Kubernetes Manual installation¶
Enterprise Steam can be installed into the Kubernetes environment where it can manage Driverless AI.
Requirements¶
Kubernetes v1.10+.
Kubernetes StorageClass (called
my-storage-class
in this example) to store Driverless AI and Enterprise Steam data.Access to
kubectl
or similar tool to create a Kubernetes ServiceUser and Kubernetes Deployment for Enterprise Steam.
Namespace¶
The first step is to decide what Kubernetes Namespace to use with Enterprise Steam.
The first option is to use the default Kubernetes Namespace called default
.
This Namespace already exists in the cluster so you can skip this step.
The other option is to separate H2O/Steam into it’s own Kubernetes Namespace called h2o
or steam
.
In that case you will have to create the namespace. For example:
apiVersion: v1 kind: Namespace metadata: name: h2o
In this and following examples we are using Kubernetes Namespace called h2o
!
Preparing Service User¶
In order for Enterprise Steam to manage the Kubernetes cluster from inside the cluster, it needs to run as a Service User with elevated privileges.
Create a ServiceAccount called
steam
:
apiVersion: v1 kind: ServiceAccount metadata: name: steam
Create a ClusterRole that allows to manage objects in the Kubernetes Cluster:
apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: steam-role rules: - apiGroups: ["", "apps", "storage.k8s.io"] resources: ["namespaces", "pods", "pods/log", "deployments", "secrets", "services", "persistentvolumeclaims", "persistentvolumes", "events", "configmaps", "storageclasses"] verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
Bind the newly created role with Enterprise Steam ServiceUser:
apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: steam-role-binding subjects: - kind: ServiceAccount namespace: h2o name: steam roleRef: kind: ClusterRole name: steam-role apiGroup: rbac.authorization.k8s.io
Installation¶
In this section we will be showing a minimal example on how to install Enterprise Steam on Amazon EKS.
Do not copy and paste the example. Use the template to create your own deployment.
Retrieve the Enterprise Steam Docker image from the download page or Docker Hub.
Load the Enterprise Steam Docker image into your local Docker image repository. (optional)
docker load < steam-1.9.13-docker.x86_64.el7.tar.gz # OR docker pull h2oai/enterprise-steam:1.9.13
Push the docker image into your Kubernetes image repository.
Create a PersistentStorage to store Enterprise Steam data. For example:
Make sure to change the storageclassName
to your own StorageClass name.
apiVersion: v1 kind: PersistentVolumeClaim metadata: name: enterprise-steam-claim namespace: h2o annotations: pv.beta.kubernetes.io/gid: "955" spec: accessModes: - ReadWriteOnce volumeMode: Filesystem resources: requests: storage: 256Gi storageClassName: my-storage-class
If you are using a different way of provisioning the storage, make sure the volume is readable by GID 955!
Create a Service to access Enterprise Steam from outside of your Kubernetes cluster. For example:
apiVersion: v1 kind: Service metadata: name: enterprise-steam namespace: h2o labels: run: enterprise-steam spec: type: LoadBalancer ports: - port: 9555 protocol: TCP name: https selector: run: enterprise-steam
Create a Deployment to start Enterprise Steam. For example:
apiVersion: apps/v1 kind: Deployment metadata: name: enterprise-steam namespace: h2o spec: selector: matchLabels: run: enterprise-steam replicas: 1 template: metadata: labels: run: enterprise-steam spec: serviceAccountName: steam securityContext: runAsUser: 955 runAsGroup: 955 fsGroup: 955 containers: - name: enterprise-steam image: h2oai/enterprise-steam:1.9.13 resources: requests: cpu: 4 memory: 32Gi ports: - containerPort: 9555 volumeMounts: - mountPath: /opt/h2oai/steam/data name: enterprise-steam-data securityContext: allowPrivilegeEscalation: false volumes: - name: enterprise-steam-data persistentVolumeClaim: claimName: enterprise-steam-claim
Check that Enterprise Steam Deployment is running.
kubectl get deployment/enterprise-steam # NAME READY UP-TO-DATE AVAILABLE AGE # enterprise-steam 1/1 1 1 54m
Get the URL of Enterprise Steam
kubectl get services/enterprise-steam # NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE # enterprise-steam LoadBalancer 10.100.101.28 c4201b1da6d3046398c3265f4759dfd2-338923311.us-west-2.elb.amazonaws.com 9555:32361/TCP 85m
You can login to Enterprise Steam. See the Logging-in section for more information.