Usage of AWS (Amazon Web Services)
System requirements
- An AWS account with administrative privileges and a service quota value of L-1216C47A > 40
- Ubuntu >= 20.04
- Docker >= 20.10 installed without the need to use the sudo command (https://docs.docker.com/engine/install/linux-postinstall)
- Python >= 3.8
- Helm >= 3.10.3
- Eksctl >= 0.137
- Kubectl >= 1.23
- Aws-cli >= 2.11 configured with the command
aws configure
- sshpass 1.06 <=
Configuration
Move the face_sdk.lic license file (attached to the email) to the setup folder.
Next, open the following configuration files using a text editor and set the environment variables.
- ./cfg/aws.settings.cfg:
aws_account_id
(consisting only of numbers) - ./cfg/license-server.settings.cfg:
license_key
- ./cfg/platform.secrets.json: fill in
license-secret.key
and change passwords - ./cfg/platform.values.yaml:
enable_hpa
– "1",enable_node_selector
– "1",enable_resource_management
– "1",postgres.enable
– "0" - ./cfg/image-api.values.yaml:
processing.enable_hpa
– "1",processing.enable_node_selector
– "1",processing.enable_resource_management
– "1"
Ensure that the username and password specified in the postgres-root-credentials
field of the platform.secrets.json file are the same as the username and password in the rds_root_username
and rds_root_password
fields of the aws.settings file .cfg.
Save changes to files.
Deployment
Load images.
./cli.sh generic load-images
Create ECR repositories.
./cli.sh aws ecr create
Log into the ECR registry.
./cli.sh aws ecr login
Send images to the ECR registry.
./cli.sh aws ecr push
Create a managed Kubernetes cluster.
./cli.sh aws eks create
Fetch the cluster configuration.
./cli.sh aws eks fetch-config
Create an OIDC for an EKS Cluster.
./cli.sh aws eks oidc create
Create a policy and role for autoscaling.
./cli.sh aws eks autoscaler create-policy-role
Install autoscaling.
./cli.sh aws eks autoscaler install
Creating an RDS PostgreSQL database instance.
./cli.sh aws eks rds create
Get the address of an RDS instance.
./cli.sh aws eks rds get-address
Make sure that the EC2 instance is ready in the console. If the value is 'None', then the RDS instance has not yet been initialized. After getting the address, put it in
{ postgres.host }
in the ./cfg/platform.values.yaml file. Initialization usually takes about 10 minutes.Create a key pair for EC2.
./cli.sh aws eks ec2 create-key-pair
Create an EC2 instance in VPC EKS.
./cli.sh aws eks ec2 create
Get a public EC2 address.
./cli.sh aws eks ec2 get-public-address
Paste the address into
{ <license_server_address> }
in the ./cfg/license-server.settings.cfg file.Get a private EC2 address.
./cli.sh aws eks ec2 get-private-address
Paste the address into
{ <license_server_address> }
in the ./cfg/platform.secrets.json file.Install the metrics server.
./cli.sh aws eks metric-server install
Install the AWS Login Controller.
./cli.sh aws eks ingress install
Get the address of the load balancer.
./cli.sh aws eks ingress get-address
Paste the address into
{ ingress.rules.gateway.host }
in the ./cfg/platform.values.yaml file and into{ ingress.host }
in the ./cfg/image-api.values.yaml file .Get the container registry address.
./cli.sh aws ecr get-address
Paste the address into ./cfg/platform.values.yaml, ./cfg/image-api.values.yaml in the
registry
field.Check the connection to the virtual machine and add it to the list of known hosts.
./cli.sh aws eks ec2 connect
Install the license server.
./cli.sh license-server install
Make sure that the EC2 instance is ready in the AWS console. The user is "ubuntu". Select the "PEM certificate" option.
Activate the license server.
./cli.sh license-server activate
Install Kubernetes secrets in a cluster.
./cli.sh platform install-secrets
Install image-api.
./cli.sh image-api install
Install platform.
./cli.sh platform install
To monitor the deployment progress, open another terminal tab and enter the following command:
OMNI Platform is running if all pods have the Running status.watch 'kubectl get pods'
The platform is available at the address of the load balancer. The login credentials are in the platform user secret ./cfg/platform.secrets.json.
Testing
Run the platform integration test:
./cli.sh platform test - <platform_url> <platform_user_email>
Replace <platform_url>
with the platform URL and <platform_user_email>
with the user email.
Run image-api integration test:
./cli.sh image-api test - <image_api_url>
Replace <image_api_url> with the image-api URL.
To get access to Image API, set the value of ingress.host=<public_host>
in the ./cfg/image-api.values.yaml file.