Kubernetes Manual installation

Enterprise Steam can be installed into the Kubernetes environment where it can manage Driverless AI.

Requirements

  • Kubernetes v1.10+.

  • Kubernetes StorageClass (called my-storage-class in this example) to store Driverless AI and Enterprise Steam data.

  • Access to kubectl or similar tool to create a Kubernetes ServiceUser and Kubernetes Deployment for Enterprise Steam.

Namespace

The first step is to decide what Kubernetes Namespace to use with Enterprise Steam. The first option is to use the default Kubernetes Namespace called default. This Namespace already exists in the cluster so you can skip this step. The other option is to separate H2O/Steam into it’s own Kubernetes Namespace called h2o or steam. In that case you will have to create the namespace. For example:

apiVersion: v1
kind: Namespace
metadata:
  name: h2o

In this and following examples we are using Kubernetes Namespace called h2o !

Preparing Service User

In order for Enterprise Steam to manage the Kubernetes cluster from inside the cluster, it needs to run as a Service User with elevated privileges.

  1. Create a ServiceAccount called steam:

apiVersion: v1
kind: ServiceAccount
metadata:
  name: steam
  1. Create a ClusterRole that allows to manage objects in the Kubernetes Cluster:

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: steam-role
rules:
  - apiGroups: ["", "apps", "storage.k8s.io"]
    resources: ["namespaces", "pods", "pods/log", "deployments", "secrets", "services", "persistentvolumeclaims", "persistentvolumes", "events", "configmaps", "storageclasses"]
    verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
  1. Bind the newly created role with Enterprise Steam ServiceUser:

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: steam-role-binding
subjects:
  - kind: ServiceAccount
    namespace: h2o
    name: steam
roleRef:
  kind: ClusterRole
  name: steam-role
  apiGroup: rbac.authorization.k8s.io

Installation

In this section we will be showing a minimal example on how to install Enterprise Steam on Amazon EKS.

Do not copy and paste the example. Use the template to create your own deployment.

  1. Retrieve the Enterprise Steam Docker image from the download page or Docker Hub.

  2. Load the Enterprise Steam Docker image into your local Docker image repository. (optional)

docker load < steam-1.9.14-docker.x86_64.el7.tar.gz
# OR
docker pull h2oai/enterprise-steam:1.9.14
  1. Push the docker image into your Kubernetes image repository.

  2. Create a PersistentStorage to store Enterprise Steam data. For example:

Make sure to change the storageclassName to your own StorageClass name.

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: enterprise-steam-claim
  namespace: h2o
  annotations:
    pv.beta.kubernetes.io/gid: "955"
spec:
  accessModes:
    - ReadWriteOnce
  volumeMode: Filesystem
  resources:
    requests:
      storage: 256Gi
  storageClassName: my-storage-class

If you are using a different way of provisioning the storage, make sure the volume is readable by GID 955!

  1. Create a Service to access Enterprise Steam from outside of your Kubernetes cluster. For example:

apiVersion: v1
kind: Service
metadata:
  name: enterprise-steam
  namespace: h2o
  labels:
    run: enterprise-steam
spec:
  type: LoadBalancer
  ports:
    - port: 9555
      protocol: TCP
      name: https
  selector:
    run: enterprise-steam
  1. Create a Deployment to start Enterprise Steam. For example:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: enterprise-steam
  namespace: h2o
spec:
  selector:
    matchLabels:
      run: enterprise-steam
  replicas: 1
  template:
    metadata:
      labels:
        run: enterprise-steam
    spec:
      serviceAccountName: steam
      securityContext:
        runAsUser: 955
        runAsGroup: 955
        fsGroup: 955
      containers:
        - name: enterprise-steam
          image: h2oai/enterprise-steam:1.9.14
            resources:
              requests:
                cpu: 4
                memory: 32Gi
          ports:
            - containerPort: 9555
          volumeMounts:
            - mountPath: /opt/h2oai/steam/data
              name: enterprise-steam-data
          securityContext:
            allowPrivilegeEscalation: false
      volumes:
        - name: enterprise-steam-data
          persistentVolumeClaim:
            claimName: enterprise-steam-claim
  1. Check that Enterprise Steam Deployment is running.

kubectl get deployment/enterprise-steam
# NAME               READY   UP-TO-DATE   AVAILABLE   AGE
# enterprise-steam   1/1     1            1           54m
  1. Get the URL of Enterprise Steam

kubectl get services/enterprise-steam
# NAME               TYPE           CLUSTER-IP      EXTERNAL-IP                                                              PORT(S)          AGE
# enterprise-steam   LoadBalancer   10.100.101.28   c4201b1da6d3046398c3265f4759dfd2-338923311.us-west-2.elb.amazonaws.com   9555:32361/TCP   85m
  1. You can login to Enterprise Steam. See the Logging-in section for more information.