Kubernetes Cluster (K8s) Install Preparation

This is a guide to help you prepare your existing Kubernetes cluster for installing the Arthur platform. The examples use Helm 3.

Make sure you’re in the correct kubectl environment context before running the installer.

Install Prometheus

Example:

helm repo add \
  prometheus-community \
  https://prometheus-community.github.io/helm-charts
helm repo update
helm upgrade --install -n monitoring \
  --create-namespace \
  kube-prometheus-stack \
  prometheus-community/kube-prometheus-stack \
  --set prometheus.prometheusSpec.serviceMonitorSelectorNilUsesHelmValues=false
helm upgrade --install -n monitoring \
  --create-namespace \
  prometheus-adapter \
  prometheus-community/prometheus-adapter

Verify that Prometheus CRDs are installed:

kubectl api-resources | grep monitoring

Verify that Prometheus is up and running:

kubectl --namespace monitoring get pods -l "release=kube-prometheus-stack"

If everything is installed correctly, the following command should not return “ServiceUnavailable”:

kubectl get --raw /apis/custom.metrics.k8s.io/v1beta1

Install Ingress

Example with Nginx:

helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
helm upgrade --install -n ingress-system \
  --create-namespace \
  ingress-nginx \
  ingress-nginx/ingress-nginx

[Optional] To add an AWS managed SSL certificate, create a values.yaml file with following contents -

controller:
  service:
    annotations:
      service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
      service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "60"
      service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true"
      service.beta.kubernetes.io/aws-load-balancer-ssl-cert: <AWS managed SSL certificate ARN>
      service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https
      service.beta.kubernetes.io/aws-load-balancer-type: elb
      service.beta.kubernetes.io/aws-load-balancer-ssl-negotiation-policy: ELBSecurityPolicy-TLS-1-2-2017-01
      service.beta.kubernetes.io/aws-load-balancer-internal: true # optional annotation that creates a non-internet-facing loadbalancer
    targetPorts:
      http: "tohttps"

  allowSnippetAnnotations: "true"
  config:
    http-snippet: |
      server {
        listen 2443;
        return 308 https://$host$request_uri;
      }
    use-forwarded-headers: "true"

  containerPort:
    http: 8080
    tohttps: 2443
    https: 80

Upgrade or install the helm chart with the values.yaml you created.

helm upgrade --install -n ingress-system \
  --create-namespace \
  ingress-nginx \
  ingress-nginx/ingress-nginx \
  -f values.yaml

If you need to install Nginx in the same namespace as Arthur (not recommended) and want to use our network-policy to restrict ingress to the Arthur application, use the below command to add labels to the pods and services. The network-policy allows traffic between pods and services that have these labels.

helm upgrade --install -n arthur --set controller.podLabels.network-app=arthurai,controller.service.labels.network-app=arthurai,defaultBackend.podLabels.network-app=arthurai,.service.labels.network-app=arthurai \
  ingress-nginx \
  ingress-nginx/ingress-nginx

Look up the hostname for the Ingress and configure it in your DNS (e.g. arthur.mydomain.com).

kubectl get svc -n ingress-system ingress-nginx-controller -ojsonpath='{.status.loadBalancer.ingress[*].hostname}'

Install Metrics Server

Example:

helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo update
helm upgrade --install -n monitoring \
  --create-namespace \
  metrics-server \
  bitnami/metrics-server \
  --set apiService.create=true \
  --set --extraArgs.kubelet-preferred-address-types=InternalIP

Verify that you can retrieve metric snapshots.

kubectl top node

Configure the cluster-autoscaler

In a production environment, it is vital to ensure that there are enough resources (memory and cpu) available for pods to get scheduled on the Kubernetes cluster. Please follow the instructions for your cloud provider to install the cluster-autoscaler on your cluster.

Verify that the cluster-autoscaler is successfully installed.

kubectl get deployments -n kube-system | grep -i cluster-autoscaler

Cloud Provider-specific Configuration

If installing on an existing Amazon AWS EKS, follow the additional steps here.