This document is split into 2 sections:

1. New deployment will take you through the steps to deploy K for the first time.

2. Upgrades will take you through the steps to update your K installation.

Before you start

You should have

1. Received a configuration package from KADA.

2. Be familiar or be knowledgable about the network and load balancer settings for exposing services on your Kubernetes instance.

3. Request from your network team a DNS alias and certificate for the KADA Platform.

4. Access to an environment a Kubernetes cluster

5. In your local environment

   1. Install kubectl

   2. Install your cloud provider cli: eg azure cli, aws cli

   3. For windows environments install gitbash.

1. New Deployments

Step 1) Create a new Kubernetes cluster.

Kubernetes Service Providers supported: Amazon’s Elastic Kubernetes Service (EKS) & Microsoft Azure’s Kubernetes Service (AKS). Our customers have deployed onto Openshift Kubernetes Service. Reach out for assistance with other Kubernetes options that are not listed.

For cluster requirements see https://kadaai.atlassian.net/wiki/spaces/KSL/pages/1899692038/How+to+deploy+on+your+cloud#Minimum-infrastructure-requirements

Step 2) Label Kuberenetes cluster nodes

The nodes in the Kubernetes cluster need to be named.

KADA services use the following labels for deployment:

1. core → location of zk/solr/scheduler/redis

2. worker → location of the workers

3. db → location of postgres

4. auth → location of keycloak

5. gateway → location of the API and App related services
   
   

Use the following command to label the nodes in the cluster

Example of a KADA deployment into a 4 Node cluster.

Step 3 ) Setting up access to KADA Image repository

KADA will provide a KADA_CLIENT_ID and KADA_CLIENT_SECRET to access the KADA Image repository. The following setups your Kubernetes service to access the repository

Create a secrete

Patch the service account with the above secret

Step 4 ) Creating a certificate

Create a certificate and key

Raise a cerificate request for the domain hosting the K Platform.

Load the cert / key into Kubernetes

Step 5 ) Kubernetes ingress

Your organisation will most likely have a standard pattern for routing network traffic to a Kubernetes cluster via a Load Balancer / HA Proxy / Ingress routes.

Using your organisations Load Balancer and ingress service

KADA Deployment can make use of your organisations pattern with a few additional configuration steps.

Note the domain of the Load Balancer URL. We will refer to this as DOMAIN_URL from here on.

[OPENSHIFT ONLY] Openshift Load Balancer definition

Add the following mappings to the config of your organisation’s ingress

Deploy KADA’s generic Load Balancer and ingress service

If you are not using your own load balancer / ingress service you can use the one packaged with the K Platform.

Step 6 ) Deploying KADA Services into Kubernetes

1. Download the distribution package and unzip it

2. Navigate to the kube_setup directory

3. Populate the k8s_env.sh with the correct values according to your desired values

   NOTES

   1. HOST is in the format of the alias name or canonical host name. It must be lowercase e.g. if I intend to access K via https://prod.kada.ai , then the host value is prod.kada.ai

   2. FERNET_KEYS should be generated using one of these methods

      1. Python

      2. Unix shell

   3. SSL_SECRET_NAME is the Kubernetes secret name you installed the SSL Certificate as

   4. Avoid special characters in the values above if possible. Any value that contains the following special characters need to be escaped with a \ backslash:

      1. \ → \\\\

      2. ` → \`

      3. $ → \$

   5. Save k8s_env.sh in a secure location so that it can be used when upgrading to the K Platform.

4. Run to create a generated-k8s-common folder containing 2 yaml files.

5. Make sure kubectl is configured and pointing to a Kubernetes cluster.

6. Deploy the generated config

7. Deploy the K platform. Note the y arg will deploy an ingress which terminates SSL.

8. [OPENSHIFT ONLY] Update the users that k8s runs the contains

9. Modify PV Policy

For these 2 claims, set to Retain

• default/postgres-storage-postgres-statefulset-0

• default/keycloak-postgres-storage-keycloak-postgres-statefulset-0

Then run to validate Reclaim policy has updated to Retain

Step 7) Post deployment verification

Check all Kubernetes services are running and not in error

Example of expected output

Check the status API. It should return 200 if successful

Log into Keycloak and create a new user covered in this article.

https://kadaai.atlassian.net/wiki/spaces/KSL/pages/1888813129

The Keycloak portal is accessible at the following link

Log into KADA with the created user using the following link.

Step 8) Setup Landing Storage

KADA uses object store as a landing zone for metadata and log file transfer.

We currently support AWS s3 or Azure Blob.

AWS s3 setup

Configure the following in Admin > Platform Settings > Settings

storage_type = s3

storage_root_folder = <s3 bucket name>

storage_aws_region = <Your AWS region >

storage_aws_access_key_id = <Your AWS IAM user access key>

storage_aws_secret_access_key = <Your AWS IAM user secret>

Azure Blob setup

Configure the following in Admin > Platform Settings > Settings

storage_type = azure

storage_root_folder = <Azure container name>

storage_azure_storage_account = <Your azure storage account>

storage_azure_access_key = <Your azure storage account access key>

Performing an upgrade to your K installation

Step 1 ) Pre checks

Check that no jobs are currently running. Admin > Monitor.

Then scale down the following services.

Step 2) Deploying KADA updates

1. Download the distribution package and unzip it

2. Diff cerebrum-extract-scripts.yaml and cerebrum-oic.yaml against your existing version if you have made changes to the extract queries and merge any new changes.

3. Navigate to the kube_setup directory

4. Populate the k8s_env.sh or overwrite with the k8s_env.sh from a prior deployment

5. Deploy the K platform.

6.  

Step 3) Post deployment verification

Follow the same verification as per New Deployments (Step 5 in New Deployments)