Deployment
You have two options regarding where to deploy RIME, deploying to a new Kubernetes cluster (recommended) or deploying to an existing Kuberneter cluster. If you pass in create_eks = false
to the RIME module, you must already have a provisioned eks cluster corresponding to cluster_name
.
Deploy RIME
Login to your gcloud account with access to the RIME helm charts/terraform module using
gcloud auth application-default login
Run
helm plugin install https://github.com/hayorov/helm-gcs.git
andhelm plugin update gcs
to add the gcs helm pluginRun
helm repo add rime gs://rime-backend-helm-repository
to add the rime repositoryRun
helm repo update
to update any rime charts
In your terraform setup, add a
backend.tf
file if not already present, config:
terraform {
backend "s3" {
region = "<region>"
bucket = "<bucket-name>"
key = "<statefile key>" #ie: "rime/state-main.tfstate"
encrypt = true
}
}
Add a
main.tf
file with the RIME module and configure it according to the values in the terraform values section. Make sure to update version in source. Here is an example setup:
provider "aws" {
region = "<region>"
}
module "rime" {
source = "gcs::https://storage.googleapis.com/storage/v1/rime-tf-modules/<version>/rime-module.tgz"
cluster_name = "<cluster_name>"
create_managed_helm_release = true
helm_values_output_dir = "<output dir for helm values file>"
install_cluster_autoscaler = true
install_external_dns = true
install_datadog = true
install_velero = true
k8s_namespaces = [
{
namespace = "default"
primary = "true"
}
]
resource_name_suffix = "<suffix>" #string to append to your resources"
rime_docker_model_testing_image = "<model-testing-image>"
rime_repository = "gs://rime-backend-helm-repository"
rime_version = "<rime-version>"
s3_authorized_bucket_path_arns = [
"arn:aws:s3:::<bucket-name>/*"
]
dns_config = {
create_route53 = false #if you are providing your own dns records, set to false
rime_domain = "<domain>"
acm_domain = "<acm domain>" #if your acm cert base domain is different from the rime domain
}
private_subnet_ids = ["private <vpc subnets>"]
public_subnet_ids = ["public <vpc subnets>"]
create_eks = true
vpc_id = "<vpc_id>"
cluster_version = "1.20"
model_testing_worker_group_min_size = 1
model_testing_worker_group_max_size = 10
model_testing_worker_group_instance_types = ["t2.xlarge"] # recommended 16GB node or larger instance if needed
map_users = [
{
userarn = "arn:aws:iam::<account-number>:user/eng",
username = "eng",
groups = ["system:masters"]
}
]
}
Run
terraform init
and thenterraform apply
. This may take a while (up to 30 minutes)
Set Load Balancer ALPN Policy
Find the load balancer used by the
rime-kong-proxy
withkubectl get svc rime-kong-proxy
.Locate the Load Balancer in your AWS console.
In Listeners section, select
TLS: 443
listener and edit the ALPN policy toHTTP2Preferred
.
Test your installation
Run
aws eks --region us-west-2 update-kubeconfig --name <cluster-name>
thenkubectl get pods -n <primary namespace>
. Your output should look something like this:rime-frontend-cd6c89884-8ljrl 1/1 Running 0 5m26s ...
Go to rime.<domain> and verify that you are able to access the RIME webapp after logging into okta.
Run the SDK and verify that you are able to run the following code snippets:
rime_client = Client("<domain>", "api-key") project = rime_client.create_project("<project name>", "Insert your description")
Go to the webapp and verify that a project was created. If everything succeeded you are ready for testing! See SDK docs to see everything you can do with RIME.
Troubleshooting
If you get an okta bad request, ensure that the redirect url has been added to your okta app.
If you are getting timeouts in the SDK, ensure that you are connected to VPN.
If the webapp is marked as insecure, verify that you have an ACM SSL/TLS cert for your webapp.
On older operating systems, you may need to run
export GRPC_DNS_RESOLVER=native
in the shell. Otherwise requests may hang due to ipv4 vs ipv6 issues.
Backups
To let RIME backup your DB, set
install_velero
to true in the above terraform module.If you are using velero for backups, install the velero cli and verify that our backups are running.
# Download Velero.
curl -fsSL -o velero-v1.6.3-linux-amd64.tar.gz https://github.com/vmware-tanzu/velero/releases/download/v1.6.3/velero-v1.6.3-linux-amd64.tar.gz
# Unzip.
tar -xvf velero-v1.6.3-linux-amd64.tar.gz
# Ensure that velero backups are scheduled properly.
./velero schedule get -n rime-extras