassName: "my-storage-class" ingress: enabled: true className: nginx hosts: - host: steam.mycluster.mycompany.com paths: ["/"] tls: - secretName: ingress-wildcard-cert hosts: - steam.mycluster.mycompany.com
Save the file as steam-config.yaml
and run:
helm install -f steam-config.yaml my-release ./enterprise-steam-1.9.13.tgz
After installation¶
Follow the instructions listed after you run helm install
.
Continue with the Logging-in section for more information.
Values¶
This is the list of all available values and their description and default values.
| Key | Type | Default | Description | |-----|------|---------|-------------| | affinity | object | `{}` | Deployment affinity. | | containerSecurityContext | object | `{"allowPrivilegeEscalation":false}` | Container security context. | | extraEnv | list | `[]` | Extra 'env' passed to the container(s). | | fullnameOverride | string | `""` | If you need override the fully qualified app name. | | image.pullPolicy | string | `"Always"` | Docker image pull policy. | | image.pullSecrets | list | `[]` | Optional list of references to secrets in the same namespace to use for pulling the image | | image.repository | string | `"h2oai/enterprise-steam"` | Application Docker repository. | | image.tag | string | `""` | Application Docker tag / version. Defaults to the chart appVersion. | | ingress.annotations | object | `{}` | Ingress annotations. | | ingress.className | string | `""` | IngressClass name | | ingress.enabled | bool | `false` | Ingress enabled. | | ingress.hosts | list | `[{"host":"enterprise-steam.cluster.local","paths":["/"]}]` | Set Ingress host and paths. | | ingress.tls | list | `[]` | Ingress TLS setting. Optionally enable TLS for Ingress. | | nameOverride | string | `""` | If you need to override the name of the chart from 'enterprise-steam' to something else. | | nodeSelector | object | `{}` | Deployment node selector. | | persistentVolume.resourcePolicy | string | `""` | Setting it to "keep" to avoid removing PVCs during a helm delete operation. Leaving it empty will delete PVCs after the chart is deleted. | | persistentVolume.accessModes | list | `["ReadWriteOnce"]` | PersistentVolume access modes. Must match those of existing PV or dynamic provisioner. | | persistentVolume.annotations | object | `{}` | PersistentVolumeClaim annotations. | | persistentVolume.existingClaim | string | `""` | Set to use an existing PersistentVolumeClaim. If left empty, a new PersistentVolumeClaim will be created. | | persistentVolume.size | string | `"64Gi"` | PersistentVolume Size. | | persistentVolume.storageClassName | string | `""` | StorageClass name. If left empty, no storageClassName spec is set, choosing the default provisioner (gp2 on AWS, standard on GKE, etc..). | | podAnnotations | object | `{}` | Deployment Pod annotations. | | podLabels | object | `{}` | Deployment Pod labels. | | podSecurityContext | object | `{"fsGroup":955,"runAsGroup":955,"runAsUser":955}` | Deployment/Pod security context. | | resources | object | `{"limits":{"cpu":2,"memory":"8Gi"},"requests":{"cpu":2,"memory":"8Gi"}}` | Resources requested for Enterprise Steam Pod. Please adjust them as you like. Listed is the minimum spec. | | service.annotations | object | `{}` | Service annotations. Includes example for use with LoadBalancer service type. | | service.loadBalancerIP | string | `""` | LoadBalancer IP. Ignored if the type is not LoadBalancer or if the IP is empty string. | | service.name | string | `""` | Service name is user-configurable for maximum service discovery flexibility. Leave empty for default Service name. | | service.port | int | `9555` | Service port. | | service.type | string | `"ClusterIP"` | Service type. | | serviceAccount.allowClusterRolePrivileges | bool | `false` | Set to grant Enterprise Steam read access to some cluster-wide resources. See rbac.tpl for detail on what RBAC privileges are granted. | | serviceAccount.annotations | object | `{}` | Annotations to add to the created ServiceAccount. | | serviceAccount.create | bool | `true` | Specifies whether a service account should be created. If you choose to provide an existing ServiceAccount make sure it has all necessary roles. | | serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated. | | serviceAccount.openshift | bool | `false` | Creates special apiGroups required in case of an OpenShift deployment. | | serviceAccount.openshiftResourceNames | list | `["privileged"]` | Configurable resourceNames for OpenShift apiGroups. | | strictLaunch | bool | `false` | Optional flag to set strict launch for Steam. If set to true, Steam pod launch will fail if OIDC or kubernetes services fail to initialize | | tolerations | list | `[]` | Deployment tolerations. | | volumeMounts | list | `[]` | Deployment Pod volume mounts. | | volumes | list | `[]` | Additional deployment Pod volumes. |